Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KXKG0oO0cKwJWdBOVy963RYaOvE.roa
File: KXKG0oO0cKwJWdBOVy963RYaOvE.roa (raw, json)
Hash identifier: CuD22rMSVrzcAnu5Fy3I1bBt91qjy79QH+otSUHkrSQ=
Subject key identifier: 29:72:86:D2:83:B4:70:AC:09:59:D0:4E:57:2F:7A:DD:16:1A:3A:F1
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019663A1CDA3FB09BD272C942982EEECEBCF
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KXKG0oO0cKwJWdBOVy963RYaOvE.roa
Signing time: Wed 23 Apr 2025 17:11:10 +0000
ROA not before: Wed 23 Apr 2025 17:11:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 137409
IP address blocks: 37.46.149.0/24 maxlen: 24
45.8.70.0/24 maxlen: 24
45.85.107.0/24 maxlen: 24
45.130.202.0/23 maxlen: 24
45.133.4.0/24 maxlen: 24
45.133.5.0/24 maxlen: 24
45.133.6.0/24 maxlen: 24
45.133.7.0/24 maxlen: 24
89.34.126.0/23 maxlen: 24
185.165.45.0/24 maxlen: 24
185.245.7.0/24 maxlen: 24
188.213.202.0/24 maxlen: 24
194.5.82.0/24 maxlen: 24
194.5.83.0/24 maxlen: 24
194.61.40.0/24 maxlen: 24
194.61.41.0/24 maxlen: 24
203.25.124.0/24 maxlen: 24
204.75.229.0/24 maxlen: 24
220.158.199.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 05:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:63:a1:cd:a3:fb:09:bd:27:2c:94:29:82:ee:ec:eb:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 23 17:11:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=297286d283b470ac0959d04e572f7add161a3af1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:b6:77:8d:76:a2:77:da:c9:5e:25:60:dc:e3:
a1:12:d8:0e:a1:c8:a1:b7:74:e5:2f:96:cf:df:87:
36:a9:2a:d3:e8:b9:1e:ab:ec:2f:36:d7:38:38:b3:
78:41:c9:77:27:51:b4:46:92:e4:89:5e:ed:7b:e4:
dc:f6:fe:01:fd:70:20:2a:ee:a2:52:ad:a7:4d:53:
b4:a1:78:86:bd:7e:1d:e5:6b:f9:4f:24:69:80:bf:
c9:a4:fb:93:be:f9:02:d1:ca:44:89:90:45:51:db:
4d:ed:7a:39:37:3d:2b:8d:64:fc:34:87:c6:62:df:
9d:c3:3e:82:07:7c:54:ff:fb:15:37:5f:32:86:0e:
22:23:d2:9c:f0:31:47:fe:b2:48:9b:5b:d0:27:d3:
f8:e4:e0:bc:e9:28:be:bb:2f:61:ea:1c:4c:49:85:
04:60:ba:0c:bd:37:0f:f7:06:aa:74:d2:5f:e0:c5:
db:4e:97:68:67:fa:9b:bd:9c:26:94:fa:47:be:32:
4e:56:55:74:72:db:c1:22:d3:4c:bf:62:4a:78:cf:
90:fb:9b:30:3e:cc:9e:b2:6f:43:7d:ae:4e:d7:4a:
25:b6:9d:34:c0:13:8f:7e:ae:d0:36:c8:78:55:58:
1a:77:13:fd:a8:90:be:28:8d:81:4d:f3:ae:7f:01:
36:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:72:86:D2:83:B4:70:AC:09:59:D0:4E:57:2F:7A:DD:16:1A:3A:F1
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KXKG0oO0cKwJWdBOVy963RYaOvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.46.149.0/24
