Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/CXJP9kYgvGSt4VoYKuQPShczMME.roa
File: CXJP9kYgvGSt4VoYKuQPShczMME.roa (raw, json)
Hash identifier: gqOSApFpGsIytyW52e0emdHCeVR15916QBJkj7VrVD8=
Subject key identifier: 09:72:4F:F6:46:20:BC:64:AD:E1:5A:18:2A:E4:0F:4A:17:33:30:C1
Certificate issuer: /CN=92214a90d4095fd26765cc0e4df899e8c46c06df
Certificate serial: 0194A8817F8476AF39F12FD5A493591A5D68
Authority key identifier: 92:21:4A:90:D4:09:5F:D2:67:65:CC:0E:4D:F8:99:E8:C4:6C:06:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/CXJP9kYgvGSt4VoYKuQPShczMME.roa
Signing time: Mon 27 Jan 2025 16:04:06 +0000
ROA not before: Mon 27 Jan 2025 16:04:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206978
IP address blocks: 149.249.12.0/22 maxlen: 22
149.249.12.0/24 maxlen: 24
149.249.13.0/24 maxlen: 24
149.249.15.0/24 maxlen: 24
185.196.29.0/24 maxlen: 24
2a03:e440::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.crl
rsync://rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.mft
rsync://rpki.ripe.net/repository/DEFAULT/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 10 Mar 2025 15:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:a8:81:7f:84:76:af:39:f1:2f:d5:a4:93:59:1a:5d:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92214a90d4095fd26765cc0e4df899e8c46c06df
Validity
Not Before: Jan 27 16:04:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=09724ff64620bc64ade15a182ae40f4a173330c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:77:45:de:b2:e7:8b:dc:8f:25:d4:7e:f4:d1:
1e:5e:5b:36:1c:a3:e7:eb:ff:c1:71:1d:7a:0a:62:
7c:ff:e6:fd:15:94:c2:af:57:51:2b:33:fa:60:e4:
e5:4e:e1:29:3f:5d:69:fc:e4:ca:4f:d8:59:f7:04:
c2:bb:2c:95:0f:41:a2:49:d6:cb:4a:f7:87:52:3f:
8e:bf:d9:a4:45:81:82:f0:28:58:2b:03:69:c7:14:
e7:39:fc:da:26:f4:89:3d:9c:9b:6f:7c:96:80:f2:
5f:e6:87:c4:16:ff:1c:13:46:06:de:f6:33:41:0c:
38:68:47:85:ed:99:77:59:b7:27:f6:8f:24:dc:2d:
8a:e9:cb:63:f3:04:7f:7e:ca:04:b4:f8:e9:4e:9d:
89:c3:55:e4:22:39:06:84:63:db:17:75:30:61:a8:
19:8d:e9:6d:f9:36:50:30:2c:b0:e8:64:1e:56:76:
bb:7e:9f:47:b1:b4:0b:2f:c0:49:fb:fb:46:50:73:
31:42:72:67:47:3f:ea:c1:b3:d9:2c:f5:dd:4f:cb:
8e:16:21:45:18:d4:9d:e4:99:3d:2f:1b:e6:b8:4e:
d7:84:2c:f8:43:f3:6a:2b:4e:57:00:2a:e9:48:75:
98:77:d4:d8:24:73:e7:c5:44:27:5a:8f:2f:4a:38:
b8:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:72:4F:F6:46:20:BC:64:AD:E1:5A:18:2A:E4:0F:4A:17:33:30:C1
X509v3 Authority Key Identifier:
keyid:92:21:4A:90:D4:09:5F:D2:67:65:CC:0E:4D:F8:99:E8:C4:6C:06:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/CXJP9kYgvGSt4VoYKuQPShczMME.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.249.12.0/22
