Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/2KtTnEqgfSqztCd7tujgpeMQKiY.roa
File: 2KtTnEqgfSqztCd7tujgpeMQKiY.roa (raw, json)
Hash identifier: PzcW2SmGhKzM/HWv9p7Gvr3dpPmkVhm+gAuqFa6OHHQ=
Subject key identifier: D8:AB:53:9C:4A:A0:7D:2A:B3:B4:27:7B:B6:E8:E0:A5:E3:10:2A:26
Certificate issuer: /CN=009a637282b3d0a0fca4a554f6936f7df42e8165
Certificate serial: 01942067CCA8AB871BC68B18CAB38238293C
Authority key identifier: 00:9A:63:72:82:B3:D0:A0:FC:A4:A5:54:F6:93:6F:7D:F4:2E:81:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AJpjcoKz0KD8pKVU9pNvffQugWU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/2KtTnEqgfSqztCd7tujgpeMQKiY.roa
Signing time: Wed 01 Jan 2025 05:47:40 +0000
ROA not before: Wed 01 Jan 2025 05:47:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200457
IP address blocks: 185.106.172.0/22 maxlen: 24
2a06:3d40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/AJpjcoKz0KD8pKVU9pNvffQugWU.crl
rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/AJpjcoKz0KD8pKVU9pNvffQugWU.mft
rsync://rpki.ripe.net/repository/DEFAULT/AJpjcoKz0KD8pKVU9pNvffQugWU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Mar 2025 13:00:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:cc:a8:ab:87:1b:c6:8b:18:ca:b3:82:38:29:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=009a637282b3d0a0fca4a554f6936f7df42e8165
Validity
Not Before: Jan 1 05:47:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d8ab539c4aa07d2ab3b4277bb6e8e0a5e3102a26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:52:63:1c:3c:3b:59:3f:37:f1:d2:f2:84:bf:
81:88:c8:9a:15:68:af:28:ae:48:d8:8a:41:b0:1d:
14:1b:15:51:ba:dc:8f:86:57:8d:6d:d5:1b:70:60:
cb:31:9f:cc:bf:26:69:42:f5:f4:d1:9b:19:e9:86:
c3:ae:f7:26:01:d5:a7:59:44:06:a0:bc:90:6b:16:
4b:fd:25:1e:98:92:6f:4f:f2:c0:dc:97:6d:84:d0:
3d:25:b4:68:5c:d2:85:57:76:88:a8:b6:53:5e:47:
8b:75:7e:a5:49:c4:cb:5d:c2:8b:55:fc:b5:82:48:
37:60:95:2f:16:2f:e5:16:4d:61:ea:c4:b9:52:61:
a0:fd:5d:ca:5e:65:de:36:78:38:3a:7f:1a:c0:70:
aa:6c:63:4e:f0:2b:ef:d3:ed:5d:26:6e:3a:3d:67:
d4:c7:f2:02:73:f6:d3:24:83:29:4d:9e:c5:38:f8:
fe:ed:25:27:43:08:c0:71:60:83:8e:33:13:88:45:
74:39:e5:22:43:a3:66:44:37:77:07:0c:7e:5d:89:
52:e2:f7:b2:3e:21:2a:66:09:db:ff:0d:af:60:1a:
aa:d8:f2:40:e4:0d:f8:23:2d:5d:36:6a:73:30:59:
e8:ab:7d:41:ff:1d:47:ac:23:44:51:59:5a:df:4b:
9e:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:AB:53:9C:4A:A0:7D:2A:B3:B4:27:7B:B6:E8:E0:A5:E3:10:2A:26
X509v3 Authority Key Identifier:
keyid:00:9A:63:72:82:B3:D0:A0:FC:A4:A5:54:F6:93:6F:7D:F4:2E:81:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AJpjcoKz0KD8pKVU9pNvffQugWU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/2KtTnEqgfSqztCd7tujgpeMQKiY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/AJpjcoKz0KD8pKVU9pNvffQugWU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.106.172.0/22
