Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/7CQK4uvhSVq6o2wWxOh9gTQ5PNA.roa
File: 7CQK4uvhSVq6o2wWxOh9gTQ5PNA.roa (raw, json)
Hash identifier: DkMR/Y4unY7wIHXEWKNCRJfO23Nc5dcWAz953GA+1qE=
Subject key identifier: EC:24:0A:E2:EB:E1:49:5A:BA:A3:6C:16:C4:E8:7D:81:34:39:3C:D0
Certificate issuer: /CN=f58acd43c0033b13b88bb397415583aa51d9303a
Certificate serial: 01942067FA5185AED197B52A1783BC5695DB
Authority key identifier: F5:8A:CD:43:C0:03:3B:13:B8:8B:B3:97:41:55:83:AA:51:D9:30:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/7CQK4uvhSVq6o2wWxOh9gTQ5PNA.roa
Signing time: Wed 01 Jan 2025 05:47:52 +0000
ROA not before: Wed 01 Jan 2025 05:47:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198726
IP address blocks: 5.10.0.0/21 maxlen: 24
91.137.64.0/18 maxlen: 24
185.14.64.0/22 maxlen: 22
185.35.216.0/22 maxlen: 22
185.233.220.0/22 maxlen: 22
185.238.160.0/22 maxlen: 22
185.240.224.0/22 maxlen: 22
2a02:acc1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.crl
rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.mft
rsync://rpki.ripe.net/repository/DEFAULT/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:fa:51:85:ae:d1:97:b5:2a:17:83:bc:56:95:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f58acd43c0033b13b88bb397415583aa51d9303a
Validity
Not Before: Jan 1 05:47:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ec240ae2ebe1495abaa36c16c4e87d8134393cd0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:f9:78:db:3e:23:93:26:d4:64:64:dc:0b:b7:
06:74:f2:2b:20:8d:ee:3d:94:77:a4:b6:ea:9b:58:
5a:5f:ae:06:eb:c5:5d:a2:06:b7:27:96:61:b9:98:
6f:6e:87:7c:c7:28:05:aa:5d:77:b3:38:99:26:b0:
77:2a:e7:d5:56:bc:37:4e:b1:4f:a7:53:6b:d9:95:
2f:f0:9f:fe:19:41:66:c6:e2:1e:e7:04:ba:68:27:
5e:c4:2b:88:9b:89:2b:f5:69:b2:1c:3e:d9:bc:c4:
db:8a:2f:c8:bd:9b:22:0b:2b:45:d3:e7:f5:f3:79:
bb:27:63:89:d8:95:a1:6a:2b:37:a1:0c:ec:1f:75:
ea:6c:7e:eb:02:b1:7f:f1:2f:c5:95:d1:e4:60:87:
52:11:65:ab:65:2c:07:08:91:bb:ea:77:b7:10:08:
24:13:76:a8:8e:94:b3:7b:66:d2:4f:99:6f:94:fc:
0b:d6:b8:81:98:13:8f:a5:43:4a:f4:16:47:51:8d:
22:b4:b3:af:3d:9d:38:fa:56:63:c1:ed:ee:87:37:
30:96:f5:bb:c5:01:18:d2:62:0f:4a:94:5d:5b:bd:
06:e5:58:cf:ed:dc:6c:e6:a0:41:07:d9:85:d3:71:
f3:cc:8c:d6:4f:3e:85:f5:ed:ee:42:69:b1:ee:07:
f0:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:24:0A:E2:EB:E1:49:5A:BA:A3:6C:16:C4:E8:7D:81:34:39:3C:D0
X509v3 Authority Key Identifier:
keyid:F5:8A:CD:43:C0:03:3B:13:B8:8B:B3:97:41:55:83:AA:51:D9:30:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/7CQK4uvhSVq6o2wWxOh9gTQ5PNA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.10.0.0/21
91.137.64.0/18
185.14.64.0/22
185.35.216.0/22
185.233.220.0/22
