Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/lkKfm_f_wEEUNGQ-mYrqpjp6pn0.roa
File: lkKfm_f_wEEUNGQ-mYrqpjp6pn0.roa (raw, json)
Hash identifier: 1IEa2ddZDnV+Za6fAq2QN5r69jM42zaWvCVu/tVx9UM=
Subject key identifier: 96:42:9F:9B:F7:FF:C0:41:14:34:64:3E:99:8A:EA:A6:3A:7A:A6:7D
Certificate issuer: /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial: 019424B3AEDB56833ACA0784D4FC8291EBA3
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/lkKfm_f_wEEUNGQ-mYrqpjp6pn0.roa
Signing time: Thu 02 Jan 2025 01:49:03 +0000
ROA not before: Thu 02 Jan 2025 01:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214036
IP address blocks: 31.171.131.0/24 maxlen: 24
109.235.48.0/24 maxlen: 24
2a00:dd0:eeee::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.mft
rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 01:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:ae:db:56:83:3a:ca:07:84:d4:fc:82:91:eb:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Validity
Not Before: Jan 2 01:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=96429f9bf7ffc0411434643e998aeaa63a7aa67d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:b2:8c:25:bf:48:eb:05:7e:aa:f4:6d:8f:e8:
a8:12:ec:23:ab:4b:4e:17:e6:96:b0:3d:c8:d8:95:
31:da:16:00:5f:c4:76:51:41:6a:71:81:2c:f1:52:
e2:fc:03:5a:94:9c:b3:07:cd:19:05:d4:60:2e:76:
5a:a2:04:89:ea:98:f6:4a:d4:6b:e9:34:6d:fd:d4:
95:78:30:80:86:4c:8b:6d:84:d5:29:2c:f6:22:58:
b2:a0:8f:64:97:e1:eb:fd:71:cb:d9:26:13:3d:8c:
e4:fc:bc:a6:32:5d:7c:3d:ee:d5:b2:e9:1b:c8:58:
7d:bc:b7:42:17:5a:41:ac:5d:41:65:13:dc:45:7e:
62:93:c1:fc:1d:71:e6:d6:26:b5:f6:f7:c5:28:a1:
3c:97:8c:1e:c3:5a:7d:24:8a:57:e5:8d:e3:98:c9:
08:b3:e5:94:ed:2d:6c:41:97:76:f1:7d:1c:1c:17:
14:e2:88:8e:f2:13:92:e7:7c:49:f8:07:64:d8:d6:
89:2f:44:b5:74:b8:f0:0a:3e:02:d9:23:0f:4c:51:
a6:b4:81:ab:83:cc:a3:92:58:8c:c0:53:e6:aa:a5:
92:9b:f9:58:6d:1f:1e:fe:ae:99:b4:00:49:b4:b0:
db:a4:66:f9:2c:12:08:88:c3:21:8f:cb:72:15:59:
0e:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:42:9F:9B:F7:FF:C0:41:14:34:64:3E:99:8A:EA:A6:3A:7A:A6:7D
X509v3 Authority Key Identifier:
keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/lkKfm_f_wEEUNGQ-mYrqpjp6pn0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.131.0/24
109.235.48.0/24
IPv6:
2a00:dd0:eeee::/48
Signature Algorithm: sha256WithRSAEncryption
87:04:77:99:46:3e:c6:33:f1:ea:25:44:72:b6:6d:5b:bb:ac:
ad:8c:b5:0b:61:e5:b3:f3:6e:b4:b2:64:79:09:87:12:8e:1f:
6d:86:34:bf:cc:46:04:b0:6d:a9:fa:2f:e4:8b:4b:7d:f5:1e:
bc:a7:7c:cd:54:db:a1:95:1a:d6:81:f6:db:5b:81:13:37:a1:
ed:0e:54:b3:a9:65:0d:4c:a5:ff:6c:df:68:95:e9:26:b9:aa:
54:92:af:76:e6:ce:37:6d:96:74:84:08:c3:fd:0c:a1:95:58:
22:66:0f:68:28:7e:07:d7:49:ba:86:87:d3:1d:63:19:24:f4:
72:1e:a3:bc:05:4c:34:86:f0:b2:ea:28:da:eb:86:1c:ee:c4:
ef:e8:0c:d0:51:bb:b0:e9:a6:d1:df:1b:ff:e9:f0:cc:49:fa:
9e:2f:7e:a7:e4:c5:95:32:e2:6f:8c:99:21:c5:83:d4:bd:fb:
4d:41:28:b8:d6:85:e4:4e:20:d3:06:c6:12:6b:c0:7f:d6:5e:
a7:4f:8e:a3:85:ab:76:b5:04:71:93:54:51:af:e9:1e:d2:27:
6b:eb:bb:11:a4:34:ab:02:e0:fc:03:5c:3c:0d:0d:0f:5a:2c:
17:02:3b:e5:b5:20:c1:9b:29:5e:43:35:a0:4b:c4:bd:95:fd:
f7:3c:d3:84
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQks67bVoM6ygeE1PyCkeujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjQyOWY5YmY3ZmZjMDQxMTQzNDY0M2U5OThhZWFhNjNhN2FhNjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbKMJb9I6wV+qvRtj+ioEuwjq0tO
F+aWsD3I2JUx2hYAX8R2UUFqcYEs8VLi/ANalJyzB80ZBdRgLnZaogSJ6pj2StRr
6TRt/dSVeDCAhkyLbYTVKSz2IliyoI9kl+Hr/XHL2SYTPYzk/LymMl18Pe7Vsukb
yFh9vLdCF1pBrF1BZRPcRX5ik8H8HXHm1ia19vfFKKE8l4wew1p9JIpX5Y3jmMkI
s+WU7S1sQZd28X0cHBcU4oiO8hOS53xJ+Adk2NaJL0S1dLjwCj4C2SMPTFGmtIGr
g8yjkliMwFPmqqWSm/lYbR8e/q6ZtABJtLDbpGb5LBIIiMMhj8tyFVkOTQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJZCn5v3/8BBFDRkPpmK6qY6eqZ9MB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvbGtLZm1fZl93RUVVTkdRLW1ZcnFwanA2cG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAH6uDAwQA
beswMA8EAgACMAkDBwAqAA3Q7u4wDQYJKoZIhvcNAQELBQADggEBAIcEd5lGPsYz
8eolRHK2bVu7rK2MtQth5bPzbrSyZHkJhxKOH22GNL/MRgSwban6L+SLS331Hryn
fM1U26GVGtaB9ttbgRM3oe0OVLOpZQ1Mpf9s32iV6Sa5qlSSr3bmzjdtlnSECMP9
DKGVWCJmD2gofgfXSbqGh9MdYxkk9HIeo7wFTDSG8LLqKNrrhhzuxO/oDNBRu7Dp
ptHfG//p8MxJ+p4vfqfkxZUy4m+MmSHFg9S9+01BKLjWheROINMGxhJrwH/WXqdP
jqOFq3a1BHGTVFGv6R7SJ2vruxGkNKsC4PwDXDwNDQ9aLBcCO+W1IMGbKV5DNaBL
xL2V/fc804Q=
-----END CERTIFICATE-----
Generated at Mon Apr 7 09:41:36 2025 by rpki-client