Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/KW9AN_X4Hh4VKuAnb6bJtRrKymg.roa
File: KW9AN_X4Hh4VKuAnb6bJtRrKymg.roa (raw, json)
Hash identifier: J21F/I0zRgekIus74H7I/v2eoj4Bzdqg85T8XsMU8eI=
Subject key identifier: 29:6F:40:37:F5:F8:1E:1E:15:2A:E0:27:6F:A6:C9:B5:1A:CA:CA:68
Certificate issuer: /CN=f394a464728b82856dc2b955ccae9ab5ba6539c8
Certificate serial: 01941FFA54A62BEEEBB8509231156FB69BC3
Authority key identifier: F3:94:A4:64:72:8B:82:85:6D:C2:B9:55:CC:AE:9A:B5:BA:65:39:C8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/85SkZHKLgoVtwrlVzK6atbplOcg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/KW9AN_X4Hh4VKuAnb6bJtRrKymg.roa
Signing time: Wed 01 Jan 2025 03:48:06 +0000
ROA not before: Wed 01 Jan 2025 03:48:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58011
IP address blocks: 164.138.240.0/21 maxlen: 24
164.138.244.208/32 maxlen: 32
164.138.245.157/32 maxlen: 32
188.244.108.0/22 maxlen: 24
2a0d:55c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/85SkZHKLgoVtwrlVzK6atbplOcg.crl
rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/85SkZHKLgoVtwrlVzK6atbplOcg.mft
rsync://rpki.ripe.net/repository/DEFAULT/85SkZHKLgoVtwrlVzK6atbplOcg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:54:a6:2b:ee:eb:b8:50:92:31:15:6f:b6:9b:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f394a464728b82856dc2b955ccae9ab5ba6539c8
Validity
Not Before: Jan 1 03:48:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=296f4037f5f81e1e152ae0276fa6c9b51acaca68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:b9:e2:25:0e:04:1c:4b:8c:ef:98:ff:e7:88:
82:89:98:2c:34:50:82:93:92:e9:28:e2:eb:95:d9:
75:57:18:0b:78:34:b4:d0:c4:66:9c:29:59:ab:ca:
1e:1f:60:52:3c:f6:f8:56:1c:e8:a4:4f:d9:8b:bf:
8a:81:a2:97:77:a5:ae:2d:43:7d:90:01:b0:75:3b:
20:fe:ad:c5:e1:a8:69:45:70:fa:ce:cd:c8:c5:0e:
c4:66:b8:8e:60:36:19:e6:a5:22:6c:96:c4:04:c4:
d3:80:93:11:ba:ac:c2:30:76:2e:65:d6:98:b4:2d:
d2:a2:0c:2d:b6:0a:f7:c5:72:d1:6e:85:21:8a:d4:
b8:aa:c7:5b:d9:50:d1:78:99:1a:3c:ae:d3:96:00:
4e:3a:5f:64:f9:57:23:81:94:17:86:4e:e6:52:80:
9e:71:f7:67:7f:00:56:2a:3c:dd:67:8a:6d:1c:71:
1f:ce:4a:8e:45:ee:ad:68:f7:74:43:49:28:93:40:
d5:b6:48:2c:95:ed:5b:18:6e:63:f4:e5:ac:06:73:
87:89:01:04:aa:1a:e8:99:48:42:2a:ea:64:15:ec:
e1:1d:35:cc:f3:df:63:c4:99:97:13:a9:18:05:c5:
d3:79:13:b2:5d:07:8f:c5:38:91:9f:21:4c:ad:f4:
99:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:6F:40:37:F5:F8:1E:1E:15:2A:E0:27:6F:A6:C9:B5:1A:CA:CA:68
X509v3 Authority Key Identifier:
keyid:F3:94:A4:64:72:8B:82:85:6D:C2:B9:55:CC:AE:9A:B5:BA:65:39:C8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/85SkZHKLgoVtwrlVzK6atbplOcg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/KW9AN_X4Hh4VKuAnb6bJtRrKymg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/7db80c-5113-4e83-b2c8-f2664d1921d3/1/85SkZHKLgoVtwrlVzK6atbplOcg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
