Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/KRSjlLP_LGaVl43CnNfHf_qcv0Y.roa
File: KRSjlLP_LGaVl43CnNfHf_qcv0Y.roa (raw, json)
Hash identifier: T6wpRaMQShfnxACSwpJMZJO4nNVJDFOyvCxB/2y9lh0=
Subject key identifier: 29:14:A3:94:B3:FF:2C:66:95:97:8D:C2:9C:D7:C7:7F:FA:9C:BF:46
Certificate issuer: /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial: 0194266C21A2E9A089BF5B2E6DF9CCA2371C
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/KRSjlLP_LGaVl43CnNfHf_qcv0Y.roa
Signing time: Thu 02 Jan 2025 09:50:08 +0000
ROA not before: Thu 02 Jan 2025 09:50:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41745
IP address blocks: 138.124.3.0/24 maxlen: 24
138.124.4.0/24 maxlen: 24
138.124.10.0/24 maxlen: 24
138.124.15.0/24 maxlen: 24
138.124.16.0/24 maxlen: 24
138.124.19.0/24 maxlen: 24
138.124.20.0/24 maxlen: 24
138.124.30.0/24 maxlen: 24
138.124.31.0/24 maxlen: 24
138.124.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 07:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6c:21:a2:e9:a0:89:bf:5b:2e:6d:f9:cc:a2:37:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Validity
Not Before: Jan 2 09:50:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2914a394b3ff2c6695978dc29cd7c77ffa9cbf46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:b9:0c:94:b3:e4:7a:65:af:2c:6d:6f:5a:9b:
76:bd:41:b4:83:c8:f5:77:33:3d:24:ab:d0:3d:0f:
24:a4:6a:c7:c0:18:11:e2:b0:d4:5e:8a:c3:8e:38:
2c:59:91:a1:20:14:28:72:41:b2:4e:1f:16:15:66:
e6:49:9d:67:60:2e:93:70:cf:8f:c5:d0:8a:5a:2f:
83:d4:22:dc:30:f6:a9:bf:a8:fd:14:d2:2f:93:e3:
0e:e9:1e:8c:54:8b:7e:ae:ea:97:0a:c1:51:e8:26:
c8:ac:84:a2:e9:02:aa:70:36:3e:2e:c1:b1:9a:d9:
47:f4:3c:6f:19:3c:72:09:bd:5b:f2:75:87:5e:c1:
42:38:22:05:7d:04:71:7c:15:b9:f9:88:53:00:f0:
c6:3a:1b:6d:2f:9d:12:9e:2f:c1:d5:13:b7:38:21:
cb:6a:47:44:17:5a:e0:c8:bf:d0:da:65:e9:6e:d2:
f1:3a:da:3e:a3:50:0a:79:7e:73:37:0f:e1:71:9e:
e0:ec:51:91:1f:e9:f9:1b:c4:cd:99:4a:7a:05:ce:
5b:8c:cf:0a:6c:a8:78:97:0b:4e:9b:a0:1d:dc:db:
0a:53:94:d0:ed:f6:89:9f:ee:58:6a:a7:08:6d:48:
ab:50:a7:ea:34:ea:70:14:c0:06:de:d1:57:80:81:
59:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:14:A3:94:B3:FF:2C:66:95:97:8D:C2:9C:D7:C7:7F:FA:9C:BF:46
X509v3 Authority Key Identifier:
keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/KRSjlLP_LGaVl43CnNfHf_qcv0Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.124.3.0-138.124.4.255
