Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/LKJSkF92rgE0QpPnTPqDrvB_o48.roa
File: LKJSkF92rgE0QpPnTPqDrvB_o48.roa (raw, json)
Hash identifier: lAoYASdueW8ShkDV13s1svUZETieHEz4XalA6REmONs=
Subject key identifier: 2C:A2:52:90:5F:76:AE:01:34:42:93:E7:4C:FA:83:AE:F0:7F:A3:8F
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 019422FBC38ED87DFF64BC37098EBC6C7897
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/LKJSkF92rgE0QpPnTPqDrvB_o48.roa
Signing time: Wed 01 Jan 2025 17:48:32 +0000
ROA not before: Wed 01 Jan 2025 17:48:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213737
IP address blocks: 2.56.111.0/24 maxlen: 24
45.9.28.0/24 maxlen: 24
45.88.138.0/24 maxlen: 24
77.83.38.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:c3:8e:d8:7d:ff:64:bc:37:09:8e:bc:6c:78:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Jan 1 17:48:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2ca252905f76ae01344293e74cfa83aef07fa38f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:8a:b7:2e:94:5d:9d:ef:82:93:64:36:e3:ba:
9d:8e:8f:89:9b:24:6e:1a:b5:a9:4a:fd:98:c3:17:
75:96:61:7a:30:7c:ec:46:4b:40:e7:af:6e:10:ea:
55:8c:a7:06:69:14:f8:1e:ef:3a:d6:f6:4f:88:37:
6b:d7:8c:5a:7d:a8:3c:73:07:4f:80:8c:0a:d7:5a:
fa:60:b3:f4:ce:3b:12:60:81:14:da:78:b8:d0:64:
d9:6b:04:65:67:9e:d6:18:76:3b:66:a9:4d:6a:e0:
e0:73:64:18:13:4b:5f:82:36:4b:4d:76:b0:ce:51:
de:bf:00:f4:02:ad:9b:b0:4c:f8:d7:ed:f9:a4:ca:
bd:32:6c:78:2e:ac:a0:10:71:31:3a:99:f2:61:e7:
c6:f6:8e:08:4b:44:b1:b3:bc:fe:a6:8e:26:de:35:
9a:79:17:08:e6:54:03:a8:2a:c6:19:c2:47:ed:48:
a2:4a:ea:5d:2e:26:8c:35:4d:46:cd:d9:22:54:a7:
f5:ab:64:5b:ac:54:ff:6b:02:96:e6:f2:73:f8:59:
26:5f:f4:f0:32:e5:14:86:18:ec:66:6c:0d:85:ca:
54:b1:a8:ad:0c:8d:3f:ce:56:60:20:65:df:b4:c4:
bc:cc:c5:02:43:98:01:d7:6d:d4:81:3f:41:a5:f5:
1f:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:A2:52:90:5F:76:AE:01:34:42:93:E7:4C:FA:83:AE:F0:7F:A3:8F
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/LKJSkF92rgE0QpPnTPqDrvB_o48.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.111.0/24
45.9.28.0/24
45.88.138.0/24
77.83.38.0/24
Signature Algorithm: sha256WithRSAEncryption
9d:01:95:48:53:ed:6f:dd:9f:62:18:3b:6f:0b:ac:7b:8d:2b:
95:f9:2a:c0:e8:67:4e:21:b0:d7:02:86:64:08:e0:6f:09:2e:
13:56:6c:b9:ce:c6:26:d4:0d:76:91:de:0d:86:db:3f:cb:37:
0e:26:36:8a:fe:01:18:f3:53:75:76:6b:a1:03:da:7e:10:8d:
48:70:11:79:a0:37:93:67:86:d6:93:f3:d1:2c:c4:9b:68:2a:
3c:bc:6a:90:78:d8:f4:aa:3c:79:9b:3a:97:18:f0:31:2e:1a:
c2:08:f1:ad:bf:80:67:e0:9b:83:c4:5b:54:32:87:b6:1b:df:
6f:4e:b8:a0:43:10:3e:a9:96:2f:24:8c:13:41:14:dd:02:0f:
47:9f:3d:1b:c2:09:e6:d3:52:c0:a0:9d:b7:e1:55:1a:18:32:
df:58:62:05:50:e0:0e:9f:80:0b:62:05:a8:98:09:4d:2a:ad:
9d:c5:21:29:ab:96:73:e2:bd:91:e1:a2:f3:28:a0:e0:31:c2:
7d:f6:a9:8b:33:ef:95:84:a6:66:bd:08:db:71:56:4b:85:59:
e8:b4:33:e7:25:eb:3b:cd:bf:08:de:cd:35:20:40:94:9c:d0:
5a:3c:17:e1:c7:8e:18:b7:95:b2:38:f0:98:86:5c:7a:b7:22:
91:6a:a5:2d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQi+8OO2H3/ZLw3CY68bHiXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2EyNTI5MDVmNzZhZTAxMzQ0MjkzZTc0Y2ZhODNhZWYwN2ZhMzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4q3LpRdne+Ck2Q247qdjo+JmyRu
GrWpSv2Ywxd1lmF6MHzsRktA569uEOpVjKcGaRT4Hu861vZPiDdr14xafag8cwdP
gIwK11r6YLP0zjsSYIEU2ni40GTZawRlZ57WGHY7ZqlNauDgc2QYE0tfgjZLTXaw
zlHevwD0Aq2bsEz41+35pMq9Mmx4LqygEHExOpnyYefG9o4IS0Sxs7z+po4m3jWa
eRcI5lQDqCrGGcJH7UiiSupdLiaMNU1GzdkiVKf1q2RbrFT/awKW5vJz+FkmX/Tw
MuUUhhjsZmwNhcpUsaitDI0/zlZgIGXftMS8zMUCQ5gB123UgT9BpfUfYwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCyiUpBfdq4BNEKT50z6g67wf6OPMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvTEtKU2tGOTJyZ0UwUXBQblRQcURydkJfbzQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAAjhvAwQA
LQkcAwQALViKAwQATVMmMA0GCSqGSIb3DQEBCwUAA4IBAQCdAZVIU+1v3Z9iGDtv
C6x7jSuV+SrA6GdOIbDXAoZkCOBvCS4TVmy5zsYm1A12kd4Nhts/yzcOJjaK/gEY
81N1dmuhA9p+EI1IcBF5oDeTZ4bWk/PRLMSbaCo8vGqQeNj0qjx5mzqXGPAxLhrC
CPGtv4Bn4JuDxFtUMoe2G99vTrigQxA+qZYvJIwTQRTdAg9Hnz0bwgnm01LAoJ23
4VUaGDLfWGIFUOAOn4ALYgWomAlNKq2dxSEpq5Zz4r2R4aLzKKDgMcJ99qmLM++V
hKZmvQjbcVZLhVnotDPnJes7zb8I3s01IECUnNBaPBfhx44Yt5WyOPCYhlx6tyKR
aqUt
-----END CERTIFICATE-----
Generated at Wed Feb 5 06:38:19 2025 by rpki-client