Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/759288-10de-4916-b4d9-d0b9dc3aca23/1/CKAk2cC-uYUGuYFqMOzXbvUXtPM.roa
File: CKAk2cC-uYUGuYFqMOzXbvUXtPM.roa (raw, json)
Hash identifier: BpxkyCoQfkm6yG5imjMFMQgDsZS9FxcArr/Be2DDC9M=
Subject key identifier: 08:A0:24:D9:C0:BE:B9:85:06:B9:81:6A:30:EC:D7:6E:F5:17:B4:F3
Certificate issuer: /CN=be547ebb5c056f70296e408621261f3c4e2d4239
Certificate serial: 01941F8C7BB84A39E6B17E46B852D8736082
Authority key identifier: BE:54:7E:BB:5C:05:6F:70:29:6E:40:86:21:26:1F:3C:4E:2D:42:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vlR-u1wFb3ApbkCGISYfPE4tQjk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9d/759288-10de-4916-b4d9-d0b9dc3aca23/1/CKAk2cC-uYUGuYFqMOzXbvUXtPM.roa
Signing time: Wed 01 Jan 2025 01:48:07 +0000
ROA not before: Wed 01 Jan 2025 01:48:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39538
IP address blocks: 194.15.191.0/24 maxlen: 24
194.31.221.0/24 maxlen: 24
195.244.0.0/23 maxlen: 23
2001:67c:2308::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9d/759288-10de-4916-b4d9-d0b9dc3aca23/1/vlR-u1wFb3ApbkCGISYfPE4tQjk.crl
rsync://rpki.ripe.net/repository/DEFAULT/9d/759288-10de-4916-b4d9-d0b9dc3aca23/1/vlR-u1wFb3ApbkCGISYfPE4tQjk.mft
rsync://rpki.ripe.net/repository/DEFAULT/vlR-u1wFb3ApbkCGISYfPE4tQjk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 19:01:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:7b:b8:4a:39:e6:b1:7e:46:b8:52:d8:73:60:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be547ebb5c056f70296e408621261f3c4e2d4239
Validity
Not Before: Jan 1 01:48:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08a024d9c0beb98506b9816a30ecd76ef517b4f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:23:02:9b:89:e6:9b:04:d4:6f:8d:d8:7f:76:
71:5a:e9:ce:d6:51:5c:ad:13:f2:8c:75:f8:ba:55:
89:1b:04:84:8a:28:18:75:d2:f2:45:ed:1e:49:3a:
ba:05:49:b6:d7:63:f5:17:f8:ff:15:f8:23:e4:ee:
81:2b:cc:73:d5:05:2c:d9:ca:fe:10:71:fb:29:52:
bb:00:37:44:64:f7:3e:a5:63:10:7f:1e:a5:ad:f2:
6d:d7:00:36:4c:b2:38:8a:bb:64:69:74:f2:ff:c7:
cb:77:8e:87:d5:f5:d9:07:fe:52:e3:11:f4:45:ee:
b4:ac:00:86:e3:03:fe:f3:52:a9:ff:34:9d:1b:59:
c8:8a:9f:ad:49:51:25:01:21:c0:f1:f3:34:0f:d0:
b1:e9:83:7e:88:81:4f:d3:0f:d6:0e:5f:a6:47:93:
7c:07:64:51:42:be:0a:d2:f4:91:f2:1f:51:d8:d1:
7b:24:47:28:48:a3:30:cd:6e:60:c0:92:aa:59:d0:
3e:d2:ee:99:31:28:26:6d:bf:83:fb:e5:2a:a6:7e:
a4:d2:5f:c6:f6:bf:b3:f6:a9:12:51:9e:9a:96:f1:
da:14:8c:b3:0f:76:bb:84:09:5a:61:b1:2d:63:d6:
41:d5:84:a1:0b:42:43:75:93:6a:97:a0:25:df:3f:
a3:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:A0:24:D9:C0:BE:B9:85:06:B9:81:6A:30:EC:D7:6E:F5:17:B4:F3
X509v3 Authority Key Identifier:
