Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/klr8zXHLn6mli5IxFQr4R9FyMV0.roa
File: klr8zXHLn6mli5IxFQr4R9FyMV0.roa (raw, json)
Hash identifier: I+JofOB+oo9ML4ISV8ODtPvO84Ef+x27qR0wwlNvvJ8=
Subject key identifier: 92:5A:FC:CD:71:CB:9F:A9:A5:8B:92:31:15:0A:F8:47:D1:72:31:5D
Certificate issuer: /CN=acf910f36291c3c224ddb596d956543197f163de
Certificate serial: 019423690299078101D18A81CD67165B4992
Authority key identifier: AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/klr8zXHLn6mli5IxFQr4R9FyMV0.roa
Signing time: Wed 01 Jan 2025 19:47:51 +0000
ROA not before: Wed 01 Jan 2025 19:47:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198849
IP address blocks: 91.109.248.0/21 maxlen: 21
91.109.248.0/24 maxlen: 24
91.109.249.0/24 maxlen: 24
91.109.250.0/24 maxlen: 24
91.109.251.0/24 maxlen: 24
91.109.252.0/24 maxlen: 24
91.109.253.0/24 maxlen: 24
91.109.254.0/24 maxlen: 24
91.109.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.mft
rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 04:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:02:99:07:81:01:d1:8a:81:cd:67:16:5b:49:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=acf910f36291c3c224ddb596d956543197f163de
Validity
Not Before: Jan 1 19:47:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=925afccd71cb9fa9a58b9231150af847d172315d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:7b:66:95:1d:6a:e3:76:87:04:23:7e:c8:83:
d1:62:44:f0:1e:76:f5:d5:6e:e6:6e:db:7f:6e:a2:
bb:9b:98:e7:9b:19:9d:c9:bd:45:82:23:cf:18:c6:
a7:f3:33:46:a5:68:4e:b0:bf:2b:af:7b:4c:a4:47:
08:9a:09:c3:e0:47:45:94:e4:ee:c5:2e:8a:5e:59:
87:9f:55:7b:83:1a:76:7f:ca:63:9f:30:3a:f2:39:
75:ca:f6:43:43:a6:4f:c5:70:46:79:bd:8b:d1:16:
4f:75:c0:10:19:42:bf:73:59:fe:34:84:03:c3:85:
ad:0b:f0:a9:95:c4:de:f5:19:48:0a:8d:1f:ee:f3:
52:8f:93:8a:23:e1:1a:aa:0b:1e:9a:df:6d:f4:1b:
51:68:55:23:d9:c9:10:a7:3f:1a:d5:bb:cd:c1:22:
39:43:2c:1c:73:08:e7:2b:5d:86:2c:69:bf:4b:c6:
98:bf:66:4e:b4:b0:e9:fb:99:f1:dd:c9:b0:7e:b0:
e6:6e:0c:f7:03:c1:d0:b2:00:d3:1a:67:8c:94:6d:
d6:a7:5c:4e:b7:f8:66:b6:43:cd:08:46:14:ef:9f:
9e:32:9b:b4:33:1e:99:52:ae:03:81:db:7c:a8:8a:
58:6c:65:c7:25:35:95:d1:e2:0d:1d:eb:05:00:e2:
24:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:5A:FC:CD:71:CB:9F:A9:A5:8B:92:31:15:0A:F8:47:D1:72:31:5D
X509v3 Authority Key Identifier:
keyid:AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/klr8zXHLn6mli5IxFQr4R9FyMV0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.109.248.0/21
