Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/afa106-6af8-4310-b4d4-e369d6602e6f/1/oaQkn5zr2sFy17og-aVMkuLXdds.roa
File: oaQkn5zr2sFy17og-aVMkuLXdds.roa (raw, json)
Hash identifier: VtZ3pTO5W1yzA+ps5HMSQhypm611YNtn0vckyLuCUAI=
Subject key identifier: A1:A4:24:9F:9C:EB:DA:C1:72:D7:BA:20:F9:A5:4C:92:E2:D7:75:DB
Certificate issuer: /CN=1e47e2bf3974721eafbfb8c31fc5273039d505f3
Certificate serial: 01941FFA69AE74F929499E0BFC1703D675C2
Authority key identifier: 1E:47:E2:BF:39:74:72:1E:AF:BF:B8:C3:1F:C5:27:30:39:D5:05:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Hkfivzl0ch6vv7jDH8UnMDnVBfM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/afa106-6af8-4310-b4d4-e369d6602e6f/1/oaQkn5zr2sFy17og-aVMkuLXdds.roa
Signing time: Wed 01 Jan 2025 03:48:12 +0000
ROA not before: Wed 01 Jan 2025 03:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29031
IP address blocks: 91.201.108.0/22 maxlen: 22
91.201.108.0/23 maxlen: 23
91.201.108.0/24 maxlen: 24
91.201.109.0/24 maxlen: 24
91.201.110.0/24 maxlen: 24
91.201.111.0/24 maxlen: 24
193.239.24.0/24 maxlen: 24
193.239.25.0/24 maxlen: 24
193.239.26.0/24 maxlen: 24
193.239.27.0/24 maxlen: 24
195.3.132.0/23 maxlen: 23
195.3.134.0/23 maxlen: 23
195.3.134.0/24 maxlen: 24
195.3.135.0/24 maxlen: 24
195.69.200.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/afa106-6af8-4310-b4d4-e369d6602e6f/1/Hkfivzl0ch6vv7jDH8UnMDnVBfM.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/afa106-6af8-4310-b4d4-e369d6602e6f/1/Hkfivzl0ch6vv7jDH8UnMDnVBfM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Hkfivzl0ch6vv7jDH8UnMDnVBfM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 03:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:69:ae:74:f9:29:49:9e:0b:fc:17:03:d6:75:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e47e2bf3974721eafbfb8c31fc5273039d505f3
Validity
Not Before: Jan 1 03:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a1a4249f9cebdac172d7ba20f9a54c92e2d775db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:de:41:11:08:b1:6f:de:9c:19:07:4f:fa:77:
e0:8e:fa:80:bb:3b:ef:bc:1d:bc:31:df:80:71:27:
cc:f0:90:26:84:c4:e4:d7:0d:c7:89:f4:14:0e:da:
c5:22:84:06:2b:24:3f:ac:77:88:a6:53:d5:88:01:
06:36:32:db:04:d4:31:b1:c5:3d:d6:9b:b4:ba:84:
b7:d3:c7:c5:0c:84:6c:db:09:95:ad:d2:d4:ca:ef:
0c:d2:7c:04:5a:e0:1f:34:fe:81:42:27:90:09:8b:
e3:b3:85:bd:e1:ef:30:d7:9b:18:37:ed:e6:3a:7c:
cd:b0:67:55:28:06:5f:ac:88:5f:4b:bf:27:90:05:
ff:f9:1c:1e:8d:6f:bd:a2:d4:c0:58:6e:1e:1e:11:
c2:64:9a:9e:a8:ef:ef:77:f9:65:e0:c7:04:2e:79:
f0:23:e2:b8:e6:87:9a:06:22:b3:00:de:80:10:75:
c4:b1:5d:44:a5:6d:97:24:84:bc:ed:db:19:01:ad:
57:32:24:0a:82:89:ea:f8:ce:dc:6f:66:ac:1a:53:
be:dc:96:ba:97:0d:7a:35:c1:e1:c0:41:7a:e9:8d:
2a:11:54:fd:3c:92:79:0e:ac:ad:cc:53:a1:38:e2:
c5:0a:58:f8:30:d2:b0:40:30:76:fc:5e:3e:2f:78:
9c:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:A4:24:9F:9C:EB:DA:C1:72:D7:BA:20:F9:A5:4C:92:E2:D7:75:DB
X509v3 Authority Key Identifier:
