Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/171251-6a75-4e9e-acf0-825e5a061df9/1/kvDA2uJCxtsf_iJspEUKkErzpBw.roa
File: kvDA2uJCxtsf_iJspEUKkErzpBw.roa (raw, json)
Hash identifier: JEVQ/faqvkDHRCLDsyE8tNxf+ZkvCVkbrXJ5aSPcJrs=
Subject key identifier: 92:F0:C0:DA:E2:42:C6:DB:1F:FE:22:6C:A4:45:0A:90:4A:F3:A4:1C
Certificate issuer: /CN=78811e8e36e22280bb2f65a7d2c6034ecf86716c
Certificate serial: 0194258E54430876970B1F82B8E3647F2FA0
Authority key identifier: 78:81:1E:8E:36:E2:22:80:BB:2F:65:A7:D2:C6:03:4E:CF:86:71:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eIEejjbiIoC7L2Wn0sYDTs-GcWw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/171251-6a75-4e9e-acf0-825e5a061df9/1/kvDA2uJCxtsf_iJspEUKkErzpBw.roa
Signing time: Thu 02 Jan 2025 05:47:52 +0000
ROA not before: Thu 02 Jan 2025 05:47:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59702
IP address blocks: 31.31.160.0/21 maxlen: 21
31.31.161.0/24 maxlen: 24
31.31.163.0/24 maxlen: 24
31.31.164.0/24 maxlen: 24
31.31.165.0/24 maxlen: 24
31.31.166.0/24 maxlen: 24
31.31.167.0/24 maxlen: 24
81.25.144.0/20 maxlen: 20
146.66.232.0/21 maxlen: 21
172.103.88.0/21 maxlen: 21
185.16.200.0/22 maxlen: 22
185.47.192.0/22 maxlen: 22
185.47.192.0/24 maxlen: 24
185.47.193.0/24 maxlen: 24
185.47.194.0/24 maxlen: 24
185.80.216.0/22 maxlen: 22
194.37.249.0/24 maxlen: 24
195.42.104.0/23 maxlen: 23
207.189.192.0/20 maxlen: 20
213.244.240.0/21 maxlen: 21
216.158.96.0/20 maxlen: 20
2a03:780::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9e/171251-6a75-4e9e-acf0-825e5a061df9/1/eIEejjbiIoC7L2Wn0sYDTs-GcWw.crl
rsync://rpki.ripe.net/repository/DEFAULT/9e/171251-6a75-4e9e-acf0-825e5a061df9/1/eIEejjbiIoC7L2Wn0sYDTs-GcWw.mft
rsync://rpki.ripe.net/repository/DEFAULT/eIEejjbiIoC7L2Wn0sYDTs-GcWw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8e:54:43:08:76:97:0b:1f:82:b8:e3:64:7f:2f:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=78811e8e36e22280bb2f65a7d2c6034ecf86716c
Validity
Not Before: Jan 2 05:47:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=92f0c0dae242c6db1ffe226ca4450a904af3a41c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:89:dc:f0:74:d9:37:09:c5:f4:32:e4:b0:0f:
37:ec:2b:b5:b9:72:e2:06:6f:2f:e3:96:5f:47:90:
c9:24:32:a0:b7:d4:36:15:4c:8c:ea:42:55:39:46:
b9:21:00:7d:e1:67:a7:4e:7b:c8:2c:7d:e6:43:5b:
4d:1d:a8:35:35:e1:99:74:95:ca:5b:1f:54:1a:47:
84:78:7c:02:8e:e4:4a:6f:9a:b4:3c:6b:f6:78:f4:
ff:9c:02:3a:ce:bb:99:08:f3:80:0d:3b:28:a7:5f:
f6:d3:9c:0e:cf:b1:7a:30:0a:79:ce:ac:80:40:1d:
be:86:7a:2d:b4:3a:1e:33:6d:b8:a4:8a:a1:38:70:
3c:9c:ee:b4:c1:57:c9:f8:03:01:50:8e:c8:f5:64:
9a:48:64:6c:92:0b:fa:8a:12:73:e9:ab:cd:d9:55:
1a:69:dd:04:90:a8:68:09:31:3f:34:78:48:2b:9a:
55:c5:84:40:02:f2:bd:3e:0e:c7:63:46:41:44:e2:
60:f1:fa:b9:49:ad:5d:51:db:9d:54:d2:60:b3:54:
ae:db:d4:38:37:91:d3:0a:2f:9a:4e:ca:7e:d8:93:
c9:10:60:b6:44:79:23:e1:9b:1d:4a:9f:0c:70:68:
5a:8d:2b:56:50:ec:4f:05:71:0a:a5:39:b3:1a:18:
ca:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:F0:C0:DA:E2:42:C6:DB:1F:FE:22:6C:A4:45:0A:90:4A:F3:A4:1C
X509v3 Authority Key Identifier:
