Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/zKB5P57_JFOmPOkzrUulhGBC8DI.roa
File: zKB5P57_JFOmPOkzrUulhGBC8DI.roa (raw, json)
Hash identifier: h7EFcyZ6LShlPLoYWIs86uc36W4TF89jakB1BT9rojo=
Subject key identifier: CC:A0:79:3F:9E:FF:24:53:A6:3C:E9:33:AD:4B:A5:84:60:42:F0:32
Certificate issuer: /CN=41741c05d4ad7ed690e571ef5ed0f87522da47d7
Certificate serial: 01961A9A2564A98B347CD1A17FEBECFEBCDF
Authority key identifier: 41:74:1C:05:D4:AD:7E:D6:90:E5:71:EF:5E:D0:F8:75:22:DA:47:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QXQcBdStftaQ5XHvXtD4dSLaR9c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/zKB5P57_JFOmPOkzrUulhGBC8DI.roa
Signing time: Wed 09 Apr 2025 12:50:31 +0000
ROA not before: Wed 09 Apr 2025 12:50:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 91.211.12.0/22 maxlen: 22
91.211.12.0/23 maxlen: 23
91.211.12.0/24 maxlen: 24
91.211.13.0/24 maxlen: 24
91.211.14.0/23 maxlen: 23
91.211.14.0/24 maxlen: 24
91.211.15.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/QXQcBdStftaQ5XHvXtD4dSLaR9c.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/QXQcBdStftaQ5XHvXtD4dSLaR9c.mft
rsync://rpki.ripe.net/repository/DEFAULT/QXQcBdStftaQ5XHvXtD4dSLaR9c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 23:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:1a:9a:25:64:a9:8b:34:7c:d1:a1:7f:eb:ec:fe:bc:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=41741c05d4ad7ed690e571ef5ed0f87522da47d7
Validity
Not Before: Apr 9 12:50:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cca0793f9eff2453a63ce933ad4ba5846042f032
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:4f:45:7d:80:ab:e3:f9:a9:3e:2a:74:2d:84:
ac:e9:6e:f3:f6:27:89:2b:41:98:ef:ef:83:78:c1:
40:9f:3a:8f:07:81:b9:1c:a2:83:83:33:36:f6:ac:
66:42:f7:e3:e7:92:63:7a:56:9c:6e:5d:82:88:65:
ac:aa:4b:78:5d:82:d3:13:09:d3:98:af:e9:bf:e5:
5a:8e:6b:e6:e7:9d:02:d3:a5:ad:33:fe:d0:c2:06:
5c:e4:b5:50:3f:6c:55:65:84:41:61:2b:e3:9e:8a:
8f:d4:87:f1:15:99:73:e2:4d:c4:e7:0e:64:11:70:
6b:b6:ef:ea:96:9b:07:75:9b:c5:aa:50:91:6e:76:
51:8b:22:04:9b:a1:4a:6b:03:85:74:e3:55:f5:8c:
72:7e:6c:21:46:3b:8a:14:a2:e7:6f:40:45:9c:5f:
49:d7:44:34:87:f6:fb:8d:8f:e4:07:89:16:4e:39:
bf:e8:84:a4:f6:83:75:8b:14:08:22:9d:08:78:32:
a3:03:2a:e4:16:de:02:55:07:fd:87:9d:98:27:04:
86:09:3d:2a:1f:64:9f:d3:1d:3b:e7:13:ae:2b:f6:
a4:76:08:bc:4a:ba:cb:d9:ee:c4:91:0d:63:b5:8e:
8d:ca:fe:e7:6a:fb:6b:f7:59:3f:51:82:e1:88:03:
e5:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:A0:79:3F:9E:FF:24:53:A6:3C:E9:33:AD:4B:A5:84:60:42:F0:32
X509v3 Authority Key Identifier:
