Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/JKilfZrkJhllQ19r3NByhgoqTDg.roa
File: JKilfZrkJhllQ19r3NByhgoqTDg.roa (raw, json)
Hash identifier: TyGhUzaYqQpVckTL9iipsY4ZDEots8Yo4CEp0B079m4=
Subject key identifier: 24:A8:A5:7D:9A:E4:26:19:65:43:5F:6B:DC:D0:72:86:0A:2A:4C:38
Certificate issuer: /CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
Certificate serial: 019423692246667082D7AC1DB29D0E4E5413
Authority key identifier: 38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/JKilfZrkJhllQ19r3NByhgoqTDg.roa
Signing time: Wed 01 Jan 2025 19:48:00 +0000
ROA not before: Wed 01 Jan 2025 19:48:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60268
IP address blocks: 185.33.168.0/24 maxlen: 24
185.33.171.0/24 maxlen: 24
185.97.132.0/24 maxlen: 24
185.97.133.0/24 maxlen: 24
193.19.73.0/24 maxlen: 24
2a00:cee0::/32 maxlen: 32
2a00:cee1::/32 maxlen: 32
2a00:cee2::/32 maxlen: 32
2a00:cee3::/32 maxlen: 32
2a00:cee4::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.mft
rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:22:46:66:70:82:d7:ac:1d:b2:9d:0e:4e:54:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
Validity
Not Before: Jan 1 19:48:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=24a8a57d9ae4261965435f6bdcd072860a2a4c38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:69:5a:4f:ff:3d:2e:ea:c1:3a:cb:61:d2:fb:
c0:92:70:7c:32:c6:45:31:8b:13:e4:88:5b:a8:87:
fb:2b:5b:dc:0b:eb:f6:6c:58:08:76:18:5c:5a:8e:
a6:c7:65:43:01:0c:22:5e:02:6e:8d:80:6f:12:0b:
1d:38:4d:5c:37:35:43:73:fe:76:b8:6f:f6:ca:d0:
51:12:66:e9:9c:20:85:12:0d:7d:52:85:92:0e:56:
3f:b6:ab:05:ab:4d:e7:ef:ac:bc:6f:d3:4b:4a:3d:
b9:d8:a8:78:9f:5b:91:54:d0:91:32:b0:76:ca:ff:
69:44:5a:52:78:55:00:7d:86:02:48:47:7e:a0:79:
18:42:d9:40:e0:ad:7d:aa:30:5a:ea:07:73:a0:73:
3f:d7:23:09:73:97:02:69:25:c3:a9:67:8e:7a:36:
6b:0d:19:d1:22:0d:5e:c7:47:0d:69:37:2d:a3:46:
58:eb:4c:e6:63:17:08:8f:4b:1a:73:6c:4c:67:20:
cd:a7:8c:04:af:4c:64:92:99:ea:4c:e2:e1:15:aa:
91:b4:0b:dc:23:2c:f6:2d:3c:ec:c7:0c:aa:b6:c2:
36:8f:06:42:2d:2b:f1:18:50:29:ad:3d:e2:3d:bb:
26:0c:94:5a:75:9f:25:c7:f3:dd:38:39:c3:c8:5e:
6d:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:A8:A5:7D:9A:E4:26:19:65:43:5F:6B:DC:D0:72:86:0A:2A:4C:38
X509v3 Authority Key Identifier:
keyid:38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/JKilfZrkJhllQ19r3NByhgoqTDg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.33.168.0/24
185.33.171.0/24
185.97.132.0/23
193.19.73.0/24
IPv6:
2a00:cee0::-2a00:cee4:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
