Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/KBxZJWrk1-bZEdk3S7yVEPMKVtM.roa
File: KBxZJWrk1-bZEdk3S7yVEPMKVtM.roa (raw, json)
Hash identifier: BpbYbbHeyy+1nQHRcRldIZ4LwMax+kHyBfVOH0ykZeU=
Subject key identifier: 28:1C:59:25:6A:E4:D7:E6:D9:11:D9:37:4B:BC:95:10:F3:0A:56:D3
Certificate issuer: /CN=38a37c24ddca347d713ed794d33cd4a81a8b498a
Certificate serial: 01942825EF326B0428C8AD6433139AD4397C
Authority key identifier: 38:A3:7C:24:DD:CA:34:7D:71:3E:D7:94:D3:3C:D4:A8:1A:8B:49:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/KBxZJWrk1-bZEdk3S7yVEPMKVtM.roa
Signing time: Thu 02 Jan 2025 17:52:42 +0000
ROA not before: Thu 02 Jan 2025 17:52:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34978
IP address blocks: 81.29.224.0/20 maxlen: 20
185.52.8.0/22 maxlen: 22
185.52.8.0/24 maxlen: 24
185.52.9.0/24 maxlen: 24
185.52.10.0/24 maxlen: 24
185.52.11.0/24 maxlen: 24
2a04:c640::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/OKN8JN3KNH1xPteU0zzUqBqLSYo.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/OKN8JN3KNH1xPteU0zzUqBqLSYo.mft
rsync://rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:ef:32:6b:04:28:c8:ad:64:33:13:9a:d4:39:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38a37c24ddca347d713ed794d33cd4a81a8b498a
Validity
Not Before: Jan 2 17:52:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=281c59256ae4d7e6d911d9374bbc9510f30a56d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:72:b8:06:fa:99:f1:3e:11:c8:aa:dd:fc:50:
8c:85:b3:63:ba:5d:2b:f6:d4:c0:e5:3c:93:4c:0c:
ad:4c:81:fb:d2:0f:20:47:8e:9b:df:43:be:a3:d2:
89:66:3a:ea:fb:48:91:97:e9:98:6d:c6:12:8d:31:
89:fe:a9:48:8a:04:b1:9f:b9:a8:50:60:05:54:47:
1a:0c:a3:ee:53:09:5e:59:27:dc:c7:1a:f4:e6:ee:
a8:2c:4d:94:5a:d5:33:7b:1c:f4:0c:fb:8d:4e:68:
36:05:fb:c2:be:e8:08:c4:bf:3a:48:a4:bf:7a:ba:
b1:ea:06:e0:35:0a:ed:08:fd:11:37:3b:0a:64:2e:
22:eb:97:a1:d2:86:06:d7:1f:0a:3a:7b:47:a8:1d:
10:a1:52:25:68:3b:da:32:d0:62:3c:73:4b:75:e4:
f3:0e:d5:a4:1b:e3:0e:70:3b:29:0d:c9:24:b5:0a:
2c:b4:6b:91:a1:88:03:78:d1:9d:6e:3f:92:ec:3c:
42:e1:08:94:5b:43:4a:bb:52:6f:a5:70:b9:aa:fa:
10:f0:43:64:80:a2:a2:05:44:79:1f:53:54:c7:69:
56:1c:1b:bb:8a:4c:c0:f8:f8:a5:2a:4b:b3:b8:32:
ff:a6:30:58:cd:5a:83:3a:0a:69:10:3e:b6:f6:9f:
c7:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:1C:59:25:6A:E4:D7:E6:D9:11:D9:37:4B:BC:95:10:F3:0A:56:D3
X509v3 Authority Key Identifier:
keyid:38:A3:7C:24:DD:CA:34:7D:71:3E:D7:94:D3:3C:D4:A8:1A:8B:49:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/KBxZJWrk1-bZEdk3S7yVEPMKVtM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/OKN8JN3KNH1xPteU0zzUqBqLSYo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.29.224.0/20
