Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/IKxEFfN_KNz819jDJF02u6P6vks.roa
File: IKxEFfN_KNz819jDJF02u6P6vks.roa (raw, json)
Hash identifier: M1gfdLv0XPFzxrEqEMyJ47aUP/+uDTO64SIkdj54NaA=
Subject key identifier: 20:AC:44:15:F3:7F:28:DC:FC:D7:D8:C3:24:5D:36:BB:A3:FA:BE:4B
Certificate issuer: /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial: 019422FC17D57868618162AC6C7081A33D52
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/IKxEFfN_KNz819jDJF02u6P6vks.roa
Signing time: Wed 01 Jan 2025 17:48:53 +0000
ROA not before: Wed 01 Jan 2025 17:48:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12306
IP address blocks: 82.98.64.0/18 maxlen: 32
82.98.93.0/24 maxlen: 24
82.98.127.0/24 maxlen: 24
212.19.32.0/19 maxlen: 32
213.83.0.0/18 maxlen: 32
2a02:2e0::/29 maxlen: 128
2a02:2e0:1::/48 maxlen: 48
2a02:2e0:a::/48 maxlen: 48
2a02:2e0:431::/48 maxlen: 48
2a02:2e0:cd4e::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 14:28:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:17:d5:78:68:61:81:62:ac:6c:70:81:a3:3d:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Validity
Not Before: Jan 1 17:48:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=20ac4415f37f28dcfcd7d8c3245d36bba3fabe4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:85:f3:d2:2e:57:8f:a0:3e:a7:b5:a0:fa:3d:
4c:2e:37:2a:3b:70:48:65:e9:e2:56:6a:92:46:3a:
cb:6e:27:e1:f8:9c:37:86:c4:04:76:d8:3f:8e:92:
bd:89:8d:ec:37:3a:f8:bb:d5:90:41:fb:cf:a6:6f:
dd:94:8d:f4:11:71:20:cf:50:13:62:6e:b7:05:88:
de:0b:73:65:a8:4b:5a:68:64:3f:1c:f9:e5:b0:2b:
99:a1:1a:67:f7:4e:b2:96:6d:08:ab:5e:43:34:93:
6b:10:6f:00:3a:9f:25:c4:a7:be:20:b5:b8:e7:b3:
6d:0b:31:9d:11:19:12:da:07:7f:14:b7:17:3b:c0:
d4:7e:0c:80:6c:9e:01:92:66:0d:e7:ac:ca:3d:e9:
aa:a4:2e:41:c0:53:a0:8e:4f:4e:ea:80:a9:44:14:
44:87:e7:b5:e6:e6:ab:30:83:09:fa:e8:49:19:dd:
fe:bf:45:d4:c8:13:d3:73:8f:4c:fd:13:68:a9:e6:
2a:f4:19:a5:92:f4:8c:9a:71:46:15:e3:fb:e5:58:
c3:9c:2b:96:20:9b:f8:cb:39:4a:73:43:da:7e:bc:
f3:17:be:f5:8d:07:b3:5f:ae:80:45:a6:9c:58:dc:
8e:cb:03:b5:b0:c2:d2:cb:b1:55:16:a1:d5:74:90:
9c:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:AC:44:15:F3:7F:28:DC:FC:D7:D8:C3:24:5D:36:BB:A3:FA:BE:4B
X509v3 Authority Key Identifier:
keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/IKxEFfN_KNz819jDJF02u6P6vks.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.98.64.0/18
212.19.32.0/19
213.83.0.0/18
IPv6:
2a02:2e0::/29
Signature Algorithm: sha256WithRSAEncryption
c0:e5:e0:25:5e:97:90:20:22:6f:96:8a:79:05:05:3e:bf:65:
a9:26:fd:04:05:31:be:98:8a:3f:b7:30:9a:90:5f:79:ff:8c:
c9:13:c6:b9:97:16:0d:75:12:c2:aa:18:77:6e:cf:79:2e:99:
40:4b:8f:e6:8d:1b:4f:b4:d7:34:29:39:1f:41:e6:c2:9f:ff:
73:34:14:65:e6:36:b1:f4:0c:6b:a1:54:b0:4e:47:8f:69:21:
4d:fa:7d:d2:36:e7:d4:b8:b5:7c:b7:b9:18:1f:fd:ae:87:ba:
49:5b:08:14:1e:bc:0a:b5:61:34:9e:d5:c3:4b:3b:fc:52:46:
2a:35:56:95:23:dd:f5:d1:65:42:6d:3d:99:66:c7:66:b6:43:
3d:39:fe:62:79:ed:56:37:37:ee:e2:73:d1:7f:02:3d:84:87:
ef:07:c3:ff:25:fe:d7:bc:43:33:ba:fc:cb:8b:27:a2:fe:3d:
c2:c5:cc:7a:40:2b:18:4e:be:12:63:8a:1b:ab:a7:fa:a1:75:
3a:fe:82:05:7e:47:49:2b:d1:0c:a7:df:5d:e6:79:fb:12:50:
26:72:76:cd:a4:50:61:37:5a:0b:d9:32:7e:21:39:bf:5b:19:
58:bd:f9:92:fe:63:ad:1e:03:f4:1a:88:ab:72:12:2c:59:9c:
cd:f6:ef:24
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQi/BfVeGhhgWKsbHCBoz1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGFjNDQxNWYzN2YyOGRjZmNkN2Q4YzMyNDVkMzZiYmEzZmFiZTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYXz0i5Xj6A+p7Wg+j1MLjcqO3BI
ZeniVmqSRjrLbifh+Jw3hsQEdtg/jpK9iY3sNzr4u9WQQfvPpm/dlI30EXEgz1AT
Ym63BYjeC3NlqEtaaGQ/HPnlsCuZoRpn906ylm0Iq15DNJNrEG8AOp8lxKe+ILW4
57NtCzGdERkS2gd/FLcXO8DUfgyAbJ4BkmYN56zKPemqpC5BwFOgjk9O6oCpRBRE
h+e15uarMIMJ+uhJGd3+v0XUyBPTc49M/RNoqeYq9BmlkvSMmnFGFeP75VjDnCuW
IJv4yzlKc0PafrzzF771jQezX66ARaacWNyOywO1sMLSy7FVFqHVdJCc5QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCCsRBXzfyjc/NfYwyRdNruj+r5LMB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEvSUt4RUZmTl9LTno4MTlqREpGMDJ1NlA2dmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQGUmJAAwQF
1BMgAwQG1VMAMA0EAgACMAcDBQMqAgLgMA0GCSqGSIb3DQEBCwUAA4IBAQDA5eAl
XpeQICJvlop5BQU+v2WpJv0EBTG+mIo/tzCakF95/4zJE8a5lxYNdRLCqhh3bs95
LplAS4/mjRtPtNc0KTkfQebCn/9zNBRl5jax9AxroVSwTkePaSFN+n3SNufUuLV8
t7kYH/2uh7pJWwgUHrwKtWE0ntXDSzv8UkYqNVaVI9310WVCbT2ZZsdmtkM9Of5i
ee1WNzfu4nPRfwI9hIfvB8P/Jf7XvEMzuvzLiyei/j3Cxcx6QCsYTr4SY4obq6f6
oXU6/oIFfkdJK9EMp99d5nn7ElAmcnbNpFBhN1oL2TJ+ITm/WxlYvfmS/mOtHgP0
GoirchIsWZzN9u8k
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:20:07 2025 by rpki-client