Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KUs56ymfee9k3OwexMUXuspd0d8.roa
File: KUs56ymfee9k3OwexMUXuspd0d8.roa (raw, json)
Hash identifier: 0be1SATYDGAu7BBrPahf0dAQjgZ8r/iY2p8Lu4xhbdI=
Subject key identifier: 29:4B:39:EB:29:9F:79:EF:64:DC:EC:1E:C4:C5:17:BA:CA:5D:D1:DF
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019422201B8BB4400DFD3A46777A1D0D6E5D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KUs56ymfee9k3OwexMUXuspd0d8.roa
Signing time: Wed 01 Jan 2025 13:48:37 +0000
ROA not before: Wed 01 Jan 2025 13:48:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47377
IP address blocks: 91.190.102.0/23 maxlen: 24
185.135.140.0/22 maxlen: 24
185.238.8.0/22 maxlen: 24
203.0.8.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:1b:8b:b4:40:0d:fd:3a:46:77:7a:1d:0d:6e:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 13:48:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=294b39eb299f79ef64dcec1ec4c517baca5dd1df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:79:5a:82:d2:09:ac:54:c7:36:e1:10:9f:33:
7b:ea:0c:74:24:6b:73:66:e7:e4:56:a2:ee:fa:aa:
e2:7b:55:2f:ab:21:a4:44:68:61:74:88:6f:25:21:
f5:d0:22:93:2e:19:22:13:a9:8a:12:b9:9c:7e:3b:
75:0f:4f:bb:dd:38:4c:d8:87:1a:75:a3:12:b8:9f:
f9:7b:de:4b:13:db:f0:0f:54:f9:15:04:55:1c:8f:
83:ce:49:79:e0:1b:52:a6:6d:f4:0c:02:50:b3:3e:
fc:c8:18:a4:f1:77:5c:89:e0:d0:ce:5e:47:fc:90:
af:35:bc:b6:8f:f3:e3:04:a4:32:c7:2c:93:84:0a:
6f:4d:af:a7:c3:47:b4:80:7e:4d:76:7f:37:66:0e:
5e:ae:56:13:c7:da:65:0b:15:5c:c7:1d:fa:ba:ab:
26:3c:21:8d:2d:2d:46:72:87:a8:63:d7:92:26:40:
93:21:3c:88:4e:2a:7d:42:6e:a1:04:b6:cf:7e:fc:
d6:bd:a9:1d:c7:5a:25:3a:87:a7:d1:b3:53:5d:6b:
95:06:42:1e:6e:15:14:f3:e2:02:cd:eb:b9:31:4d:
f2:c6:5a:2a:e5:06:64:86:d3:01:ac:ce:58:c3:ab:
a3:40:58:ba:07:54:48:96:84:1a:99:f1:80:98:33:
87:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:4B:39:EB:29:9F:79:EF:64:DC:EC:1E:C4:C5:17:BA:CA:5D:D1:DF
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KUs56ymfee9k3OwexMUXuspd0d8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.190.102.0/23
185.135.140.0/22
185.238.8.0/22
203.0.8.0/23
Signature Algorithm: sha256WithRSAEncryption
18:32:e6:f2:82:39:c1:bf:fa:3e:a3:a6:57:89:ff:f4:fc:f4:
0e:28:cc:62:95:93:29:c7:2a:87:52:48:2e:b0:06:a8:a2:7e:
ba:45:2a:b4:92:dc:83:08:76:6f:b1:81:31:da:5d:ba:ac:74:
a7:ac:b9:0f:02:20:a9:80:75:aa:6b:46:78:24:c9:a4:50:bc:
5b:fd:06:7b:ab:7c:06:f8:5d:ca:56:a8:d2:b7:23:c6:9f:ee:
e5:0c:82:53:eb:77:6d:97:41:98:97:14:55:df:cb:73:af:36:
aa:7c:01:21:9a:d6:57:80:01:c3:ca:1e:9d:91:d6:78:1f:89:
b3:af:32:cb:6b:c9:52:2d:0e:d7:61:25:8a:85:9b:59:86:75:
a3:2d:59:fe:47:7a:95:b3:35:6f:91:a4:b8:64:39:8f:a0:c1:
ac:46:d9:1f:b9:87:11:4a:73:d1:81:14:16:5b:8e:d8:ea:35:
ea:47:c4:86:b4:60:71:45:5c:e4:74:9f:40:9e:68:f0:87:2a:
97:c9:f9:f5:32:c4:58:24:5d:4a:54:9b:34:16:eb:a3:15:dd:
9c:b1:6c:c2:15:f1:2e:bb:be:50:2f:79:04:ec:5e:ca:f7:3d:
91:1b:af:4a:a6:3b:f7:e0:5a:57:88:ef:d5:9a:0f:67:b2:9e:
23:8e:d5:8b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQiIBuLtEAN/TpGd3odDW5dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTRiMzllYjI5OWY3OWVmNjRkY2VjMWVjNGM1MTdiYWNhNWRkMWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7nlagtIJrFTHNuEQnzN76gx0JGtz
ZufkVqLu+qrie1UvqyGkRGhhdIhvJSH10CKTLhkiE6mKErmcfjt1D0+73ThM2Ica
daMSuJ/5e95LE9vwD1T5FQRVHI+Dzkl54BtSpm30DAJQsz78yBik8XdcieDQzl5H
/JCvNby2j/PjBKQyxyyThApvTa+nw0e0gH5Ndn83Zg5erlYTx9plCxVcxx36uqsm
PCGNLS1GcoeoY9eSJkCTITyITip9Qm6hBLbPfvzWvakdx1olOoen0bNTXWuVBkIe
bhUU8+ICzeu5MU3yxloq5QZkhtMBrM5Yw6ujQFi6B1RIloQamfGAmDOHvQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFClLOespn3nvZNzsHsTFF7rKXdHfMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS1VzNTZ5bWZlZTlrM093ZXhNVVh1c3BkMGQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBW75mAwQC
uYeMAwQCue4IAwQBywAIMA0GCSqGSIb3DQEBCwUAA4IBAQAYMubygjnBv/o+o6ZX
if/0/PQOKMxilZMpxyqHUkgusAaoon66RSq0ktyDCHZvsYEx2l26rHSnrLkPAiCp
gHWqa0Z4JMmkULxb/QZ7q3wG+F3KVqjStyPGn+7lDIJT63dtl0GYlxRV38tzrzaq
fAEhmtZXgAHDyh6dkdZ4H4mzrzLLa8lSLQ7XYSWKhZtZhnWjLVn+R3qVszVvkaS4
ZDmPoMGsRtkfuYcRSnPRgRQWW47Y6jXqR8SGtGBxRVzkdJ9AnmjwhyqXyfn1MsRY
JF1KVJs0FuujFd2csWzCFfEuu75QL3kE7F7K9z2RG69Kpjv34FpXiO/Vmg9nsp4j
jtWL
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:37:45 2025 by rpki-client