Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/kfH4Hfcw2DAA4uCH3S-0NOLLLIE.roa
File: kfH4Hfcw2DAA4uCH3S-0NOLLLIE.roa (raw, json)
Hash identifier: +ssFltk6eznRSfe1ZkEA/pnveLfuNyk/DPp5U5STMlg=
Subject key identifier: 91:F1:F8:1D:F7:30:D8:30:00:E2:E0:87:DD:2F:B4:34:E2:CB:2C:81
Certificate issuer: /CN=77cc46ade957c8f066a5c6fe25310a4cf5a7e9d4
Certificate serial: 0194258F7BA03FA87F6ED21A0A3DFDDE523F
Authority key identifier: 77:CC:46:AD:E9:57:C8:F0:66:A5:C6:FE:25:31:0A:4C:F5:A7:E9:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/d8xGrelXyPBmpcb-JTEKTPWn6dQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/kfH4Hfcw2DAA4uCH3S-0NOLLLIE.roa
Signing time: Thu 02 Jan 2025 05:49:07 +0000
ROA not before: Thu 02 Jan 2025 05:49:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35070
IP address blocks: 185.223.228.0/22 maxlen: 24
185.223.228.0/24 maxlen: 24
185.223.229.0/24 maxlen: 24
185.223.230.0/24 maxlen: 24
185.223.231.0/24 maxlen: 24
2a0d:4040::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/d8xGrelXyPBmpcb-JTEKTPWn6dQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/d8xGrelXyPBmpcb-JTEKTPWn6dQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/d8xGrelXyPBmpcb-JTEKTPWn6dQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 13:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:7b:a0:3f:a8:7f:6e:d2:1a:0a:3d:fd:de:52:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=77cc46ade957c8f066a5c6fe25310a4cf5a7e9d4
Validity
Not Before: Jan 2 05:49:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=91f1f81df730d83000e2e087dd2fb434e2cb2c81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:f4:ab:50:09:eb:2a:93:fb:b8:53:56:21:ab:
4a:e5:d1:9a:83:ed:11:d8:99:31:26:2c:ba:9e:65:
1b:af:90:d3:73:5b:c3:09:35:32:fc:11:b8:90:e6:
f2:82:ad:c8:d7:f9:97:f4:bc:56:17:fc:14:3c:f4:
e1:78:a0:d5:bd:16:b3:3d:27:9b:c4:62:34:a8:da:
1c:5e:f2:41:44:f5:bd:4b:5a:30:58:1a:47:93:0e:
da:bf:ac:91:bc:df:b2:0a:cb:1f:44:98:32:25:68:
17:77:2b:16:f7:34:9d:4e:2c:68:87:c4:b1:47:f9:
1c:0a:52:10:14:a1:a9:59:55:5f:ec:c7:e5:7c:3d:
50:31:63:09:0f:4d:90:50:5c:bf:3e:b8:67:d7:c2:
c8:e6:00:69:66:c3:bd:e4:3e:79:77:96:a8:46:dd:
c8:9c:e2:95:cd:ed:ed:b8:07:fc:30:e6:1e:93:54:
89:10:19:f3:66:0f:43:ee:ea:80:bf:51:cf:13:d2:
ee:f7:fd:c6:eb:7e:12:6f:2b:c4:09:4e:3e:ef:ef:
3e:c5:d9:09:13:29:6b:5c:34:36:29:8e:9c:51:a8:
65:b0:05:58:ed:79:30:55:7d:a6:ec:dc:cc:2f:ff:
42:1f:19:cb:73:ea:8c:3a:38:72:8d:e8:5b:52:36:
64:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:F1:F8:1D:F7:30:D8:30:00:E2:E0:87:DD:2F:B4:34:E2:CB:2C:81
X509v3 Authority Key Identifier:
keyid:77:CC:46:AD:E9:57:C8:F0:66:A5:C6:FE:25:31:0A:4C:F5:A7:E9:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8xGrelXyPBmpcb-JTEKTPWn6dQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/kfH4Hfcw2DAA4uCH3S-0NOLLLIE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/d8xGrelXyPBmpcb-JTEKTPWn6dQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.223.228.0/22
