Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/KSItTKLuFX190tCd6bc2fdUOW70.roa
File: KSItTKLuFX190tCd6bc2fdUOW70.roa (raw, json)
Hash identifier: 1weGkaA0gywc6E/5RozsskcFkH9K8y0MKO+pixoaT7s=
Subject key identifier: 29:22:2D:4C:A2:EE:15:7D:7D:D2:D0:9D:E9:B7:36:7D:D5:0E:5B:BD
Certificate issuer: /CN=8978ff5dab33c42da65fe4e1abfbca4eafbdd2aa
Certificate serial: 019420D61FF05658862E64D8D2E67261E19B
Authority key identifier: 89:78:FF:5D:AB:33:C4:2D:A6:5F:E4:E1:AB:FB:CA:4E:AF:BD:D2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iXj_XaszxC2mX-Thq_vKTq-90qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/KSItTKLuFX190tCd6bc2fdUOW70.roa
Signing time: Wed 01 Jan 2025 07:48:11 +0000
ROA not before: Wed 01 Jan 2025 07:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207147
IP address blocks: 45.11.68.0/22 maxlen: 24
45.88.128.0/22 maxlen: 24
84.247.4.0/22 maxlen: 24
85.204.148.0/22 maxlen: 24
89.37.228.0/22 maxlen: 24
130.0.88.0/22 maxlen: 24
176.223.176.0/22 maxlen: 24
185.164.212.0/22 maxlen: 24
185.178.88.0/22 maxlen: 24
185.194.120.0/22 maxlen: 24
185.237.40.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/iXj_XaszxC2mX-Thq_vKTq-90qo.crl
rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/iXj_XaszxC2mX-Thq_vKTq-90qo.mft
rsync://rpki.ripe.net/repository/DEFAULT/iXj_XaszxC2mX-Thq_vKTq-90qo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:1f:f0:56:58:86:2e:64:d8:d2:e6:72:61:e1:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8978ff5dab33c42da65fe4e1abfbca4eafbdd2aa
Validity
Not Before: Jan 1 07:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=29222d4ca2ee157d7dd2d09de9b7367dd50e5bbd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:db:79:a5:22:7f:60:9b:95:f1:ea:71:52:f4:
c4:32:eb:55:ff:80:62:7d:df:e9:c2:a7:44:83:67:
34:d2:5e:e1:5f:8b:e6:ac:03:41:a7:fe:bc:87:24:
0d:d3:ce:34:0f:65:24:c2:b1:1f:e3:30:e7:41:cb:
7f:ec:00:80:a9:48:09:2d:c8:f7:26:c8:dc:92:be:
5a:81:e1:a9:89:5a:21:0d:fa:6a:24:79:aa:e1:9e:
61:6c:9c:d1:a3:71:23:c0:44:13:bb:ab:5d:db:7c:
da:5d:d0:d5:5e:75:01:b3:a5:9f:07:96:a2:c3:0a:
61:6f:d8:bd:68:04:c2:6e:5b:9a:88:6f:e7:35:5f:
72:f4:e7:40:ca:26:48:ee:81:c9:61:5e:28:b7:0c:
ef:19:cd:94:c4:57:92:07:0d:a6:75:6c:d1:96:a3:
dc:a6:e7:37:bf:7a:1e:ab:2d:b7:77:d2:c0:4c:23:
c1:ba:31:4c:c6:80:6c:64:d1:70:85:1b:aa:1a:52:
64:ef:62:4c:02:8c:4b:cf:a1:45:26:93:ae:3d:6d:
3f:d2:50:a5:78:c4:f9:1f:2b:a0:ee:b6:e7:c4:e6:
9e:68:ad:41:74:e2:32:1a:2f:2b:19:e2:6c:2f:aa:
58:69:ca:97:2f:e7:dc:69:f9:9f:f1:23:90:83:4e:
57:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:22:2D:4C:A2:EE:15:7D:7D:D2:D0:9D:E9:B7:36:7D:D5:0E:5B:BD
X509v3 Authority Key Identifier:
keyid:89:78:FF:5D:AB:33:C4:2D:A6:5F:E4:E1:AB:FB:CA:4E:AF:BD:D2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iXj_XaszxC2mX-Thq_vKTq-90qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/KSItTKLuFX190tCd6bc2fdUOW70.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2e8347-d9c7-4e51-9b14-d02d96c36ca3/1/iXj_XaszxC2mX-Thq_vKTq-90qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.68.0/22
