Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/e00d1e-4a18-4956-82a4-190a5c8d9d95/1/TtaEnd2x3ONkWdmzFo1Q2PBTLIk.roa
File: TtaEnd2x3ONkWdmzFo1Q2PBTLIk.roa (raw, json)
Hash identifier: RgO9/5xhOVSpsgM4/jEFkDHMzjZGXv/dAO6C3WOQueE=
Subject key identifier: 4E:D6:84:9D:DD:B1:DC:E3:64:59:D9:B3:16:8D:50:D8:F0:53:2C:89
Certificate issuer: /CN=90afdcff7de3a65947631f92c67e272767194478
Certificate serial: 019421443AC73A8B2AC0E29281A645374CA7
Authority key identifier: 90:AF:DC:FF:7D:E3:A6:59:47:63:1F:92:C6:7E:27:27:67:19:44:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kK_c_33jpllHYx-Sxn4nJ2cZRHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/e00d1e-4a18-4956-82a4-190a5c8d9d95/1/TtaEnd2x3ONkWdmzFo1Q2PBTLIk.roa
Signing time: Wed 01 Jan 2025 09:48:27 +0000
ROA not before: Wed 01 Jan 2025 09:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199441
IP address blocks: 185.14.128.0/23 maxlen: 24
185.14.130.0/24 maxlen: 24
185.14.131.0/24 maxlen: 24
195.192.236.0/22 maxlen: 24
2a03:a240::/47 maxlen: 48
2a03:a240:2::/48 maxlen: 48
2a03:a240:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/e00d1e-4a18-4956-82a4-190a5c8d9d95/1/kK_c_33jpllHYx-Sxn4nJ2cZRHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/20/e00d1e-4a18-4956-82a4-190a5c8d9d95/1/kK_c_33jpllHYx-Sxn4nJ2cZRHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/kK_c_33jpllHYx-Sxn4nJ2cZRHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:3a:c7:3a:8b:2a:c0:e2:92:81:a6:45:37:4c:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=90afdcff7de3a65947631f92c67e272767194478
Validity
Not Before: Jan 1 09:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4ed6849dddb1dce36459d9b3168d50d8f0532c89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:9f:7f:fd:5c:45:5e:a4:41:92:f0:f2:b4:61:
27:ca:95:00:4b:bb:09:12:5b:aa:8d:ee:1e:c2:4e:
79:d3:2b:17:26:01:80:4f:5a:58:f3:07:02:e3:bb:
65:ec:d3:c1:44:73:2e:a2:53:fb:16:f4:0f:b1:c2:
b4:31:ac:b4:ae:bf:72:15:4c:4d:cc:cc:47:d1:a8:
aa:de:82:d4:aa:77:90:43:b1:69:a1:f4:27:83:7d:
04:5f:19:4a:a7:7c:a9:5a:ad:e9:9e:f7:4a:cf:53:
00:2f:ca:4f:b3:0e:97:d0:18:56:3e:51:c7:bb:ee:
53:f1:35:b1:b3:48:3e:ee:64:9e:d6:79:42:b1:a2:
f4:a1:4d:2e:6a:93:35:45:85:20:e7:c8:f8:e5:bb:
ee:1a:97:7f:11:32:21:07:16:88:15:6e:a8:04:1f:
b5:2a:f5:9a:94:91:ac:90:6b:69:64:ce:b0:76:3e:
6c:65:57:9c:21:d4:67:0c:62:22:22:1c:3a:41:b3:
58:24:9d:d3:09:e0:a2:d1:e3:5f:39:e8:99:78:d6:
f3:22:f3:81:db:8c:4c:17:9a:e7:b7:0d:48:7b:cc:
9e:37:53:75:0f:ad:14:aa:f3:a3:3b:74:cc:72:c9:
d4:7e:da:3c:2c:e2:87:05:5d:a6:2a:75:0c:93:ed:
01:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:D6:84:9D:DD:B1:DC:E3:64:59:D9:B3:16:8D:50:D8:F0:53:2C:89
X509v3 Authority Key Identifier:
keyid:90:AF:DC:FF:7D:E3:A6:59:47:63:1F:92:C6:7E:27:27:67:19:44:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kK_c_33jpllHYx-Sxn4nJ2cZRHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/e00d1e-4a18-4956-82a4-190a5c8d9d95/1/TtaEnd2x3ONkWdmzFo1Q2PBTLIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/e00d1e-4a18-4956-82a4-190a5c8d9d95/1/kK_c_33jpllHYx-Sxn4nJ2cZRHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.14.128.0/22
195.192.236.0/22
IPv6:
2a03:a240::/46
Signature Algorithm: sha256WithRSAEncryption
77:e0:78:d6:a8:11:39:7e:88:8c:ea:70:3f:8c:2f:ff:d1:b5:
c2:f5:ba:34:3c:cb:e4:2d:09:a1:ca:0a:a0:d9:bf:ee:88:02:
d0:07:bf:45:31:a2:24:06:d7:c3:c6:e8:83:fa:34:7d:1e:1b:
6a:c4:c2:da:11:7f:7e:fc:70:00:76:61:ee:58:8c:bf:eb:86:
f4:48:0e:49:d4:af:cb:24:d0:16:5a:ca:b0:b9:f5:6b:8f:f6:
cd:36:51:e1:8d:52:b0:cc:14:9b:37:ee:93:59:a7:41:2a:1b:
ec:8d:da:21:02:8a:70:36:89:50:ac:78:5e:06:f6:75:99:99:
59:14:37:6e:db:ad:d9:42:b7:1a:8a:50:33:a6:50:e1:72:e5:
9a:ed:8a:23:f1:36:29:1b:b3:61:19:e6:7d:f5:21:a1:c8:5c:
e5:2a:bd:6f:10:83:b4:d9:3a:ff:38:b8:b5:be:5b:d1:66:25:
53:9b:f2:ef:66:80:3a:6e:a9:b0:bc:d9:61:5e:63:16:e8:40:
79:90:85:61:47:4c:30:27:5e:7b:a0:ed:96:a6:29:1f:04:ff:
4d:58:60:d6:4c:77:d5:ef:32:18:dc:b4:83:fd:5f:c7:f4:3b:
4d:95:ca:c6:cc:1e:bb:9c:5d:77:db:f5:01:c0:1a:34:45:a3:
0d:e2:52:24
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQhRDrHOosqwOKSgaZFN0ynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYWZkY2ZmN2RlM2E2NTk0NzYzMWY5MmM2N2UyNzI3Njcx
OTQ0NzgwHhcNMjUwMTAxMDk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWQ2ODQ5ZGRkYjFkY2UzNjQ1OWQ5YjMxNjhkNTBkOGYwNTMyYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAip9//VxFXqRBkvDytGEnypUAS7sJ
Eluqje4ewk550ysXJgGAT1pY8wcC47tl7NPBRHMuolP7FvQPscK0May0rr9yFUxN
zMxH0aiq3oLUqneQQ7FpofQng30EXxlKp3ypWq3pnvdKz1MAL8pPsw6X0BhWPlHH
u+5T8TWxs0g+7mSe1nlCsaL0oU0uapM1RYUg58j45bvuGpd/ETIhBxaIFW6oBB+1
KvWalJGskGtpZM6wdj5sZVecIdRnDGIiIhw6QbNYJJ3TCeCi0eNfOeiZeNbzIvOB
24xMF5rntw1Ie8yeN1N1D60UqvOjO3TMcsnUfto8LOKHBV2mKnUMk+0BrwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFE7WhJ3dsdzjZFnZsxaNUNjwUyyJMB8GA1UdIwQY
MBaAFJCv3P9946ZZR2MfksZ+JydnGUR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0tfY18zM2pwbGxIWXgtU3huNG5KMmNaUkhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9lMDBkMWUtNGExOC00OTU2LTgyYTQt
MTkwYTVjOGQ5ZDk1LzEvVHRhRW5kMngzT05rV2RtekZvMVEyUEJUTElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9lMDBkMWUtNGExOC00OTU2LTgyYTQtMTkwYTVjOGQ5ZDk1
LzEva0tfY18zM2pwbGxIWXgtU3huNG5KMmNaUkhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCuQ6AAwQC
w8DsMA8EAgACMAkDBwIqA6JAAAAwDQYJKoZIhvcNAQELBQADggEBAHfgeNaoETl+
iIzqcD+ML//RtcL1ujQ8y+QtCaHKCqDZv+6IAtAHv0UxoiQG18PG6IP6NH0eG2rE
wtoRf378cAB2Ye5YjL/rhvRIDknUr8sk0BZayrC59WuP9s02UeGNUrDMFJs37pNZ
p0EqG+yN2iECinA2iVCseF4G9nWZmVkUN27brdlCtxqKUDOmUOFy5ZrtiiPxNikb
s2EZ5n31IaHIXOUqvW8Qg7TZOv84uLW+W9FmJVOb8u9mgDpuqbC82WFeYxboQHmQ
hWFHTDAnXnug7ZamKR8E/01YYNZMd9XvMhjctIP9X8f0O02VysbMHrucXXfb9QHA
GjRFow3iUiQ=
-----END CERTIFICATE-----
Generated at Sun Feb 2 10:00:38 2025 by rpki-client