Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/6KpBI63kEhQRzmhRvVQxSFsUBTI.roa
File: 6KpBI63kEhQRzmhRvVQxSFsUBTI.roa (raw, json)
Hash identifier: Ckcyw44N8h4Yete0VsDquepnFPzly6G4UPrg1n68+p4=
Subject key identifier: E8:AA:41:23:AD:E4:12:14:11:CE:68:51:BD:54:31:48:5B:14:05:32
Certificate issuer: /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial: 0194228E0AE8231CDCC6E16E84AAC25D2E6B
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/6KpBI63kEhQRzmhRvVQxSFsUBTI.roa
Signing time: Wed 01 Jan 2025 15:48:41 +0000
ROA not before: Wed 01 Jan 2025 15:48:41 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9002
IP address blocks: 87.245.208.0/20 maxlen: 20
87.245.208.0/21 maxlen: 21
87.245.224.0/19 maxlen: 19
89.19.36.0/22 maxlen: 22
94.158.240.0/22 maxlen: 22
139.45.192.0/19 maxlen: 19
185.82.8.0/22 maxlen: 22
193.109.100.0/22 maxlen: 22
2a02:2d8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 21:01:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8e:0a:e8:23:1c:dc:c6:e1:6e:84:aa:c2:5d:2e:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
Validity
Not Before: Jan 1 15:48:41 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e8aa4123ade4121411ce6851bd5431485b140532
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:51:2b:07:f5:80:04:10:5f:a8:dd:89:44:3a:
1c:23:4d:a3:a5:9a:59:93:f2:1a:41:8f:5b:2a:84:
a2:e9:66:73:fb:6c:ef:c5:3d:61:c7:5f:96:40:48:
f7:21:47:26:d4:56:0a:dd:10:5d:5a:1a:0b:cd:82:
e4:37:84:14:5a:70:f2:92:94:fc:f4:19:d0:3d:b0:
f5:d1:7e:7e:b9:f1:af:a2:88:20:8d:7d:78:8a:51:
c1:e8:a2:58:ac:dc:59:57:cb:d9:cb:04:94:86:17:
e3:91:3a:83:a5:82:f2:50:e9:50:45:ab:54:0b:26:
e4:77:6d:41:3c:db:4e:15:ac:01:21:c7:18:e4:7e:
4b:2b:b0:4e:1a:99:6a:01:93:a3:bf:82:c7:8c:79:
16:32:be:96:45:25:3e:93:9e:27:8d:44:1e:ca:f9:
61:8f:db:7c:5f:77:a3:49:7b:91:e9:48:54:79:5f:
cb:07:70:8e:22:ea:64:3f:92:99:57:2e:bc:f3:8c:
6e:0f:5d:83:78:0f:92:2e:9a:7a:f5:f6:d1:11:99:
ba:0f:cf:ca:9a:d2:5a:39:a6:ea:c9:d9:48:59:40:
7b:a2:7c:71:a9:29:55:99:1c:1f:33:91:bf:34:c6:
93:6a:f4:8a:85:12:7f:e8:7b:67:3c:b4:d4:03:aa:
a1:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:AA:41:23:AD:E4:12:14:11:CE:68:51:BD:54:31:48:5B:14:05:32
X509v3 Authority Key Identifier:
keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/6KpBI63kEhQRzmhRvVQxSFsUBTI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.245.208.0-87.245.255.255
89.19.36.0/22
94.158.240.0/22
139.45.192.0/19
185.82.8.0/22
193.109.100.0/22
IPv6:
2a02:2d8::/32
Signature Algorithm: sha256WithRSAEncryption
6d:25:b0:a5:56:90:6e:50:bc:a5:00:5f:91:38:af:8f:2f:c3:
dc:c2:07:76:23:20:3b:04:91:44:c2:84:d3:31:eb:0d:34:ea:
d3:17:2c:69:25:d6:ec:8e:a0:72:70:23:df:5f:e0:7d:ad:43:
9b:85:1e:5a:d2:11:d8:16:34:c3:ff:a6:50:a3:fe:da:02:56:
c4:8e:10:ff:10:dd:c5:09:ad:e6:bb:9a:45:88:98:fd:dd:9c:
40:a7:89:51:56:61:a4:73:f7:4d:55:5c:be:5a:a8:23:b8:c6:
31:a1:d2:22:ca:cb:11:30:41:b2:d5:89:f7:fa:05:08:67:28:
79:bb:7e:ef:a3:da:be:d5:4c:ca:76:cf:21:1f:91:58:9c:f7:
bf:df:fa:e2:e4:54:10:30:b5:c0:08:67:2d:e3:9b:bd:64:19:
0b:c9:25:f4:6e:62:d8:95:8b:1d:de:d9:27:cf:a4:4b:a2:5d:
6f:3e:de:4f:e6:e4:48:4d:2d:4b:83:cf:77:ee:d5:0a:e3:97:
46:e3:fa:a9:db:b1:d7:e7:90:7c:7a:3c:cf:41:a9:44:87:a8:
02:79:48:95:b4:2b:18:c7:bb:50:62:97:db:b4:9f:55:0b:19:
b0:67:b4:ec:6b:41:32:61:08:fe:cf:c7:c3:ba:3e:ba:d0:45:
f9:08:8b:27
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZQijgroIxzcxuFuhKrCXS5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjUwMTAxMTU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGFhNDEyM2FkZTQxMjE0MTFjZTY4NTFiZDU0MzE0ODViMTQwNTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVErB/WABBBfqN2JRDocI02jpZpZ
k/IaQY9bKoSi6WZz+2zvxT1hx1+WQEj3IUcm1FYK3RBdWhoLzYLkN4QUWnDykpT8
9BnQPbD10X5+ufGvooggjX14ilHB6KJYrNxZV8vZywSUhhfjkTqDpYLyUOlQRatU
Cybkd21BPNtOFawBIccY5H5LK7BOGplqAZOjv4LHjHkWMr6WRSU+k54njUQeyvlh
j9t8X3ejSXuR6UhUeV/LB3COIupkP5KZVy6884xuD12DeA+SLpp69fbREZm6D8/K
mtJaOabqydlIWUB7onxxqSlVmRwfM5G/NMaTavSKhRJ/6HtnPLTUA6qhXQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFOiqQSOt5BIUEc5oUb1UMUhbFAUyMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvNktwQkk2M2tFaFFSem1oUnZWUXhTRnNVQlRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAxBAIAATArMAsDBARX9dAD
AwFX9AMEAlkTJAMEAl6e8AMEBYstwAMEArlSCAMEAsFtZDANBAIAAjAHAwUAKgIC
2DANBgkqhkiG9w0BAQsFAAOCAQEAbSWwpVaQblC8pQBfkTivjy/D3MIHdiMgOwSR
RMKE0zHrDTTq0xcsaSXW7I6gcnAj31/gfa1Dm4UeWtIR2BY0w/+mUKP+2gJWxI4Q
/xDdxQmt5ruaRYiY/d2cQKeJUVZhpHP3TVVcvlqoI7jGMaHSIsrLETBBstWJ9/oF
CGcoebt+76PavtVMynbPIR+RWJz3v9/64uRUEDC1wAhnLeObvWQZC8kl9G5i2JWL
Hd7ZJ8+kS6Jdbz7eT+bkSE0tS4PPd+7VCuOXRuP6qdux1+eQfHo8z0GpRIeoAnlI
lbQrGMe7UGKX27SfVQsZsGe07GtBMmEI/s/Hw7o+utBF+QiLJw==
-----END CERTIFICATE-----
Generated at Sun Apr 13 04:29:13 2025 by rpki-client