45.88.128.0/22
84.247.4.0/22
85.204.148.0/22
89.37.228.0/22
130.0.88.0/22
176.223.176.0/22
185.164.212.0/22
185.178.88.0/22
185.194.120.0/22
185.237.40.0/22
Signature Algorithm: sha256WithRSAEncryption
a8:c9:0e:47:0b:53:23:02:db:e3:e4:7b:e8:89:80:3f:e2:e1:
23:de:0d:30:7f:72:5f:64:5c:97:91:15:45:68:12:fb:4e:ea:
25:60:7c:37:49:f5:a9:0a:21:bb:e7:3e:88:00:69:6a:fc:de:
73:29:a0:79:ce:c9:16:26:fa:67:79:eb:ee:ec:54:b1:43:b3:
76:9d:d0:08:d8:53:9b:35:fe:d1:4e:13:5e:5b:bd:88:65:5c:
21:b5:a6:5d:ad:4a:5c:c4:ba:0d:8a:1a:5e:1c:7c:f5:ed:a3:
23:60:64:b2:ec:9b:ad:b1:ca:51:c0:7a:f7:85:20:d5:8c:3a:
7f:84:06:b8:cb:ac:87:4d:3f:e8:1b:2b:88:6e:04:0b:d8:d0:
e2:ff:91:d9:f8:ac:5b:bd:55:9a:16:76:05:61:30:50:05:b6:
c7:43:cc:d0:d5:d1:7e:0a:5b:1b:fd:b9:fc:ec:d5:d6:27:af:
f3:d1:1e:c6:f8:43:69:8d:6b:b3:65:1b:91:96:b0:53:a0:e1:
c0:08:08:65:12:9b:86:56:e5:b6:60:d1:e4:e5:25:e0:b3:7c:
35:0b:f4:03:f7:18:c0:c1:20:5d:d8:37:13:f3:8b:7c:b7:01:
d9:d0:f1:89:b5:61:6f:1b:5c:7e:e5:43:2e:99:ce:e0:c4:57:
1a:95:4b:dc
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQg1h/wVliGLmTY0uZyYeGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NzhmZjVkYWIzM2M0MmRhNjVmZTRlMWFiZmJjYTRlYWZi
ZGQyYWEwHhcNMjUwMTAxMDc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTIyMmQ0Y2EyZWUxNTdkN2RkMmQwOWRlOWI3MzY3ZGQ1MGU1YmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNt5pSJ/YJuV8epxUvTEMutV/4Bi
fd/pwqdEg2c00l7hX4vmrANBp/68hyQN0840D2UkwrEf4zDnQct/7ACAqUgJLcj3
Jsjckr5ageGpiVohDfpqJHmq4Z5hbJzRo3EjwEQTu6td23zaXdDVXnUBs6WfB5ai
wwphb9i9aATCbluaiG/nNV9y9OdAyiZI7oHJYV4otwzvGc2UxFeSBw2mdWzRlqPc
puc3v3oeqy23d9LATCPBujFMxoBsZNFwhRuqGlJk72JMAoxLz6FFJpOuPW0/0lCl
eMT5Hyug7rbnxOaeaK1BdOIyGi8rGeJsL6pYacqXL+fcafmf8SOQg05XzwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCkiLUyi7hV9fdLQnem3Nn3VDlu9MB8GA1UdIwQY
MBaAFIl4/12rM8Qtpl/k4av7yk6vvdKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVhqX1hhc3p4QzJtWC1UaHFfdktUcS05MHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yZTgzNDctZDljNy00ZTUxLTliMTQt
ZDAyZDk2YzM2Y2EzLzEvS1NJdFRLTHVGWDE5MHRDZDZiYzJmZFVPVzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yZTgzNDctZDljNy00ZTUxLTliMTQtZDAyZDk2YzM2Y2Ez
LzEvaVhqX1hhc3p4QzJtWC1UaHFfdktUcS05MHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCLQtEAwQC
LViAAwQCVPcEAwQCVcyUAwQCWSXkAwQCggBYAwQCsN+wAwQCuaTUAwQCubJYAwQC
ucJ4AwQCue0oMA0GCSqGSIb3DQEBCwUAA4IBAQCoyQ5HC1MjAtvj5HvoiYA/4uEj
3g0wf3JfZFyXkRVFaBL7TuolYHw3SfWpCiG75z6IAGlq/N5zKaB5zskWJvpneevu
7FSxQ7N2ndAI2FObNf7RThNeW72IZVwhtaZdrUpcxLoNihpeHHz17aMjYGSy7Jut
scpRwHr3hSDVjDp/hAa4y6yHTT/oGyuIbgQL2NDi/5HZ+KxbvVWaFnYFYTBQBbbH
Q8zQ1dF+Clsb/bn87NXWJ6/z0R7G+ENpjWuzZRuRlrBToOHACAhlEpuGVuW2YNHk
5SXgs3w1C/QD9xjAwSBd2DcT84t8twHZ0PGJtWFvG1x+5UMumc7gxFcalUvc
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:48:49 2025 by rpki-client