Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/k4qXOW_NpDOIOHCLgRTHFZfFt5A.roa
File: k4qXOW_NpDOIOHCLgRTHFZfFt5A.roa (raw, json)
Hash identifier: ch7ij5E9LUdhi3/tkx9pvbq8WxL6Rn0r2P+Vs1PthF0=
Subject key identifier: 93:8A:97:39:6F:CD:A4:33:88:38:70:8B:81:14:C7:15:97:C5:B7:90
Certificate issuer: /CN=2d28cfa3fd2da9caaa659284758dee67099934f8
Certificate serial: 019427B5B7625C9D24D6946CAAB3AA94245F
Authority key identifier: 2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/k4qXOW_NpDOIOHCLgRTHFZfFt5A.roa
Signing time: Thu 02 Jan 2025 15:50:07 +0000
ROA not before: Thu 02 Jan 2025 15:50:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209273
IP address blocks: 217.145.228.0/23 maxlen: 23
217.145.228.0/24 maxlen: 24
217.145.229.0/24 maxlen: 24
217.145.230.0/24 maxlen: 24
217.145.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.mft
rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:b7:62:5c:9d:24:d6:94:6c:aa:b3:aa:94:24:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2d28cfa3fd2da9caaa659284758dee67099934f8
Validity
Not Before: Jan 2 15:50:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=938a97396fcda4338838708b8114c71597c5b790
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:6e:cb:0a:38:13:d6:9e:07:e3:9d:5d:71:dc:
8f:ba:02:ee:c5:bc:ab:49:d1:8b:68:92:d7:0c:c0:
b5:72:70:98:0e:88:b2:c4:f2:b7:38:29:37:f7:c8:
5f:93:c9:6d:05:80:db:d7:c1:ac:94:2d:e6:4e:f3:
f1:f9:26:6f:9d:4f:db:b2:07:e0:30:1e:85:e2:72:
7c:d5:5e:b5:52:7a:89:0b:45:e7:8f:8c:bb:d5:2e:
47:71:11:26:7c:ab:94:bf:9e:af:c7:9b:78:58:fc:
d6:f8:82:a7:d9:38:da:da:22:ab:ab:a2:ad:e3:22:
08:28:13:75:9a:af:c0:91:6f:00:05:fe:18:56:30:
86:4c:bd:ca:cb:73:c2:ff:b8:a1:21:9d:bc:60:2d:
95:e0:45:09:9a:df:e0:1a:9f:0c:da:72:6a:e5:4e:
5c:84:07:b5:48:23:65:91:e9:b6:9e:b5:29:df:a1:
bf:5f:f8:f8:99:a2:68:49:5a:9b:db:76:50:98:0a:
3a:98:ba:fd:51:5a:20:b5:5d:da:68:91:08:87:7b:
be:1a:4d:6d:a1:0d:9b:9f:99:45:1f:9c:ff:84:89:
67:14:70:f1:63:8a:a8:b7:3c:44:5f:4b:85:77:ff:
83:98:d2:e5:3b:4b:81:3f:01:3d:94:80:4b:d4:8c:
a1:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:8A:97:39:6F:CD:A4:33:88:38:70:8B:81:14:C7:15:97:C5:B7:90
X509v3 Authority Key Identifier:
keyid:2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/k4qXOW_NpDOIOHCLgRTHFZfFt5A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.145.228.0/22
Signature Algorithm: sha256WithRSAEncryption
12:95:39:70:12:88:b9:02:66:28:fe:6c:b0:49:62:c9:6b:7e:
0d:3c:f1:2e:86:61:6f:3a:dd:81:34:72:cb:ad:be:fc:46:d0:
67:7f:f7:06:ff:23:5f:d4:7c:72:42:1b:db:bb:f8:33:68:fa:
af:f7:b1:76:91:bb:f0:47:42:d0:52:dd:e3:02:44:99:aa:aa:
ed:7b:14:30:5b:4c:a8:2c:b2:6a:80:0d:c9:a1:e0:4a:51:f4:
85:87:a2:78:10:e7:16:93:f5:09:d6:2d:d6:0f:9a:0d:63:9c:
5a:90:c0:da:62:45:97:2e:9a:8d:0e:82:ae:30:b6:6f:bc:76:
18:36:ad:c6:df:86:d4:a6:06:4c:1b:c1:84:88:2e:03:31:93:
38:70:d9:63:37:4f:33:df:dd:d1:19:9d:e6:29:45:60:65:ae:
cc:93:89:2c:c5:7b:88:c9:8d:69:d8:ef:4c:f6:ad:5c:ac:2a:
cd:90:db:b1:3b:3d:4e:31:ae:10:c1:c1:83:41:bc:2a:90:13:
8f:a3:72:19:84:84:bb:04:5c:de:e4:c5:3c:9c:bb:f4:57:d6:
1c:23:34:7a:52:6e:ca:e7:a8:ae:e9:21:6a:da:bb:c4:76:c6:
3f:86:ec:7f:95:39:e7:c9:8d:da:0c:57:50:41:a2:84:ed:bb:
ca:ec:5e:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbdiXJ0k1pRsqrOqlCRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMjhjZmEzZmQyZGE5Y2FhYTY1OTI4NDc1OGRlZTY3MDk5
OTM0ZjgwHhcNMjUwMTAyMTU1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhhOTczOTZmY2RhNDMzODgzODcwOGI4MTE0YzcxNTk3YzViNzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq27LCjgT1p4H451dcdyPugLuxbyr
SdGLaJLXDMC1cnCYDoiyxPK3OCk398hfk8ltBYDb18GslC3mTvPx+SZvnU/bsgfg
MB6F4nJ81V61UnqJC0Xnj4y71S5HcREmfKuUv56vx5t4WPzW+IKn2Tja2iKrq6Kt
4yIIKBN1mq/AkW8ABf4YVjCGTL3Ky3PC/7ihIZ28YC2V4EUJmt/gGp8M2nJq5U5c
hAe1SCNlkem2nrUp36G/X/j4maJoSVqb23ZQmAo6mLr9UVogtV3aaJEIh3u+Gk1t
oQ2bn5lFH5z/hIlnFHDxY4qotzxEX0uFd/+DmNLlO0uBPwE9lIBL1IyhRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOKlzlvzaQziDhwi4EUxxWXxbeQMB8GA1UdIwQY
MBaAFC0oz6P9LanKqmWShHWN7mcJmTT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEt
M2FkNTJlOGI5NjI4LzEvazRxWE9XX05wRE9JT0hDTGdSVEhGWmZGdDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEtM2FkNTJlOGI5NjI4
LzEvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2ZHkMA0G
CSqGSIb3DQEBCwUAA4IBAQASlTlwEoi5AmYo/mywSWLJa34NPPEuhmFvOt2BNHLL
rb78RtBnf/cG/yNf1HxyQhvbu/gzaPqv97F2kbvwR0LQUt3jAkSZqqrtexQwW0yo
LLJqgA3JoeBKUfSFh6J4EOcWk/UJ1i3WD5oNY5xakMDaYkWXLpqNDoKuMLZvvHYY
Nq3G34bUpgZMG8GEiC4DMZM4cNljN08z393RGZ3mKUVgZa7Mk4ksxXuIyY1p2O9M
9q1crCrNkNuxOz1OMa4QwcGDQbwqkBOPo3IZhIS7BFze5MU8nLv0V9YcIzR6Um7K
56iu6SFq2rvEdsY/hux/lTnnyY3aDFdQQaKE7bvK7F7V
-----END CERTIFICATE-----
Generated at Wed Apr 16 08:06:58 2025 by rpki-client