IPv6:
2a0d:4040::/29
Signature Algorithm: sha256WithRSAEncryption
92:c0:13:9e:8d:43:a1:2b:f5:47:2e:14:bf:45:82:0b:a3:c7:
85:65:8a:5e:47:57:70:55:08:ec:0a:28:51:1f:bc:1a:ce:5a:
52:12:27:db:05:d5:02:d6:06:fa:fa:6b:12:12:5d:aa:01:7f:
86:19:1c:1d:76:d4:62:bc:5f:70:32:04:cf:d0:d4:fc:b9:5f:
f8:e6:79:b0:31:72:03:2b:b1:94:c6:e6:24:8d:9c:01:ad:73:
b6:5d:5e:66:88:e4:a9:aa:07:d9:c9:d9:e2:a1:bd:85:5a:2c:
41:b3:c5:cc:6c:49:4d:40:6c:c8:9e:7b:fa:60:25:39:72:d9:
1a:f5:86:af:d8:4c:d1:a4:09:7e:d2:03:51:5a:e0:65:f2:3d:
a4:a3:36:06:c5:ae:1c:f2:d5:68:36:0f:32:e2:c0:e4:70:83:
5c:c2:f5:a0:46:63:f6:a5:d5:b7:48:78:0d:f1:be:f8:86:02:
fc:f0:17:38:9b:cb:84:33:24:1d:9d:40:a6:3d:65:f8:a9:35:
91:2b:57:f3:19:69:f4:24:54:c7:2d:f9:90:58:de:70:d9:76:
c1:f0:a2:d5:d3:b0:cb:6b:92:93:b6:5d:9a:1c:34:57:3f:7a:
01:83:28:37:20:76:5a:78:8b:8e:de:4d:1a:80:2d:d3:2b:97:
42:5d:05:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj3ugP6h/btIaCj393lI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3Y2M0NmFkZTk1N2M4ZjA2NmE1YzZmZTI1MzEwYTRjZjVh
N2U5ZDQwHhcNMjUwMTAyMDU0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWYxZjgxZGY3MzBkODMwMDBlMmUwODdkZDJmYjQzNGUyY2IyYzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvSrUAnrKpP7uFNWIatK5dGag+0R
2JkxJiy6nmUbr5DTc1vDCTUy/BG4kObygq3I1/mX9LxWF/wUPPTheKDVvRazPSeb
xGI0qNocXvJBRPW9S1owWBpHkw7av6yRvN+yCssfRJgyJWgXdysW9zSdTixoh8Sx
R/kcClIQFKGpWVVf7MflfD1QMWMJD02QUFy/Prhn18LI5gBpZsO95D55d5aoRt3I
nOKVze3tuAf8MOYek1SJEBnzZg9D7uqAv1HPE9Lu9/3G634SbyvECU4+7+8+xdkJ
EylrXDQ2KY6cUahlsAVY7XkwVX2m7NzML/9CHxnLc+qMOjhyjehbUjZkbwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJHx+B33MNgwAOLgh90vtDTiyyyBMB8GA1UdIwQY
MBaAFHfMRq3pV8jwZqXG/iUxCkz1p+nUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDh4R3JlbFh5UEJtcGNiLUpURUtUUFduNmRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9kNjFiNTQtZWU5Zi00ZTAwLWIxZTMt
ZjdkMDI3NTYwMDU4LzEva2ZINEhmY3cyREFBNHVDSDNTLTBOT0xMTElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9kNjFiNTQtZWU5Zi00ZTAwLWIxZTMtZjdkMDI3NTYwMDU4
LzEvZDh4R3JlbFh5UEJtcGNiLUpURUtUUFduNmRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud/kMA0E
AgACMAcDBQMqDUBAMA0GCSqGSIb3DQEBCwUAA4IBAQCSwBOejUOhK/VHLhS/RYIL
o8eFZYpeR1dwVQjsCihRH7wazlpSEifbBdUC1gb6+msSEl2qAX+GGRwddtRivF9w
MgTP0NT8uV/45nmwMXIDK7GUxuYkjZwBrXO2XV5miOSpqgfZydniob2FWixBs8XM
bElNQGzInnv6YCU5ctka9Yav2EzRpAl+0gNRWuBl8j2kozYGxa4c8tVoNg8y4sDk
cINcwvWgRmP2pdW3SHgN8b74hgL88Bc4m8uEMyQdnUCmPWX4qTWRK1fzGWn0JFTH
LfmQWN5w2XbB8KLV07DLa5KTtl2aHDRXP3oBgyg3IHZaeIuO3k0agC3TK5dCXQXw
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:03:39 2025 by rpki-client