Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/ok0D6AFy1nokMBW7AtTQbtvoy-Q.roa
File: ok0D6AFy1nokMBW7AtTQbtvoy-Q.roa (raw, json)
Hash identifier: OI8j87WnUAa44hUR7Jr4hBgPSlGVFL5uAjQD5u8Uzmo=
Subject key identifier: A2:4D:03:E8:01:72:D6:7A:24:30:15:BB:02:D4:D0:6E:DB:E8:CB:E4
Certificate issuer: /CN=fca98b1d0ecccc4f6ff1a7e7db84b4bb2f55b08d
Certificate serial: 019422FBC09FBB9A1EE83B288D78D8AA9782
Authority key identifier: FC:A9:8B:1D:0E:CC:CC:4F:6F:F1:A7:E7:DB:84:B4:BB:2F:55:B0:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_KmLHQ7MzE9v8afn24S0uy9VsI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/ok0D6AFy1nokMBW7AtTQbtvoy-Q.roa
Signing time: Wed 01 Jan 2025 17:48:31 +0000
ROA not before: Wed 01 Jan 2025 17:48:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50272
IP address blocks: 62.24.32.0/19 maxlen: 19
62.24.32.0/20 maxlen: 20
62.24.48.0/20 maxlen: 20
185.41.64.0/22 maxlen: 24
185.155.140.0/22 maxlen: 24
185.155.140.0/24 maxlen: 24
185.155.141.0/24 maxlen: 24
185.155.142.0/24 maxlen: 24
185.155.143.0/24 maxlen: 24
2a03:1400::/32 maxlen: 32
2a07:33c0::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/_KmLHQ7MzE9v8afn24S0uy9VsI0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/_KmLHQ7MzE9v8afn24S0uy9VsI0.mft
rsync://rpki.ripe.net/repository/DEFAULT/_KmLHQ7MzE9v8afn24S0uy9VsI0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 03:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:c0:9f:bb:9a:1e:e8:3b:28:8d:78:d8:aa:97:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fca98b1d0ecccc4f6ff1a7e7db84b4bb2f55b08d
Validity
Not Before: Jan 1 17:48:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a24d03e80172d67a243015bb02d4d06edbe8cbe4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:a7:c4:c8:83:bf:a7:7e:4a:1c:1d:1b:79:34:
5a:6e:69:cb:a0:af:ed:fe:d6:c2:9e:c3:44:b0:fe:
92:08:7d:42:50:88:54:3c:0d:50:08:aa:1e:a3:d6:
57:1d:1c:10:b2:54:ff:c8:68:04:21:90:a4:2d:f6:
17:3d:c5:41:3f:c9:16:10:aa:00:21:be:f8:d3:c2:
42:2a:c5:48:fa:b4:19:7d:e3:17:19:64:05:9e:82:
31:49:e3:8c:ba:3d:94:42:cb:80:a9:56:f4:41:b7:
8e:e2:9f:4a:08:6a:b3:63:a6:7c:e1:5f:84:e4:58:
cf:00:2f:7e:aa:7f:b4:51:df:e3:30:3f:be:79:a9:
bd:27:08:47:eb:78:ec:60:86:c8:d9:53:9c:41:0f:
ac:e0:b0:7f:cf:e1:3b:dc:0f:ed:a1:03:7d:b6:5f:
bd:09:ff:13:05:5a:b7:d1:ec:17:39:95:6e:2f:1b:
a7:96:ef:6e:8f:6f:b9:59:c1:7e:c8:17:4c:4a:e9:
7f:3b:81:34:84:42:2d:1a:37:36:5e:11:e3:94:51:
5d:a2:54:fc:43:30:f9:93:f4:a5:43:84:df:a8:10:
d5:57:22:c8:9b:ed:ec:b4:01:ab:c5:56:d8:97:b5:
a2:10:64:ae:f1:7a:6d:fa:99:49:54:91:a9:37:8e:
f5:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:4D:03:E8:01:72:D6:7A:24:30:15:BB:02:D4:D0:6E:DB:E8:CB:E4
X509v3 Authority Key Identifier:
