Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/kwtdCRFAZPjQFHCak21_zozRzyg.roa
File: kwtdCRFAZPjQFHCak21_zozRzyg.roa (raw, json)
Hash identifier: EWeYVWP/wMFz4uen+0vNjC0GMpRDuD50ya++g2lRAIM=
Subject key identifier: 93:0B:5D:09:11:40:64:F8:D0:14:70:9A:93:6D:7F:CE:8C:D1:CF:28
Certificate issuer: /CN=d7880ed1021d0ecac71205673b004813b39dfc99
Certificate serial: 019426D982B5A07011973F8780A6226067DD
Authority key identifier: D7:88:0E:D1:02:1D:0E:CA:C7:12:05:67:3B:00:48:13:B3:9D:FC:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/kwtdCRFAZPjQFHCak21_zozRzyg.roa
Signing time: Thu 02 Jan 2025 11:49:36 +0000
ROA not before: Thu 02 Jan 2025 11:49:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29680
IP address blocks: 151.252.112.0/21 maxlen: 21
176.28.88.0/21 maxlen: 23
178.23.208.0/21 maxlen: 24
193.22.119.0/24 maxlen: 24
193.238.52.0/22 maxlen: 22
217.18.224.0/21 maxlen: 21
217.18.232.0/22 maxlen: 22
217.18.236.0/24 maxlen: 24
217.18.237.0/24 maxlen: 24
217.18.239.0/24 maxlen: 24
2a00:d60::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/14gO0QIdDsrHEgVnOwBIE7Od_Jk.crl
rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/14gO0QIdDsrHEgVnOwBIE7Od_Jk.mft
rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 08:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:82:b5:a0:70:11:97:3f:87:80:a6:22:60:67:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d7880ed1021d0ecac71205673b004813b39dfc99
Validity
Not Before: Jan 2 11:49:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=930b5d09114064f8d014709a936d7fce8cd1cf28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:60:66:b8:11:78:9b:1d:36:86:c2:1f:f6:a0:
16:f0:05:cd:2a:0c:3c:06:77:df:95:c3:10:c9:fc:
82:c5:d8:d2:a4:ab:99:39:7c:ff:93:28:0a:a8:fd:
55:d9:5c:27:c5:03:8b:07:58:dc:ce:03:c3:db:63:
2a:c4:a3:cf:48:45:7b:57:a2:d6:70:45:af:61:18:
e6:4e:1a:b1:45:c4:80:78:c2:91:f2:a9:c0:e9:0a:
9a:f3:d4:ea:b8:0a:b0:7e:10:a5:a0:de:70:06:cd:
76:2f:49:27:b8:13:46:85:b5:10:ec:45:eb:4a:97:
e7:df:df:ee:de:bb:28:a3:d2:58:a8:6d:90:1e:0e:
87:54:96:f8:d0:58:a2:05:69:7d:da:cf:a2:5b:60:
af:89:3f:75:ec:13:86:ad:23:3c:4a:a8:4a:e8:22:
7b:02:b4:71:23:9e:fc:e7:c9:1b:97:ea:3a:2a:72:
50:8e:49:50:61:33:95:06:93:3d:29:bb:dc:f2:86:
07:83:ff:7e:f1:ff:c9:51:e2:19:9a:48:18:e8:76:
46:16:bd:09:30:b3:df:ec:b1:17:ea:4a:18:67:2e:
a1:e2:92:e4:e5:34:b3:9f:ba:23:37:65:2c:88:c8:
c1:e2:6f:59:47:51:8e:48:e8:f1:5f:5d:a1:d3:00:
d5:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:0B:5D:09:11:40:64:F8:D0:14:70:9A:93:6D:7F:CE:8C:D1:CF:28
X509v3 Authority Key Identifier:
keyid:D7:88:0E:D1:02:1D:0E:CA:C7:12:05:67:3B:00:48:13:B3:9D:FC:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/kwtdCRFAZPjQFHCak21_zozRzyg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/14gO0QIdDsrHEgVnOwBIE7Od_Jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.252.112.0/21