185.52.8.0/22
IPv6:
2a04:c640::/29
Signature Algorithm: sha256WithRSAEncryption
2c:45:78:8b:47:59:f4:e1:5e:a3:1c:8b:10:d2:a5:9e:ce:02:
b6:6a:d1:f9:9b:55:54:4f:21:8b:1b:2f:e5:ec:39:c8:05:69:
a1:53:7d:7e:ac:46:4a:f8:4b:a2:c7:9f:5f:41:af:3a:92:5f:
fd:00:c6:a8:c9:b5:2e:34:d6:d3:76:ef:ea:14:ed:72:fe:a0:
34:19:1a:bc:a0:68:cc:65:4e:0c:bd:f8:64:af:25:ba:c5:59:
88:c4:f0:7b:2e:dc:5f:63:19:0b:d0:8c:3d:4b:bd:e1:2e:b0:
be:c0:24:11:35:b0:0a:2c:d1:70:ea:fb:95:9a:e6:8b:5b:b5:
88:90:a6:8d:9e:a5:d6:9d:a8:f8:a1:7e:0a:59:d0:e2:c6:a5:
67:1f:a6:53:5e:a2:dd:b0:6c:61:d6:d8:df:9a:9b:4d:25:95:
18:27:34:1a:80:6a:ff:bb:75:8b:29:15:bb:66:f7:a3:86:ea:
b2:60:e2:7a:f3:d1:59:9e:34:01:d7:78:33:1e:84:46:73:87:
36:4c:3d:32:95:88:94:93:b8:cc:8a:af:e8:10:96:77:05:24:
8c:19:bd:c7:be:58:12:a1:20:5f:7b:38:63:e9:7f:d3:08:a9:
90:8f:81:c5:12:60:fe:7e:25:e6:55:74:a9:8b:5c:fa:ab:93:
38:e1:7d:3e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQoJe8yawQoyK1kMxOa1Dl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YTM3YzI0ZGRjYTM0N2Q3MTNlZDc5NGQzM2NkNGE4MWE4
YjQ5OGEwHhcNMjUwMTAyMTc1MjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODFjNTkyNTZhZTRkN2U2ZDkxMWQ5Mzc0YmJjOTUxMGYzMGE1NmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnK4BvqZ8T4RyKrd/FCMhbNjul0r
9tTA5TyTTAytTIH70g8gR46b30O+o9KJZjrq+0iRl+mYbcYSjTGJ/qlIigSxn7mo
UGAFVEcaDKPuUwleWSfcxxr05u6oLE2UWtUzexz0DPuNTmg2BfvCvugIxL86SKS/
erqx6gbgNQrtCP0RNzsKZC4i65eh0oYG1x8KOntHqB0QoVIlaDvaMtBiPHNLdeTz
DtWkG+MOcDspDckktQostGuRoYgDeNGdbj+S7DxC4QiUW0NKu1JvpXC5qvoQ8ENk
gKKiBUR5H1NUx2lWHBu7ikzA+PilKkuzuDL/pjBYzVqDOgppED629p/HjQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCgcWSVq5Nfm2RHZN0u8lRDzClbTMB8GA1UdIwQY
MBaAFDijfCTdyjR9cT7XlNM81Kgai0mKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0tOOEpOM0tOSDF4UHRlVTB6elVxQnFMU1lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZTMzYzMtZDE5Ny00NWYyLTgyOGUt
NDRhNDlkMjYzNzAwLzEvS0J4WkpXcmsxLWJaRWRrM1M3eVZFUE1LVnRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZTMzYzMtZDE5Ny00NWYyLTgyOGUtNDRhNDlkMjYzNzAw
LzEvT0tOOEpOM0tOSDF4UHRlVTB6elVxQnFMU1lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUR3gAwQC
uTQIMA0EAgACMAcDBQMqBMZAMA0GCSqGSIb3DQEBCwUAA4IBAQAsRXiLR1n04V6j
HIsQ0qWezgK2atH5m1VUTyGLGy/l7DnIBWmhU31+rEZK+Euix59fQa86kl/9AMao
ybUuNNbTdu/qFO1y/qA0GRq8oGjMZU4MvfhkryW6xVmIxPB7LtxfYxkL0Iw9S73h
LrC+wCQRNbAKLNFw6vuVmuaLW7WIkKaNnqXWnaj4oX4KWdDixqVnH6ZTXqLdsGxh
1tjfmptNJZUYJzQagGr/u3WLKRW7ZvejhuqyYOJ689FZnjQB13gzHoRGc4c2TD0y
lYiUk7jMiq/oEJZ3BSSMGb3HvlgSoSBfezhj6X/TCKmQj4HFEmD+fiXmVXSpi1z6
q5M44X0+
-----END CERTIFICATE-----
Generated at Thu Mar 13 07:00:33 2025 by rpki-client