Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/kWgcOnHE4loB2SO1RafMA_sfxyo.roa
File: kWgcOnHE4loB2SO1RafMA_sfxyo.roa (raw, json)
Hash identifier: qhX4ZFqSLA0ZjpIXxZoMeER1s51JEQ2ukADkC9RRayQ=
Subject key identifier: 91:68:1C:3A:71:C4:E2:5A:01:D9:23:B5:45:A7:CC:03:FB:1F:C7:2A
Certificate issuer: /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial: 0196575ACC2FE26C05DCB366FFB1E5AB2963
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/kWgcOnHE4loB2SO1RafMA_sfxyo.roa
Signing time: Mon 21 Apr 2025 07:58:10 +0000
ROA not before: Mon 21 Apr 2025 07:58:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 195.114.193.0/24 maxlen: 24
195.114.206.0/24 maxlen: 24
195.114.207.0/24 maxlen: 24
213.220.12.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 05:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:57:5a:cc:2f:e2:6c:05:dc:b3:66:ff:b1:e5:ab:29:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Validity
Not Before: Apr 21 07:58:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=91681c3a71c4e25a01d923b545a7cc03fb1fc72a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:4c:b5:f5:bc:6f:e6:f7:5e:cb:fd:97:c8:9e:
4b:f5:44:5e:82:d2:47:1a:40:89:1c:6a:b9:8b:50:
de:5e:37:71:1d:df:f2:73:c5:1f:83:e6:58:f6:ee:
57:25:e5:9c:06:af:cf:76:1a:a1:f5:a3:48:ba:66:
dc:c4:a3:f8:6c:c8:44:56:5d:36:85:bd:f5:c5:1b:
31:a2:21:d1:0c:f0:26:64:4d:c1:94:9c:5e:99:3c:
fe:70:58:68:2d:78:3e:d8:0f:d8:73:9d:8c:30:af:
c3:8e:d8:6d:24:c6:cd:e4:e9:21:ed:38:63:2d:1c:
72:9e:88:84:9e:2d:25:35:55:71:f4:e6:5c:91:3c:
73:06:6a:4b:e6:37:56:ff:86:04:d5:20:01:fa:77:
ee:36:aa:d0:cb:54:93:73:8a:37:91:89:31:96:21:
e3:24:13:6d:f8:dc:95:ce:82:c8:36:cf:3b:50:90:
d6:24:5b:62:2c:9c:b8:26:98:45:5b:e1:04:5c:33:
89:b9:fe:cb:dd:aa:44:3c:6f:36:7b:5a:18:a8:dc:
55:82:91:ec:ea:07:ba:ef:90:57:c8:ef:0e:4b:08:
f4:d7:cf:71:c0:18:d1:50:09:b3:d0:ca:b6:be:a9:
3f:35:71:c5:9b:cb:41:f1:d7:3d:7f:8d:af:4e:38:
1c:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:68:1C:3A:71:C4:E2:5A:01:D9:23:B5:45:A7:CC:03:FB:1F:C7:2A
X509v3 Authority Key Identifier:
keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/kWgcOnHE4loB2SO1RafMA_sfxyo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.114.193.0/24
195.114.206.0/23
213.220.12.0/22
Signature Algorithm: sha256WithRSAEncryption
56:b5:e7:d7:31:95:e9:4d:ef:c8:e8:c6:8d:b5:a9:5b:7a:40:
16:0d:8e:26:11:dc:9d:ec:ee:b1:0f:22:23:1d:61:38:89:15:
6b:de:2b:33:32:4a:d3:d4:8a:b4:5e:79:bb:5d:17:fd:ba:8b:
d8:8e:a3:68:02:0e:a6:e7:df:e1:9c:3f:e7:b6:25:44:41:67:
86:60:b3:a1:79:7a:79:9d:1d:3f:fc:74:3c:07:e7:6c:af:4d:
a6:90:5a:cc:8f:04:87:1d:48:70:24:64:57:48:55:be:95:92:
f4:a7:63:3b:cc:10:28:70:57:33:0b:85:21:5e:18:9b:23:0c:
9d:2f:a8:22:37:6c:48:f1:fe:28:c8:b2:b2:5f:1a:17:98:d1:
f9:d6:79:0d:b9:1f:be:fd:6b:28:b0:3c:49:fe:56:25:2a:74:
2b:61:41:bb:e7:85:2d:df:b3:05:64:40:37:82:47:fe:c1:0e:
8d:ba:f1:e3:73:f6:97:78:4e:80:4e:4c:3d:72:6a:b6:9e:1a:
e1:0c:ec:05:cd:cb:02:e9:5d:fc:38:56:54:5a:ce:9b:84:e3:
1e:ca:b3:e1:b9:da:a5:99:b4:18:78:76:70:f8:ab:df:f0:5c:
45:41:82:50:cc:f7:83:d1:b5:b0:56:80:13:cc:d2:8d:69:fb:
d2:0d:d9:90
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZXWswv4mwF3LNm/7HlqyljMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwNDIxMDc1ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTY4MWMzYTcxYzRlMjVhMDFkOTIzYjU0NWE3Y2MwM2ZiMWZjNzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqky19bxv5vdey/2XyJ5L9URegtJH
GkCJHGq5i1DeXjdxHd/yc8Ufg+ZY9u5XJeWcBq/Pdhqh9aNIumbcxKP4bMhEVl02
hb31xRsxoiHRDPAmZE3BlJxemTz+cFhoLXg+2A/Yc52MMK/DjthtJMbN5Okh7Thj
LRxynoiEni0lNVVx9OZckTxzBmpL5jdW/4YE1SAB+nfuNqrQy1STc4o3kYkxliHj
JBNt+NyVzoLINs87UJDWJFtiLJy4JphFW+EEXDOJuf7L3apEPG82e1oYqNxVgpHs
6ge675BXyO8OSwj0189xwBjRUAmz0Mq2vqk/NXHFm8tB8dc9f42vTjgcUQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJFoHDpxxOJaAdkjtUWnzAP7H8cqMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEva1dnY09uSEU0bG9CMlNPMVJhZk1BX3NmeHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAw3LBAwQB
w3LOAwQC1dwMMA0GCSqGSIb3DQEBCwUAA4IBAQBWtefXMZXpTe/I6MaNtalbekAW
DY4mEdyd7O6xDyIjHWE4iRVr3iszMkrT1Iq0Xnm7XRf9uovYjqNoAg6m59/hnD/n
tiVEQWeGYLOheXp5nR0//HQ8B+dsr02mkFrMjwSHHUhwJGRXSFW+lZL0p2M7zBAo
cFczC4UhXhibIwydL6giN2xI8f4oyLKyXxoXmNH51nkNuR++/WsosDxJ/lYlKnQr
YUG754Ut37MFZEA3gkf+wQ6NuvHjc/aXeE6ATkw9cmq2nhrhDOwFzcsC6V38OFZU
Ws6bhOMeyrPhudqlmbQYeHZw+Kvf8FxFQYJQzPeD0bWwVoATzNKNafvSDdmQ
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:56:28 2025 by rpki-client