Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/cdeca3-4ef1-45ad-8922-2f7cf8446a31/1/lO9lnjMKShKR1lmHSBZdeXnPEkY.roa
File: lO9lnjMKShKR1lmHSBZdeXnPEkY.roa (raw, json)
Hash identifier: c7CjjG3dW9IskX6aNGKT3OeAaVeTmT4gSZizwrVUurs=
Subject key identifier: 94:EF:65:9E:33:0A:4A:12:91:D6:59:87:48:16:5D:79:79:CF:12:46
Certificate issuer: /CN=8636a4e14a71ddd510164b8631ad99bbfc75953a
Certificate serial: 0194228DF1D7D35433FC22B4C1DB303EB547
Authority key identifier: 86:36:A4:E1:4A:71:DD:D5:10:16:4B:86:31:AD:99:BB:FC:75:95:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hjak4Upx3dUQFkuGMa2Zu_x1lTo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/cdeca3-4ef1-45ad-8922-2f7cf8446a31/1/lO9lnjMKShKR1lmHSBZdeXnPEkY.roa
Signing time: Wed 01 Jan 2025 15:48:35 +0000
ROA not before: Wed 01 Jan 2025 15:48:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59909
IP address blocks: 159.255.147.0/24 maxlen: 24
185.148.92.0/22 maxlen: 22
199.255.112.0/22 maxlen: 22
206.225.20.0/22 maxlen: 22
212.24.116.0/22 maxlen: 22
2a0d:d100::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/cdeca3-4ef1-45ad-8922-2f7cf8446a31/1/hjak4Upx3dUQFkuGMa2Zu_x1lTo.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/cdeca3-4ef1-45ad-8922-2f7cf8446a31/1/hjak4Upx3dUQFkuGMa2Zu_x1lTo.mft
rsync://rpki.ripe.net/repository/DEFAULT/hjak4Upx3dUQFkuGMa2Zu_x1lTo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 15 Mar 2025 03:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:f1:d7:d3:54:33:fc:22:b4:c1:db:30:3e:b5:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8636a4e14a71ddd510164b8631ad99bbfc75953a
Validity
Not Before: Jan 1 15:48:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=94ef659e330a4a1291d6598748165d7979cf1246
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:e9:7c:cd:91:15:60:80:5d:43:76:38:8a:c3:
19:eb:83:9e:11:09:49:1b:ec:d2:2b:52:08:db:26:
87:7a:8e:20:6a:d9:e0:02:d3:af:5f:18:a9:16:0d:
25:1c:4f:13:34:ec:5a:fe:1a:1f:cf:53:b5:92:01:
7a:34:be:c0:00:3c:ce:f4:7a:2d:52:57:41:22:ca:
2b:3a:3c:c1:b8:63:b5:33:05:41:44:6e:87:7a:56:
1b:97:e8:f3:2a:f4:99:5a:d9:dd:b3:33:cb:98:91:
fa:bc:3c:11:08:03:1a:54:23:4e:59:57:38:10:3d:
50:53:10:e0:a1:fb:a4:14:6b:66:60:e4:31:dc:d0:
83:ba:8e:e4:d5:e3:fb:b0:a5:68:63:45:25:d4:15:
61:e5:99:58:b0:b0:2e:30:8a:56:96:87:26:87:31:
cc:c1:7c:a0:7b:dc:93:fa:e4:37:d8:61:2a:eb:eb:
74:07:86:95:47:47:d9:37:cb:97:60:d8:7e:9a:a9:
11:f2:b3:56:ba:db:d3:4b:76:ae:5e:28:03:51:0d:
c8:dc:9c:7b:e6:b8:fc:6d:2e:23:57:02:5a:09:b4:
48:e8:50:7d:f0:e1:18:22:00:d1:20:27:21:2e:e4:
42:2c:b2:59:23:b8:87:52:c1:00:71:84:ed:7e:07:
8e:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:EF:65:9E:33:0A:4A:12:91:D6:59:87:48:16:5D:79:79:CF:12:46
X509v3 Authority Key Identifier:
keyid:86:36:A4:E1:4A:71:DD:D5:10:16:4B:86:31:AD:99:BB:FC:75:95:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hjak4Upx3dUQFkuGMa2Zu_x1lTo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/cdeca3-4ef1-45ad-8922-2f7cf8446a31/1/lO9lnjMKShKR1lmHSBZdeXnPEkY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/cdeca3-4ef1-45ad-8922-2f7cf8446a31/1/hjak4Upx3dUQFkuGMa2Zu_x1lTo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.255.147.0/24
185.148.92.0/22
199.255.112.0/22
206.225.20.0/22
212.24.116.0/22
IPv6:
2a0d:d100::/32
Signature Algorithm: sha256WithRSAEncryption
18:a4:b2:88:6a:92:d5:54:15:ad:4d:00:dd:37:0c:5b:94:3a:
78:fc:ca:51:29:6a:f3:b5:c1:15:5d:48:bc:50:7e:f3:21:e7:
52:ac:fa:6c:1f:6f:ad:a4:81:53:e2:95:f3:b7:b7:da:ab:ab:
b7:d1:61:6c:1f:4e:d4:c2:91:c0:5a:2d:a6:c9:18:80:ab:82:
e3:54:da:a0:82:bd:2f:67:f3:be:21:7a:4f:97:a7:92:8b:7b:
9b:6f:77:9e:0c:54:b8:c0:cf:f8:13:a3:78:e9:bb:8f:30:50:
ca:a9:a3:17:94:0e:bb:09:ce:78:7b:00:c3:7e:6b:59:b9:19:
a8:ee:99:da:6d:e7:30:4e:67:bd:40:00:dc:bc:d0:33:46:51:
ad:73:9c:e6:1c:c9:4e:9a:4c:e0:c2:e0:70:74:68:a3:ea:2b:
56:0e:c8:05:01:42:1c:9e:11:5e:c7:cd:31:c6:a3:97:69:f6:
67:6c:e5:b7:b9:d8:e8:e7:c5:7c:4c:85:1c:02:bf:38:73:1e:
c7:a1:06:57:12:44:c2:59:85:75:e9:8c:2f:ea:b1:89:ef:a1:
6a:4c:41:32:aa:41:25:54:9a:1a:ad:cd:06:78:31:96:79:0e:
a8:72:25:db:78:99:f8:ad:0a:97:5f:4f:8c:c6:c7:c0:f6:ad:
c0:6c:39:4e
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQijfHX01Qz/CK0wdswPrVHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MzZhNGUxNGE3MWRkZDUxMDE2NGI4NjMxYWQ5OWJiZmM3
NTk1M2EwHhcNMjUwMTAxMTU0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGVmNjU5ZTMzMGE0YTEyOTFkNjU5ODc0ODE2NWQ3OTc5Y2YxMjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwel8zZEVYIBdQ3Y4isMZ64OeEQlJ
G+zSK1II2yaHeo4gatngAtOvXxipFg0lHE8TNOxa/hofz1O1kgF6NL7AADzO9Hot
UldBIsorOjzBuGO1MwVBRG6HelYbl+jzKvSZWtndszPLmJH6vDwRCAMaVCNOWVc4
ED1QUxDgofukFGtmYOQx3NCDuo7k1eP7sKVoY0Ul1BVh5ZlYsLAuMIpWlocmhzHM
wXyge9yT+uQ32GEq6+t0B4aVR0fZN8uXYNh+mqkR8rNWutvTS3auXigDUQ3I3Jx7
5rj8bS4jVwJaCbRI6FB98OEYIgDRICchLuRCLLJZI7iHUsEAcYTtfgeOhQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJTvZZ4zCkoSkdZZh0gWXXl5zxJGMB8GA1UdIwQY
MBaAFIY2pOFKcd3VEBZLhjGtmbv8dZU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGphazRVcHgzZFVRRmt1R01hMlp1X3gxbFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jZGVjYTMtNGVmMS00NWFkLTg5MjIt
MmY3Y2Y4NDQ2YTMxLzEvbE85bG5qTUtTaEtSMWxtSFNCWmRlWG5QRWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jZGVjYTMtNGVmMS00NWFkLTg5MjItMmY3Y2Y4NDQ2YTMx
LzEvaGphazRVcHgzZFVRRmt1R01hMlp1X3gxbFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAn/+TAwQC
uZRcAwQCx/9wAwQCzuEUAwQC1Bh0MA0EAgACMAcDBQAqDdEAMA0GCSqGSIb3DQEB
CwUAA4IBAQAYpLKIapLVVBWtTQDdNwxblDp4/MpRKWrztcEVXUi8UH7zIedSrPps
H2+tpIFT4pXzt7faq6u30WFsH07UwpHAWi2myRiAq4LjVNqggr0vZ/O+IXpPl6eS
i3ubb3eeDFS4wM/4E6N46buPMFDKqaMXlA67Cc54ewDDfmtZuRmo7pnabecwTme9
QADcvNAzRlGtc5zmHMlOmkzgwuBwdGij6itWDsgFAUIcnhFex80xxqOXafZnbOW3
udjo58V8TIUcAr84cx7HoQZXEkTCWYV16Ywv6rGJ76FqTEEyqkElVJoarc0GeDGW
eQ6ociXbeJn4rQqXX0+MxsfA9q3AbDlO
-----END CERTIFICATE-----
Generated at Fri Mar 14 11:55:53 2025 by rpki-client