keyid:78:81:1E:8E:36:E2:22:80:BB:2F:65:A7:D2:C6:03:4E:CF:86:71:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eIEejjbiIoC7L2Wn0sYDTs-GcWw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/171251-6a75-4e9e-acf0-825e5a061df9/1/kvDA2uJCxtsf_iJspEUKkErzpBw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/171251-6a75-4e9e-acf0-825e5a061df9/1/eIEejjbiIoC7L2Wn0sYDTs-GcWw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.31.160.0/21
81.25.144.0/20
146.66.232.0/21
172.103.88.0/21
185.16.200.0/22
185.47.192.0/22
185.80.216.0/22
194.37.249.0/24
195.42.104.0/23
207.189.192.0/20
213.244.240.0/21
216.158.96.0/20
IPv6:
2a03:780::/32
Signature Algorithm: sha256WithRSAEncryption
0f:4a:e7:12:e4:f0:d0:0f:04:1f:a2:40:e9:28:9c:2f:ed:34:
ec:93:0c:59:71:19:59:a8:f6:29:e2:8e:2e:14:dc:44:41:7f:
1d:f9:b7:9a:4f:da:84:51:dc:f0:96:7d:43:c8:92:b0:5c:bd:
f4:86:c4:00:8f:08:fc:98:7b:21:f1:10:2b:42:6a:05:58:da:
ef:0e:ea:82:44:e7:76:56:5c:74:eb:1a:87:1f:9b:bd:05:31:
28:cf:63:b0:78:54:7c:29:f5:58:66:54:f7:15:2d:32:87:4f:
5f:21:ae:72:34:9e:71:8c:55:b6:22:d3:e5:d1:8e:fd:a7:a1:
32:e8:61:ed:d5:41:9e:94:3e:11:26:b2:1c:c3:c6:75:a6:97:
78:08:5c:00:bf:93:33:43:54:03:76:27:c7:da:c7:e1:23:61:
51:b5:28:09:b0:3b:41:16:a9:ce:c0:0b:84:da:44:5e:ac:94:
c3:a7:89:ad:6e:18:1a:d7:04:03:2c:c5:25:59:15:a0:71:2e:
43:22:d1:3f:5c:de:8e:cf:3e:fc:2e:96:65:11:eb:36:6c:ee:
d3:97:87:f0:ce:90:83:ed:0d:6f:cb:21:63:68:74:f8:c4:a5:
26:2d:48:03:b4:ff:dc:1f:d4:cb:cb:ac:35:90:9f:51:51:eb:
9a:42:e5:6f
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZQljlRDCHaXCx+CuONkfy+gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ODExZThlMzZlMjIyODBiYjJmNjVhN2QyYzYwMzRlY2Y4
NjcxNmMwHhcNMjUwMTAyMDU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmYwYzBkYWUyNDJjNmRiMWZmZTIyNmNhNDQ1MGE5MDRhZjNhNDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44nc8HTZNwnF9DLksA837Cu1uXLi
Bm8v45ZfR5DJJDKgt9Q2FUyM6kJVOUa5IQB94WenTnvILH3mQ1tNHag1NeGZdJXK
Wx9UGkeEeHwCjuRKb5q0PGv2ePT/nAI6zruZCPOADTsop1/205wOz7F6MAp5zqyA
QB2+hnottDoeM224pIqhOHA8nO60wVfJ+AMBUI7I9WSaSGRskgv6ihJz6avN2VUa
ad0EkKhoCTE/NHhIK5pVxYRAAvK9Pg7HY0ZBROJg8fq5Sa1dUdudVNJgs1Su29Q4
N5HTCi+aTsp+2JPJEGC2RHkj4ZsdSp8McGhajStWUOxPBXEKpTmzGhjKXwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFJLwwNriQsbbH/4ibKRFCpBK86QcMB8GA1UdIwQY
MBaAFHiBHo424iKAuy9lp9LGA07PhnFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUlFZWpqYmlJb0M3TDJXbjBzWURUcy1HY1d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xNzEyNTEtNmE3NS00ZTllLWFjZjAt
ODI1ZTVhMDYxZGY5LzEva3ZEQTJ1SkN4dHNmX2lKc3BFVUtrRXJ6cEJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xNzEyNTEtNmE3NS00ZTllLWFjZjAtODI1ZTVhMDYxZGY5
LzEvZUlFZWpqYmlJb0M3TDJXbjBzWURUcy1HY1d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDHx+gAwQE
URmQAwQDkkLoAwQDrGdYAwQCuRDIAwQCuS/AAwQCuVDYAwQAwiX5AwQBwypoAwQE
z73AAwQD1fTwAwQE2J5gMA0EAgACMAcDBQAqAweAMA0GCSqGSIb3DQEBCwUAA4IB
AQAPSucS5PDQDwQfokDpKJwv7TTskwxZcRlZqPYp4o4uFNxEQX8d+beaT9qEUdzw
ln1DyJKwXL30hsQAjwj8mHsh8RArQmoFWNrvDuqCROd2Vlx06xqHH5u9BTEoz2Ow
eFR8KfVYZlT3FS0yh09fIa5yNJ5xjFW2ItPl0Y79p6Ey6GHt1UGelD4RJrIcw8Z1
ppd4CFwAv5MzQ1QDdifH2sfhI2FRtSgJsDtBFqnOwAuE2kRerJTDp4mtbhga1wQD
LMUlWRWgcS5DItE/XN6Ozz78LpZlEes2bO7Tl4fwzpCD7Q1vyyFjaHT4xKUmLUgD
tP/cH9TLy6w1kJ9RUeuaQuVv
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:21:03 2025 by rpki-client