138.124.10.0/24
138.124.15.0-138.124.16.255
138.124.19.0-138.124.20.255
138.124.30.0/23
138.124.125.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:b7:de:78:9d:0c:a4:52:d7:93:0e:de:37:1e:26:b4:a6:31:
c3:dc:f3:1e:44:ab:34:89:39:38:65:38:1a:3c:e1:75:7b:8d:
32:4e:a0:b1:b3:74:33:46:64:81:6a:1f:83:60:d9:b8:06:a5:
bf:a8:dc:32:28:be:b3:a2:19:27:b0:30:1b:ea:42:40:bb:fd:
08:1a:1d:0c:f2:38:a9:11:b1:51:63:6f:4e:64:fd:4a:f0:48:
e3:6f:be:35:c7:6c:60:9d:92:ec:21:3f:91:f2:66:8a:66:a5:
8d:a3:3d:13:f3:00:a2:5c:a9:ca:28:b1:0f:df:db:4f:fc:a6:
af:8a:93:bf:50:7c:5b:59:f0:09:b2:b2:67:0e:a3:da:f6:db:
c3:03:ab:5f:06:a2:37:0a:e6:9f:c3:1b:2c:b6:e1:6f:9d:2d:
f3:84:26:1c:ee:14:c6:4c:02:22:28:c0:f2:aa:e8:39:f0:e8:
d6:f3:67:70:6b:c6:2e:38:c3:1f:b3:36:79:96:9d:94:75:8b:
68:8c:db:44:9d:1c:5f:e4:e6:b1:d7:b4:3f:ab:b6:fa:f8:9a:
e9:00:77:8f:64:e7:a3:1d:04:87:d9:81:20:e0:75:a0:fe:71:
0c:a4:a0:48:e8:e5:61:ce:e1:ed:af:b3:5b:c4:47:ac:5b:00:
10:84:38:45
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQmbCGi6aCJv1subfnMojccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjUwMTAyMDk1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTE0YTM5NGIzZmYyYzY2OTU5NzhkYzI5Y2Q3Yzc3ZmZhOWNiZjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7kMlLPkemWvLG1vWpt2vUG0g8j1
dzM9JKvQPQ8kpGrHwBgR4rDUXorDjjgsWZGhIBQockGyTh8WFWbmSZ1nYC6TcM+P
xdCKWi+D1CLcMPapv6j9FNIvk+MO6R6MVIt+ruqXCsFR6CbIrISi6QKqcDY+LsGx
mtlH9DxvGTxyCb1b8nWHXsFCOCIFfQRxfBW5+YhTAPDGOhttL50Sni/B1RO3OCHL
akdEF1rgyL/Q2mXpbtLxOto+o1AKeX5zNw/hcZ7g7FGRH+n5G8TNmUp6Bc5bjM8K
bKh4lwtOm6Ad3NsKU5TQ7faJn+5YaqcIbUirUKfqNOpwFMAG3tFXgIFZoQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCkUo5Sz/yxmlZeNwpzXx3/6nL9GMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvS1JTamxMUF9MR2FWbDQzQ25OZkhmX3FjdjBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBACKfAMD
BACKfAQDBACKfAowDAMEAIp8DwMEAIp8EDAMAwQAinwTAwQAinwUAwQBinweAwQA
inx9MA0GCSqGSIb3DQEBCwUAA4IBAQBPt954nQykUteTDt43Hia0pjHD3PMeRKs0
iTk4ZTgaPOF1e40yTqCxs3QzRmSBah+DYNm4BqW/qNwyKL6zohknsDAb6kJAu/0I
Gh0M8jipEbFRY29OZP1K8Ejjb741x2xgnZLsIT+R8maKZqWNoz0T8wCiXKnKKLEP
39tP/KavipO/UHxbWfAJsrJnDqPa9tvDA6tfBqI3CuafwxsstuFvnS3zhCYc7hTG
TAIiKMDyqug58OjW82dwa8YuOMMfszZ5lp2UdYtojNtEnRxf5Oax17Q/q7b6+Jrp
AHePZOejHQSH2YEg4HWg/nEMpKBI6OVhzuHtr7NbxEesWwAQhDhF
-----END CERTIFICATE-----
Generated at Sun Apr 6 12:10:44 2025 by rpki-client