Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/Ki9qT7YB3e7mHbagrKcYG0NRPww.roa
File: Ki9qT7YB3e7mHbagrKcYG0NRPww.roa (raw, json)
Hash identifier: AoqiULKaxv21ka5UL631Ur1kFJT7xzfFRxQNsWV/3BE=
Subject key identifier: 2A:2F:6A:4F:B6:01:DD:EE:E6:1D:B6:A0:AC:A7:18:1B:43:51:3F:0C
Certificate issuer: /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial: 0194266BC23C58FABCE1D8B547EC72724143
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/Ki9qT7YB3e7mHbagrKcYG0NRPww.roa
Signing time: Thu 02 Jan 2025 09:49:43 +0000
ROA not before: Thu 02 Jan 2025 09:49:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204646
IP address blocks: 194.213.13.0/24 maxlen: 24
194.213.15.0/24 maxlen: 24
194.213.17.0/24 maxlen: 24
194.213.20.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.mft
rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 03:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:c2:3c:58:fa:bc:e1:d8:b5:47:ec:72:72:41:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Validity
Not Before: Jan 2 09:49:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a2f6a4fb601ddeee61db6a0aca7181b43513f0c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:9f:a3:91:89:e6:8b:34:4c:0e:33:9a:3e:62:
fd:be:bb:80:e0:15:68:0c:9c:fc:e2:7a:f6:bf:14:
f3:80:e3:0d:b5:b3:15:1c:89:20:83:fc:ba:68:5c:
9b:4e:42:d6:9f:df:88:a9:16:ac:58:4a:04:2a:95:
9d:cb:d1:6f:6c:a6:33:7b:e7:d4:9f:43:b4:d3:4e:
14:c8:56:fd:ca:40:71:ab:7a:d5:00:97:87:0a:88:
d6:f2:51:ad:76:7d:46:4a:a1:bc:f9:8a:36:38:d7:
f0:ba:7d:00:bc:fa:35:a3:76:9d:70:fe:9f:91:73:
6b:fe:18:63:48:4d:1c:04:f9:fd:3c:b4:7e:19:5e:
e8:5d:41:2c:3b:7e:44:da:a8:17:17:6a:1f:1c:cd:
72:de:8b:ea:07:d4:68:3c:a5:32:12:96:e7:16:ac:
12:06:2a:45:6d:9e:1f:37:5b:f0:e6:98:5e:7e:56:
1c:60:42:ba:41:10:3c:87:b8:e8:43:03:c3:56:bc:
9b:a2:47:5e:f8:31:74:5c:97:e9:a4:2b:a7:7f:b1:
69:cd:e4:72:07:7f:28:20:1b:15:5d:38:15:80:20:
d7:4a:6a:99:57:08:28:90:55:f1:86:28:92:6a:91:
90:b5:b4:67:09:3d:6c:0a:c0:77:1f:e4:8c:51:d1:
a4:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:2F:6A:4F:B6:01:DD:EE:E6:1D:B6:A0:AC:A7:18:1B:43:51:3F:0C
X509v3 Authority Key Identifier:
keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/Ki9qT7YB3e7mHbagrKcYG0NRPww.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.213.13.0/24
194.213.15.0/24
194.213.17.0/24
194.213.20.0/24
Signature Algorithm: sha256WithRSAEncryption
91:7c:04:1e:33:a9:41:c1:95:0d:44:ec:99:f1:12:73:92:46:
e7:c6:9c:03:dd:89:0f:ee:b8:cd:73:48:28:54:48:c1:02:1f:
90:33:b1:ce:8f:de:60:13:5b:be:cd:76:fb:24:b8:b0:42:6a:
07:4e:d5:c3:e0:3c:11:e0:8d:02:1f:c4:3e:2c:df:d2:ee:05:
96:e7:a0:c8:a3:23:75:d7:f6:8e:a7:3c:45:be:c2:dd:55:78:
e3:12:50:c7:6f:2b:2c:db:7f:d4:6c:05:c0:df:54:5f:22:d2:
54:09:29:ff:d6:44:05:5b:d0:22:6b:9e:ac:a0:76:dd:a0:f5:
30:28:a3:3d:08:c8:ac:e2:3b:e4:eb:5d:40:01:b6:e1:17:e0:
33:cf:6c:f6:5e:1d:f5:1b:0d:84:1b:aa:97:1b:79:dd:c8:76:
89:4a:e9:9d:06:fa:e6:05:dd:0b:14:a7:07:de:db:f3:16:6a:
ba:d3:7e:0f:4c:f5:50:7e:3e:11:d7:c6:a5:02:5b:7c:38:ac:
2f:96:58:1c:38:04:be:69:32:5c:9e:4e:f1:43:50:2c:5f:1e:
a7:3e:59:52:25:4b:4f:fe:0c:e0:64:7a:28:dc:38:a5:14:3e:
9e:94:11:77:9d:fd:c3:0c:fa:bc:6c:fb:b6:4f:74:92:c3:2f:
34:05:fa:7f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQma8I8WPq84di1R+xyckFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTRiYWY5OWFiODQwMTI5MTMzMjg1ZmU5YWQ3YjgzZmQx
MzBjMzkwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTJmNmE0ZmI2MDFkZGVlZTYxZGI2YTBhY2E3MTgxYjQzNTEzZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZ+jkYnmizRMDjOaPmL9vruA4BVo
DJz84nr2vxTzgOMNtbMVHIkgg/y6aFybTkLWn9+IqRasWEoEKpWdy9FvbKYze+fU
n0O0004UyFb9ykBxq3rVAJeHCojW8lGtdn1GSqG8+Yo2ONfwun0AvPo1o3adcP6f
kXNr/hhjSE0cBPn9PLR+GV7oXUEsO35E2qgXF2ofHM1y3ovqB9RoPKUyEpbnFqwS
BipFbZ4fN1vw5pheflYcYEK6QRA8h7joQwPDVrybokde+DF0XJfppCunf7FpzeRy
B38oIBsVXTgVgCDXSmqZVwgokFXxhiiSapGQtbRnCT1sCsB3H+SMUdGk7QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCovak+2Ad3u5h22oKynGBtDUT8MMB8GA1UdIwQY
MBaAFHLkuvmauEASkTMoX+mte4P9Eww5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2Qt
YThkNjVkY2NiOTZiLzEvS2k5cVQ3WUIzZTdtSGJhZ3JLY1lHME5SUHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2QtYThkNjVkY2NiOTZi
LzEvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwtUNAwQA
wtUPAwQAwtURAwQAwtUUMA0GCSqGSIb3DQEBCwUAA4IBAQCRfAQeM6lBwZUNROyZ
8RJzkkbnxpwD3YkP7rjNc0goVEjBAh+QM7HOj95gE1u+zXb7JLiwQmoHTtXD4DwR
4I0CH8Q+LN/S7gWW56DIoyN11/aOpzxFvsLdVXjjElDHbyss23/UbAXA31RfItJU
CSn/1kQFW9Aia56soHbdoPUwKKM9CMis4jvk611AAbbhF+Azz2z2Xh31Gw2EG6qX
G3ndyHaJSumdBvrmBd0LFKcH3tvzFmq6034PTPVQfj4R18alAlt8OKwvllgcOAS+
aTJcnk7xQ1AsXx6nPllSJUtP/gzgZHoo3DilFD6elBF3nf3DDPq8bPu2T3SSwy80
Bfp/
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:27:17 2025 by rpki-client