Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/kEOpDFJUNvgeCfCVbwehmVho1MI.roa
File: kEOpDFJUNvgeCfCVbwehmVho1MI.roa (raw, json)
Hash identifier: DTk6pi1rHIH49Ofu0EFYkCv4XI/xuql/2tf/DcDwnNY=
Subject key identifier: 90:43:A9:0C:52:54:36:F8:1E:09:F0:95:6F:07:A1:99:58:68:D4:C2
Certificate issuer: /CN=29f6a300bf7d40b7f8d6181c5b8a7dbc71b7d123
Certificate serial: 01965AD859BE1B64BB9E1DC9D0660A3D145B
Authority key identifier: 29:F6:A3:00:BF:7D:40:B7:F8:D6:18:1C:5B:8A:7D:BC:71:B7:D1:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/kEOpDFJUNvgeCfCVbwehmVho1MI.roa
Signing time: Tue 22 Apr 2025 00:14:10 +0000
ROA not before: Tue 22 Apr 2025 00:14:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24753
IP address blocks: 62.32.32.0/19 maxlen: 19
81.85.52.0/22 maxlen: 22
81.85.96.0/22 maxlen: 22
81.85.100.0/24 maxlen: 24
81.85.160.0/20 maxlen: 20
89.21.160.0/19 maxlen: 19
213.187.128.0/19 maxlen: 19
213.187.146.0/24 maxlen: 24
2a00:df8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.mft
rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 02 May 2025 07:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:5a:d8:59:be:1b:64:bb:9e:1d:c9:d0:66:0a:3d:14:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29f6a300bf7d40b7f8d6181c5b8a7dbc71b7d123
Validity
Not Before: Apr 22 00:14:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9043a90c525436f81e09f0956f07a1995868d4c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:30:5b:3a:f2:60:5e:9a:7b:95:e5:06:75:2a:
05:57:9a:dc:53:4a:99:69:36:09:fa:b2:eb:b8:2c:
f9:d4:53:2e:79:f7:10:74:7e:70:98:ea:99:a3:2d:
f5:c3:0b:c9:c7:96:a7:13:b5:40:d1:fd:28:ad:57:
5b:3d:24:d1:b1:d4:de:60:09:8a:83:25:9a:9d:07:
f8:7d:67:8f:27:ba:60:8e:5b:d3:08:d4:4d:61:ad:
de:3d:ff:8f:52:78:ca:6e:78:45:8c:81:79:77:15:
ab:7f:f8:66:0b:44:7e:0e:34:36:28:33:1f:61:ca:
d5:42:87:9d:ea:6a:ab:96:63:35:66:9a:81:0d:3e:
e7:bc:81:16:92:ba:ac:55:2e:d8:79:04:43:8f:82:
c0:1a:8e:cd:6b:40:48:e8:7e:42:5b:a2:73:0f:ee:
cd:f1:cd:ef:bf:ce:3e:ee:04:99:bf:ff:5a:ab:a9:
6f:6b:4a:1f:d1:54:ae:a6:16:f0:63:bb:71:a1:4f:
7f:7c:52:05:31:84:98:9a:84:e1:74:e0:38:a4:16:
d3:81:4b:75:3d:f3:ff:ab:76:cb:51:b2:8c:42:65:
a2:aa:4a:d4:2e:2b:85:a6:47:49:78:7e:de:3b:91:
58:8f:18:41:4e:d0:33:05:a7:61:db:b9:70:e3:b0:
b5:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:43:A9:0C:52:54:36:F8:1E:09:F0:95:6F:07:A1:99:58:68:D4:C2
X509v3 Authority Key Identifier:
keyid:29:F6:A3:00:BF:7D:40:B7:F8:D6:18:1C:5B:8A:7D:BC:71:B7:D1:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/kEOpDFJUNvgeCfCVbwehmVho1MI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.32.32.0/19
81.85.52.0/22
81.85.96.0-81.85.100.255
81.85.160.0/20
