Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/kdXQriZmWhShfEV9r2HAp8-_kM8.roa
File: kdXQriZmWhShfEV9r2HAp8-_kM8.roa (raw, json)
Hash identifier: NVhh4nwbgv5YrwoaouQ4UcAlf1u93ePric61BCLsXWc=
Subject key identifier: 91:D5:D0:AE:26:66:5A:14:A1:7C:45:7D:AF:61:C0:A7:CF:BF:90:CF
Certificate issuer: /CN=673b3a71cf772755a3df8ced5d73516f871c0a11
Certificate serial: 01941FFA6B962341C0975EEB5B25F5442FCB
Authority key identifier: 67:3B:3A:71:CF:77:27:55:A3:DF:8C:ED:5D:73:51:6F:87:1C:0A:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zzs6cc93J1Wj34ztXXNRb4ccChE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/kdXQriZmWhShfEV9r2HAp8-_kM8.roa
Signing time: Wed 01 Jan 2025 03:48:12 +0000
ROA not before: Wed 01 Jan 2025 03:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209236
IP address blocks: 170.102.144.0/24 maxlen: 24
170.102.145.0/24 maxlen: 24
170.102.192.0/23 maxlen: 23
170.102.192.0/24 maxlen: 24
170.102.193.0/24 maxlen: 24
170.102.194.0/24 maxlen: 24
170.102.195.0/24 maxlen: 24
170.102.196.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/Zzs6cc93J1Wj34ztXXNRb4ccChE.crl
rsync://rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/Zzs6cc93J1Wj34ztXXNRb4ccChE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zzs6cc93J1Wj34ztXXNRb4ccChE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 06:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:6b:96:23:41:c0:97:5e:eb:5b:25:f5:44:2f:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=673b3a71cf772755a3df8ced5d73516f871c0a11
Validity
Not Before: Jan 1 03:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=91d5d0ae26665a14a17c457daf61c0a7cfbf90cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:fc:2d:37:cd:c2:fa:b8:59:65:bd:d7:25:84:
65:fa:1b:cc:b5:36:1c:75:0b:94:f4:d8:81:7e:4d:
0f:ab:12:6c:5e:da:fe:4a:31:9b:69:3c:fe:65:c8:
73:4e:b9:a8:88:76:27:ac:0b:d3:35:19:31:1d:3e:
b7:99:8d:2e:17:f8:31:b7:c3:8f:89:0e:3e:7a:b2:
b4:20:97:9d:e7:81:e0:e3:f7:5d:49:b4:c0:53:5a:
b8:3e:00:f7:bc:c7:e9:43:69:9b:21:d3:2b:c8:d2:
77:f4:5d:75:e1:dc:63:5d:61:1b:88:10:c5:e6:b2:
c1:cc:f0:cb:f6:f7:86:85:96:77:c4:e7:26:2d:aa:
84:d8:76:31:1e:8c:4c:16:24:75:78:10:6b:f7:e3:
33:c7:2f:e9:04:d2:a5:81:2f:ba:a3:03:95:d4:4d:
3f:4d:9b:b3:d1:d9:60:02:64:f8:69:5d:e7:70:d9:
02:06:98:40:4b:fd:f5:6b:1c:37:98:a3:fc:7f:d3:
39:5e:f2:23:b3:dc:da:37:6f:91:03:c2:66:d7:4a:
3c:e9:71:8a:6b:4d:17:84:40:0c:d8:1c:a0:6a:d3:
ec:e2:91:97:49:f9:a2:4e:68:e1:f7:53:ac:45:22:
e2:0c:91:a9:a6:6a:5b:58:37:7b:f5:b3:fc:c5:86:
23:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:D5:D0:AE:26:66:5A:14:A1:7C:45:7D:AF:61:C0:A7:CF:BF:90:CF
X509v3 Authority Key Identifier:
