Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/69efa1-8c99-48f8-943c-2b4a16594213/1/AJkLm8QLqcA4cpdlMxjyYpGgKig.roa
File: AJkLm8QLqcA4cpdlMxjyYpGgKig.roa (raw, json)
Hash identifier: Kdq77qB2Z4PyfWGbDab2B0pk/vx4xIRx3C/YwD+0yYQ=
Subject key identifier: 00:99:0B:9B:C4:0B:A9:C0:38:72:97:65:33:18:F2:62:91:A0:2A:28
Certificate issuer: /CN=9054c699a81dd962a8860f3fb0b7d03343debf76
Certificate serial: 01941F8C351C512F3F0919E2580EF31D4DF2
Authority key identifier: 90:54:C6:99:A8:1D:D9:62:A8:86:0F:3F:B0:B7:D0:33:43:DE:BF:76
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kFTGmagd2WKohg8_sLfQM0Pev3Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/69efa1-8c99-48f8-943c-2b4a16594213/1/AJkLm8QLqcA4cpdlMxjyYpGgKig.roa
Signing time: Wed 01 Jan 2025 01:47:49 +0000
ROA not before: Wed 01 Jan 2025 01:47:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49148
IP address blocks: 95.130.240.0/21 maxlen: 21
95.130.240.0/24 maxlen: 24
95.130.241.0/24 maxlen: 24
95.130.242.0/24 maxlen: 24
95.130.243.0/24 maxlen: 24
95.130.244.0/24 maxlen: 24
95.130.245.0/24 maxlen: 24
95.130.246.0/24 maxlen: 24
95.130.247.0/24 maxlen: 24
185.160.176.0/22 maxlen: 22
185.160.176.0/24 maxlen: 24
185.160.177.0/24 maxlen: 24
185.160.178.0/24 maxlen: 24
185.160.179.0/24 maxlen: 24
2a00:b140::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ef/69efa1-8c99-48f8-943c-2b4a16594213/1/kFTGmagd2WKohg8_sLfQM0Pev3Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/ef/69efa1-8c99-48f8-943c-2b4a16594213/1/kFTGmagd2WKohg8_sLfQM0Pev3Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/kFTGmagd2WKohg8_sLfQM0Pev3Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:35:1c:51:2f:3f:09:19:e2:58:0e:f3:1d:4d:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9054c699a81dd962a8860f3fb0b7d03343debf76
Validity
Not Before: Jan 1 01:47:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=00990b9bc40ba9c0387297653318f26291a02a28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:90:a4:89:dc:8c:fb:fc:ff:bc:57:93:db:c4:
fd:73:fb:7e:77:50:29:2e:e9:11:16:37:83:a4:10:
98:96:63:28:b7:56:d7:77:eb:99:a8:0c:1f:d9:1e:
1e:c7:5e:f8:b3:88:a4:4d:80:ef:ba:04:6f:ac:ec:
22:69:f9:e3:20:30:d1:1a:b7:19:5c:55:00:5c:38:
8f:b8:07:d0:a7:dd:20:3c:4d:4f:88:06:92:fc:f0:
f5:c3:51:85:aa:b9:c1:4a:8a:50:eb:76:f5:4f:a7:
b9:6e:db:dc:bd:75:04:17:aa:42:a1:ad:02:36:7b:
e4:b0:e2:42:01:3a:b1:ba:a6:0b:9e:3e:ee:f2:04:
ff:ff:23:22:30:61:2c:3e:ec:0e:eb:98:b4:60:05:
ff:c2:da:a6:c8:7e:89:cc:21:25:e7:68:45:a1:2d:
72:70:ea:e1:69:a8:cf:72:52:6b:a1:bd:c3:8b:3b:
f4:40:ed:36:78:f0:38:af:0a:99:a6:3b:e1:fa:39:
f2:39:c7:34:14:31:45:8b:eb:5a:91:3b:e4:32:dc:
0e:b0:10:56:6c:8b:16:20:f2:05:92:24:11:75:e1:
2a:21:3e:5e:8b:a6:0f:a8:85:85:5a:5d:1b:9a:bf:
dc:67:46:a9:d1:05:cb:27:89:a7:81:8b:44:8f:45:
ce:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:99:0B:9B:C4:0B:A9:C0:38:72:97:65:33:18:F2:62:91:A0:2A:28
X509v3 Authority Key Identifier:
keyid:90:54:C6:99:A8:1D:D9:62:A8:86:0F:3F:B0:B7:D0:33:43:DE:BF:76