keyid:1E:47:E2:BF:39:74:72:1E:AF:BF:B8:C3:1F:C5:27:30:39:D5:05:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hkfivzl0ch6vv7jDH8UnMDnVBfM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/afa106-6af8-4310-b4d4-e369d6602e6f/1/oaQkn5zr2sFy17og-aVMkuLXdds.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/afa106-6af8-4310-b4d4-e369d6602e6f/1/Hkfivzl0ch6vv7jDH8UnMDnVBfM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.201.108.0/22
193.239.24.0/22
195.3.132.0/22
195.69.200.0/22
Signature Algorithm: sha256WithRSAEncryption
2a:08:54:07:19:cc:7a:ca:a7:71:a5:a2:ac:a9:53:a6:9c:49:
1f:e0:66:44:9c:9e:dc:1d:d4:6e:96:8a:1d:a8:b5:96:ab:53:
1e:97:c2:cc:1e:f8:4d:40:3b:cd:bb:12:58:e3:41:d5:64:af:
19:2b:b9:20:64:7b:d4:60:0d:34:61:93:10:2c:07:a7:ec:d7:
2a:9f:4a:f7:52:fa:20:75:e9:e4:d4:43:bb:71:12:0e:ce:57:
72:bb:88:fe:f8:a2:b6:a4:8d:ae:c7:43:27:33:2c:b6:5d:a8:
6e:96:cf:ae:66:78:a6:02:c7:a6:f3:ec:f3:fb:ea:93:66:1a:
d4:b6:a1:d1:00:2f:60:19:36:22:d3:cc:86:cc:82:53:7f:7a:
00:c2:7b:a5:ad:26:b0:8b:47:0c:14:d3:9c:31:68:83:94:0c:
d7:b0:54:1c:47:85:02:e7:e6:40:fe:fc:d7:6a:3b:a4:5d:b3:
fa:45:45:ec:93:81:50:cc:f2:84:b2:a8:ae:4e:31:ca:fc:95:
fb:8f:69:af:4f:ab:b6:d7:4e:57:53:bb:5b:be:a3:5c:51:bd:
02:67:dc:3d:ea:89:f2:64:e2:89:78:9e:3c:6f:95:69:24:93:
27:dd:9d:e9:01:71:a9:9e:2f:34:d6:ef:b0:58:ca:f9:c6:9a:
03:35:17:7d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQf+mmudPkpSZ4L/BcD1nXCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNDdlMmJmMzk3NDcyMWVhZmJmYjhjMzFmYzUyNzMwMzlk
NTA1ZjMwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWE0MjQ5ZjljZWJkYWMxNzJkN2JhMjBmOWE1NGM5MmUyZDc3NWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN5BEQixb96cGQdP+nfgjvqAuzvv
vB28Md+AcSfM8JAmhMTk1w3HifQUDtrFIoQGKyQ/rHeIplPViAEGNjLbBNQxscU9
1pu0uoS308fFDIRs2wmVrdLUyu8M0nwEWuAfNP6BQieQCYvjs4W94e8w15sYN+3m
OnzNsGdVKAZfrIhfS78nkAX/+RwejW+9otTAWG4eHhHCZJqeqO/vd/ll4McELnnw
I+K45oeaBiKzAN6AEHXEsV1EpW2XJIS87dsZAa1XMiQKgonq+M7cb2asGlO+3Ja6
lw16NcHhwEF66Y0qEVT9PJJ5DqytzFOhOOLFClj4MNKwQDB2/F4+L3icYQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKGkJJ+c69rBcte6IPmlTJLi13XbMB8GA1UdIwQY
MBaAFB5H4r85dHIer7+4wx/FJzA51QXzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGtmaXZ6bDBjaDZ2djdqREg4VW5NRG5WQmZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9hZmExMDYtNmFmOC00MzEwLWI0ZDQt
ZTM2OWQ2NjAyZTZmLzEvb2FRa241enIyc0Z5MTdvZy1hVk1rdUxYZGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9hZmExMDYtNmFmOC00MzEwLWI0ZDQtZTM2OWQ2NjAyZTZm
LzEvSGtmaXZ6bDBjaDZ2djdqREg4VW5NRG5WQmZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW8lsAwQC
we8YAwQCwwOEAwQCw0XIMA0GCSqGSIb3DQEBCwUAA4IBAQAqCFQHGcx6yqdxpaKs
qVOmnEkf4GZEnJ7cHdRuloodqLWWq1Mel8LMHvhNQDvNuxJY40HVZK8ZK7kgZHvU
YA00YZMQLAen7Ncqn0r3Uvogdenk1EO7cRIOzldyu4j++KK2pI2ux0MnMyy2Xahu
ls+uZnimAsem8+zz++qTZhrUtqHRAC9gGTYi08yGzIJTf3oAwnulrSawi0cMFNOc
MWiDlAzXsFQcR4UC5+ZA/vzXajukXbP6RUXsk4FQzPKEsqiuTjHK/JX7j2mvT6u2
105XU7tbvqNcUb0CZ9w96onyZOKJeJ48b5VpJJMn3Z3pAXGpni801u+wWMr5xpoD
NRd9
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:34:03 2025 by rpki-client