Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/zKjUa9lzuIED6ICILd9HnilmfWQ.roa
File: zKjUa9lzuIED6ICILd9HnilmfWQ.roa (raw, json)
Hash identifier: 2f3YHXiQJl34EJz9Ez1Z0VjiXHF4BWysTFzrLEse6mc=
Subject key identifier: CC:A8:D4:6B:D9:73:B8:81:03:E8:80:88:2D:DF:47:9E:29:66:7D:64
Certificate issuer: /CN=f8ad543624f8d3281ec970458ee752f10a424529
Certificate serial: 019633A25AC2D8E21EA3C8FC07A2947C39AA
Authority key identifier: F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/zKjUa9lzuIED6ICILd9HnilmfWQ.roa
Signing time: Mon 14 Apr 2025 09:30:00 +0000
ROA not before: Mon 14 Apr 2025 09:30:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204666
IP address blocks: 176.119.192.0/24 maxlen: 24
185.87.142.0/23 maxlen: 24
185.243.172.0/22 maxlen: 24
2a05:aa00::/29 maxlen: 48
2a0d:1880::/29 maxlen: 48
2a0f:fec0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl
rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 20 Apr 2025 15:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:33:a2:5a:c2:d8:e2:1e:a3:c8:fc:07:a2:94:7c:39:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8ad543624f8d3281ec970458ee752f10a424529
Validity
Not Before: Apr 14 09:30:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cca8d46bd973b88103e880882ddf479e29667d64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:63:6e:d9:8e:bb:9b:97:2a:dc:d4:7d:d0:db:
82:13:5a:dc:e7:d8:7f:96:8f:72:77:a5:2b:4b:33:
b3:90:17:10:78:d3:84:11:e6:73:9e:a4:35:c3:2a:
d5:c4:8b:20:8e:cc:05:57:9c:f3:43:74:d8:ad:84:
f1:33:0a:c1:17:f6:d7:99:08:2f:bc:0e:e5:99:bf:
83:d3:65:e6:dc:b7:79:bb:ac:d8:1e:1b:b1:b4:fd:
17:80:ac:dd:4b:9d:7b:6b:7c:34:93:98:b2:84:ef:
15:48:83:95:06:ab:0e:03:69:5a:9f:5f:11:20:43:
2a:8c:49:13:4c:b5:66:01:8b:45:a2:64:1f:d8:30:
38:e4:27:01:33:f1:94:b5:6e:ef:03:10:c9:f3:fb:
8d:e5:b6:11:fb:26:a8:e9:bb:88:04:1e:e1:9a:99:
f6:c0:f5:f7:a1:c3:63:7c:01:6c:6e:c1:52:79:87:
bf:0a:61:f9:9c:1a:bd:18:e3:b0:fd:3c:17:c3:6c:
8e:8d:dc:13:d7:46:a6:b8:3a:3a:5c:39:59:bc:ac:
ae:0f:5b:e7:b3:cb:f7:71:15:8e:1d:2d:f6:38:f4:
b0:97:d1:7a:d0:5b:34:11:2f:47:39:48:d3:3f:bd:
3c:7d:d9:dc:28:ff:a1:94:1a:6f:16:cc:74:54:df:
7a:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:A8:D4:6B:D9:73:B8:81:03:E8:80:88:2D:DF:47:9E:29:66:7D:64
X509v3 Authority Key Identifier:
keyid:F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/zKjUa9lzuIED6ICILd9HnilmfWQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.119.192.0/24
185.87.142.0/23
185.243.172.0/22
IPv6:
2a05:aa00::/29
2a0d:1880::/29
2a0f:fec0::/29
Signature Algorithm: sha256WithRSAEncryption
