Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/JKKr0NwqKrBRfO9-TNMA6fKjebU.roa
File: JKKr0NwqKrBRfO9-TNMA6fKjebU.roa (raw, json)
Hash identifier: +prVLn/SSNSb/SQ4BmX9heAxTyq0XNrqnNVcVb/zNYQ=
Subject key identifier: 24:A2:AB:D0:DC:2A:2A:B0:51:7C:EF:7E:4C:D3:00:E9:F2:A3:79:B5
Certificate issuer: /CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Certificate serial: 0194244513B5E422AA12C4243A31944E2831
Authority key identifier: 30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/JKKr0NwqKrBRfO9-TNMA6fKjebU.roa
Signing time: Wed 01 Jan 2025 23:48:14 +0000
ROA not before: Wed 01 Jan 2025 23:48:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60718
IP address blocks: 109.74.86.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.mft
rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 08:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:13:b5:e4:22:aa:12:c4:24:3a:31:94:4e:28:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Validity
Not Before: Jan 1 23:48:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=24a2abd0dc2a2ab0517cef7e4cd300e9f2a379b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:45:35:6c:eb:94:8e:c8:8e:0d:c6:71:8e:3b:
dc:ea:22:6b:9d:3e:dd:94:7a:e5:c7:4d:11:b7:f8:
86:62:cf:bd:43:38:26:b0:f8:68:66:01:f7:0b:e8:
0c:68:17:50:c3:12:aa:1a:9a:21:06:8a:56:1b:fd:
21:30:04:78:0c:9f:22:06:9a:44:16:18:16:07:66:
a4:c6:c4:54:ec:f5:73:6a:97:23:71:1b:c5:43:32:
f0:33:5c:89:ee:ec:a7:75:75:e5:f3:2d:5a:e1:24:
59:de:38:8a:65:32:5a:97:67:68:7b:2e:88:35:55:
98:87:50:44:94:36:d4:24:48:38:ea:d3:8e:1c:c7:
a1:d3:1f:b3:61:0d:98:7d:e1:e0:9a:b3:2a:cb:9c:
f8:69:6e:92:f0:14:84:7b:d4:4d:3d:90:03:4e:4e:
12:c6:6a:3e:ab:ef:e9:a9:92:07:17:a5:f8:82:06:
69:ff:eb:12:86:ce:79:5d:db:f8:ad:4d:d7:2c:5a:
ac:d7:d4:57:ac:8d:88:f5:47:da:4f:85:35:4d:32:
ee:6b:8f:58:b4:a3:5d:1e:15:48:95:e0:8d:25:59:
e1:4e:b8:15:a8:d8:3d:65:e4:e0:93:52:97:fb:d9:
38:81:74:62:3c:ed:50:bb:84:1f:a7:bf:c1:00:48:
2e:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:A2:AB:D0:DC:2A:2A:B0:51:7C:EF:7E:4C:D3:00:E9:F2:A3:79:B5
X509v3 Authority Key Identifier:
keyid:30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/JKKr0NwqKrBRfO9-TNMA6fKjebU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.74.86.0/24
Signature Algorithm: sha256WithRSAEncryption
98:37:95:2c:d8:0d:48:f6:9a:41:2f:72:db:19:1c:1b:35:cf:
2c:34:82:c1:33:3f:31:d5:58:cd:e6:20:4a:d0:56:91:6a:5d:
d9:26:a1:0f:3a:c6:4f:a1:07:01:20:c5:ab:0d:06:5a:78:b7:
9a:e2:ec:3b:9f:4f:90:57:89:96:3b:d7:15:53:f2:fa:5e:4e:
62:95:96:8f:a9:3d:19:da:97:43:2f:63:7c:2c:f4:1e:46:23:
ba:52:99:73:58:59:61:e7:db:ff:88:fb:26:7c:01:78:51:c2:
95:ee:c8:8a:91:37:ce:8c:54:61:e4:8f:95:f4:3e:92:ec:14:
bc:42:9f:6a:60:c1:1b:1a:92:01:5d:5a:28:95:6b:23:1c:ac:
6b:f8:70:fb:80:be:a2:cd:cb:4d:89:ac:9a:44:4c:59:54:31:
dd:c3:80:3a:e4:d3:e6:17:86:c2:17:ef:67:ed:ee:43:72:1e:
e6:a5:a7:4a:b3:3a:49:4a:19:cb:f6:48:18:b6:22:34:7d:39:
6b:b5:32:00:dc:27:f6:35:cc:e8:4c:73:86:f4:10:b8:91:fd:
3c:01:de:7b:37:ea:55:6e:bf:f0:47:4f:9b:4e:f2:c7:e5:10:
3a:8e:9b:be:0e:04:17:16:c1:f2:25:aa:71:c4:0f:c1:f6:69:
c9:30:7a:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRRO15CKqEsQkOjGUTigxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Q4ODdjMDJlMDdjOWU0NzRkMWY4ZTIxMDQ5Y2FhNmNl
M2ZiZDMwHhcNMjUwMTAxMjM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGEyYWJkMGRjMmEyYWIwNTE3Y2VmN2U0Y2QzMDBlOWYyYTM3OWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA40U1bOuUjsiODcZxjjvc6iJrnT7d
lHrlx00Rt/iGYs+9QzgmsPhoZgH3C+gMaBdQwxKqGpohBopWG/0hMAR4DJ8iBppE
FhgWB2akxsRU7PVzapcjcRvFQzLwM1yJ7uyndXXl8y1a4SRZ3jiKZTJal2doey6I
NVWYh1BElDbUJEg46tOOHMeh0x+zYQ2YfeHgmrMqy5z4aW6S8BSEe9RNPZADTk4S
xmo+q+/pqZIHF6X4ggZp/+sShs55Xdv4rU3XLFqs19RXrI2I9UfaT4U1TTLua49Y
tKNdHhVIleCNJVnhTrgVqNg9ZeTgk1KX+9k4gXRiPO1Qu4Qfp7/BAEgu0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSiq9DcKiqwUXzvfkzTAOnyo3m1MB8GA1UdIwQY
MBaAFDB9iHwC4HyeR00fjiEEnKps4/vTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMt
MWE1ZTVmMTkxYmZhLzEvSktLcjBOd3FLckJSZk85LVROTUE2ZktqZWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMtMWE1ZTVmMTkxYmZh
LzEvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUpWMA0G
CSqGSIb3DQEBCwUAA4IBAQCYN5Us2A1I9ppBL3LbGRwbNc8sNILBMz8x1VjN5iBK
0FaRal3ZJqEPOsZPoQcBIMWrDQZaeLea4uw7n0+QV4mWO9cVU/L6Xk5ilZaPqT0Z
2pdDL2N8LPQeRiO6UplzWFlh59v/iPsmfAF4UcKV7siKkTfOjFRh5I+V9D6S7BS8
Qp9qYMEbGpIBXVoolWsjHKxr+HD7gL6izctNiayaRExZVDHdw4A65NPmF4bCF+9n
7e5Dch7mpadKszpJShnL9kgYtiI0fTlrtTIA3Cf2NczoTHOG9BC4kf08Ad57N+pV
br/wR0+bTvLH5RA6jpu+DgQXFsHyJapxxA/B9mnJMHp8
-----END CERTIFICATE-----
Generated at Mon Apr 21 16:15:19 2025 by rpki-client