Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/6a2e5f-9bb9-43a4-b452-460c89b392b3/1/ckBMIFhsxRrJd8g3723Ngrkob0E.roa
File: ckBMIFhsxRrJd8g3723Ngrkob0E.roa (raw, json)
Hash identifier: 2+AxiQZG50JBBA5rPTQbIhRHNAnVw7yeAiKa0FFBttM=
Subject key identifier: 72:40:4C:20:58:6C:C5:1A:C9:77:C8:37:EF:6D:CD:82:B9:28:6F:41
Certificate issuer: /CN=ccd2dc4f38f96b6d47796988ecddf0c6d0c4e832
Certificate serial: 0194FFF96790A45DA7FE016235095BCC352E
Authority key identifier: CC:D2:DC:4F:38:F9:6B:6D:47:79:69:88:EC:DD:F0:C6:D0:C4:E8:32
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNLcTzj5a21HeWmI7N3wxtDE6DI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/6a2e5f-9bb9-43a4-b452-460c89b392b3/1/ckBMIFhsxRrJd8g3723Ngrkob0E.roa
Signing time: Thu 13 Feb 2025 15:42:02 +0000
ROA not before: Thu 13 Feb 2025 15:42:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44806
IP address blocks: 93.94.104.0/21 maxlen: 24
178.23.40.0/21 maxlen: 24
185.192.32.0/22 maxlen: 24
2a00:1140::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/76/6a2e5f-9bb9-43a4-b452-460c89b392b3/1/zNLcTzj5a21HeWmI7N3wxtDE6DI.crl
rsync://rpki.ripe.net/repository/DEFAULT/76/6a2e5f-9bb9-43a4-b452-460c89b392b3/1/zNLcTzj5a21HeWmI7N3wxtDE6DI.mft
rsync://rpki.ripe.net/repository/DEFAULT/zNLcTzj5a21HeWmI7N3wxtDE6DI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 19 Apr 2025 18:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ff:f9:67:90:a4:5d:a7:fe:01:62:35:09:5b:cc:35:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd2dc4f38f96b6d47796988ecddf0c6d0c4e832
Validity
Not Before: Feb 13 15:42:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=72404c20586cc51ac977c837ef6dcd82b9286f41
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:1d:fd:0f:fa:6e:8e:06:dd:80:0c:80:e0:a5:
9b:af:f2:1c:dc:9d:23:96:ed:7f:6e:ac:fa:66:96:
84:43:5e:6e:e3:5f:bd:d6:ba:ab:72:54:fe:d9:6f:
e8:19:05:3e:e1:b6:9b:03:32:9e:7a:8d:31:5f:ee:
34:f5:bf:22:17:ce:1c:af:0f:e5:1f:61:8a:93:8d:
8a:5a:f7:6c:50:60:63:08:bf:60:7b:43:5e:bb:fc:
15:e9:d0:d5:8b:ac:c3:76:83:3a:17:84:af:aa:23:
c3:b2:88:81:23:32:11:64:20:30:e1:00:7e:5d:90:
84:53:79:4c:14:f2:17:0e:32:75:e0:d4:2c:83:e0:
4a:c3:48:e8:d9:13:dc:65:9c:d5:46:c7:46:46:f1:
0b:12:ad:2f:54:bd:8d:d1:ed:cd:dc:26:64:74:ec:
0b:d6:4e:b9:83:97:c6:8e:e0:5f:41:7b:f8:af:f3:
b5:e0:f0:52:03:50:01:ab:73:03:a9:6f:12:d4:dc:
a8:c3:0d:65:e6:a2:10:21:9c:4f:1d:15:b3:fb:da:
20:2d:e7:c7:ab:aa:79:ce:24:c9:0d:fd:3b:a5:05:
6d:1e:aa:19:b9:43:97:8f:fd:a6:6a:7d:04:ab:66:
16:19:ca:35:02:9e:04:60:ac:9c:e4:5b:b1:bc:88:
eb:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:40:4C:20:58:6C:C5:1A:C9:77:C8:37:EF:6D:CD:82:B9:28:6F:41
X509v3 Authority Key Identifier:
keyid:CC:D2:DC:4F:38:F9:6B:6D:47:79:69:88:EC:DD:F0:C6:D0:C4:E8:32