keyid:BE:54:7E:BB:5C:05:6F:70:29:6E:40:86:21:26:1F:3C:4E:2D:42:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vlR-u1wFb3ApbkCGISYfPE4tQjk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/759288-10de-4916-b4d9-d0b9dc3aca23/1/CKAk2cC-uYUGuYFqMOzXbvUXtPM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/759288-10de-4916-b4d9-d0b9dc3aca23/1/vlR-u1wFb3ApbkCGISYfPE4tQjk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.15.191.0/24
194.31.221.0/24
195.244.0.0/23
IPv6:
2001:67c:2308::/48
Signature Algorithm: sha256WithRSAEncryption
8c:fb:f6:86:dc:00:43:79:56:29:b9:2d:e3:53:22:d8:95:99:
8c:a7:c8:56:6b:84:35:64:f2:22:b1:70:42:7e:f1:81:42:41:
52:b3:ca:e2:c8:38:cf:6d:04:98:46:23:00:a7:71:bb:be:07:
f1:19:83:f7:90:86:6e:03:5d:87:7d:03:e1:44:dc:03:04:d6:
a0:ee:d4:b2:29:89:16:b9:e9:93:12:5b:d7:66:1f:80:12:07:
63:43:22:b5:39:e6:ca:c1:fd:80:f9:7c:6c:f8:bd:fc:86:16:
19:24:e0:29:46:51:04:77:40:7f:60:36:f9:e6:c5:ff:9e:3f:
e2:2a:14:4d:0d:c8:70:73:44:08:11:65:00:22:97:01:d4:18:
12:e9:b9:0d:67:81:81:ad:99:c1:20:7a:15:33:6e:be:47:12:
66:54:45:e5:cf:d7:85:c1:e6:db:ef:a3:fe:eb:44:6a:1e:52:
72:b8:98:04:13:3f:5d:8e:5f:4c:65:ff:ce:c9:67:20:68:da:
6b:03:30:47:6c:2f:17:7f:0f:66:e1:78:21:4b:02:ee:55:44:
d2:2b:65:16:cd:ac:fe:dd:46:25:3d:0e:4a:23:b3:da:a1:b1:
81:18:cf:2b:5d:22:82:17:01:80:39:6d:70:81:3a:6a:df:98:
f7:cf:8a:36
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZQfjHu4SjnmsX5GuFLYc2CCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNTQ3ZWJiNWMwNTZmNzAyOTZlNDA4NjIxMjYxZjNjNGUy
ZDQyMzkwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGEwMjRkOWMwYmViOTg1MDZiOTgxNmEzMGVjZDc2ZWY1MTdiNGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiMCm4nmmwTUb43Yf3ZxWunO1lFc
rRPyjHX4ulWJGwSEiigYddLyRe0eSTq6BUm212P1F/j/Ffgj5O6BK8xz1QUs2cr+
EHH7KVK7ADdEZPc+pWMQfx6lrfJt1wA2TLI4irtkaXTy/8fLd46H1fXZB/5S4xH0
Re60rACG4wP+81Kp/zSdG1nIip+tSVElASHA8fM0D9Cx6YN+iIFP0w/WDl+mR5N8
B2RRQr4K0vSR8h9R2NF7JEcoSKMwzW5gwJKqWdA+0u6ZMSgmbb+D++Uqpn6k0l/G
9r+z9qkSUZ6alvHaFIyzD3a7hAlaYbEtY9ZB1YShC0JDdZNql6Al3z+jmwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFAigJNnAvrmFBrmBajDs1271F7TzMB8GA1UdIwQY
MBaAFL5UfrtcBW9wKW5AhiEmHzxOLUI5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmxSLXUxd0ZiM0FwYmtDR0lTWWZQRTR0UWprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC83NTkyODgtMTBkZS00OTE2LWI0ZDkt
ZDBiOWRjM2FjYTIzLzEvQ0tBazJjQy11WVVHdVlGcU1PelhidlVYdFBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC83NTkyODgtMTBkZS00OTE2LWI0ZDktZDBiOWRjM2FjYTIz
LzEvdmxSLXUxd0ZiM0FwYmtDR0lTWWZQRTR0UWprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAwg+/AwQA
wh/dAwQBw/QAMA8EAgACMAkDBwAgAQZ8IwgwDQYJKoZIhvcNAQELBQADggEBAIz7
9obcAEN5Vim5LeNTItiVmYynyFZrhDVk8iKxcEJ+8YFCQVKzyuLIOM9tBJhGIwCn
cbu+B/EZg/eQhm4DXYd9A+FE3AME1qDu1LIpiRa56ZMSW9dmH4ASB2NDIrU55srB
/YD5fGz4vfyGFhkk4ClGUQR3QH9gNvnmxf+eP+IqFE0NyHBzRAgRZQAilwHUGBLp
uQ1ngYGtmcEgehUzbr5HEmZUReXP14XB5tvvo/7rRGoeUnK4mAQTP12OX0xl/87J
ZyBo2msDMEdsLxd/D2bheCFLAu5VRNIrZRbNrP7dRiU9Dkojs9qhsYEYzytdIoIX
AYA5bXCBOmrfmPfPijY=
-----END CERTIFICATE-----
Generated at Tue Apr 8 03:25:14 2025 by rpki-client