Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/ab8307-5f9c-49c6-8a0b-f3b45819f2b0/1/KkXU6YkVywPte3FQKPTwmXq43Jw.roa
File: KkXU6YkVywPte3FQKPTwmXq43Jw.roa (raw, json)
Hash identifier: +grv15uxretevWYIDb50yFoisYnL85l43pH++WpX3xI=
Subject key identifier: 2A:45:D4:E9:89:15:CB:03:ED:7B:71:50:28:F4:F0:99:7A:B8:DC:9C
Certificate issuer: /CN=98a987c6cd0a36f94dbef10ef2a2c66020a95611
Certificate serial: 01941F8C1E94E60A89B04B887F9065C549D0
Authority key identifier: 98:A9:87:C6:CD:0A:36:F9:4D:BE:F1:0E:F2:A2:C6:60:20:A9:56:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mKmHxs0KNvlNvvEO8qLGYCCpVhE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/ab8307-5f9c-49c6-8a0b-f3b45819f2b0/1/KkXU6YkVywPte3FQKPTwmXq43Jw.roa
Signing time: Wed 01 Jan 2025 01:47:44 +0000
ROA not before: Wed 01 Jan 2025 01:47:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29611
IP address blocks: 45.157.84.0/22 maxlen: 24
185.2.216.0/22 maxlen: 24
185.43.184.0/22 maxlen: 24
185.73.184.0/22 maxlen: 24
217.68.240.0/20 maxlen: 24
217.69.32.0/20 maxlen: 24
2a00:c20::/32 maxlen: 32
2a03:2d20::/32 maxlen: 48
2a04:95c0::/29 maxlen: 29
2a0f:5280::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1a/ab8307-5f9c-49c6-8a0b-f3b45819f2b0/1/mKmHxs0KNvlNvvEO8qLGYCCpVhE.crl
rsync://rpki.ripe.net/repository/DEFAULT/1a/ab8307-5f9c-49c6-8a0b-f3b45819f2b0/1/mKmHxs0KNvlNvvEO8qLGYCCpVhE.mft
rsync://rpki.ripe.net/repository/DEFAULT/mKmHxs0KNvlNvvEO8qLGYCCpVhE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 22:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:1e:94:e6:0a:89:b0:4b:88:7f:90:65:c5:49:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=98a987c6cd0a36f94dbef10ef2a2c66020a95611
Validity
Not Before: Jan 1 01:47:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a45d4e98915cb03ed7b715028f4f0997ab8dc9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:dc:17:d8:bf:8f:a8:c6:ef:cb:96:8d:84:cd:
1a:4f:cd:b6:0e:85:7f:8f:d9:24:62:81:74:c8:31:
94:87:88:0a:c5:e6:ac:45:80:3f:59:0c:54:f6:68:
51:6a:d5:d6:dd:13:83:51:34:22:71:25:d2:68:4f:
00:45:ea:62:d1:cb:45:58:24:b9:da:fe:65:4c:39:
c5:05:8e:8d:bf:f5:31:05:1a:c2:c0:84:fc:3f:2c:
0e:f5:ff:41:d0:96:ea:1c:e6:59:f3:2f:0e:d0:28:
57:5e:4a:70:01:21:ef:49:8a:12:7c:5f:9c:74:db:
c4:8e:35:b6:3f:80:e8:47:3f:e3:21:ab:b3:cf:f0:
5e:97:47:1d:cc:e6:8a:40:42:11:97:2f:7e:8b:aa:
86:58:2a:06:a2:da:bb:a9:8f:c8:f9:87:7b:1b:c1:
92:fc:22:02:91:58:34:98:b9:40:9e:66:9c:a1:08:
d8:23:9e:63:64:83:d7:cf:71:85:3c:50:48:88:13:
bf:ed:90:d3:1c:64:bc:4e:13:b3:2b:2c:fb:90:a5:
6f:3a:7b:7d:5b:4a:12:2e:30:77:e4:3c:e0:e6:45:
e4:43:7b:b1:ff:ca:80:2d:7f:ac:73:e0:7f:f4:10:
74:b5:cd:b4:8e:c7:d6:14:6a:90:34:40:90:eb:64:
6b:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:45:D4:E9:89:15:CB:03:ED:7B:71:50:28:F4:F0:99:7A:B8:DC:9C
X509v3 Authority Key Identifier:
keyid:98:A9:87:C6:CD:0A:36:F9:4D:BE:F1:0E:F2:A2:C6:60:20:A9:56:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mKmHxs0KNvlNvvEO8qLGYCCpVhE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ab8307-5f9c-49c6-8a0b-f3b45819f2b0/1/KkXU6YkVywPte3FQKPTwmXq43Jw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ab8307-5f9c-49c6-8a0b-f3b45819f2b0/1/mKmHxs0KNvlNvvEO8qLGYCCpVhE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.157.84.0/22
185.2.216.0/22
185.43.184.0/22
185.73.184.0/22
217.68.240.0/20
217.69.32.0/20
IPv6:
2a00:c20::/32
2a03:2d20::/32
2a04:95c0::/29
2a0f:5280::/29
Signature Algorithm: sha256WithRSAEncryption
74:4c:ef:5e:df:22:d7:f5:62:2a:d8:de:76:8d:f8:3f:af:55:
e4:d3:fc:eb:7f:7a:4d:9a:78:48:b1:80:82:8e:7c:43:8c:bc:
c3:5e:35:67:54:7d:5d:c4:f9:f3:53:35:69:cb:1d:e1:a8:95:
6e:7d:c5:30:8d:2f:c4:dc:30:b9:95:93:01:e0:17:1e:45:58:
3c:de:d9:70:e1:45:56:0d:48:22:ab:21:c3:84:2c:77:6b:85:
76:b1:eb:c5:99:07:65:bc:01:03:0c:1c:d8:3a:eb:02:ed:7d:
0d:86:a1:6a:8b:cd:e7:76:a7:b5:2d:6d:82:31:71:67:b6:ce:
cd:64:15:25:9d:23:94:54:0d:4c:12:00:de:1c:d5:e2:6e:13:
15:b0:16:e6:ac:7b:0f:6f:88:a3:0f:30:11:cb:ac:55:87:3e:
22:92:b7:04:ce:a5:a1:56:5b:69:4b:4d:11:3f:ec:d5:57:b7:
4b:92:5f:4c:ea:47:24:39:bc:28:a5:38:ce:5d:fe:c4:82:27:
00:ee:67:e0:a0:05:d7:0a:b5:73:11:e7:6d:7b:70:5c:44:02:
e7:93:8a:14:6e:78:71:95:24:ab:74:7f:b2:00:b8:a6:c1:9e:
94:0b:f2:84:6b:e6:c3:c4:5e:0c:de:15:03:34:a9:e2:4a:40:
74:f1:ff:c4
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZQfjB6U5gqJsEuIf5BlxUnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YTk4N2M2Y2QwYTM2Zjk0ZGJlZjEwZWYyYTJjNjYwMjBh
OTU2MTEwHhcNMjUwMTAxMDE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTQ1ZDRlOTg5MTVjYjAzZWQ3YjcxNTAyOGY0ZjA5OTdhYjhkYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntwX2L+PqMbvy5aNhM0aT822DoV/
j9kkYoF0yDGUh4gKxeasRYA/WQxU9mhRatXW3RODUTQicSXSaE8ARepi0ctFWCS5
2v5lTDnFBY6Nv/UxBRrCwIT8PywO9f9B0JbqHOZZ8y8O0ChXXkpwASHvSYoSfF+c
dNvEjjW2P4DoRz/jIauzz/Bel0cdzOaKQEIRly9+i6qGWCoGotq7qY/I+Yd7G8GS
/CICkVg0mLlAnmacoQjYI55jZIPXz3GFPFBIiBO/7ZDTHGS8ThOzKyz7kKVvOnt9
W0oSLjB35Dzg5kXkQ3ux/8qALX+sc+B/9BB0tc20jsfWFGqQNECQ62RrbwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCpF1OmJFcsD7XtxUCj08Jl6uNycMB8GA1UdIwQY
MBaAFJiph8bNCjb5Tb7xDvKixmAgqVYRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUttSHhzMEtOdmxOdnZFTzhxTEdZQ0NwVmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9hYjgzMDctNWY5Yy00OWM2LThhMGIt
ZjNiNDU4MTlmMmIwLzEvS2tYVTZZa1Z5d1B0ZTNGUUtQVHdtWHE0M0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9hYjgzMDctNWY5Yy00OWM2LThhMGItZjNiNDU4MTlmMmIw
LzEvbUttSHhzMEtOdmxOdnZFTzhxTEdZQ0NwVmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDAqBAIAATAkAwQCLZ1UAwQC
uQLYAwQCuSu4AwQCuUm4AwQE2UTwAwQE2UUgMCIEAgACMBwDBQAqAAwgAwUAKgMt
IAMFAyoElcADBQMqD1KAMA0GCSqGSIb3DQEBCwUAA4IBAQB0TO9e3yLX9WIq2N52
jfg/r1Xk0/zrf3pNmnhIsYCCjnxDjLzDXjVnVH1dxPnzUzVpyx3hqJVufcUwjS/E
3DC5lZMB4BceRVg83tlw4UVWDUgiqyHDhCx3a4V2sevFmQdlvAEDDBzYOusC7X0N
hqFqi83ndqe1LW2CMXFnts7NZBUlnSOUVA1MEgDeHNXibhMVsBbmrHsPb4ijDzAR
y6xVhz4ikrcEzqWhVltpS00RP+zVV7dLkl9M6kckObwopTjOXf7EgicA7mfgoAXX
CrVzEedte3BcRALnk4oUbnhxlSSrdH+yALimwZ6UC/KEa+bDxF4M3hUDNKniSkB0
8f/E
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:58:19 2025 by rpki-client