IPv6:
2a06:3d40::/29
Signature Algorithm: sha256WithRSAEncryption
0a:e6:ca:28:4a:4d:d5:8c:aa:64:c3:6b:13:82:d4:28:ef:f9:
26:8a:ab:2b:92:35:d8:1d:9c:4d:b0:3c:10:44:2e:5e:34:68:
13:5c:db:7c:42:75:02:18:0c:98:b5:75:fa:2a:3a:45:40:a9:
85:0c:26:51:1a:fd:ae:41:5e:63:41:e2:9b:54:55:ec:b4:4c:
68:bb:d3:bc:70:08:8b:dc:2f:c9:3a:77:93:de:8c:b5:2a:5e:
91:de:c1:00:42:31:12:a1:cb:b9:2a:73:75:c9:af:d1:94:41:
8f:25:f9:63:c2:af:02:14:43:5f:4d:c5:eb:9f:06:08:18:f3:
38:f0:c8:5b:ee:21:89:bd:d5:98:2c:ed:03:71:74:50:47:d1:
d1:9e:fd:64:2d:b3:0e:55:d8:a6:5f:90:af:77:56:a4:30:9e:
0d:1f:43:b0:1a:da:47:34:cc:66:76:68:c0:a1:a3:7b:6b:45:
61:8e:4d:a1:85:42:a7:18:a3:0f:bf:c7:d7:cf:18:f2:53:e7:
a1:fb:c7:a9:cf:9a:87:0d:3a:89:3e:a2:c1:0b:ef:82:1b:92:
d2:79:1c:91:b6:fa:a7:7c:3d:2f:e5:04:6a:5a:f8:e1:71:14:
9b:c3:4e:a7:27:81:9c:4a:cb:99:5d:d8:85:7b:3d:81:53:51:
58:39:9a:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ8yoq4cbxosYyrOCOCk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwOWE2MzcyODJiM2QwYTBmY2E0YTU1NGY2OTM2ZjdkZjQy
ZTgxNjUwHhcNMjUwMTAxMDU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGFiNTM5YzRhYTA3ZDJhYjNiNDI3N2JiNmU4ZTBhNWUzMTAyYTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61JjHDw7WT838dLyhL+BiMiaFWiv
KK5I2IpBsB0UGxVRutyPhleNbdUbcGDLMZ/MvyZpQvX00ZsZ6YbDrvcmAdWnWUQG
oLyQaxZL/SUemJJvT/LA3JdthNA9JbRoXNKFV3aIqLZTXkeLdX6lScTLXcKLVfy1
gkg3YJUvFi/lFk1h6sS5UmGg/V3KXmXeNng4On8awHCqbGNO8Cvv0+1dJm46PWfU
x/ICc/bTJIMpTZ7FOPj+7SUnQwjAcWCDjjMTiEV0OeUiQ6NmRDd3Bwx+XYlS4vey
PiEqZgnb/w2vYBqq2PJA5A34Iy1dNmpzMFnoq31B/x1HrCNEUVla30ue9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNirU5xKoH0qs7Qne7bo4KXjEComMB8GA1UdIwQY
MBaAFACaY3KCs9Cg/KSlVPaTb330LoFlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUpwamNvS3owS0Q4cEtWVTlwTnZmZlF1Z1dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9kZGMzNDQtNjRjNi00NmM4LWEyNWMt
ZDRlZGMwZWIzZTBhLzEvMkt0VG5FcWdmU3F6dENkN3R1amdwZU1RS2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9kZGMzNDQtNjRjNi00NmM4LWEyNWMtZDRlZGMwZWIzZTBh
LzEvQUpwamNvS3owS0Q4cEtWVTlwTnZmZlF1Z1dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWqsMA0E
AgACMAcDBQMqBj1AMA0GCSqGSIb3DQEBCwUAA4IBAQAK5sooSk3VjKpkw2sTgtQo
7/kmiqsrkjXYHZxNsDwQRC5eNGgTXNt8QnUCGAyYtXX6KjpFQKmFDCZRGv2uQV5j
QeKbVFXstExou9O8cAiL3C/JOneT3oy1Kl6R3sEAQjESocu5KnN1ya/RlEGPJflj
wq8CFENfTcXrnwYIGPM48Mhb7iGJvdWYLO0DcXRQR9HRnv1kLbMOVdimX5Cvd1ak
MJ4NH0OwGtpHNMxmdmjAoaN7a0Vhjk2hhUKnGKMPv8fXzxjyU+eh+8epz5qHDTqJ
PqLBC++CG5LSeRyRtvqnfD0v5QRqWvjhcRSbw06nJ4GcSsuZXdiFez2BU1FYOZqj
-----END CERTIFICATE-----
Generated at Tue Mar 11 19:51:17 2025 by rpki-client