Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/14bca5-9046-4876-8283-ae93def510c2/1/1-KZB79paRJTfTrr9kd-PkIHLHE.roa
File: 1-KZB79paRJTfTrr9kd-PkIHLHE.roa (raw, json)
Hash identifier: bYbdjY4cixBeOLb4k7GWSfLpufuJby7+JSTFYAw9Lj0=
Subject key identifier: D7:E2:99:07:BF:69:69:12:53:7D:3A:EB:F6:47:7E:3E:42:07:2C:71
Certificate issuer: /CN=96329aae02b366ed1a01b52ac33abe760593a806
Certificate serial: 019422FB00C4DBA149D3387B53F2BECC5F3B
Authority key identifier: 96:32:9A:AE:02:B3:66:ED:1A:01:B5:2A:C3:3A:BE:76:05:93:A8:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ljKargKzZu0aAbUqwzq-dgWTqAY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/14bca5-9046-4876-8283-ae93def510c2/1/1-KZB79paRJTfTrr9kd-PkIHLHE.roa
Signing time: Wed 01 Jan 2025 17:47:42 +0000
ROA not before: Wed 01 Jan 2025 17:47:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202796
IP address blocks: 185.18.236.0/22 maxlen: 22
185.134.56.0/22 maxlen: 22
2a03:fb40::/29 maxlen: 29
2a05:1e80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/14bca5-9046-4876-8283-ae93def510c2/1/ljKargKzZu0aAbUqwzq-dgWTqAY.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/14bca5-9046-4876-8283-ae93def510c2/1/ljKargKzZu0aAbUqwzq-dgWTqAY.mft
rsync://rpki.ripe.net/repository/DEFAULT/ljKargKzZu0aAbUqwzq-dgWTqAY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 23:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:00:c4:db:a1:49:d3:38:7b:53:f2:be:cc:5f:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96329aae02b366ed1a01b52ac33abe760593a806
Validity
Not Before: Jan 1 17:47:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d7e29907bf696912537d3aebf6477e3e42072c71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:2a:c8:e7:50:11:87:9b:92:26:f8:7a:41:e5:
73:a5:af:5b:f9:f9:c4:4d:7d:c5:52:c7:ec:e3:de:
cc:84:bc:37:e0:05:6d:24:f4:a6:ea:3c:97:ff:d1:
93:3e:2c:80:22:db:d0:fe:cc:6c:42:3b:7c:f8:e2:
95:fc:1d:d8:f1:c3:ca:c9:33:02:67:da:5a:1d:8e:
c4:3a:df:35:eb:9e:38:30:3d:15:7c:d5:39:c0:75:
09:61:c6:08:1a:0f:23:91:ca:27:62:e9:37:88:f7:
3e:97:80:37:34:59:59:9d:c1:63:bd:78:f2:87:ca:
d5:f5:93:10:24:89:36:5c:cb:d5:50:32:16:64:a5:
b4:24:ed:0d:97:6c:bc:3e:3e:5a:c1:1d:9b:ba:c0:
32:f7:80:d0:ca:e6:0b:d1:d2:c7:1f:9c:0c:49:f9:
a6:85:52:5e:da:2a:94:99:6f:29:d9:af:08:d3:fc:
e7:96:0b:37:e7:ce:f0:d8:d8:0f:d8:4d:47:bb:80:
83:a5:27:10:6f:66:47:6f:fa:d4:66:28:91:c0:79:
8e:48:a1:6d:49:bb:9c:c4:d9:b8:bc:1c:6a:41:02:
2f:94:a0:a4:7c:fd:35:c6:67:45:9d:75:4a:4e:dd:
3d:a9:29:a0:42:30:1b:7e:57:57:4f:6e:1d:9f:7f:
a0:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:E2:99:07:BF:69:69:12:53:7D:3A:EB:F6:47:7E:3E:42:07:2C:71
X509v3 Authority Key Identifier:
