Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/KiHM655f38tlRDuTKUKhZarH3cQ.roa
File: KiHM655f38tlRDuTKUKhZarH3cQ.roa (raw, json)
Hash identifier: DesJG/l9Po0CCy0ULE0mL9VGWvENzCQXp94ltpb8KIE=
Subject key identifier: 2A:21:CC:EB:9E:5F:DF:CB:65:44:3B:93:29:42:A1:65:AA:C7:DD:C4
Certificate issuer: /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial: 0194221F36374CE0F3157D118D964E2D126C
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/KiHM655f38tlRDuTKUKhZarH3cQ.roa
Signing time: Wed 01 Jan 2025 13:47:38 +0000
ROA not before: Wed 01 Jan 2025 13:47:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 54801
IP address blocks: 46.8.124.0/24 maxlen: 24
46.8.126.0/24 maxlen: 24
109.248.16.0/21 maxlen: 24
109.248.24.0/22 maxlen: 24
109.248.28.0/22 maxlen: 24
188.130.228.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:36:37:4c:e0:f3:15:7d:11:8d:96:4e:2d:12:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
Validity
Not Before: Jan 1 13:47:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a21cceb9e5fdfcb65443b932942a165aac7ddc4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:34:72:2a:7c:68:99:ad:14:16:c9:96:00:d8:
4e:62:7d:83:6c:b1:32:58:7e:02:0b:da:d7:25:4c:
49:ea:90:f8:17:79:d6:90:be:46:af:6e:19:05:80:
47:08:1c:4c:dc:20:32:f3:9f:8d:8a:bb:85:4d:77:
dc:e6:7a:38:b6:bb:d8:02:4e:87:0f:b5:e7:19:ad:
09:88:ba:5c:37:f8:43:f2:dc:46:a5:00:a6:3f:15:
f3:34:d4:a9:3e:24:4c:60:36:f9:7c:2a:5a:5a:c6:
d2:19:d1:ce:db:ab:6c:6d:ce:10:98:c8:80:c2:36:
8e:6b:c2:3e:63:86:ca:e3:be:03:8c:84:0a:36:e1:
76:e9:4f:3c:3d:bd:ef:87:65:a0:5f:be:ef:da:5d:
cb:be:4a:c0:a7:5f:04:de:70:23:74:be:e8:e6:b9:
eb:79:c2:04:bd:ad:c3:ef:2e:40:7e:aa:c7:e4:a6:
6f:16:46:df:a4:9e:5a:f9:78:30:9e:b3:ce:4a:e8:
d8:bd:63:dc:17:10:b3:aa:75:c9:69:72:02:37:21:
67:b7:c1:45:0e:34:cf:d8:ad:ad:2c:e2:be:dc:ef:
65:03:a5:3e:a6:ac:fb:ed:5f:69:b2:9e:dc:33:4a:
1d:81:b2:7d:80:20:de:62:00:26:da:a7:56:9e:9d:
99:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:21:CC:EB:9E:5F:DF:CB:65:44:3B:93:29:42:A1:65:AA:C7:DD:C4
X509v3 Authority Key Identifier:
keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/KiHM655f38tlRDuTKUKhZarH3cQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.8.124.0/24
46.8.126.0/24
109.248.16.0/20
188.130.228.0/22
Signature Algorithm: sha256WithRSAEncryption
5b:4d:52:52:73:d5:7c:f0:f1:e9:83:ae:d7:6a:4b:8c:5e:9a:
d1:90:49:1e:c1:c0:ee:55:ee:27:38:77:3e:23:f8:46:05:70:
36:75:ba:47:9e:12:09:1a:a9:35:8d:b6:a0:75:8b:c0:7d:bb:
9b:a4:7b:90:7e:ce:18:a1:66:3a:a6:12:0b:2d:4d:82:ab:b6:
40:cf:eb:8e:9d:24:5a:79:25:d6:15:14:ec:04:cb:cd:b8:42:
42:c6:2f:6f:37:ed:47:c3:22:fd:73:8a:d2:83:67:b8:fc:f1:
f5:b0:71:02:c6:ea:4c:d8:2d:82:c7:04:97:45:93:6c:e5:6e:
02:45:40:e1:be:ad:86:9d:09:da:f7:17:85:5e:38:b7:1f:6b:
02:38:04:7f:06:6a:20:33:b0:6e:63:a2:7f:57:4e:21:ee:7d:
f5:a6:68:cc:3c:b6:89:c0:86:d8:e8:a3:8b:9b:cc:a0:ac:88:
1f:a0:8a:93:f5:ed:d5:f4:51:5c:92:6d:04:05:65:2e:2b:c7:
6d:43:eb:22:02:bf:6e:ff:b9:3d:2d:54:3b:a9:63:fb:ed:81:
89:0f:d0:a0:58:ca:01:c0:85:7e:5c:da:01:de:c8:cc:24:49:
ea:8d:63:d8:8a:4b:88:db:a7:84:ac:38:04:83:fc:68:01:85:
ae:18:0f:c6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQiHzY3TODzFX0RjZZOLRJsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjUwMTAxMTM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTIxY2NlYjllNWZkZmNiNjU0NDNiOTMyOTQyYTE2NWFhYzdkZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzRyKnxoma0UFsmWANhOYn2DbLEy
WH4CC9rXJUxJ6pD4F3nWkL5Gr24ZBYBHCBxM3CAy85+NiruFTXfc5no4trvYAk6H
D7XnGa0JiLpcN/hD8txGpQCmPxXzNNSpPiRMYDb5fCpaWsbSGdHO26tsbc4QmMiA
wjaOa8I+Y4bK474DjIQKNuF26U88Pb3vh2WgX77v2l3LvkrAp18E3nAjdL7o5rnr
ecIEva3D7y5AfqrH5KZvFkbfpJ5a+XgwnrPOSujYvWPcFxCzqnXJaXICNyFnt8FF
DjTP2K2tLOK+3O9lA6U+pqz77V9psp7cM0odgbJ9gCDeYgAm2qdWnp2ZgQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCohzOueX9/LZUQ7kylCoWWqx93EMB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvS2lITTY1NWYzOHRsUkR1VEtVS2haYXJIM2NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALgh8AwQA
Lgh+AwQEbfgQAwQCvILkMA0GCSqGSIb3DQEBCwUAA4IBAQBbTVJSc9V88PHpg67X
akuMXprRkEkewcDuVe4nOHc+I/hGBXA2dbpHnhIJGqk1jbagdYvAfbubpHuQfs4Y
oWY6phILLU2Cq7ZAz+uOnSRaeSXWFRTsBMvNuEJCxi9vN+1HwyL9c4rSg2e4/PH1
sHECxupM2C2CxwSXRZNs5W4CRUDhvq2GnQna9xeFXji3H2sCOAR/BmogM7BuY6J/
V04h7n31pmjMPLaJwIbY6KOLm8ygrIgfoIqT9e3V9FFckm0EBWUuK8dtQ+siAr9u
/7k9LVQ7qWP77YGJD9CgWMoBwIV+XNoB3sjMJEnqjWPYikuI26eErDgEg/xoAYWu
GA/G
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:29:58 2025 by rpki-client