Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/ef7b03-e796-40ad-b66b-587aef6dc285/1/aK_WMtrzKAXs0LTqbVOCa8ChzP8.roa
File: aK_WMtrzKAXs0LTqbVOCa8ChzP8.roa (raw, json)
Hash identifier: f1Um7efAs/j5iF2wB08cWIqaipZskvxt+HmOXtWDHMs=
Subject key identifier: 68:AF:D6:32:DA:F3:28:05:EC:D0:B4:EA:6D:53:82:6B:C0:A1:CC:FF
Certificate issuer: /CN=2b81c753b77665e7a59f8e508314f159356c228e
Certificate serial: 019420681F992985AD7DF677C6A9780B6086
Authority key identifier: 2B:81:C7:53:B7:76:65:E7:A5:9F:8E:50:83:14:F1:59:35:6C:22:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K4HHU7d2Zeeln45QgxTxWTVsIo4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/ef7b03-e796-40ad-b66b-587aef6dc285/1/aK_WMtrzKAXs0LTqbVOCa8ChzP8.roa
Signing time: Wed 01 Jan 2025 05:48:02 +0000
ROA not before: Wed 01 Jan 2025 05:48:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56565
IP address blocks: 91.208.238.0/24 maxlen: 24
91.230.251.0/24 maxlen: 24
91.236.205.0/24 maxlen: 24
194.0.209.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/ef7b03-e796-40ad-b66b-587aef6dc285/1/K4HHU7d2Zeeln45QgxTxWTVsIo4.crl
rsync://rpki.ripe.net/repository/DEFAULT/20/ef7b03-e796-40ad-b66b-587aef6dc285/1/K4HHU7d2Zeeln45QgxTxWTVsIo4.mft
rsync://rpki.ripe.net/repository/DEFAULT/K4HHU7d2Zeeln45QgxTxWTVsIo4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:1f:99:29:85:ad:7d:f6:77:c6:a9:78:0b:60:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b81c753b77665e7a59f8e508314f159356c228e
Validity
Not Before: Jan 1 05:48:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68afd632daf32805ecd0b4ea6d53826bc0a1ccff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:a8:80:e4:f7:5e:2f:56:0e:4d:b1:be:59:ba:
4c:1d:f5:8e:60:54:d4:9a:ce:44:bf:be:9e:32:05:
21:54:0a:4d:9f:f1:b9:e8:55:0d:f5:ad:b3:28:06:
57:2d:f3:b2:94:05:7c:c2:f4:24:da:2d:7f:70:a8:
0a:7e:dc:56:ce:fe:bf:81:ad:bf:e8:ef:30:b8:6d:
e1:8c:ac:10:0f:48:4b:0c:d8:b7:45:1a:a7:26:82:
aa:05:e6:69:10:5a:40:6c:29:a6:a3:5c:0c:27:93:
49:e8:aa:62:a2:56:14:d7:48:93:72:fd:62:a2:7a:
06:4b:ac:2c:d5:47:2e:05:55:05:a3:c3:4b:28:c9:
5c:d0:35:81:4a:1b:fb:63:07:c7:22:5a:ec:ad:1a:
12:08:40:9d:a6:94:63:3d:0f:28:ae:ea:1c:32:63:
9e:e9:c7:b4:4b:68:3e:1d:36:8a:cf:fe:41:fb:25:
6a:34:9c:85:a3:70:fd:d2:d3:ee:b1:c6:62:8e:40:
ec:c7:09:ab:ed:34:27:0b:4c:5f:e5:70:c9:ee:01:
7b:62:d5:65:0f:a6:a0:84:d2:7b:ed:8f:2b:26:9a:
0e:d8:cf:1c:44:f5:17:86:2e:96:08:ed:75:28:75:
67:d3:a8:31:dd:6b:53:52:5a:f7:06:0a:c7:4a:ab:
f2:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:AF:D6:32:DA:F3:28:05:EC:D0:B4:EA:6D:53:82:6B:C0:A1:CC:FF
X509v3 Authority Key Identifier:
keyid:2B:81:C7:53:B7:76:65:E7:A5:9F:8E:50:83:14:F1:59:35:6C:22:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K4HHU7d2Zeeln45QgxTxWTVsIo4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/ef7b03-e796-40ad-b66b-587aef6dc285/1/aK_WMtrzKAXs0LTqbVOCa8ChzP8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/ef7b03-e796-40ad-b66b-587aef6dc285/1/K4HHU7d2Zeeln45QgxTxWTVsIo4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.238.0/24
