Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/5e1380-9dc6-4691-86b5-5b1b5d9940c1/1/okKN99_kSuFiK1nEiQxwIj0skkI.roa
File: okKN99_kSuFiK1nEiQxwIj0skkI.roa (raw, json)
Hash identifier: BJdgdwQcgeiOTDLWh5HfcEvgJyNYUlctToI5pjHaF+4=
Subject key identifier: A2:42:8D:F7:DF:E4:4A:E1:62:2B:59:C4:89:0C:70:22:3D:2C:92:42
Certificate issuer: /CN=4735e807d349d31564f9fd546138e3598e2007ce
Certificate serial: 019427479EC1A5715248E135886695954246
Authority key identifier: 47:35:E8:07:D3:49:D3:15:64:F9:FD:54:61:38:E3:59:8E:20:07:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RzXoB9NJ0xVk-f1UYTjjWY4gB84.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/5e1380-9dc6-4691-86b5-5b1b5d9940c1/1/okKN99_kSuFiK1nEiQxwIj0skkI.roa
Signing time: Thu 02 Jan 2025 13:49:52 +0000
ROA not before: Thu 02 Jan 2025 13:49:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8767
IP address blocks: 5.182.88.0/22 maxlen: 24
45.66.28.0/22 maxlen: 24
45.84.24.0/22 maxlen: 24
93.88.16.0/22 maxlen: 24
185.47.44.0/22 maxlen: 24
185.68.156.0/22 maxlen: 24
185.110.32.0/22 maxlen: 24
193.168.248.0/22 maxlen: 24
213.170.216.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/81/5e1380-9dc6-4691-86b5-5b1b5d9940c1/1/RzXoB9NJ0xVk-f1UYTjjWY4gB84.crl
rsync://rpki.ripe.net/repository/DEFAULT/81/5e1380-9dc6-4691-86b5-5b1b5d9940c1/1/RzXoB9NJ0xVk-f1UYTjjWY4gB84.mft
rsync://rpki.ripe.net/repository/DEFAULT/RzXoB9NJ0xVk-f1UYTjjWY4gB84.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 10 Mar 2025 15:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:9e:c1:a5:71:52:48:e1:35:88:66:95:95:42:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4735e807d349d31564f9fd546138e3598e2007ce
Validity
Not Before: Jan 2 13:49:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a2428df7dfe44ae1622b59c4890c70223d2c9242
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:90:83:26:6e:18:6b:47:11:2c:a6:fc:5d:2e:
94:c3:8b:c6:fb:65:b0:8e:76:ab:3f:8c:12:39:9e:
f9:f3:f6:ea:13:ac:15:10:b2:c8:f2:d1:55:0f:c7:
ae:6b:39:8b:2e:10:27:b6:3b:a3:7a:b5:fe:c2:fc:
4a:9f:c3:ce:fb:26:1f:91:19:07:35:af:d4:a9:7c:
be:54:ef:51:83:46:18:bb:98:c4:6b:11:bf:ae:a2:
7b:71:d1:6f:bc:8c:54:d0:dc:59:12:c5:ab:b1:6d:
20:6d:35:be:5d:46:28:b2:c1:d8:83:9b:36:54:9d:
97:16:09:85:57:b8:ba:36:f9:8d:df:3d:b3:ee:79:
43:fd:0e:5e:4b:c0:98:97:4e:05:80:02:d9:dd:7b:
af:a6:fd:d2:d2:68:00:55:27:56:67:f9:f3:15:0f:
57:31:52:19:94:93:4b:1b:3a:37:f1:9d:04:7d:38:
c4:91:e9:0f:4d:89:b4:65:46:63:8f:d7:b4:49:57:
9a:ee:1a:fb:c2:ea:bc:69:aa:4d:f1:d7:fb:86:85:
f0:d1:f7:6d:9f:b5:b3:4d:4b:c2:c3:c2:66:86:7f:
3e:d8:7b:5e:1b:34:89:fd:29:62:a5:46:99:04:51:
92:9b:71:4a:5a:41:21:5d:d4:60:88:34:92:49:e0:
0e:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:42:8D:F7:DF:E4:4A:E1:62:2B:59:C4:89:0C:70:22:3D:2C:92:42
X509v3 Authority Key Identifier:
keyid:47:35:E8:07:D3:49:D3:15:64:F9:FD:54:61:38:E3:59:8E:20:07:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzXoB9NJ0xVk-f1UYTjjWY4gB84.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/5e1380-9dc6-4691-86b5-5b1b5d9940c1/1/okKN99_kSuFiK1nEiQxwIj0skkI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/5e1380-9dc6-4691-86b5-5b1b5d9940c1/1/RzXoB9NJ0xVk-f1UYTjjWY4gB84.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.88.0/22
45.66.28.0/22
45.84.24.0/22
93.88.16.0/22
185.47.44.0/22
185.68.156.0/22
185.110.32.0/22
193.168.248.0/22
213.170.216.0/22
Signature Algorithm: sha256WithRSAEncryption
5a:3a:15:3b:a3:c7:84:41:b8:a3:4a:d0:3e:5b:58:bb:1f:c3:
11:9c:04:c8:9c:04:c3:d0:fa:08:d4:4c:12:48:4e:5b:c9:34:
b4:90:a9:a9:ec:52:2b:ea:e2:26:44:b1:3d:16:7d:24:dd:c3:
28:f6:ec:aa:07:56:4d:0b:97:f1:de:c1:56:da:ca:2b:f8:a9:
95:7c:e4:c4:b5:db:61:0a:61:95:a6:72:f9:c3:4d:d8:08:04:
af:d6:bc:e4:37:c6:d4:ff:d3:b1:24:27:94:5e:08:ad:42:f7:
8c:5a:0d:25:16:05:85:4a:2a:7d:33:7b:60:9d:b6:4a:bf:be:
c9:78:ae:b4:2d:d5:35:81:25:0e:ed:ff:68:a4:55:b2:0a:68:
60:50:9e:78:68:00:b9:86:33:f8:74:37:2f:c7:53:01:cc:9c:
81:57:ca:d2:04:ff:e3:68:50:fa:10:6b:78:17:7a:b4:c9:bd:
67:29:bf:75:98:6e:e3:f1:78:a2:7d:ec:90:a5:4b:8b:37:75:
5d:68:2c:5a:9d:19:61:7a:e4:15:04:bf:cc:c2:11:b7:ee:be:
e4:23:fc:26:4a:51:1f:bd:e4:64:d3:bb:56:6c:82:9d:08:7e:
92:eb:4f:ba:bd:77:cf:7f:86:e1:3f:cf:f2:a9:39:17:86:80:
8a:10:59:4a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQnR57BpXFSSOE1iGaVlUJGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MzVlODA3ZDM0OWQzMTU2NGY5ZmQ1NDYxMzhlMzU5OGUy
MDA3Y2UwHhcNMjUwMTAyMTM0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQyOGRmN2RmZTQ0YWUxNjIyYjU5YzQ4OTBjNzAyMjNkMmM5MjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopCDJm4Ya0cRLKb8XS6Uw4vG+2Ww
jnarP4wSOZ758/bqE6wVELLI8tFVD8euazmLLhAntjujerX+wvxKn8PO+yYfkRkH
Na/UqXy+VO9Rg0YYu5jEaxG/rqJ7cdFvvIxU0NxZEsWrsW0gbTW+XUYossHYg5s2
VJ2XFgmFV7i6NvmN3z2z7nlD/Q5eS8CYl04FgALZ3Xuvpv3S0mgAVSdWZ/nzFQ9X
MVIZlJNLGzo38Z0EfTjEkekPTYm0ZUZjj9e0SVea7hr7wuq8aapN8df7hoXw0fdt
n7WzTUvCw8Jmhn8+2HteGzSJ/SlipUaZBFGSm3FKWkEhXdRgiDSSSeAOFwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKJCjfff5ErhYitZxIkMcCI9LJJCMB8GA1UdIwQY
MBaAFEc16AfTSdMVZPn9VGE441mOIAfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpYb0I5TkoweFZrLWYxVVlUampXWTRnQjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS81ZTEzODAtOWRjNi00NjkxLTg2YjUt
NWIxYjVkOTk0MGMxLzEvb2tLTjk5X2tTdUZpSzFuRWlReHdJajBza2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS81ZTEzODAtOWRjNi00NjkxLTg2YjUtNWIxYjVkOTk0MGMx
LzEvUnpYb0I5TkoweFZrLWYxVVlUampXWTRnQjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCBbZYAwQC
LUIcAwQCLVQYAwQCXVgQAwQCuS8sAwQCuUScAwQCuW4gAwQCwaj4AwQC1arYMA0G
CSqGSIb3DQEBCwUAA4IBAQBaOhU7o8eEQbijStA+W1i7H8MRnATInATD0PoI1EwS
SE5byTS0kKmp7FIr6uImRLE9Fn0k3cMo9uyqB1ZNC5fx3sFW2sor+KmVfOTEtdth
CmGVpnL5w03YCASv1rzkN8bU/9OxJCeUXgitQveMWg0lFgWFSip9M3tgnbZKv77J
eK60LdU1gSUO7f9opFWyCmhgUJ54aAC5hjP4dDcvx1MBzJyBV8rSBP/jaFD6EGt4
F3q0yb1nKb91mG7j8XiifeyQpUuLN3VdaCxanRlheuQVBL/MwhG37r7kI/wmSlEf
veRk07tWbIKdCH6S60+6vXfPf4bhP8/yqTkXhoCKEFlK
-----END CERTIFICATE-----
Generated at Mon Mar 10 00:37:12 2025 by rpki-client