Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/yIMKEplFh6ZEkcubfWX7y2IKKyQ.roa
File: yIMKEplFh6ZEkcubfWX7y2IKKyQ.roa (raw, json)
Hash identifier: ZSj+jK0d68aj2QlmnuWYii9Xy8EIUlDgGvMMdbL9Elo=
Subject key identifier: C8:83:0A:12:99:45:87:A6:44:91:CB:9B:7D:65:FB:CB:62:0A:2B:24
Certificate issuer: /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial: 0195F513CAC4055E01E73FD74915B672A3FC
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/yIMKEplFh6ZEkcubfWX7y2IKKyQ.roa
Signing time: Wed 02 Apr 2025 05:57:49 +0000
ROA not before: Wed 02 Apr 2025 05:57:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20473
IP address blocks: 85.239.148.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 11:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f5:13:ca:c4:05:5e:01:e7:3f:d7:49:15:b6:72:a3:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Validity
Not Before: Apr 2 05:57:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c8830a12994587a64491cb9b7d65fbcb620a2b24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:8e:c5:83:fa:a3:72:b8:62:a2:c7:dd:0c:16:
3a:e1:01:35:60:75:4b:02:d3:fc:93:75:ef:c6:f9:
9a:f5:d8:ab:29:a1:21:8c:66:fb:95:93:32:a4:34:
3a:3f:50:70:07:0d:55:75:a5:57:41:95:e0:47:79:
f4:da:18:ec:57:b2:8e:82:83:04:6f:0c:38:c6:f5:
32:01:db:31:95:f1:96:72:7e:c2:a7:85:a1:25:16:
fd:72:61:11:33:eb:4d:77:72:ac:5f:5c:1c:b8:d1:
24:cc:2f:fd:31:a2:c1:af:3a:04:17:77:a2:e0:6c:
3b:6f:3f:69:6d:82:3a:8b:9f:33:7b:d2:0d:05:23:
4e:0a:de:72:e9:15:22:fe:80:07:6c:07:e1:19:71:
e9:c2:0a:3d:cb:84:8f:5e:66:68:ed:c3:94:65:45:
50:be:68:f0:b6:70:66:02:e4:c0:bd:9c:89:1b:e2:
20:9a:85:14:62:f8:e6:ab:58:cf:90:a6:59:75:5e:
ff:44:b2:5a:77:00:92:38:48:b0:46:e5:0f:ff:ac:
36:de:e2:50:9c:7f:05:52:6a:08:30:8c:da:5f:82:
8b:7b:b6:14:b6:8e:16:eb:f8:06:e8:6f:9b:5c:8c:
d8:fe:4d:a8:12:09:43:fe:a6:ef:b8:5a:63:82:e4:
6a:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:83:0A:12:99:45:87:A6:44:91:CB:9B:7D:65:FB:CB:62:0A:2B:24
X509v3 Authority Key Identifier:
keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/yIMKEplFh6ZEkcubfWX7y2IKKyQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.148.0/24
Signature Algorithm: sha256WithRSAEncryption
4a:f4:db:0e:6d:d8:e8:8a:54:37:4a:ac:8e:54:5c:d8:c6:d8:
98:f5:24:bd:1a:f7:e5:0e:83:60:1f:fa:93:f3:bc:9e:1b:91:
b5:40:9b:d3:61:06:f1:23:bc:82:8f:68:b7:5d:98:63:ef:15:
99:b5:7b:fd:98:e8:66:b7:7c:b2:a3:b3:bc:b2:61:90:6c:74:
0a:7d:b5:35:8e:25:74:18:0f:25:93:40:80:2d:b4:21:73:6e:
b5:30:f0:4c:f3:78:ba:e1:4c:1d:1f:d6:1a:d0:77:36:73:69:
6d:bb:f0:a2:30:c5:77:f6:87:78:fa:e1:f9:3c:64:d5:33:96:
01:94:6a:93:c9:76:40:4e:0f:2a:e1:47:13:3a:4c:57:66:e4:
06:35:6c:a3:9f:14:8d:c8:e4:e0:d2:e2:ed:51:e8:b8:a2:d3:
60:5e:6d:0d:02:41:42:0c:ee:41:d7:a8:1c:c5:9c:32:1c:e9:
ec:fe:14:fd:fa:6b:35:10:ba:89:f9:ba:e8:3c:2d:df:99:e5:
31:bf:68:ec:10:a2:89:8b:bb:1a:83:65:6b:50:83:37:1b:87:
90:7e:23:7e:10:0b:cd:20:74:b4:ee:50:fa:50:f8:b5:a7:23:
1a:c9:ae:da:b1:fe:a2:be:49:ea:3a:f6:90:70:25:6a:bc:ad:
31:15:ee:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX1E8rEBV4B5z/XSRW2cqP8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNDAyMDU1NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODgzMGExMjk5NDU4N2E2NDQ5MWNiOWI3ZDY1ZmJjYjYyMGEyYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzI7Fg/qjcrhiosfdDBY64QE1YHVL
AtP8k3Xvxvma9dirKaEhjGb7lZMypDQ6P1BwBw1VdaVXQZXgR3n02hjsV7KOgoME
bww4xvUyAdsxlfGWcn7Cp4WhJRb9cmERM+tNd3KsX1wcuNEkzC/9MaLBrzoEF3ei
4Gw7bz9pbYI6i58ze9INBSNOCt5y6RUi/oAHbAfhGXHpwgo9y4SPXmZo7cOUZUVQ
vmjwtnBmAuTAvZyJG+IgmoUUYvjmq1jPkKZZdV7/RLJadwCSOEiwRuUP/6w23uJQ
nH8FUmoIMIzaX4KLe7YUto4W6/gG6G+bXIzY/k2oEglD/qbvuFpjguRqJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiDChKZRYemRJHLm31l+8tiCiskMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEveUlNS0VwbEZoNlpFa2N1YmZXWDd5MklLS3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+UMA0G
CSqGSIb3DQEBCwUAA4IBAQBK9NsObdjoilQ3SqyOVFzYxtiY9SS9GvflDoNgH/qT
87yeG5G1QJvTYQbxI7yCj2i3XZhj7xWZtXv9mOhmt3yyo7O8smGQbHQKfbU1jiV0
GA8lk0CALbQhc261MPBM83i64UwdH9Ya0Hc2c2ltu/CiMMV39od4+uH5PGTVM5YB
lGqTyXZATg8q4UcTOkxXZuQGNWyjnxSNyOTg0uLtUei4otNgXm0NAkFCDO5B16gc
xZwyHOns/hT9+ms1ELqJ+broPC3fmeUxv2jsEKKJi7sag2VrUIM3G4eQfiN+EAvN
IHS07lD6UPi1pyMaya7asf6ivknqOvaQcCVqvK0xFe4o
-----END CERTIFICATE-----
Generated at Sat Apr 26 19:12:45 2025 by rpki-client