91.230.251.0/24
91.236.205.0/24
194.0.209.0/24
Signature Algorithm: sha256WithRSAEncryption
25:35:ab:6d:a3:4c:1e:5f:c3:f2:62:c2:b0:29:f9:f6:e0:79:
13:1e:08:21:fc:01:5c:9f:8d:3e:b9:1d:df:67:9a:fc:a0:8d:
b4:61:84:a8:4c:b2:cc:99:2d:e5:3c:b9:8a:ac:d7:b9:72:fe:
1f:0d:53:e7:1b:32:b3:3b:bb:4a:5b:f5:95:32:12:7b:1b:13:
e4:48:eb:5e:02:ff:ab:75:cb:3b:15:40:04:36:fa:20:a1:ae:
b3:94:0e:73:d9:77:32:17:04:91:17:5d:dd:0d:75:2f:6c:13:
2f:17:70:89:d8:27:40:0e:aa:a0:0e:93:3a:0e:d0:f9:88:4c:
d1:21:1f:aa:a6:2e:71:81:59:fa:21:a7:91:70:c1:d6:bb:0a:
e0:79:bf:3e:fc:92:ae:76:c9:9a:bc:13:a0:ad:73:5f:28:b5:
17:f9:c9:11:a4:df:95:02:9f:35:ff:87:8d:92:d1:e4:0e:0d:
96:0e:52:1b:57:59:d4:29:d7:8f:f5:3b:7e:2f:09:6e:0e:18:
4d:40:53:5f:c1:1b:85:67:61:3c:db:de:05:10:aa:74:09:ca:
14:4a:8e:94:93:5f:b4:8b:15:e4:40:cf:d4:17:69:46:f6:5d:
7f:b2:7a:ad:12:54:50:50:1f:e0:4e:57:91:e5:73:60:83:9a:
1f:b8:38:b9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQgaB+ZKYWtffZ3xql4C2CGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiODFjNzUzYjc3NjY1ZTdhNTlmOGU1MDgzMTRmMTU5MzU2
YzIyOGUwHhcNMjUwMTAxMDU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGFmZDYzMmRhZjMyODA1ZWNkMGI0ZWE2ZDUzODI2YmMwYTFjY2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6iA5PdeL1YOTbG+WbpMHfWOYFTU
ms5Ev76eMgUhVApNn/G56FUN9a2zKAZXLfOylAV8wvQk2i1/cKgKftxWzv6/ga2/
6O8wuG3hjKwQD0hLDNi3RRqnJoKqBeZpEFpAbCmmo1wMJ5NJ6KpiolYU10iTcv1i
onoGS6ws1UcuBVUFo8NLKMlc0DWBShv7YwfHIlrsrRoSCECdppRjPQ8oruocMmOe
6ce0S2g+HTaKz/5B+yVqNJyFo3D90tPuscZijkDsxwmr7TQnC0xf5XDJ7gF7YtVl
D6aghNJ77Y8rJpoO2M8cRPUXhi6WCO11KHVn06gx3WtTUlr3BgrHSqvyPQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGiv1jLa8ygF7NC06m1TgmvAocz/MB8GA1UdIwQY
MBaAFCuBx1O3dmXnpZ+OUIMU8Vk1bCKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzRISFU3ZDJaZWVsbjQ1UWd4VHhXVFZzSW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9lZjdiMDMtZTc5Ni00MGFkLWI2NmIt
NTg3YWVmNmRjMjg1LzEvYUtfV010cnpLQVhzMExUcWJWT0NhOENoelA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9lZjdiMDMtZTc5Ni00MGFkLWI2NmItNTg3YWVmNmRjMjg1
LzEvSzRISFU3ZDJaZWVsbjQ1UWd4VHhXVFZzSW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW9DuAwQA
W+b7AwQAW+zNAwQAwgDRMA0GCSqGSIb3DQEBCwUAA4IBAQAlNatto0weX8PyYsKw
Kfn24HkTHggh/AFcn40+uR3fZ5r8oI20YYSoTLLMmS3lPLmKrNe5cv4fDVPnGzKz
O7tKW/WVMhJ7GxPkSOteAv+rdcs7FUAENvogoa6zlA5z2XcyFwSRF13dDXUvbBMv
F3CJ2CdADqqgDpM6DtD5iEzRIR+qpi5xgVn6IaeRcMHWuwrgeb8+/JKudsmavBOg
rXNfKLUX+ckRpN+VAp81/4eNktHkDg2WDlIbV1nUKdeP9Tt+LwluDhhNQFNfwRuF
Z2E8294FEKp0CcoUSo6Uk1+0ixXkQM/UF2lG9l1/snqtElRQUB/gTleR5XNgg5of
uDi5
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:48:38 2025 by rpki-client