Signature Algorithm: sha256WithRSAEncryption
af:06:7d:b5:84:79:57:bd:47:ae:4b:02:82:08:44:71:db:ba:
fb:b2:cf:6d:10:9d:a9:b9:1b:d9:5f:6b:21:2a:3b:72:c5:91:
61:ea:b6:14:bd:fc:ee:ef:10:e5:ad:d3:bf:70:a4:f6:e1:26:
de:48:ed:76:7c:8c:6d:68:cf:36:03:91:10:79:98:6b:73:f0:
32:d1:51:a8:b0:7c:0a:0c:23:24:b4:4e:25:43:d1:e7:6f:b7:
23:b2:23:6b:7b:0b:65:d4:8e:ba:01:4e:d6:98:4e:9d:54:64:
71:cc:28:44:e1:7e:58:7a:e6:92:98:8e:95:4a:7b:ab:fd:8c:
b3:b5:2a:a2:ba:b9:84:29:ea:64:e5:b8:80:d9:8e:bc:d6:d8:
70:c6:4c:5f:96:cb:8a:b0:06:0a:20:9a:31:7f:84:31:7c:07:
ea:63:59:40:4e:6e:c8:7c:52:ca:34:aa:e4:d2:07:da:85:d4:
d3:53:39:25:0f:b7:54:b3:bc:84:93:34:61:e9:8b:0f:2c:ed:
cf:15:7c:5c:8e:a4:b6:8c:48:91:fd:2c:17:0b:36:21:14:1f:
0e:74:70:a5:64:c2:3c:1a:53:03:be:92:c5:4e:2e:31:20:6d:
b9:21:ea:65:a2:97:7e:bc:13:f9:4e:2d:3b:49:56:22:cc:17:
b3:33:74:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaQKZB4EB0YqBzWcWW0mSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZjkxMGYzNjI5MWMzYzIyNGRkYjU5NmQ5NTY1NDMxOTdm
MTYzZGUwHhcNMjUwMTAxMTk0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjVhZmNjZDcxY2I5ZmE5YTU4YjkyMzExNTBhZjg0N2QxNzIzMTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3tmlR1q43aHBCN+yIPRYkTwHnb1
1W7mbtt/bqK7m5jnmxmdyb1FgiPPGMan8zNGpWhOsL8rr3tMpEcImgnD4EdFlOTu
xS6KXlmHn1V7gxp2f8pjnzA68jl1yvZDQ6ZPxXBGeb2L0RZPdcAQGUK/c1n+NIQD
w4WtC/CplcTe9RlICo0f7vNSj5OKI+Eaqgsemt9t9BtRaFUj2ckQpz8a1bvNwSI5
QywccwjnK12GLGm/S8aYv2ZOtLDp+5nx3cmwfrDmbgz3A8HQsgDTGmeMlG3Wp1xO
t/hmtkPNCEYU75+eMpu0Mx6ZUq4Dgdt8qIpYbGXHJTWV0eINHesFAOIk+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJa/M1xy5+ppYuSMRUK+EfRcjFdMB8GA1UdIwQY
MBaAFKz5EPNikcPCJN21ltlWVDGX8WPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQt
ZDNiNThmNjk4MTQ4LzEva2xyOHpYSExuNm1saTVJeEZRcjRSOUZ5TVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQtZDNiNThmNjk4MTQ4
LzEvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW234MA0G
CSqGSIb3DQEBCwUAA4IBAQCvBn21hHlXvUeuSwKCCERx27r7ss9tEJ2puRvZX2sh
KjtyxZFh6rYUvfzu7xDlrdO/cKT24SbeSO12fIxtaM82A5EQeZhrc/Ay0VGosHwK
DCMktE4lQ9Hnb7cjsiNrewtl1I66AU7WmE6dVGRxzChE4X5YeuaSmI6VSnur/Yyz
tSqiurmEKepk5biA2Y681thwxkxflsuKsAYKIJoxf4QxfAfqY1lATm7IfFLKNKrk
0gfahdTTUzklD7dUs7yEkzRh6YsPLO3PFXxcjqS2jEiR/SwXCzYhFB8OdHClZMI8
GlMDvpLFTi4xIG25Ieplopd+vBP5Ti07SVYizBezM3TT
-----END CERTIFICATE-----
Generated at Tue Apr 8 12:31:26 2025 by rpki-client