164.138.240.0/21
188.244.108.0/22
IPv6:
2a0d:55c0::/29
Signature Algorithm: sha256WithRSAEncryption
72:d9:6c:85:df:b7:d8:c3:af:e0:91:2c:8f:fe:49:a2:62:ea:
67:ab:f7:43:f6:89:56:04:29:b4:24:81:f2:4d:b0:9b:1a:4d:
c3:1b:b3:f4:74:57:31:0f:81:fb:85:63:8a:a1:21:ec:2c:08:
aa:9b:d5:6c:6d:e7:e2:bb:1f:4c:1a:a2:72:b5:9c:1f:d0:93:
a1:5a:ca:b6:63:48:fb:30:39:60:6b:84:03:e2:c5:1e:de:9e:
50:eb:0a:13:a5:8c:34:03:1d:44:b2:2e:c0:3a:ca:9f:9b:67:
48:7e:9e:21:b7:17:e8:c9:ee:3e:eb:20:37:a6:a8:29:56:d9:
d0:bb:e8:a1:99:48:44:07:6f:f5:59:69:49:db:74:6f:c1:7e:
f4:65:60:f1:d5:7a:a0:b6:de:3c:a4:80:f4:9c:85:c4:9e:24:
51:d3:7d:b9:4b:89:61:51:f3:94:48:8d:d3:32:22:5b:87:d8:
8e:7a:a2:81:61:31:ad:a3:9a:51:6e:32:e5:b1:fa:aa:38:c9:
b9:b4:5f:49:38:5c:17:80:9b:bb:81:80:4f:57:04:a2:f7:89:
3f:0e:a0:bf:e5:8c:fa:f2:82:12:47:7e:41:f2:9c:22:7c:af:
50:34:b9:cc:9e:01:a0:2c:4c:6c:01:63:0d:18:36:93:a5:3b:
bb:50:01:bf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQf+lSmK+7ruFCSMRVvtpvDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzOTRhNDY0NzI4YjgyODU2ZGMyYjk1NWNjYWU5YWI1YmE2
NTM5YzgwHhcNMjUwMTAxMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZmNDAzN2Y1ZjgxZTFlMTUyYWUwMjc2ZmE2YzliNTFhY2FjYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbniJQ4EHEuM75j/54iCiZgsNFCC
k5LpKOLrldl1VxgLeDS00MRmnClZq8oeH2BSPPb4VhzopE/Zi7+KgaKXd6WuLUN9
kAGwdTsg/q3F4ahpRXD6zs3IxQ7EZriOYDYZ5qUibJbEBMTTgJMRuqzCMHYuZdaY
tC3Sogwttgr3xXLRboUhitS4qsdb2VDReJkaPK7TlgBOOl9k+VcjgZQXhk7mUoCe
cfdnfwBWKjzdZ4ptHHEfzkqORe6taPd0Q0kok0DVtkgsle1bGG5j9OWsBnOHiQEE
qhromUhCKupkFezhHTXM899jxJmXE6kYBcXTeROyXQePxTiRnyFMrfSZ5wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFClvQDf1+B4eFSrgJ2+mybUayspoMB8GA1UdIwQY
MBaAFPOUpGRyi4KFbcK5VcyumrW6ZTnIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODVTa1pIS0xnb1Z0d3JsVnpLNmF0YnBsT2NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi83ZGI4MGMtNTExMy00ZTgzLWIyYzgt
ZjI2NjRkMTkyMWQzLzEvS1c5QU5fWDRIaDRWS3VBbmI2Ykp0UnJLeW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi83ZGI4MGMtNTExMy00ZTgzLWIyYzgtZjI2NjRkMTkyMWQz
LzEvODVTa1pIS0xnb1Z0d3JsVnpLNmF0YnBsT2NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDpIrwAwQC
vPRsMA0EAgACMAcDBQMqDVXAMA0GCSqGSIb3DQEBCwUAA4IBAQBy2WyF37fYw6/g
kSyP/kmiYupnq/dD9olWBCm0JIHyTbCbGk3DG7P0dFcxD4H7hWOKoSHsLAiqm9Vs
befiux9MGqJytZwf0JOhWsq2Y0j7MDlga4QD4sUe3p5Q6woTpYw0Ax1Esi7AOsqf
m2dIfp4htxfoye4+6yA3pqgpVtnQu+ihmUhEB2/1WWlJ23RvwX70ZWDx1Xqgtt48
pID0nIXEniRR0325S4lhUfOUSI3TMiJbh9iOeqKBYTGto5pRbjLlsfqqOMm5tF9J
OFwXgJu7gYBPVwSi94k/DqC/5Yz68oISR35B8pwifK9QNLnMngGgLExsAWMNGDaT
pTu7UAG/
-----END CERTIFICATE-----
Generated at Sat Apr 12 03:42:55 2025 by rpki-client