keyid:41:74:1C:05:D4:AD:7E:D6:90:E5:71:EF:5E:D0:F8:75:22:DA:47:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QXQcBdStftaQ5XHvXtD4dSLaR9c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/zKB5P57_JFOmPOkzrUulhGBC8DI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/QXQcBdStftaQ5XHvXtD4dSLaR9c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.211.12.0/22
Signature Algorithm: sha256WithRSAEncryption
6a:50:e8:c0:12:be:df:ec:27:c5:2b:b9:09:3c:1a:ac:52:92:
f2:62:61:2f:48:53:9a:b2:96:d8:fa:30:f6:4c:11:dd:05:cd:
49:bd:39:b8:5a:f8:f0:17:70:85:ed:05:4b:fd:ee:9b:46:53:
bf:58:bc:90:9d:ca:a3:1f:6c:31:d8:5f:ea:35:c2:3a:47:4c:
7a:1a:c1:69:85:72:53:52:b6:14:5d:46:e1:37:7c:69:00:99:
74:39:f8:b8:81:78:2f:20:87:b5:9d:ef:29:9e:4c:51:2b:2a:
72:4c:cf:82:20:7d:70:fa:f1:0b:40:1d:9a:fd:3b:9c:4c:f0:
ae:b8:82:cb:a0:ea:c2:97:8c:26:35:6f:36:2a:c0:42:12:8c:
bb:6e:e1:e7:07:eb:a8:d9:88:cb:22:58:f0:56:53:06:dc:d6:
d9:00:c9:96:14:38:18:b2:ab:84:f8:5f:1e:24:78:cf:72:0c:
a8:98:45:cf:62:56:b0:5e:ee:c5:93:f9:4c:a3:95:95:46:68:
4f:3f:c7:ef:96:15:01:20:e8:e7:7d:fa:2c:1d:97:91:9e:e2:
9d:7f:0c:42:f9:f6:37:3b:ea:6b:d1:09:1c:2a:c3:6d:bc:0c:
23:b8:04:1a:90:71:88:7f:f2:3f:61:20:ed:ec:42:05:b1:a0:
78:23:34:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYamiVkqYs0fNGhf+vs/rzfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNzQxYzA1ZDRhZDdlZDY5MGU1NzFlZjVlZDBmODc1MjJk
YTQ3ZDcwHhcNMjUwNDA5MTI1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2EwNzkzZjllZmYyNDUzYTYzY2U5MzNhZDRiYTU4NDYwNDJmMDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnk9FfYCr4/mpPip0LYSs6W7z9ieJ
K0GY7++DeMFAnzqPB4G5HKKDgzM29qxmQvfj55Jjelacbl2CiGWsqkt4XYLTEwnT
mK/pv+Vajmvm550C06WtM/7QwgZc5LVQP2xVZYRBYSvjnoqP1IfxFZlz4k3E5w5k
EXBrtu/qlpsHdZvFqlCRbnZRiyIEm6FKawOFdONV9YxyfmwhRjuKFKLnb0BFnF9J
10Q0h/b7jY/kB4kWTjm/6ISk9oN1ixQIIp0IeDKjAyrkFt4CVQf9h52YJwSGCT0q
H2Sf0x075xOuK/akdgi8SrrL2e7EkQ1jtY6Nyv7navtr91k/UYLhiAPlbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMygeT+e/yRTpjzpM61LpYRgQvAyMB8GA1UdIwQY
MBaAFEF0HAXUrX7WkOVx717Q+HUi2kfXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVhRY0JkU3RmdGFRNVhIdlh0RDRkU0xhUjljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9hMzExZWEtMzFiMy00YmE0LWI1MzMt
NDEwMzIyYzcwMmZmLzEvektCNVA1N19KRk9tUE9renJVdWxoR0JDOERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9hMzExZWEtMzFiMy00YmE0LWI1MzMtNDEwMzIyYzcwMmZm
LzEvUVhRY0JkU3RmdGFRNVhIdlh0RDRkU0xhUjljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9MMMA0G
CSqGSIb3DQEBCwUAA4IBAQBqUOjAEr7f7CfFK7kJPBqsUpLyYmEvSFOaspbY+jD2
TBHdBc1JvTm4WvjwF3CF7QVL/e6bRlO/WLyQncqjH2wx2F/qNcI6R0x6GsFphXJT
UrYUXUbhN3xpAJl0Ofi4gXgvIIe1ne8pnkxRKypyTM+CIH1w+vELQB2a/TucTPCu
uILLoOrCl4wmNW82KsBCEoy7buHnB+uo2YjLIljwVlMG3NbZAMmWFDgYsquE+F8e
JHjPcgyomEXPYlawXu7Fk/lMo5WVRmhPP8fvlhUBIOjnffosHZeRnuKdfwxC+fY3
O+pr0QkcKsNtvAwjuAQakHGIf/I/YSDt7EIFsaB4IzQP
-----END CERTIFICATE-----
Generated at Sun Apr 13 08:57:46 2025 by rpki-client