Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/ksKNJKdJkzArGKQ2ZNz2rCML8U0.roa
File: ksKNJKdJkzArGKQ2ZNz2rCML8U0.roa (raw, json)
Hash identifier: 7wxM1aJdG+1AiLxgq7asY+xV1rv72VvK8vU9Va6cLgE=
Subject key identifier: 92:C2:8D:24:A7:49:93:30:2B:18:A4:36:64:DC:F6:AC:23:0B:F1:4D
Certificate issuer: /CN=2d4873e6e8be4f9d3764184f13e5750f8c61f68b
Certificate serial: 01942825FF0E3C35FFD2D5BF77FFD2C4C602
Authority key identifier: 2D:48:73:E6:E8:BE:4F:9D:37:64:18:4F:13:E5:75:0F:8C:61:F6:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LUhz5ui-T503ZBhPE-V1D4xh9os.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/ksKNJKdJkzArGKQ2ZNz2rCML8U0.roa
Signing time: Thu 02 Jan 2025 17:52:46 +0000
ROA not before: Thu 02 Jan 2025 17:52:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35712
IP address blocks: 91.132.180.0/22 maxlen: 22
91.132.180.0/24 maxlen: 24
91.132.181.0/24 maxlen: 24
91.132.182.0/24 maxlen: 24
91.132.183.0/24 maxlen: 24
2a09:cc80::/29 maxlen: 29
2a09:cc80::/31 maxlen: 31
2a09:cc82::/31 maxlen: 31
2a09:cc84::/31 maxlen: 31
2a09:cc86::/31 maxlen: 31
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/LUhz5ui-T503ZBhPE-V1D4xh9os.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/LUhz5ui-T503ZBhPE-V1D4xh9os.mft
rsync://rpki.ripe.net/repository/DEFAULT/LUhz5ui-T503ZBhPE-V1D4xh9os.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:ff:0e:3c:35:ff:d2:d5:bf:77:ff:d2:c4:c6:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2d4873e6e8be4f9d3764184f13e5750f8c61f68b
Validity
Not Before: Jan 2 17:52:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=92c28d24a74993302b18a43664dcf6ac230bf14d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:a3:df:4c:0d:0d:04:03:58:2f:fb:6b:16:8f:
a7:7f:8e:7d:8d:6e:42:7c:72:00:aa:c9:27:10:72:
79:8a:0b:f6:19:89:9b:a1:c8:e7:e1:73:27:12:0e:
c1:ac:7b:cd:2f:ed:2a:8b:44:2e:69:aa:dd:b3:d2:
16:a0:e9:4d:54:e0:0a:a6:01:00:9b:4c:f1:ce:9c:
a8:2c:9e:85:3b:76:73:64:4b:f0:61:e5:45:6f:b2:
4a:51:4b:c2:43:8f:99:5d:cc:2f:67:f2:1c:17:f0:
d3:59:76:01:da:9c:5f:95:c4:24:bd:8e:50:9e:c0:
35:fe:29:cc:33:19:a2:de:c1:63:66:20:a0:14:5e:
e3:35:83:86:fe:19:86:7c:fa:6d:21:b4:be:3b:64:
c6:f3:4b:ef:3c:75:59:d9:e3:39:4f:31:39:36:0f:
2e:1f:10:4d:8e:4f:2a:a9:01:73:e5:ef:67:16:c0:
6b:65:f3:63:c0:98:fe:bb:fc:90:b9:78:ab:f9:3c:
a2:0c:90:f6:43:ce:12:04:36:60:9c:c2:fc:f0:bd:
7e:09:c4:3b:73:4d:89:45:cb:1f:bf:d2:25:f9:0c:
97:bb:3f:00:fb:52:61:f9:5b:fe:3d:bb:fb:7c:30:
e3:4a:e1:29:be:6e:81:50:fe:2a:4b:ec:c7:ac:54:
51:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:C2:8D:24:A7:49:93:30:2B:18:A4:36:64:DC:F6:AC:23:0B:F1:4D
X509v3 Authority Key Identifier:
keyid:2D:48:73:E6:E8:BE:4F:9D:37:64:18:4F:13:E5:75:0F:8C:61:F6:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LUhz5ui-T503ZBhPE-V1D4xh9os.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/ksKNJKdJkzArGKQ2ZNz2rCML8U0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/LUhz5ui-T503ZBhPE-V1D4xh9os.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.132.180.0/22
IPv6:
2a09:cc80::/29
Signature Algorithm: sha256WithRSAEncryption
68:97:43:48:ca:23:63:dd:97:c4:02:ff:8e:4b:db:da:c7:49:
71:c4:f5:33:29:cd:85:0b:d0:4b:de:25:14:e2:c4:fd:3f:eb:
77:fb:40:6e:02:f9:67:15:4a:e3:9b:dc:d5:2a:d7:2d:d2:d4:
b7:58:52:3c:6c:63:37:64:4c:da:ff:fd:d5:da:aa:d2:f8:5a:
96:15:7f:6b:59:57:84:33:e6:d5:6c:a8:59:a4:87:8a:17:fe:
89:b1:a4:a5:b2:6e:ed:13:63:60:14:ed:b9:3f:3e:b7:86:c0:
3c:fd:1e:bd:8d:38:c8:69:b9:58:e1:62:05:ee:70:98:82:85:
9d:6f:cc:5b:72:19:6b:05:aa:d7:1c:8e:91:13:96:98:f8:d9:
d3:fe:8e:bc:e9:3f:ed:41:7f:34:2c:5c:a6:0f:9e:2c:06:79:
d5:44:0f:d0:bf:5f:4b:69:7c:5c:c6:74:d6:19:e7:54:bf:3f:
bb:bf:5d:47:c6:44:da:38:33:76:88:13:66:cc:3a:6a:e0:f0:
ca:74:1a:1e:1a:f1:cc:6c:97:fa:2c:f6:34:ef:47:4e:0b:67:
ed:43:39:67:c8:3d:9d:77:2f:19:10:93:e9:8a:f5:aa:79:17:
ac:54:35:df:40:0c:47:e4:9f:b9:a3:72:2b:a6:99:ac:09:d9:
09:35:44:be
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoJf8OPDX/0tW/d//SxMYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNDg3M2U2ZThiZTRmOWQzNzY0MTg0ZjEzZTU3NTBmOGM2
MWY2OGIwHhcNMjUwMTAyMTc1MjQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmMyOGQyNGE3NDk5MzMwMmIxOGE0MzY2NGRjZjZhYzIzMGJmMTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqPfTA0NBANYL/trFo+nf459jW5C
fHIAqsknEHJ5igv2GYmbocjn4XMnEg7BrHvNL+0qi0Quaards9IWoOlNVOAKpgEA
m0zxzpyoLJ6FO3ZzZEvwYeVFb7JKUUvCQ4+ZXcwvZ/IcF/DTWXYB2pxflcQkvY5Q
nsA1/inMMxmi3sFjZiCgFF7jNYOG/hmGfPptIbS+O2TG80vvPHVZ2eM5TzE5Ng8u
HxBNjk8qqQFz5e9nFsBrZfNjwJj+u/yQuXir+TyiDJD2Q84SBDZgnML88L1+CcQ7
c02JRcsfv9Il+QyXuz8A+1Jh+Vv+Pbv7fDDjSuEpvm6BUP4qS+zHrFRRRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJLCjSSnSZMwKxikNmTc9qwjC/FNMB8GA1UdIwQY
MBaAFC1Ic+bovk+dN2QYTxPldQ+MYfaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFVoejV1aS1UNTAzWkJoUEUtVjFENHhoOW9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80N2I0MTMtNjQxNi00MDJhLWI1ZTEt
NjU5NmQ1MDM2MzYyLzEva3NLTkpLZEprekFyR0tRMlpOejJyQ01MOFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80N2I0MTMtNjQxNi00MDJhLWI1ZTEtNjU5NmQ1MDM2MzYy
LzEvTFVoejV1aS1UNTAzWkJoUEUtVjFENHhoOW9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCW4S0MA0E
AgACMAcDBQMqCcyAMA0GCSqGSIb3DQEBCwUAA4IBAQBol0NIyiNj3ZfEAv+OS9va
x0lxxPUzKc2FC9BL3iUU4sT9P+t3+0BuAvlnFUrjm9zVKtct0tS3WFI8bGM3ZEza
//3V2qrS+FqWFX9rWVeEM+bVbKhZpIeKF/6JsaSlsm7tE2NgFO25Pz63hsA8/R69
jTjIablY4WIF7nCYgoWdb8xbchlrBarXHI6RE5aY+NnT/o686T/tQX80LFymD54s
BnnVRA/Qv19LaXxcxnTWGedUvz+7v11HxkTaODN2iBNmzDpq4PDKdBoeGvHMbJf6
LPY070dOC2ftQzlnyD2ddy8ZEJPpivWqeResVDXfQAxH5J+5o3IrppmsCdkJNUS+
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:47:46 2025 by rpki-client