Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/dloKOBWhD03M_kraHOqHku83sEM.roa
File: dloKOBWhD03M_kraHOqHku83sEM.roa (raw, json)
Hash identifier: iTKdGVzolVyeN+BFAw6tpWp/3mRhoL6QqBxrLBSJzEE=
Subject key identifier: 76:5A:0A:38:15:A1:0F:4D:CC:FE:4A:DA:1C:EA:87:92:EF:37:B0:43
Certificate issuer: /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial: 0196A5D26232A90168667DC35FD6F60B5E1A
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/dloKOBWhD03M_kraHOqHku83sEM.roa
Signing time: Tue 06 May 2025 13:39:10 +0000
ROA not before: Tue 06 May 2025 13:39:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5430
IP address blocks: 62.104.0.0/16 maxlen: 16
62.104.16.0/24 maxlen: 24
62.104.20.0/23 maxlen: 24
62.104.20.0/24 maxlen: 24
62.104.45.0/24 maxlen: 24
62.104.46.0/23 maxlen: 23
62.104.48.0/23 maxlen: 23
62.104.50.0/24 maxlen: 24
62.104.56.0/24 maxlen: 24
62.104.95.0/24 maxlen: 24
62.104.174.0/24 maxlen: 24
62.104.175.0/24 maxlen: 24
89.58.120.0/21 maxlen: 21
194.97.0.0/18 maxlen: 18
194.97.58.0/24 maxlen: 24
194.97.96.0/19 maxlen: 19
194.97.96.0/24 maxlen: 24
194.97.101.0/24 maxlen: 24
194.97.102.0/24 maxlen: 24
194.97.103.0/24 maxlen: 24
194.97.118.0/24 maxlen: 24
194.97.119.0/24 maxlen: 24
194.97.120.0/23 maxlen: 23
194.97.122.0/24 maxlen: 24
194.97.160.0/19 maxlen: 19
195.4.0.0/17 maxlen: 17
195.4.16.0/22 maxlen: 22
195.4.16.0/24 maxlen: 24
195.4.27.0/24 maxlen: 24
195.4.70.0/24 maxlen: 24
195.4.71.0/24 maxlen: 24
195.4.176.0/21 maxlen: 24
195.4.176.0/24 maxlen: 24
195.4.178.0/23 maxlen: 23
195.4.216.0/21 maxlen: 21
195.4.224.0/19 maxlen: 19
2001:748::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 11 May 2025 13:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:a5:d2:62:32:a9:01:68:66:7d:c3:5f:d6:f6:0b:5e:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Validity
Not Before: May 6 13:39:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=765a0a3815a10f4dccfe4ada1cea8792ef37b043
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:d0:ca:e4:2e:c0:75:01:ba:8c:93:3a:d6:75:
79:15:bc:b8:68:08:64:91:7a:5b:1c:bb:d0:16:78:
64:76:22:26:9a:d0:38:9c:34:6b:77:9f:7b:be:53:
c0:19:ce:28:0f:5f:65:de:10:94:20:6c:68:d7:32:
31:64:19:70:f4:25:2f:c6:7f:a1:f2:7f:98:ff:68:
7b:41:e4:e8:83:2e:e5:35:3b:c7:87:98:e3:56:c4:
53:68:04:2c:9a:d4:6a:5f:77:69:bd:87:b1:6e:e3:
ea:56:ee:6a:61:46:09:4c:c5:5d:37:4a:51:2e:1d:
bf:36:8b:4f:40:8a:4f:15:47:1a:27:0b:3c:bf:5f:
83:04:d2:4d:9c:b4:b0:ce:a9:f6:8b:f3:84:a8:71:
17:96:f9:c7:df:9d:d9:01:5b:30:ae:12:1f:39:b2:
1a:37:45:57:32:dc:9b:08:42:13:8a:bf:26:02:4a:
25:9e:27:bd:aa:4b:62:38:94:89:ac:08:59:6e:20:
72:bd:28:8c:ad:73:c5:02:04:07:9c:c3:f1:f1:e4:
9d:90:4e:29:3a:00:4a:bf:f6:d4:6f:6a:ed:67:d0:
33:be:56:66:89:d4:63:a9:50:e6:e3:63:a0:5b:81:
a3:e9:6d:45:58:84:84:99:45:17:97:80:c8:38:ed:
9a:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:5A:0A:38:15:A1:0F:4D:CC:FE:4A:DA:1C:EA:87:92:EF:37:B0:43
X509v3 Authority Key Identifier:
keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/dloKOBWhD03M_kraHOqHku83sEM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.104.0.0/16
89.58.120.0/21
194.97.0.0/18
194.97.96.0/19
194.97.160.0/19
195.4.0.0/17
195.4.176.0/21
195.4.216.0-195.4.255.255
IPv6:
2001:748::/32
Signature Algorithm: sha256WithRSAEncryption
21:e1:51:44:de:68:5c:41:df:c7:48:f8:9c:b9:ae:c7:e4:57:
a1:75:49:91:92:e0:89:be:0d:fb:ee:a8:45:62:ad:bb:00:be:
3a:cb:90:8b:84:cd:17:b4:60:18:da:8b:cf:d1:51:b7:f4:52:
fc:a2:55:2a:bb:89:be:34:9c:66:ec:16:1f:27:12:1c:2d:29:
74:24:a7:cb:b7:e2:8c:43:00:34:19:8d:25:5c:c3:2d:43:50:
c5:e3:33:f9:9c:65:fb:ac:c8:7a:1d:a5:81:be:8e:92:55:e8:
f5:ac:a6:2b:ca:9a:c0:92:5a:d3:90:63:49:2d:db:05:57:62:
23:ae:dc:00:ac:ab:dc:89:5c:cb:29:cb:7e:fe:53:2d:e9:37:
d2:57:c8:5d:a8:19:2c:40:ab:df:d2:46:29:8f:fe:ba:b7:ab:
df:bb:a2:a7:eb:7d:a1:d7:0c:a4:36:02:d3:2d:4e:30:47:b9:
25:be:89:9f:77:de:a9:7d:17:91:76:68:1c:b2:61:41:b1:cf:
c4:b8:97:c4:2c:88:0b:ce:b2:62:b2:f6:bf:ca:ce:10:9e:2a:
7d:f1:05:90:1e:bf:0c:5d:34:e7:3b:88:b0:03:99:6e:71:04:
27:b9:ae:ab:b3:b9:86:4a:48:06:a7:5a:ad:85:cc:49:50:70:
2d:bb:40:bb
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZal0mIyqQFoZn3DX9b2C14aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjUwNTA2MTMzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjVhMGEzODE1YTEwZjRkY2NmZTRhZGExY2VhODc5MmVmMzdiMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9DK5C7AdQG6jJM61nV5Fby4aAhk
kXpbHLvQFnhkdiImmtA4nDRrd597vlPAGc4oD19l3hCUIGxo1zIxZBlw9CUvxn+h
8n+Y/2h7QeTogy7lNTvHh5jjVsRTaAQsmtRqX3dpvYexbuPqVu5qYUYJTMVdN0pR
Lh2/NotPQIpPFUcaJws8v1+DBNJNnLSwzqn2i/OEqHEXlvnH353ZAVswrhIfObIa
N0VXMtybCEITir8mAkolnie9qktiOJSJrAhZbiByvSiMrXPFAgQHnMPx8eSdkE4p
OgBKv/bUb2rtZ9AzvlZmidRjqVDm42OgW4Gj6W1FWISEmUUXl4DIOO2a4wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFHZaCjgVoQ9NzP5K2hzqh5LvN7BDMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvZGxvS09CV2hEMDNNX2tyYUhPcUhrdTgzc0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwMAPmgDBANZ
OngDBAbCYQADBAXCYWADBAXCYaADBAfDBAADBAPDBLAwCwMEA8ME2AMDAMMEMA0E
AgACMAcDBQAgAQdIMA0GCSqGSIb3DQEBCwUAA4IBAQAh4VFE3mhcQd/HSPicua7H
5FehdUmRkuCJvg377qhFYq27AL46y5CLhM0XtGAY2ovP0VG39FL8olUqu4m+NJxm
7BYfJxIcLSl0JKfLt+KMQwA0GY0lXMMtQ1DF4zP5nGX7rMh6HaWBvo6SVej1rKYr
yprAklrTkGNJLdsFV2IjrtwArKvciVzLKct+/lMt6TfSV8hdqBksQKvf0kYpj/66
t6vfu6Kn632h1wykNgLTLU4wR7klvomfd96pfReRdmgcsmFBsc/EuJfELIgLzrJi
sva/ys4Qnip98QWQHr8MXTTnO4iwA5lucQQnua6rs7mGSkgGp1qthcxJUHAtu0C7
-----END CERTIFICATE-----
Generated at Sat May 10 20:08:30 2025 by rpki-client