keyid:67:3B:3A:71:CF:77:27:55:A3:DF:8C:ED:5D:73:51:6F:87:1C:0A:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zzs6cc93J1Wj34ztXXNRb4ccChE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/kdXQriZmWhShfEV9r2HAp8-_kM8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/Zzs6cc93J1Wj34ztXXNRb4ccChE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
170.102.144.0/23
170.102.192.0-170.102.196.255
Signature Algorithm: sha256WithRSAEncryption
1c:76:fc:91:b0:d0:19:b7:07:5b:c7:0b:1a:a8:bf:5c:dd:33:
bf:f4:3c:a2:6e:98:76:26:51:2b:c1:c1:15:46:5d:94:5b:91:
b5:3b:59:af:9d:34:2f:60:ed:79:44:32:a6:e0:d4:15:0b:cf:
33:fd:4f:b0:3b:4e:c1:2e:1e:f2:c6:df:c6:50:2f:b3:aa:bf:
05:2f:bb:4b:77:16:36:d5:f9:b2:8e:3f:53:40:40:a2:29:b3:
13:09:f0:f8:13:c9:18:e1:cc:a4:a2:1c:1a:47:d3:ca:9e:28:
69:09:0e:cc:e7:02:55:57:28:da:c5:98:e9:f8:94:77:a8:55:
a3:8d:a4:07:ab:e8:8b:10:42:88:ad:47:23:e5:31:35:ff:3c:
0f:f3:d1:52:89:44:1c:1b:5f:2c:4d:5f:7b:e8:62:85:7c:5b:
f1:34:fa:ba:4c:4a:2d:52:39:97:6b:ca:2a:18:27:23:3a:98:
19:5f:b5:ab:9d:99:c7:fd:1f:75:e4:d1:05:bf:ad:05:10:7b:
48:66:41:47:03:6a:66:4f:9f:36:19:17:7d:46:33:43:82:b1:
2d:af:be:33:ca:70:4c:fe:98:5c:c5:48:b3:cb:09:35:78:01:
2e:66:bf:8d:2a:20:61:b4:47:ce:18:61:6f:d2:bd:22:6c:cc:
22:ad:d1:8f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQf+muWI0HAl17rWyX1RC/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3M2IzYTcxY2Y3NzI3NTVhM2RmOGNlZDVkNzM1MTZmODcx
YzBhMTEwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQ1ZDBhZTI2NjY1YTE0YTE3YzQ1N2RhZjYxYzBhN2NmYmY5MGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/wtN83C+rhZZb3XJYRl+hvMtTYc
dQuU9NiBfk0PqxJsXtr+SjGbaTz+ZchzTrmoiHYnrAvTNRkxHT63mY0uF/gxt8OP
iQ4+erK0IJed54Hg4/ddSbTAU1q4PgD3vMfpQ2mbIdMryNJ39F114dxjXWEbiBDF
5rLBzPDL9veGhZZ3xOcmLaqE2HYxHoxMFiR1eBBr9+Mzxy/pBNKlgS+6owOV1E0/
TZuz0dlgAmT4aV3ncNkCBphAS/31axw3mKP8f9M5XvIjs9zaN2+RA8Jm10o86XGK
a00XhEAM2BygatPs4pGXSfmiTmjh91OsRSLiDJGppmpbWDd79bP8xYYjXQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJHV0K4mZloUoXxFfa9hwKfPv5DPMB8GA1UdIwQY
MBaAFGc7OnHPdydVo9+M7V1zUW+HHAoRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnpzNmNjOTNKMVdqMzR6dFhYTlJiNGNjQ2hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9jOTQ4NTUtNWIxYS00Zjk2LWI3YTEt
NmZlMWYyOTRlNjI3LzEva2RYUXJpWm1XaFNoZkVWOXIySEFwOC1fa004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9jOTQ4NTUtNWIxYS00Zjk2LWI3YTEtNmZlMWYyOTRlNjI3
LzEvWnpzNmNjOTNKMVdqMzR6dFhYTlJiNGNjQ2hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBqmaQMAwD
BAaqZsADBACqZsQwDQYJKoZIhvcNAQELBQADggEBABx2/JGw0Bm3B1vHCxqov1zd
M7/0PKJumHYmUSvBwRVGXZRbkbU7Wa+dNC9g7XlEMqbg1BULzzP9T7A7TsEuHvLG
38ZQL7OqvwUvu0t3FjbV+bKOP1NAQKIpsxMJ8PgTyRjhzKSiHBpH08qeKGkJDszn
AlVXKNrFmOn4lHeoVaONpAer6IsQQoitRyPlMTX/PA/z0VKJRBwbXyxNX3voYoV8
W/E0+rpMSi1SOZdryioYJyM6mBlftaudmcf9H3Xk0QW/rQUQe0hmQUcDamZPnzYZ
F31GM0OCsS2vvjPKcEz+mFzFSLPLCTV4AS5mv40qIGG0R84YYW/SvSJszCKt0Y8=
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:12:36 2025 by rpki-client