22:e0:c9:5a:f8:2f:22:3b:01:16:2b:c6:6f:60:e8:b8:5b:b9:
fa:6f:7f:12:5b:44:e7:30:d4:74:12:87:cb:ea:41:73:83:e1:
ee:74:4e:7d:d9:49:1f:39:66:13:5c:5c:20:d2:66:f4:0e:7c:
fd:c4:d3:55:06:68:9c:70:8c:7e:67:c6:a1:4e:f9:a5:c5:76:
29:78:5e:23:37:65:b7:d1:47:21:de:d3:e4:33:36:5f:46:b6:
e6:a4:ff:2b:81:51:d5:c2:bd:06:2d:6d:29:d6:49:ef:c6:b1:
fd:3e:a5:b1:ba:6b:18:c3:e1:ce:63:e9:9b:45:ee:02:ab:ae:
b2:23:dd:e4:07:54:9d:d8:58:42:7a:65:c6:4b:c9:9c:73:11:
f4:99:5b:ea:33:63:e9:0a:f4:f6:46:b7:57:09:1e:7b:cf:e6:
db:ae:43:1b:08:4a:3c:c9:07:e5:c4:86:41:6f:2b:71:be:1a:
cc:e1:ff:85:2d:91:c8:ad:ee:a8:8c:04:c9:9b:65:7c:8b:e4:
71:c8:dc:a5:d0:77:d0:ac:8a:f1:d0:1f:d2:57:d8:d3:8e:f5:
5c:d9:f5:dd:7e:8f:aa:f6:57:d8:13:b1:55:6e:be:98:6a:a8:
38:54:b3:7d:41:54:c2:3f:2d:54:c4:a5:f5:a3:1b:13:30:13:
98:c2:1d:bd
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQjaSJGZnCC16wdsp0OTlQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4Y2EzZjM4ZDhlNWEzMDFlYWY2OTI0YjkyNGZlOGY1N2Fh
YzY5MGQwHhcNMjUwMTAxMTk0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGE4YTU3ZDlhZTQyNjE5NjU0MzVmNmJkY2QwNzI4NjBhMmE0YzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmlaT/89LurBOsth0vvAknB8MsZF
MYsT5IhbqIf7K1vcC+v2bFgIdhhcWo6mx2VDAQwiXgJujYBvEgsdOE1cNzVDc/52
uG/2ytBREmbpnCCFEg19UoWSDlY/tqsFq03n76y8b9NLSj252Kh4n1uRVNCRMrB2
yv9pRFpSeFUAfYYCSEd+oHkYQtlA4K19qjBa6gdzoHM/1yMJc5cCaSXDqWeOejZr
DRnRIg1ex0cNaTcto0ZY60zmYxcIj0sac2xMZyDNp4wEr0xkkpnqTOLhFaqRtAvc
Iyz2LTzsxwyqtsI2jwZCLSvxGFAprT3iPbsmDJRadZ8lx/PdODnDyF5taQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFCSopX2a5CYZZUNfa9zQcoYKKkw4MB8GA1UdIwQY
MBaAFDjKPzjY5aMB6vaSS5JP6PV6rGkNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT01vX09Oamxvd0hxOXBKTGtrX285WHFzYVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iYTY3NTUtNDI3My00OGUxLTg1ODIt
NzEyZmE2NWEyNWJhLzEvSktpbGZacmtKaGxsUTE5cjNOQnloZ29xVERnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iYTY3NTUtNDI3My00OGUxLTg1ODItNzEyZmE2NWEyNWJh
LzEvT01vX09Oamxvd0hxOXBKTGtrX285WHFzYVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQAuSGoAwQA
uSGrAwQBuWGEAwQAwRNJMBYEAgACMBAwDgMFBSoAzuADBQAqAM7kMA0GCSqGSIb3
DQEBCwUAA4IBAQAi4Mla+C8iOwEWK8ZvYOi4W7n6b38SW0TnMNR0EofL6kFzg+Hu
dE592UkfOWYTXFwg0mb0Dnz9xNNVBmiccIx+Z8ahTvmlxXYpeF4jN2W30Uch3tPk
MzZfRrbmpP8rgVHVwr0GLW0p1knvxrH9PqWxumsYw+HOY+mbRe4Cq66yI93kB1Sd
2FhCemXGS8mccxH0mVvqM2PpCvT2RrdXCR57z+bbrkMbCEo8yQflxIZBbytxvhrM
4f+FLZHIre6ojATJm2V8i+RxyNyl0HfQrIrx0B/SV9jTjvVc2fXdfo+q9lfYE7FV
br6Yaqg4VLN9QVTCPy1UxKX1oxsTMBOYwh29
-----END CERTIFICATE-----
Generated at Tue Apr 22 04:59:36 2025 by rpki-client