176.28.88.0/21
178.23.208.0/21
193.22.119.0/24
193.238.52.0/22
217.18.224.0-217.18.237.255
217.18.239.0/24
IPv6:
2a00:d60::/32
Signature Algorithm: sha256WithRSAEncryption
64:63:aa:7c:d2:d2:5e:3e:9e:c9:4e:7f:92:13:f5:15:3c:21:
05:04:9d:0e:03:43:7e:e9:b2:b4:6e:8a:16:f8:d0:23:4a:25:
19:86:ca:8e:86:74:e1:d4:bd:7c:b8:c3:b4:4e:dc:fc:35:5e:
3d:d6:1a:c0:d4:15:9c:a8:00:29:83:04:b0:86:9e:25:a7:99:
e7:9e:df:8f:77:2f:72:73:60:4d:d6:8e:df:9a:8d:c2:87:00:
07:96:ce:48:e5:30:f6:a4:29:89:65:7c:22:30:6b:18:cc:b1:
28:98:a8:89:f4:44:41:0d:7c:52:d5:1d:af:dd:91:69:f1:58:
a8:74:c1:9b:70:e1:84:f3:04:2a:56:e7:fe:c4:ab:7d:8b:2e:
33:76:13:fc:88:fd:34:96:be:7c:30:79:58:20:06:00:85:bf:
de:80:9d:97:1a:a1:bd:e0:b3:5e:0e:51:58:f4:c3:3a:10:5d:
35:a2:c4:ed:42:1b:5d:cf:13:45:70:30:d5:ef:ec:cc:d1:ab:
b3:33:7a:1e:48:eb:ad:b0:1b:17:e0:43:cd:ef:70:73:a3:b4:
2b:a1:67:ed:cb:05:c0:d3:83:be:f6:3e:b2:94:0a:94:bd:75:
a6:76:3d:41:53:8f:d9:9c:ac:56:7e:be:d8:cb:a3:d3:9c:e7:
f5:40:44:33
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZQm2YK1oHARlz+HgKYiYGfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ODgwZWQxMDIxZDBlY2FjNzEyMDU2NzNiMDA0ODEzYjM5
ZGZjOTkwHhcNMjUwMTAyMTE0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzBiNWQwOTExNDA2NGY4ZDAxNDcwOWE5MzZkN2ZjZThjZDFjZjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmBmuBF4mx02hsIf9qAW8AXNKgw8
BnfflcMQyfyCxdjSpKuZOXz/kygKqP1V2VwnxQOLB1jczgPD22MqxKPPSEV7V6LW
cEWvYRjmThqxRcSAeMKR8qnA6Qqa89TquAqwfhCloN5wBs12L0knuBNGhbUQ7EXr
Spfn39/u3rsoo9JYqG2QHg6HVJb40FiiBWl92s+iW2CviT917BOGrSM8SqhK6CJ7
ArRxI57858kbl+o6KnJQjklQYTOVBpM9Kbvc8oYHg/9+8f/JUeIZmkgY6HZGFr0J
MLPf7LEX6koYZy6h4pLk5TSzn7ojN2UsiMjB4m9ZR1GOSOjxX12h0wDVuwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFJMLXQkRQGT40BRwmpNtf86M0c8oMB8GA1UdIwQY
MBaAFNeIDtECHQ7KxxIFZzsASBOznfyZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTRnTzBRSWREc3JIRWdWbk93QklFN09kX0prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC83NTY1MDUtMjA2Mi00OWU3LTk0ZmUt
MDQ3NzdjMTk4ZWYxLzEva3d0ZENSRkFaUGpRRkhDYWsyMV96b3pSenlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC83NTY1MDUtMjA2Mi00OWU3LTk0ZmUtMDQ3NzdjMTk4ZWYx
LzEvMTRnTzBRSWREc3JIRWdWbk93QklFN09kX0prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDl/xwAwQD
sBxYAwQDshfQAwQAwRZ3AwQCwe40MAwDBAXZEuADBAHZEuwDBADZEu8wDQQCAAIw
BwMFACoADWAwDQYJKoZIhvcNAQELBQADggEBAGRjqnzS0l4+nslOf5IT9RU8IQUE
nQ4DQ37psrRuihb40CNKJRmGyo6GdOHUvXy4w7RO3Pw1Xj3WGsDUFZyoACmDBLCG
niWnmeee3493L3JzYE3Wjt+ajcKHAAeWzkjlMPakKYllfCIwaxjMsSiYqIn0REEN
fFLVHa/dkWnxWKh0wZtw4YTzBCpW5/7Eq32LLjN2E/yI/TSWvnwweVggBgCFv96A
nZcaob3gs14OUVj0wzoQXTWixO1CG13PE0VwMNXv7MzRq7Mzeh5I662wGxfgQ83v
cHOjtCuhZ+3LBcDTg772PrKUCpS9daZ2PUFTj9mcrFZ+vtjLo9Oc5/VARDM=
-----END CERTIFICATE-----
Generated at Sun Apr 13 14:23:54 2025 by rpki-client