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kFTGmagd2WKohg8_sLfQM0Pev3Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/69efa1-8c99-48f8-943c-2b4a16594213/1/AJkLm8QLqcA4cpdlMxjyYpGgKig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/69efa1-8c99-48f8-943c-2b4a16594213/1/kFTGmagd2WKohg8_sLfQM0Pev3Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.130.240.0/21
185.160.176.0/22
IPv6:
2a00:b140::/32
Signature Algorithm: sha256WithRSAEncryption
68:35:f2:de:36:6d:9f:a7:80:28:c4:51:f5:91:32:d1:c8:18:
37:40:02:14:55:0d:7d:a8:d8:6d:2a:9e:db:e5:de:fc:a9:58:
ca:b7:a7:06:50:b1:98:6f:41:e1:08:7d:19:c8:3a:27:b9:93:
31:8b:62:10:62:10:1f:17:05:7f:c7:65:fb:a6:25:82:a5:ff:
1f:7d:79:dd:c6:c1:08:b4:42:d6:ed:00:82:bb:9d:4e:67:c8:
a2:46:bd:42:8c:a9:17:e7:2d:89:76:a6:94:6e:a6:de:6b:47:
b0:6e:f7:b8:f7:f9:f7:b0:f0:9b:d8:cc:5c:ef:6d:cb:e1:1c:
aa:f1:49:49:fd:3f:35:83:87:a8:69:d1:d3:9e:c0:a8:78:a6:
30:0d:b7:86:c1:15:d2:67:87:b9:3f:87:41:7d:7f:02:90:a9:
ac:cb:9b:df:3c:4b:bc:29:94:22:b3:27:9a:56:05:62:58:5a:
79:85:33:8d:f9:d2:ee:e6:5d:ce:33:40:e1:ab:cd:5a:df:1c:
55:ea:d0:83:21:b8:a4:57:32:7e:fb:73:55:a7:59:10:58:9f:
d1:13:6f:5a:fd:f0:c8:ac:19:33:bf:dd:69:13:76:c0:37:92:
c1:13:9f:38:62:5d:47:78:ab:f0:4e:06:76:c1:32:63:86:db:
01:93:21:13
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQfjDUcUS8/CRniWA7zHU3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNTRjNjk5YTgxZGQ5NjJhODg2MGYzZmIwYjdkMDMzNDNk
ZWJmNzYwHhcNMjUwMTAxMDE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDk5MGI5YmM0MGJhOWMwMzg3Mjk3NjUzMzE4ZjI2MjkxYTAyYTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5CkidyM+/z/vFeT28T9c/t+d1Ap
LukRFjeDpBCYlmMot1bXd+uZqAwf2R4ex174s4ikTYDvugRvrOwiafnjIDDRGrcZ
XFUAXDiPuAfQp90gPE1PiAaS/PD1w1GFqrnBSopQ63b1T6e5btvcvXUEF6pCoa0C
NnvksOJCATqxuqYLnj7u8gT//yMiMGEsPuwO65i0YAX/wtqmyH6JzCEl52hFoS1y
cOrhaajPclJrob3Dizv0QO02ePA4rwqZpjvh+jnyOcc0FDFFi+takTvkMtwOsBBW
bIsWIPIFkiQRdeEqIT5ei6YPqIWFWl0bmr/cZ0ap0QXLJ4mngYtEj0XOzQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFACZC5vEC6nAOHKXZTMY8mKRoCooMB8GA1UdIwQY
MBaAFJBUxpmoHdliqIYPP7C30DND3r92MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0ZUR21hZ2QyV0tvaGc4X3NMZlFNMFBldjNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82OWVmYTEtOGM5OS00OGY4LTk0M2Mt
MmI0YTE2NTk0MjEzLzEvQUprTG04UUxxY0E0Y3BkbE14anlZcEdnS2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82OWVmYTEtOGM5OS00OGY4LTk0M2MtMmI0YTE2NTk0MjEz
LzEva0ZUR21hZ2QyV0tvaGc4X3NMZlFNMFBldjNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDX4LwAwQC
uaCwMA0EAgACMAcDBQAqALFAMA0GCSqGSIb3DQEBCwUAA4IBAQBoNfLeNm2fp4Ao
xFH1kTLRyBg3QAIUVQ19qNhtKp7b5d78qVjKt6cGULGYb0HhCH0ZyDonuZMxi2IQ
YhAfFwV/x2X7piWCpf8ffXndxsEItELW7QCCu51OZ8iiRr1CjKkX5y2JdqaUbqbe
a0ewbve49/n3sPCb2Mxc723L4Ryq8UlJ/T81g4eoadHTnsCoeKYwDbeGwRXSZ4e5
P4dBfX8CkKmsy5vfPEu8KZQisyeaVgViWFp5hTON+dLu5l3OM0Dhq81a3xxV6tCD
IbikVzJ++3NVp1kQWJ/RE29a/fDIrBkzv91pE3bAN5LBE584Yl1HeKvwTgZ2wTJj
htsBkyET
-----END CERTIFICATE-----
Generated at Wed Apr 16 22:06:57 2025 by rpki-client