185.238.160.0/22
185.240.224.0/22
IPv6:
2a02:acc1::/32
Signature Algorithm: sha256WithRSAEncryption
6b:42:5a:fe:43:67:93:95:26:41:99:82:c7:ee:27:15:2e:74:
7a:79:28:27:22:be:c8:71:28:27:fd:87:35:c6:bf:1f:31:d3:
ba:23:7f:69:3b:78:3e:f9:74:d6:2d:3d:8c:ef:88:bc:a8:eb:
e4:69:9d:ab:03:d4:c3:87:a8:2d:9b:54:ae:48:29:6d:0d:86:
d2:bd:d1:ff:74:7d:64:91:00:f8:d8:0d:b1:0f:07:32:fb:80:
34:b6:18:6e:af:7c:5a:82:1c:c8:a4:63:8e:0c:27:ae:56:87:
56:e0:f1:5e:e1:74:08:af:02:b6:00:70:c4:fd:6f:e2:d7:eb:
d4:e9:30:19:d1:be:b1:de:8f:03:23:80:91:51:16:c2:dd:4d:
05:10:52:d9:93:e4:c9:7f:74:45:5d:10:78:ef:61:80:2f:8f:
6c:98:6b:92:a2:47:7a:0a:80:9a:8c:79:55:cb:04:2a:1a:4a:
59:e0:06:a1:1e:82:3b:36:f9:fd:c2:db:df:50:6e:72:bf:11:
c8:2c:a5:e2:67:7a:3c:e4:e6:70:3e:3f:39:61:ac:b5:4a:10:
33:60:5a:41:d8:54:12:4a:b3:a1:4b:4e:e6:13:d4:15:3d:ac:
18:94:9d:2b:08:7e:c5:57:e8:23:d3:7a:cc:ce:3a:63:3a:d6:
fb:af:9d:04
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQgZ/pRha7Rl7UqF4O8VpXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OGFjZDQzYzAwMzNiMTNiODhiYjM5NzQxNTU4M2FhNTFk
OTMwM2EwHhcNMjUwMTAxMDU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzI0MGFlMmViZTE0OTVhYmFhMzZjMTZjNGU4N2Q4MTM0MzkzY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8vl42z4jkybUZGTcC7cGdPIrII3u
PZR3pLbqm1haX64G68Vdoga3J5ZhuZhvbod8xygFql13sziZJrB3KufVVrw3TrFP
p1Nr2ZUv8J/+GUFmxuIe5wS6aCdexCuIm4kr9WmyHD7ZvMTbii/IvZsiCytF0+f1
83m7J2OJ2JWhais3oQzsH3XqbH7rArF/8S/FldHkYIdSEWWrZSwHCJG76ne3EAgk
E3aojpSze2bST5lvlPwL1riBmBOPpUNK9BZHUY0itLOvPZ04+lZjwe3uhzcwlvW7
xQEY0mIPSpRdW70G5VjP7dxs5qBBB9mF03HzzIzWTz6F9e3uQmmx7gfwGwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFOwkCuLr4UlauqNsFsTofYE0OTzQMB8GA1UdIwQY
MBaAFPWKzUPAAzsTuIuzl0FVg6pR2TA6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVlyTlE4QURPeE80aTdPWFFWV0RxbEhaTURvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8wZTY2ZTktY2YyZC00MGRmLWFhYWUt
Y2YyZDU4ZDBlMGVlLzEvN0NRSzR1dmhTVnE2bzJ3V3hPaDlnVFE1UE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8wZTY2ZTktY2YyZC00MGRmLWFhYWUtY2YyZDU4ZDBlMGVl
LzEvOVlyTlE4QURPeE80aTdPWFFWV0RxbEhaTURvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDBQoAAwQG
W4lAAwQCuQ5AAwQCuSPYAwQCuencAwQCue6gAwQCufDgMA0EAgACMAcDBQAqAqzB
MA0GCSqGSIb3DQEBCwUAA4IBAQBrQlr+Q2eTlSZBmYLH7icVLnR6eSgnIr7IcSgn
/Yc1xr8fMdO6I39pO3g++XTWLT2M74i8qOvkaZ2rA9TDh6gtm1SuSCltDYbSvdH/
dH1kkQD42A2xDwcy+4A0thhur3xaghzIpGOODCeuVodW4PFe4XQIrwK2AHDE/W/i
1+vU6TAZ0b6x3o8DI4CRURbC3U0FEFLZk+TJf3RFXRB472GAL49smGuSokd6CoCa
jHlVywQqGkpZ4AahHoI7Nvn9wtvfUG5yvxHILKXiZ3o85OZwPj85Yay1ShAzYFpB
2FQSSrOhS07mE9QVPawYlJ0rCH7FV+gj03rMzjpjOtb7r50E
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:33:42 2025 by rpki-client