Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/8d798a-73d7-44ba-97db-f84b60521df5/1/KkYiM3e0iOAnAg_yFBFSK_bjJl8.roa
File: KkYiM3e0iOAnAg_yFBFSK_bjJl8.roa (raw, json)
Hash identifier: 5A5Vdre+g6oCjMH5zABiFnTSkWahsDuZjsJoxbwHMo0=
Subject key identifier: 2A:46:22:33:77:B4:88:E0:27:02:0F:F2:14:11:52:2B:F6:E3:26:5F
Certificate issuer: /CN=5056712ccfa877abb760cb77e27041774cb04739
Certificate serial: 019427479772224F717AEBEF0A877002E1D9
Authority key identifier: 50:56:71:2C:CF:A8:77:AB:B7:60:CB:77:E2:70:41:77:4C:B0:47:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UFZxLM-od6u3YMt34nBBd0ywRzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/8d798a-73d7-44ba-97db-f84b60521df5/1/KkYiM3e0iOAnAg_yFBFSK_bjJl8.roa
Signing time: Thu 02 Jan 2025 13:49:50 +0000
ROA not before: Thu 02 Jan 2025 13:49:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198032
IP address blocks: 91.240.2.0/24 maxlen: 24
185.198.132.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/41/8d798a-73d7-44ba-97db-f84b60521df5/1/UFZxLM-od6u3YMt34nBBd0ywRzk.crl
rsync://rpki.ripe.net/repository/DEFAULT/41/8d798a-73d7-44ba-97db-f84b60521df5/1/UFZxLM-od6u3YMt34nBBd0ywRzk.mft
rsync://rpki.ripe.net/repository/DEFAULT/UFZxLM-od6u3YMt34nBBd0ywRzk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:97:72:22:4f:71:7a:eb:ef:0a:87:70:02:e1:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5056712ccfa877abb760cb77e27041774cb04739
Validity
Not Before: Jan 2 13:49:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a46223377b488e027020ff21411522bf6e3265f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:51:49:e0:33:43:e4:0d:93:02:99:21:c8:dc:
70:85:48:57:44:3b:74:8e:15:c3:90:7e:db:ca:ba:
e0:fe:c3:8d:8d:8e:43:eb:06:d5:21:fe:5e:06:ed:
54:e5:c1:19:21:0d:2f:db:f7:11:1e:7c:e1:22:d8:
a5:34:98:e7:e3:71:63:1f:dd:92:d5:10:4f:8e:20:
db:37:d8:b6:9e:13:36:0a:54:0b:e8:6c:c5:84:f1:
cd:42:63:07:c5:04:0c:81:0d:25:8c:07:07:54:fe:
1c:24:35:27:57:1d:8c:31:a1:b4:4d:7b:d4:42:68:
78:ab:be:28:0d:1b:67:80:4f:5c:80:d4:05:b0:31:
c8:e8:0c:c9:eb:ae:16:16:78:99:42:7d:9d:1d:a3:
60:ea:1b:b0:c4:55:71:a8:7b:5f:fa:81:7a:72:8b:
cb:51:4f:bc:ca:15:75:c2:7f:33:4b:35:e0:4c:19:
66:39:f8:d7:b8:9e:ee:41:3e:a8:89:15:1b:90:ba:
89:7b:f2:2a:50:83:77:eb:7c:90:6f:62:0a:73:f3:
08:5d:bd:0c:4d:09:57:54:f6:cb:3f:91:d0:60:bf:
64:b0:6b:c3:ae:e1:24:8f:6d:4c:28:3f:6f:ca:45:
bd:e2:97:d9:38:0c:b3:34:d6:8c:da:50:07:c9:bc:
80:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:46:22:33:77:B4:88:E0:27:02:0F:F2:14:11:52:2B:F6:E3:26:5F
X509v3 Authority Key Identifier:
keyid:50:56:71:2C:CF:A8:77:AB:B7:60:CB:77:E2:70:41:77:4C:B0:47:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFZxLM-od6u3YMt34nBBd0ywRzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/8d798a-73d7-44ba-97db-f84b60521df5/1/KkYiM3e0iOAnAg_yFBFSK_bjJl8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/8d798a-73d7-44ba-97db-f84b60521df5/1/UFZxLM-od6u3YMt34nBBd0ywRzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.240.2.0/24
