Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/kOqw37_hrYqQwO4I8M9hBD5q5l8.roa
File: kOqw37_hrYqQwO4I8M9hBD5q5l8.roa (raw, json)
Hash identifier: qW4vTqonWJVRPelCK2omTp5mb1X6eIejxfTEu3JMppQ=
Subject key identifier: 90:EA:B0:DF:BF:E1:AD:8A:90:C0:EE:08:F0:CF:61:04:3E:6A:E6:5F
Certificate issuer: /CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Certificate serial: 019424B3DBDDB546599C4F78515A22644E00
Authority key identifier: 96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/kOqw37_hrYqQwO4I8M9hBD5q5l8.roa
Signing time: Thu 02 Jan 2025 01:49:14 +0000
ROA not before: Thu 02 Jan 2025 01:49:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213081
IP address blocks: 91.194.139.0/24 maxlen: 24
147.78.194.0/23 maxlen: 24
148.222.248.0/22 maxlen: 24
185.203.114.0/23 maxlen: 23
2a09:2940::/29 maxlen: 48
2a0a:e5c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl
rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.mft
rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 16:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:db:dd:b5:46:59:9c:4f:78:51:5a:22:64:4e:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Validity
Not Before: Jan 2 01:49:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=90eab0dfbfe1ad8a90c0ee08f0cf61043e6ae65f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:03:87:0e:ca:8a:c4:3c:7f:a2:a0:f3:af:c6:
77:76:a6:d1:95:0d:cb:af:db:94:32:33:34:52:e2:
c2:0e:86:87:67:cf:ef:28:c3:d9:50:72:8c:12:70:
bf:20:2f:6c:51:ad:4e:13:43:35:a5:75:6f:11:7d:
c5:33:7e:7a:2f:e2:a2:e9:8a:e9:b6:75:11:57:23:
17:8a:2c:9b:bd:fc:79:b3:13:1e:1d:b5:71:8c:ef:
f0:66:fc:bb:58:f2:1a:6e:94:32:ab:1c:03:c1:57:
84:92:d4:30:9c:4e:2d:e3:20:7a:f3:aa:2d:5e:bb:
97:b3:0a:b6:77:c7:a6:0e:22:c3:bb:43:08:f2:0c:
41:69:20:b1:0f:ad:60:c5:33:b8:28:5e:49:ff:03:
c3:3f:87:a9:c8:8e:c0:06:d3:91:ba:04:d6:69:bb:
99:6b:c0:a5:8a:a2:91:90:7e:7f:98:80:77:90:42:
8d:78:72:04:ce:9e:63:73:e2:14:16:87:73:77:3c:
65:58:95:f6:30:64:17:4c:26:ec:25:e9:0e:b8:3a:
4e:22:d5:f9:03:1a:b4:1b:b5:e5:54:3d:d3:88:2a:
b5:f4:11:35:f0:68:ec:61:4f:6f:6b:a6:9a:51:f1:
5d:09:f9:d7:ba:7d:a1:a5:a6:32:59:e2:dd:e9:52:
ca:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:EA:B0:DF:BF:E1:AD:8A:90:C0:EE:08:F0:CF:61:04:3E:6A:E6:5F
X509v3 Authority Key Identifier:
keyid:96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/kOqw37_hrYqQwO4I8M9hBD5q5l8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.139.0/24
147.78.194.0/23
148.222.248.0/22
185.203.114.0/23