4a:ad:da:ed:2b:e2:13:68:8e:0f:9f:b1:24:33:9e:ea:ef:d2:
17:a6:ce:a5:44:6c:b0:28:86:51:72:78:2c:7c:68:ff:bc:8f:
a6:0d:1f:0a:e8:19:66:4c:e3:61:d2:6f:22:3b:3d:6e:a7:87:
21:cf:f0:f7:5e:1d:d7:e3:3a:e3:48:50:b2:0b:63:ce:a0:3f:
2b:73:e1:19:2f:d5:22:98:52:5a:69:9d:9b:d7:db:e8:f6:02:
44:c0:34:d0:ec:38:f2:8a:62:73:36:d3:f8:9c:25:52:19:9a:
d9:cc:e6:8f:9b:03:e9:15:5f:3d:da:90:f7:a7:2a:87:46:e9:
f9:32:d4:d2:40:48:e3:d2:95:77:03:9b:c7:ba:86:dc:22:16:
6d:d1:77:95:9a:88:79:4e:a0:65:05:7a:28:5e:29:ac:18:0c:
ba:e0:15:a7:3b:29:35:3f:9c:85:42:a7:32:5e:5b:57:9d:2c:
54:f1:9d:5b:ee:98:6d:84:af:eb:2e:c7:34:f7:aa:a7:7e:5e:
97:3f:e7:09:4a:5d:6d:e0:9e:a0:67:32:c7:b7:37:bf:da:ee:
0c:d2:71:4b:68:6e:40:f4:70:d4:8c:c0:83:59:89:9a:5e:5b:
eb:e7:45:ce:3c:e0:f2:42:66:7c:7f:e0:a1:a3:21:ed:4d:ca:
8e:a8:f4:18
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZYzolrC2OIeo8j8B6KUfDmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YWQ1NDM2MjRmOGQzMjgxZWM5NzA0NThlZTc1MmYxMGE0
MjQ1MjkwHhcNMjUwNDE0MDkzMDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2E4ZDQ2YmQ5NzNiODgxMDNlODgwODgyZGRmNDc5ZTI5NjY3ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WNu2Y67m5cq3NR90NuCE1rc59h/
lo9yd6UrSzOzkBcQeNOEEeZznqQ1wyrVxIsgjswFV5zzQ3TYrYTxMwrBF/bXmQgv
vA7lmb+D02Xm3Ld5u6zYHhuxtP0XgKzdS517a3w0k5iyhO8VSIOVBqsOA2lan18R
IEMqjEkTTLVmAYtFomQf2DA45CcBM/GUtW7vAxDJ8/uN5bYR+yao6buIBB7hmpn2
wPX3ocNjfAFsbsFSeYe/CmH5nBq9GOOw/TwXw2yOjdwT10amuDo6XDlZvKyuD1vn
s8v3cRWOHS32OPSwl9F60Fs0ES9HOUjTP708fdncKP+hlBpvFsx0VN96wQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFMyo1GvZc7iBA+iAiC3fR54pZn1kMB8GA1UdIwQY
MBaAFPitVDYk+NMoHslwRY7nUvEKQkUpMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LMVVOaVQ0MHlnZXlYQkZqdWRTOFFwQ1JTay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5
LThhMTFiNDcxOWQ4Mi8xL3pLalVhOWx6dUlFRDZJQ0lMZDlIbmlsbWZXUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5LThhMTFiNDcxOWQ4
Mi8xLzEtSzFVTmlUNDB5Z2V5WEJGanVkUzhRcENSU2suY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSAYIKwYBBQUHAQcBAf8EOTA3MBgEAgABMBIDBACwd8AD
BAG5V44DBAK586wwGwQCAAIwFQMFAyoFqgADBQMqDRiAAwUDKg/+wDANBgkqhkiG
9w0BAQsFAAOCAQEASq3a7SviE2iOD5+xJDOe6u/SF6bOpURssCiGUXJ4LHxo/7yP
pg0fCugZZkzjYdJvIjs9bqeHIc/w914d1+M640hQsgtjzqA/K3PhGS/VIphSWmmd
m9fb6PYCRMA00Ow48opiczbT+JwlUhma2czmj5sD6RVfPdqQ96cqh0bp+TLU0kBI
49KVdwObx7qG3CIWbdF3lZqIeU6gZQV6KF4prBgMuuAVpzspNT+chUKnMl5bV50s
VPGdW+6YbYSv6y7HNPeqp35elz/nCUpdbeCeoGcyx7c3v9ruDNJxS2huQPRw1IzA
g1mJml5b6+dFzjzg8kJmfH/goaMh7U3Kjqj0GA==
-----END CERTIFICATE-----
Generated at Sun Apr 20 00:46:22 2025 by rpki-client