keyid:FC:A9:8B:1D:0E:CC:CC:4F:6F:F1:A7:E7:DB:84:B4:BB:2F:55:B0:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KmLHQ7MzE9v8afn24S0uy9VsI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/ok0D6AFy1nokMBW7AtTQbtvoy-Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/_KmLHQ7MzE9v8afn24S0uy9VsI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.24.32.0/19
185.41.64.0/22
185.155.140.0/22
IPv6:
2a03:1400::/32
2a07:33c0::/29
Signature Algorithm: sha256WithRSAEncryption
6c:4b:89:c8:61:8e:b5:47:22:6c:70:94:29:d4:6e:c6:7f:58:
d3:99:fe:4f:b0:c8:b0:47:c3:ff:ae:2a:18:d2:f8:10:cf:c9:
86:8d:5a:34:d7:61:d6:68:d8:9e:4a:f5:11:c2:ff:ce:5a:93:
27:a5:88:82:a9:ed:47:3a:54:19:b8:70:47:5f:39:cf:61:ca:
8f:eb:6c:df:3e:d3:a9:82:42:19:4b:40:33:47:0b:1e:24:15:
c7:e4:83:6b:29:b8:cd:71:03:11:32:8d:88:ba:0c:15:a5:3a:
8f:b1:3c:85:ab:3a:96:74:22:a9:e3:78:f5:70:ec:22:19:05:
4f:8c:59:a0:27:91:3d:ef:6f:26:cd:f7:3d:1b:df:29:b3:2d:
99:db:bf:10:a6:21:82:f7:61:ab:98:d4:0c:83:fe:e6:46:f7:
16:f4:e9:2a:77:92:22:2e:4c:a3:af:95:e8:25:ad:f6:0c:59:
fe:46:85:69:00:05:90:68:78:30:51:02:5f:b2:82:5b:57:2d:
6b:f7:fe:eb:94:83:5c:a5:ed:99:82:83:4c:73:fe:5e:2a:43:
e2:ed:1d:78:fe:c9:52:b5:8a:72:3e:57:bc:c7:ba:70:07:3d:
e4:f8:a1:82:63:d5:cd:f8:49:f7:da:48:ca:a4:79:5f:57:45:
e4:42:e8:1c
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQi+8Cfu5oe6DsojXjYqpeCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTk4YjFkMGVjY2NjNGY2ZmYxYTdlN2RiODRiNGJiMmY1
NWIwOGQwHhcNMjUwMTAxMTc0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjRkMDNlODAxNzJkNjdhMjQzMDE1YmIwMmQ0ZDA2ZWRiZThjYmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxafEyIO/p35KHB0beTRabmnLoK/t
/tbCnsNEsP6SCH1CUIhUPA1QCKoeo9ZXHRwQslT/yGgEIZCkLfYXPcVBP8kWEKoA
Ib7408JCKsVI+rQZfeMXGWQFnoIxSeOMuj2UQsuAqVb0QbeO4p9KCGqzY6Z84V+E
5FjPAC9+qn+0Ud/jMD++eam9JwhH63jsYIbI2VOcQQ+s4LB/z+E73A/toQN9tl+9
Cf8TBVq30ewXOZVuLxunlu9uj2+5WcF+yBdMSul/O4E0hEItGjc2XhHjlFFdolT8
QzD5k/SlQ4TfqBDVVyLIm+3stAGrxVbYl7WiEGSu8Xpt+plJVJGpN471twIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFKJNA+gBctZ6JDAVuwLU0G7b6MvkMB8GA1UdIwQY
MBaAFPypix0OzMxPb/Gn59uEtLsvVbCNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0ttTEhRN016RTl2OGFmbjI0UzB1eTlWc0kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85NzFlNzMtZmE4My00NTc5LTg1MzIt
NThmMGYzMjVjMmI4LzEvb2swRDZBRnkxbm9rTUJXN0F0VFFidHZveS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85NzFlNzMtZmE4My00NTc5LTg1MzItNThmMGYzMjVjMmI4
LzEvX0ttTEhRN016RTl2OGFmbjI0UzB1eTlWc0kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQFPhggAwQC
uSlAAwQCuZuMMBQEAgACMA4DBQAqAxQAAwUDKgczwDANBgkqhkiG9w0BAQsFAAOC
AQEAbEuJyGGOtUcibHCUKdRuxn9Y05n+T7DIsEfD/64qGNL4EM/Jho1aNNdh1mjY
nkr1EcL/zlqTJ6WIgqntRzpUGbhwR185z2HKj+ts3z7TqYJCGUtAM0cLHiQVx+SD
aym4zXEDETKNiLoMFaU6j7E8has6lnQiqeN49XDsIhkFT4xZoCeRPe9vJs33PRvf
KbMtmdu/EKYhgvdhq5jUDIP+5kb3FvTpKneSIi5Mo6+V6CWt9gxZ/kaFaQAFkGh4
MFECX7KCW1cta/f+65SDXKXtmYKDTHP+XipD4u0deP7JUrWKcj5XvMe6cAc95Pih
gmPVzfhJ99pIyqR5X1dF5ELoHA==
-----END CERTIFICATE-----
Generated at Sun Apr 13 11:33:41 2025 by rpki-client