IPv6:
2a09:2940::/29
2a0a:e5c0::/29
Signature Algorithm: sha256WithRSAEncryption
28:df:94:0f:02:c6:cf:ea:d6:44:0c:ec:24:4f:7c:73:5f:36:
e8:61:01:84:6b:14:fd:a2:40:3a:a1:fa:e7:99:06:73:1f:14:
63:89:10:3d:c7:05:9f:29:81:1e:9a:4e:26:82:96:c9:af:9a:
ed:ef:78:a4:78:77:10:fb:3c:d5:78:0f:28:29:02:f4:b0:a0:
e5:02:48:47:8a:77:ee:57:d6:0b:5a:32:9e:0d:7e:a0:5b:16:
9d:b1:9f:c3:64:70:04:d0:11:bf:3b:af:30:4f:55:13:dd:91:
78:fd:6d:75:c1:4d:e8:69:b4:44:70:17:2d:4a:c7:7f:e0:bf:
7c:fc:c8:59:21:8f:54:fa:31:fa:62:08:48:0f:65:03:60:99:
ff:55:ed:32:a8:df:b9:cd:18:ce:4a:fa:cc:4e:35:39:55:1a:
c6:92:fe:e8:27:e2:81:3e:9a:91:55:0d:8d:ca:67:1d:68:84:
37:92:e4:d5:d4:eb:e0:59:f6:72:c0:35:83:e5:89:f2:4c:91:
1e:9e:ec:d2:71:3b:cd:71:af:ef:71:e3:1b:16:79:45:83:1d:
8d:e8:43:4e:64:58:b8:b5:bc:2d:2d:3b:33:3e:d4:64:1b:af:
94:8e:52:91:6e:f2:83:7b:fe:f1:0c:85:41:0a:e2:51:47:37:
6f:07:77:80
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZQks9vdtUZZnE94UVoiZE4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YmZjNWExNzI2NTRkZDYwMDlkYjFkODJkOTJmZmFmNzEy
MzQxMjAwHhcNMjUwMTAyMDE0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGVhYjBkZmJmZTFhZDhhOTBjMGVlMDhmMGNmNjEwNDNlNmFlNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwOHDsqKxDx/oqDzr8Z3dqbRlQ3L
r9uUMjM0UuLCDoaHZ8/vKMPZUHKMEnC/IC9sUa1OE0M1pXVvEX3FM356L+Ki6Yrp
tnURVyMXiiybvfx5sxMeHbVxjO/wZvy7WPIabpQyqxwDwVeEktQwnE4t4yB686ot
XruXswq2d8emDiLDu0MI8gxBaSCxD61gxTO4KF5J/wPDP4epyI7ABtORugTWabuZ
a8CliqKRkH5/mIB3kEKNeHIEzp5jc+IUFodzdzxlWJX2MGQXTCbsJekOuDpOItX5
Axq0G7XlVD3TiCq19BE18GjsYU9va6aaUfFdCfnXun2hpaYyWeLd6VLKHwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFJDqsN+/4a2KkMDuCPDPYQQ+auZfMB8GA1UdIwQY
MBaAFJa/xaFyZU3WAJ2x2C2S/69xI0EgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmIt
YmZmYjc1N2MzMTM0LzEva09xdzM3X2hyWXFRd080SThNOWhCRDVxNWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmItYmZmYjc1N2MzMTM0
LzEvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQAW8KLAwQB
k07CAwQClN74AwQBuctyMBQEAgACMA4DBQMqCSlAAwUDKgrlwDANBgkqhkiG9w0B
AQsFAAOCAQEAKN+UDwLGz+rWRAzsJE98c1826GEBhGsU/aJAOqH655kGcx8UY4kQ
PccFnymBHppOJoKWya+a7e94pHh3EPs81XgPKCkC9LCg5QJIR4p37lfWC1oyng1+
oFsWnbGfw2RwBNARvzuvME9VE92ReP1tdcFN6Gm0RHAXLUrHf+C/fPzIWSGPVPox
+mIISA9lA2CZ/1XtMqjfuc0Yzkr6zE41OVUaxpL+6CfigT6akVUNjcpnHWiEN5Lk
1dTr4Fn2csA1g+WJ8kyRHp7s0nE7zXGv73HjGxZ5RYMdjehDTmRYuLW8LS07Mz7U
ZBuvlI5SkW7yg3v+8QyFQQriUUc3bwd3gA==
-----END CERTIFICATE-----
Generated at Wed Apr 23 02:33:39 2025 by rpki-client