keyid:96:32:9A:AE:02:B3:66:ED:1A:01:B5:2A:C3:3A:BE:76:05:93:A8:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ljKargKzZu0aAbUqwzq-dgWTqAY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/14bca5-9046-4876-8283-ae93def510c2/1/1-KZB79paRJTfTrr9kd-PkIHLHE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/14bca5-9046-4876-8283-ae93def510c2/1/ljKargKzZu0aAbUqwzq-dgWTqAY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.18.236.0/22
185.134.56.0/22
IPv6:
2a03:fb40::/29
2a05:1e80::/29
Signature Algorithm: sha256WithRSAEncryption
06:82:bc:16:ae:d5:fa:4c:92:03:9c:f7:5f:f9:2b:ca:24:de:
29:9e:14:28:db:23:08:03:69:12:2e:48:0b:33:39:1d:d8:d0:
d4:c2:25:e4:13:41:59:94:d5:07:72:f8:e3:18:35:50:6e:cd:
a1:e9:20:77:86:0d:e2:e3:21:bb:cd:67:df:5e:c5:68:a7:f5:
45:9b:15:c0:ef:17:9c:74:c5:9e:7a:b4:ef:33:22:60:e1:a9:
f6:d2:ec:ed:8b:79:dd:1a:a7:d2:5b:2d:3a:60:af:13:f0:20:
12:8b:da:7e:98:b3:99:4c:91:18:f4:9f:88:04:4d:4b:1a:ce:
cd:30:20:96:61:f1:ba:9b:7c:96:3c:23:c5:2a:74:6a:e9:1f:
79:0d:8f:cf:e7:02:72:f7:db:00:e7:b1:3b:dd:6d:3e:f4:50:
a6:4d:d3:cb:27:27:6e:c7:a7:2d:f7:78:38:93:a8:dc:36:21:
1c:3c:ac:6b:55:69:a4:6c:37:56:26:6c:bc:c6:47:25:99:56:
ee:b2:e0:89:b4:d7:73:69:e0:fd:71:59:f9:fd:2f:2b:20:a4:
a0:4e:8a:9c:20:0b:8e:91:dd:93:64:16:41:c4:6a:45:68:68:
be:a8:da:81:d5:c8:a5:d1:bf:cd:66:21:d1:13:13:f7:12:c1:
81:8c:5d:a9
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZQi+wDE26FJ0zh7U/K+zF87MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MzI5YWFlMDJiMzY2ZWQxYTAxYjUyYWMzM2FiZTc2MDU5
M2E4MDYwHhcNMjUwMTAxMTc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2UyOTkwN2JmNjk2OTEyNTM3ZDNhZWJmNjQ3N2UzZTQyMDcyYzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCrI51ARh5uSJvh6QeVzpa9b+fnE
TX3FUsfs497MhLw34AVtJPSm6jyX/9GTPiyAItvQ/sxsQjt8+OKV/B3Y8cPKyTMC
Z9paHY7EOt816544MD0VfNU5wHUJYcYIGg8jkconYuk3iPc+l4A3NFlZncFjvXjy
h8rV9ZMQJIk2XMvVUDIWZKW0JO0Nl2y8Pj5awR2busAy94DQyuYL0dLHH5wMSfmm
hVJe2iqUmW8p2a8I0/znlgs3587w2NgP2E1Hu4CDpScQb2ZHb/rUZiiRwHmOSKFt
SbucxNm4vBxqQQIvlKCkfP01xmdFnXVKTt09qSmgQjAbfldXT24dn3+gsQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFNfimQe/aWkSU3066/ZHfj5CByxxMB8GA1UdIwQY
MBaAFJYymq4Cs2btGgG1KsM6vnYFk6gGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGpLYXJnS3padTBhQWJVcXd6cS1kZ1dUcUFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8xNGJjYTUtOTA0Ni00ODc2LTgyODMt
YWU5M2RlZjUxMGMyLzEvMS1LWkI3OXBhUkpUZlRycjlrZC1Qa0lITEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8xNGJjYTUtOTA0Ni00ODc2LTgyODMtYWU5M2RlZjUxMGMy
LzEvbGpLYXJnS3padTBhQWJVcXd6cS1kZ1dUcUFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCuRLsAwQC
uYY4MBQEAgACMA4DBQMqA/tAAwUDKgUegDANBgkqhkiG9w0BAQsFAAOCAQEABoK8
Fq7V+kySA5z3X/kryiTeKZ4UKNsjCANpEi5ICzM5HdjQ1MIl5BNBWZTVB3L44xg1
UG7Noekgd4YN4uMhu81n317FaKf1RZsVwO8XnHTFnnq07zMiYOGp9tLs7Yt53Rqn
0lstOmCvE/AgEovafpizmUyRGPSfiARNSxrOzTAglmHxupt8ljwjxSp0aukfeQ2P
z+cCcvfbAOexO91tPvRQpk3TyycnbsenLfd4OJOo3DYhHDysa1VppGw3ViZsvMZH
JZlW7rLgibTXc2ng/XFZ+f0vKyCkoE6KnCALjpHdk2QWQcRqRWhovqjagdXIpdG/
zWYh0RMT9xLBgYxdqQ==
-----END CERTIFICATE-----
Generated at Tue Apr 8 06:20:47 2025 by rpki-client