89.21.160.0/19
213.187.128.0/19
IPv6:
2a00:df8::/32
Signature Algorithm: sha256WithRSAEncryption
92:f8:d8:3e:21:f6:e8:93:78:b0:c6:f8:d2:4f:a8:04:b8:90:
66:6b:50:cd:24:6a:29:63:9d:58:73:cb:f5:f3:1a:db:24:a1:
50:79:5d:0b:ce:f9:45:3b:fa:99:1d:5a:aa:16:20:3d:6f:ce:
f9:32:0c:03:a6:1c:7c:78:71:12:80:59:4a:3e:d0:30:32:9a:
03:d2:90:7f:1e:0f:9a:fa:78:e4:9a:90:fa:cd:2b:5c:13:18:
2b:e9:5a:95:65:80:72:48:6b:bb:c0:07:a1:03:eb:01:5a:46:
50:7a:22:42:fc:5d:92:55:ae:6f:20:61:14:9a:98:44:51:32:
f5:ef:68:7c:9c:56:e8:5b:c6:23:38:82:86:55:96:a8:59:f5:
0b:66:0c:40:57:aa:1c:4e:f9:2e:b9:6c:d6:e4:0f:ba:ef:67:
21:26:03:42:9a:f9:78:69:95:6f:40:4c:8b:a3:e8:1e:80:7c:
7c:87:2b:0f:bf:a1:0d:6f:a6:bc:df:d7:69:ad:70:a6:65:d9:
8e:92:39:95:e2:d8:35:9e:f6:db:a3:c0:b9:b2:5e:e1:01:81:
3f:d3:d8:88:12:1a:b2:41:60:fe:0e:60:f9:77:d7:b5:c0:f3:
46:6c:88:c2:34:0b:5f:1c:1f:d7:73:84:1f:1d:0a:db:ef:52:
a0:d7:70:75
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZZa2Fm+G2S7nh3J0GYKPRRbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZjZhMzAwYmY3ZDQwYjdmOGQ2MTgxYzViOGE3ZGJjNzFi
N2QxMjMwHhcNMjUwNDIyMDAxNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDQzYTkwYzUyNTQzNmY4MWUwOWYwOTU2ZjA3YTE5OTU4NjhkNGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjBbOvJgXpp7leUGdSoFV5rcU0qZ
aTYJ+rLruCz51FMuefcQdH5wmOqZoy31wwvJx5anE7VA0f0orVdbPSTRsdTeYAmK
gyWanQf4fWePJ7pgjlvTCNRNYa3ePf+PUnjKbnhFjIF5dxWrf/hmC0R+DjQ2KDMf
YcrVQoed6mqrlmM1ZpqBDT7nvIEWkrqsVS7YeQRDj4LAGo7Na0BI6H5CW6JzD+7N
8c3vv84+7gSZv/9aq6lva0of0VSuphbwY7txoU9/fFIFMYSYmoThdOA4pBbTgUt1
PfP/q3bLUbKMQmWiqkrULiuFpkdJeH7eO5FYjxhBTtAzBadh27lw47C1kwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFJBDqQxSVDb4HgnwlW8HoZlYaNTCMB8GA1UdIwQY
MBaAFCn2owC/fUC3+NYYHFuKfbxxt9EjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZhakFMOTlRTGY0MWhnY1c0cDl2SEczMFNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hYWY0OWMtODNkZC00NmFhLThjZTct
Yjg0YzQxM2RmYWE0LzEva0VPcERGSlVOdmdlQ2ZDVmJ3ZWhtVmhvMU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hYWY0OWMtODNkZC00NmFhLThjZTctYjg0YzQxM2RmYWE0
LzEvS2ZhakFMOTlRTGY0MWhnY1c0cDl2SEczMFNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQFPiAgAwQC
UVU0MAwDBAVRVWADBABRVWQDBARRVaADBAVZFaADBAXVu4AwDQQCAAIwBwMFACoA
DfgwDQYJKoZIhvcNAQELBQADggEBAJL42D4h9uiTeLDG+NJPqAS4kGZrUM0kailj
nVhzy/XzGtskoVB5XQvO+UU7+pkdWqoWID1vzvkyDAOmHHx4cRKAWUo+0DAymgPS
kH8eD5r6eOSakPrNK1wTGCvpWpVlgHJIa7vAB6ED6wFaRlB6IkL8XZJVrm8gYRSa
mERRMvXvaHycVuhbxiM4goZVlqhZ9QtmDEBXqhxO+S65bNbkD7rvZyEmA0Ka+Xhp
lW9ATIuj6B6AfHyHKw+/oQ1vprzf12mtcKZl2Y6SOZXi2DWe9tujwLmyXuEBgT/T
2IgSGrJBYP4OYPl317XA80ZsiMI0C18cH9dzhB8dCtvvUqDXcHU=
-----END CERTIFICATE-----
Generated at Thu May 1 15:22:29 2025 by rpki-client