45.8.70.0/24
45.85.107.0/24
45.130.202.0/23
45.133.4.0/22
89.34.126.0/23
185.165.45.0/24
185.245.7.0/24
188.213.202.0/24
194.5.82.0/23
194.61.40.0/23
203.25.124.0/24
204.75.229.0/24
220.158.199.0/24
Signature Algorithm: sha256WithRSAEncryption
69:9b:58:69:4c:39:3d:b5:4c:12:e6:fe:90:fc:7b:bf:59:12:
14:3b:62:6c:f2:81:63:7a:37:35:19:fe:ed:7c:e6:5d:5c:e0:
1d:a4:40:e6:32:be:e1:14:dd:9b:72:fc:7f:54:01:78:5d:06:
d7:f2:61:ba:91:ac:02:23:a6:ae:75:a7:5c:b2:e9:6e:e9:2a:
9b:12:64:54:bf:af:93:df:63:43:d4:e5:93:23:03:17:d2:0d:
c1:22:01:a6:a6:6b:f3:c6:ca:e5:af:57:fb:40:03:d5:19:2a:
59:c0:74:ee:ce:1d:33:0d:96:2f:e3:b0:7c:a4:2a:00:2d:cd:
98:65:9f:b8:69:d2:70:df:c0:91:16:45:41:bb:46:2a:93:9a:
b7:7e:61:13:ab:b7:6e:d3:df:d2:54:2e:42:f7:32:b5:f6:67:
b7:68:ba:0e:0a:da:1d:45:61:e9:cc:12:84:14:76:c9:d5:d8:
fe:85:6b:6e:62:24:23:79:ea:bb:58:a5:80:f7:d9:92:1c:fa:
8d:27:e4:85:25:37:a4:31:44:b0:7e:95:ab:02:90:41:9f:91:
ed:be:35:b1:ac:ee:4f:14:0d:4c:11:5b:46:96:42:b4:3a:48:
3f:e7:fd:28:74:e9:f5:50:59:3c:84:b8:c6:3f:3e:66:0e:6d:
b5:bd:b4:c9
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZZjoc2j+wm9JyyUKYLu7OvPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwNDIzMTcxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTcyODZkMjgzYjQ3MGFjMDk1OWQwNGU1NzJmN2FkZDE2MWEzYWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbZ3jXaid9rJXiVg3OOhEtgOocih
t3TlL5bP34c2qSrT6Lkeq+wvNtc4OLN4Qcl3J1G0RpLkiV7te+Tc9v4B/XAgKu6i
Uq2nTVO0oXiGvX4d5Wv5TyRpgL/JpPuTvvkC0cpEiZBFUdtN7Xo5Nz0rjWT8NIfG
Yt+dwz6CB3xU//sVN18yhg4iI9Kc8DFH/rJIm1vQJ9P45OC86Si+uy9h6hxMSYUE
YLoMvTcP9waqdNJf4MXbTpdoZ/qbvZwmlPpHvjJOVlV0ctvBItNMv2JKeM+Q+5sw
Psyesm9Dfa5O10oltp00wBOPfq7QNsh4VVgadxP9qJC+KI2BTfOufwE2sQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFClyhtKDtHCsCVnQTlcvet0WGjrxMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS1hLRzBvTzBjS3dKV2RCT1Z5OTYzUllhT3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAJS6VAwQA
LQhGAwQALVVrAwQBLYLKAwQCLYUEAwQBWSJ+AwQAuaUtAwQAufUHAwQAvNXKAwQB
wgVSAwQBwj0oAwQAyxl8AwQAzEvlAwQA3J7HMA0GCSqGSIb3DQEBCwUAA4IBAQBp
m1hpTDk9tUwS5v6Q/Hu/WRIUO2Js8oFjejc1Gf7tfOZdXOAdpEDmMr7hFN2bcvx/
VAF4XQbX8mG6kawCI6audadcsulu6SqbEmRUv6+T32ND1OWTIwMX0g3BIgGmpmvz
xsrlr1f7QAPVGSpZwHTuzh0zDZYv47B8pCoALc2YZZ+4adJw38CRFkVBu0Yqk5q3
fmETq7du09/SVC5C9zK19me3aLoOCtodRWHpzBKEFHbJ1dj+hWtuYiQjeeq7WKWA
99mSHPqNJ+SFJTekMUSwfpWrApBBn5HtvjWxrO5PFA1MEVtGlkK0Okg/5/0odOn1
UFk8hLjGPz5mDm21vbTJ
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:51:59 2025 by rpki-client