185.198.132.0/24
Signature Algorithm: sha256WithRSAEncryption
4c:a0:b7:44:64:6e:4c:f0:fd:27:03:71:f1:38:0a:4a:9e:49:
e0:6d:9f:11:4e:32:80:09:14:31:52:c4:9e:65:23:69:d2:e5:
7b:19:f3:81:d4:08:f9:d4:fb:9f:ae:4d:8b:75:46:4b:98:ec:
2c:a9:cb:c7:c3:4a:6c:4a:b7:03:e3:a9:40:20:f7:7a:89:f7:
9e:5b:1b:bd:e7:df:39:83:3c:96:5e:95:0d:0c:33:01:39:f4:
0c:b2:3e:75:e3:e3:48:4b:25:44:f9:0b:30:3c:42:67:0d:d4:
23:72:9a:88:c9:6d:04:59:9e:7e:ca:1a:5d:9e:a6:c6:cd:86:
f6:0d:4b:87:99:5e:0f:5c:7b:35:02:d6:d0:1b:2a:8a:8c:dd:
78:35:5e:1e:59:80:12:64:de:8c:96:19:27:8a:7d:a2:3f:86:
9a:b6:16:a3:6f:d7:ac:94:ac:7a:61:89:78:81:3b:80:02:91:
90:f0:f0:27:20:04:97:ba:51:79:3a:2b:30:90:ef:e5:73:4a:
2a:a0:1a:8f:4d:3a:e2:19:84:44:b0:89:bf:cf:8e:c1:aa:6c:
28:4d:ee:47:97:b2:94:4e:ac:6b:d8:30:5f:f7:25:2e:f2:04:
8d:7a:25:b2:f1:6f:ca:a4:e6:d6:99:43:33:89:f6:e3:8b:04:
bf:62:91:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR5dyIk9xeuvvCodwAuHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTY3MTJjY2ZhODc3YWJiNzYwY2I3N2UyNzA0MTc3NGNi
MDQ3MzkwHhcNMjUwMTAyMTM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTQ2MjIzMzc3YjQ4OGUwMjcwMjBmZjIxNDExNTIyYmY2ZTMyNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlFJ4DND5A2TApkhyNxwhUhXRDt0
jhXDkH7byrrg/sONjY5D6wbVIf5eBu1U5cEZIQ0v2/cRHnzhItilNJjn43FjH92S
1RBPjiDbN9i2nhM2ClQL6GzFhPHNQmMHxQQMgQ0ljAcHVP4cJDUnVx2MMaG0TXvU
Qmh4q74oDRtngE9cgNQFsDHI6AzJ664WFniZQn2dHaNg6huwxFVxqHtf+oF6covL
UU+8yhV1wn8zSzXgTBlmOfjXuJ7uQT6oiRUbkLqJe/IqUIN363yQb2IKc/MIXb0M
TQlXVPbLP5HQYL9ksGvDruEkj21MKD9vykW94pfZOAyzNNaM2lAHybyAMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCpGIjN3tIjgJwIP8hQRUiv24yZfMB8GA1UdIwQY
MBaAFFBWcSzPqHert2DLd+JwQXdMsEc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZaeExNLW9kNnUzWU10MzRuQkJkMHl3UnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84ZDc5OGEtNzNkNy00NGJhLTk3ZGIt
Zjg0YjYwNTIxZGY1LzEvS2tZaU0zZTBpT0FuQWdfeUZCRlNLX2JqSmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84ZDc5OGEtNzNkNy00NGJhLTk3ZGItZjg0YjYwNTIxZGY1
LzEvVUZaeExNLW9kNnUzWU10MzRuQkJkMHl3UnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/ACAwQA
ucaEMA0GCSqGSIb3DQEBCwUAA4IBAQBMoLdEZG5M8P0nA3HxOApKnkngbZ8RTjKA
CRQxUsSeZSNp0uV7GfOB1Aj51Pufrk2LdUZLmOwsqcvHw0psSrcD46lAIPd6ifee
Wxu95985gzyWXpUNDDMBOfQMsj514+NISyVE+QswPEJnDdQjcpqIyW0EWZ5+yhpd
nqbGzYb2DUuHmV4PXHs1AtbQGyqKjN14NV4eWYASZN6Mlhknin2iP4aathajb9es
lKx6YYl4gTuAApGQ8PAnIASXulF5OiswkO/lc0oqoBqPTTriGYREsIm/z47Bqmwo
Te5Hl7KUTqxr2DBf9yUu8gSNeiWy8W/KpObWmUMzifbjiwS/YpGW
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:49:34 2025 by rpki-client