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNLcTzj5a21HeWmI7N3wxtDE6DI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/6a2e5f-9bb9-43a4-b452-460c89b392b3/1/ckBMIFhsxRrJd8g3723Ngrkob0E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/6a2e5f-9bb9-43a4-b452-460c89b392b3/1/zNLcTzj5a21HeWmI7N3wxtDE6DI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.94.104.0/21
178.23.40.0/21
185.192.32.0/22
IPv6:
2a00:1140::/32
Signature Algorithm: sha256WithRSAEncryption
c5:a7:7a:03:53:7e:a7:5e:1d:2e:49:62:19:69:8f:76:ca:98:
4e:ae:6f:1e:fa:fa:d5:15:37:82:be:a0:7f:15:4f:3b:4a:33:
35:ab:7a:98:cf:d4:de:f9:81:0b:fb:41:73:01:f8:f4:b5:d3:
38:bf:c8:2c:fb:db:89:4a:da:2e:86:ab:ee:7b:b4:ff:3d:39:
59:b4:27:a2:00:c2:70:f0:48:0c:53:e3:12:f4:69:a7:92:2b:
1d:a7:71:9d:3e:a3:a8:c6:39:7e:16:d2:a2:d4:f6:9b:d7:4b:
36:1f:cf:e1:42:88:a7:6c:3d:61:71:bb:18:f1:6f:36:1d:d2:
3d:27:2b:68:29:91:ed:8a:47:2c:e9:e1:ab:a5:5c:09:e8:aa:
60:db:79:9c:0a:c2:4e:6c:2e:79:10:b6:06:c2:1b:46:03:34:
f4:26:c3:e7:02:75:89:e2:dc:df:13:25:89:57:ef:43:c6:6a:
5a:d4:7b:cf:8e:53:64:c4:ae:11:90:12:22:85:6e:af:22:38:
a4:82:c0:26:8f:2b:07:e5:4e:08:85:c7:7e:95:d1:63:b2:5f:
80:ef:72:d0:66:12:5d:cb:62:f5:d9:51:b0:52:ba:ea:4f:83:
8b:94:4f:fd:a8:d7:98:f7:07:6a:00:89:6f:d3:2d:4a:75:6c:
34:54:dd:b4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZT/+WeQpF2n/gFiNQlbzDUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDJkYzRmMzhmOTZiNmQ0Nzc5Njk4OGVjZGRmMGM2ZDBj
NGU4MzIwHhcNMjUwMjEzMTU0MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjQwNGMyMDU4NmNjNTFhYzk3N2M4MzdlZjZkY2Q4MmI5Mjg2ZjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1R39D/pujgbdgAyA4KWbr/Ic3J0j
lu1/bqz6ZpaEQ15u41+91rqrclT+2W/oGQU+4babAzKeeo0xX+409b8iF84crw/l
H2GKk42KWvdsUGBjCL9ge0Neu/wV6dDVi6zDdoM6F4SvqiPDsoiBIzIRZCAw4QB+
XZCEU3lMFPIXDjJ14NQsg+BKw0jo2RPcZZzVRsdGRvELEq0vVL2N0e3N3CZkdOwL
1k65g5fGjuBfQXv4r/O14PBSA1ABq3MDqW8S1Nyoww1l5qIQIZxPHRWz+9ogLefH
q6p5ziTJDf07pQVtHqoZuUOXj/2man0Eq2YWGco1Ap4EYKyc5FuxvIjr3wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHJATCBYbMUayXfIN+9tzYK5KG9BMB8GA1UdIwQY
MBaAFMzS3E84+WttR3lpiOzd8MbQxOgyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5MY1R6ajVhMjFIZVdtSTdOM3d4dERFNkRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni82YTJlNWYtOWJiOS00M2E0LWI0NTIt
NDYwYzg5YjM5MmIzLzEvY2tCTUlGaHN4UnJKZDhnMzcyM05ncmtvYjBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni82YTJlNWYtOWJiOS00M2E0LWI0NTItNDYwYzg5YjM5MmIz
LzEvek5MY1R6ajVhMjFIZVdtSTdOM3d4dERFNkRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDXV5oAwQD
shcoAwQCucAgMA0EAgACMAcDBQAqABFAMA0GCSqGSIb3DQEBCwUAA4IBAQDFp3oD
U36nXh0uSWIZaY92yphOrm8e+vrVFTeCvqB/FU87SjM1q3qYz9Te+YEL+0FzAfj0
tdM4v8gs+9uJStouhqvue7T/PTlZtCeiAMJw8EgMU+MS9Gmnkisdp3GdPqOoxjl+
FtKi1Pab10s2H8/hQoinbD1hcbsY8W82HdI9JytoKZHtikcs6eGrpVwJ6Kpg23mc
CsJObC55ELYGwhtGAzT0JsPnAnWJ4tzfEyWJV+9Dxmpa1HvPjlNkxK4RkBIihW6v
IjikgsAmjysH5U4Ihcd+ldFjsl+A73LQZhJdy2L12VGwUrrqT4OLlE/9qNeY9wdq
AIlv0y1KdWw0VN20
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:15:49 2025 by rpki-client