185.196.29.0/24
IPv6:
2a03:e440::/29
Signature Algorithm: sha256WithRSAEncryption
17:3b:a7:14:b1:53:d3:0d:b1:39:7c:b5:08:60:30:f0:ac:19:
0d:f4:fb:c9:9f:c1:82:81:a0:b7:0b:d5:71:27:d8:b9:c2:70:
fd:66:de:fb:e1:bd:7a:a3:6f:e2:f3:d6:c4:f8:d1:d2:89:18:
62:cf:60:57:88:fa:d4:df:f8:03:e1:bf:6e:e2:b2:08:55:70:
f5:58:be:8c:9f:d8:30:bc:5b:98:b7:1a:2a:a2:56:4e:a5:68:
61:d6:d8:e7:17:2c:7b:3f:81:08:a2:51:b8:b0:5b:2a:28:9c:
9b:d0:b5:65:90:43:c7:84:be:45:f2:3d:c1:e6:4a:a8:13:86:
10:1b:5a:90:73:5a:ad:a5:2e:03:1b:1d:63:60:24:04:16:92:
7c:af:ad:a6:19:1a:56:f4:3f:e4:ea:76:f5:77:bf:e5:71:f6:
69:9a:15:24:96:e3:e5:3e:7a:23:39:9f:df:f3:6c:24:76:72:
cd:d3:6d:21:47:63:37:6e:46:63:3c:16:74:1a:7f:a0:10:3e:
5a:85:79:ca:0b:ae:8e:7b:7a:17:f1:28:dc:79:ff:79:68:35:
7b:a5:35:10:0a:39:5a:40:31:b0:17:d2:1a:98:50:9d:97:23:
e3:dd:f1:0e:a2:1b:62:1e:e7:85:d8:e7:7e:7d:8f:d7:c2:a7:
e2:c6:b6:f6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZSogX+Edq858S/VpJNZGl1oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjE0YTkwZDQwOTVmZDI2NzY1Y2MwZTRkZjg5OWU4YzQ2
YzA2ZGYwHhcNMjUwMTI3MTYwNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTcyNGZmNjQ2MjBiYzY0YWRlMTVhMTgyYWU0MGY0YTE3MzMzMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHdF3rLni9yPJdR+9NEeXls2HKPn
6//BcR16CmJ8/+b9FZTCr1dRKzP6YOTlTuEpP11p/OTKT9hZ9wTCuyyVD0GiSdbL
SveHUj+Ov9mkRYGC8ChYKwNpxxTnOfzaJvSJPZybb3yWgPJf5ofEFv8cE0YG3vYz
QQw4aEeF7Zl3Wbcn9o8k3C2K6ctj8wR/fsoEtPjpTp2Jw1XkIjkGhGPbF3UwYagZ
jelt+TZQMCyw6GQeVna7fp9HsbQLL8BJ+/tGUHMxQnJnRz/qwbPZLPXdT8uOFiFF
GNSd5Jk9LxvmuE7XhCz4Q/NqK05XACrpSHWYd9TYJHPnxUQnWo8vSji4bwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAlyT/ZGILxkreFaGCrkD0oXMzDBMB8GA1UdIwQY
MBaAFJIhSpDUCV/SZ2XMDk34mejEbAbfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lGS2tOUUpYOUpuWmN3T1RmaVo2TVJzQnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi85YWU5YWQtNmE4Yy00N2NiLWJkZDEt
NTdkODAzMGI2MWUxLzEvQ1hKUDlrWWd2R1N0NFZvWUt1UVBTaGN6TU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi85YWU5YWQtNmE4Yy00N2NiLWJkZDEtNTdkODAzMGI2MWUx
LzEva2lGS2tOUUpYOUpuWmN3T1RmaVo2TVJzQnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQClfkMAwQA
ucQdMA0EAgACMAcDBQMqA+RAMA0GCSqGSIb3DQEBCwUAA4IBAQAXO6cUsVPTDbE5
fLUIYDDwrBkN9PvJn8GCgaC3C9VxJ9i5wnD9Zt774b16o2/i89bE+NHSiRhiz2BX
iPrU3/gD4b9u4rIIVXD1WL6Mn9gwvFuYtxoqolZOpWhh1tjnFyx7P4EIolG4sFsq
KJyb0LVlkEPHhL5F8j3B5kqoE4YQG1qQc1qtpS4DGx1jYCQEFpJ8r62mGRpW9D/k
6nb1d7/lcfZpmhUkluPlPnojOZ/f82wkdnLN020hR2M3bkZjPBZ0Gn+gED5ahXnK
C66Oe3oX8Sjcef95aDV7pTUQCjlaQDGwF9IamFCdlyPj3fEOohtiHueF2Od+fY/X
wqfixrb2
-----END CERTIFICATE-----
Generated at Mon Mar 10 00:49:19 2025 by rpki-client