Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/KrWr-uxPx9ROkw1dMPy0luW9rHI.roa
File: KrWr-uxPx9ROkw1dMPy0luW9rHI.roa (raw, json)
Hash identifier: wAvc90Nk+tLmXZJ7T3uA3J3ZDaVOAEjfbFhLJlJ5p7c=
Subject key identifier: 2A:B5:AB:FA:EC:4F:C7:D4:4E:93:0D:5D:30:FC:B4:96:E5:BD:AC:72
Certificate issuer: /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial: 0194B65059532695550B5F30C8D31F89848A
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/KrWr-uxPx9ROkw1dMPy0luW9rHI.roa
Signing time: Thu 30 Jan 2025 08:25:06 +0000
ROA not before: Thu 30 Jan 2025 08:25:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47595
IP address blocks: 31.177.86.0/23 maxlen: 24
2a02:2090:9800::/48 maxlen: 48
2a02:2090:a800::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:b6:50:59:53:26:95:55:0b:5f:30:c8:d3:1f:89:84:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Validity
Not Before: Jan 30 08:25:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2ab5abfaec4fc7d44e930d5d30fcb496e5bdac72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:5f:37:26:e6:2d:a1:58:5e:93:11:06:d7:d4:
04:cf:dd:3e:5f:2d:69:1b:c9:f2:a3:af:36:90:01:
dc:9c:33:3a:a1:8f:f0:30:0c:0c:52:25:71:29:80:
e0:b0:f1:c6:67:b4:d8:9d:3b:2f:5d:64:5b:df:65:
4a:4a:29:bb:f5:fa:b6:5f:08:5f:7c:d2:78:44:78:
96:3d:8c:e9:b4:73:30:7b:bc:05:9a:c9:e6:9d:1e:
63:87:16:90:27:e0:d2:4b:d5:6e:6b:90:2e:84:db:
9b:6a:d7:b3:c7:e6:6d:f7:8b:65:42:6f:ca:54:c2:
7e:d7:af:e9:87:e7:ae:f8:0d:29:d4:c7:10:7a:05:
dd:17:54:af:69:5e:6d:d6:f3:83:41:da:27:a9:d4:
fa:d6:54:aa:d6:20:8f:66:0e:6b:d8:16:a9:7a:c5:
dd:89:10:5e:58:ab:d1:f1:02:bd:7c:48:6d:dd:68:
e1:9c:17:58:c7:e1:ed:d6:d1:ed:7b:cd:05:ec:05:
fc:aa:ef:f1:40:30:c7:aa:5b:4b:8a:63:a7:1e:e9:
92:68:57:fe:07:0b:a4:68:a7:24:91:ec:60:fe:94:
68:e5:3b:dc:4c:18:95:fa:31:81:82:a8:53:42:9f:
c2:b7:6c:83:0e:5f:b0:3f:a3:fc:76:19:0c:34:b3:
ea:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:B5:AB:FA:EC:4F:C7:D4:4E:93:0D:5D:30:FC:B4:96:E5:BD:AC:72
X509v3 Authority Key Identifier:
keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/KrWr-uxPx9ROkw1dMPy0luW9rHI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.177.86.0/23
IPv6:
2a02:2090:9800::/48
2a02:2090:a800::/48
Signature Algorithm: sha256WithRSAEncryption
11:ad:0b:f2:0d:40:d6:63:54:30:5d:e5:96:71:20:be:92:be:
37:fc:cd:0c:43:d0:55:b9:b6:87:dc:55:ae:c5:22:b9:78:83:
29:ca:7a:b8:b7:50:0d:09:aa:7d:0d:8a:e1:86:c1:c5:c8:2e:
d9:01:ff:62:f5:0e:18:1b:08:40:10:da:f1:d9:30:24:a9:cb:
19:08:5c:90:1c:3b:c1:34:17:55:08:9a:81:07:2d:25:0e:c6:
b3:c6:11:64:3c:7c:7d:a6:9f:86:ff:56:a8:be:6a:0c:bf:ae:
1e:f3:7a:ab:ea:ac:bb:90:1a:d3:17:5e:a8:72:1b:62:a1:05:
69:81:d8:b8:6a:e2:8f:b2:00:f3:29:1c:4e:96:7a:0f:ec:b0:
be:5e:6e:60:05:fd:75:26:1f:ab:e4:61:2f:4e:a2:85:3e:28:
02:00:3e:36:dd:63:45:bf:3a:f5:1e:ab:fe:f3:b8:d9:0a:50:
f8:48:14:3e:c0:76:37:57:b9:60:78:2c:69:2d:76:da:2d:5b:
3d:4b:ca:0f:95:eb:a4:ab:cf:69:57:c0:bd:fe:ca:d6:3f:0c:
4b:81:97:b5:fb:0f:ab:e0:70:98:30:46:a9:95:80:30:54:eb:
89:43:42:01:6f:d0:f0:c2:93:f6:e9:64:7b:d4:c1:db:e7:eb:
e3:7d:1c:0f
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZS2UFlTJpVVC18wyNMfiYSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjUwMTMwMDgyNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWI1YWJmYWVjNGZjN2Q0NGU5MzBkNWQzMGZjYjQ5NmU1YmRhYzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy183JuYtoVhekxEG19QEz90+Xy1p
G8nyo682kAHcnDM6oY/wMAwMUiVxKYDgsPHGZ7TYnTsvXWRb32VKSim79fq2Xwhf
fNJ4RHiWPYzptHMwe7wFmsnmnR5jhxaQJ+DSS9Vua5AuhNubatezx+Zt94tlQm/K
VMJ+16/ph+eu+A0p1McQegXdF1SvaV5t1vODQdonqdT61lSq1iCPZg5r2BapesXd
iRBeWKvR8QK9fEht3WjhnBdYx+Ht1tHte80F7AX8qu/xQDDHqltLimOnHumSaFf+
BwukaKckkexg/pRo5TvcTBiV+jGBgqhTQp/Ct2yDDl+wP6P8dhkMNLPq9wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFCq1q/rsT8fUTpMNXTD8tJblvaxyMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvS3JXci11eFB4OVJPa3cxZE1QeTBsdVc5ckhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQBH7FWMBgE
AgACMBIDBwAqAiCQmAADBwAqAiCQqAAwDQYJKoZIhvcNAQELBQADggEBABGtC/IN
QNZjVDBd5ZZxIL6Svjf8zQxD0FW5tofcVa7FIrl4gynKeri3UA0Jqn0NiuGGwcXI
LtkB/2L1DhgbCEAQ2vHZMCSpyxkIXJAcO8E0F1UImoEHLSUOxrPGEWQ8fH2mn4b/
Vqi+agy/rh7zeqvqrLuQGtMXXqhyG2KhBWmB2Lhq4o+yAPMpHE6Weg/ssL5ebmAF
/XUmH6vkYS9OooU+KAIAPjbdY0W/OvUeq/7zuNkKUPhIFD7AdjdXuWB4LGktdtot
Wz1Lyg+V66Srz2lXwL3+ytY/DEuBl7X7D6vgcJgwRqmVgDBU64lDQgFv0PDCk/bp
ZHvUwdvn6+N9HA8=
-----END CERTIFICATE-----
Generated at Sun Feb 2 10:01:45 2025 by rpki-client