Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/db66ab-70ac-41ad-9958-dd8b5afcee3b/1/kdQZ4QS0sUqXnywKZ8M79hUmfTA.roa
File: kdQZ4QS0sUqXnywKZ8M79hUmfTA.roa (raw, json)
Hash identifier: xGG3G4XfdVhcDuFzw8EOPzLUi5vn/b3D8pkyEY9PSkc=
Subject key identifier: 91:D4:19:E1:04:B4:B1:4A:97:9F:2C:0A:67:C3:3B:F6:15:26:7D:30
Certificate issuer: /CN=b436c0f0ec8bbedf0f60844dfe4fe939369a4b40
Certificate serial: 01942444A2F383ABDAFE52E59B6F17813AA1
Authority key identifier: B4:36:C0:F0:EC:8B:BE:DF:0F:60:84:4D:FE:4F:E9:39:36:9A:4B:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDbA8OyLvt8PYIRN_k_pOTaaS0A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/db66ab-70ac-41ad-9958-dd8b5afcee3b/1/kdQZ4QS0sUqXnywKZ8M79hUmfTA.roa
Signing time: Wed 01 Jan 2025 23:47:45 +0000
ROA not before: Wed 01 Jan 2025 23:47:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50782
IP address blocks: 2.57.48.0/22 maxlen: 22
91.215.240.0/22 maxlen: 22
185.159.200.0/22 maxlen: 22
185.246.20.0/22 maxlen: 22
194.127.196.0/24 maxlen: 24
194.127.202.0/24 maxlen: 24
194.127.206.0/24 maxlen: 24
194.127.214.0/24 maxlen: 24
2a07:b6c0::/29 maxlen: 29
2a09:c940::/29 maxlen: 29
2a0d:6680::/29 maxlen: 29
2a0f:afc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/db66ab-70ac-41ad-9958-dd8b5afcee3b/1/tDbA8OyLvt8PYIRN_k_pOTaaS0A.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/db66ab-70ac-41ad-9958-dd8b5afcee3b/1/tDbA8OyLvt8PYIRN_k_pOTaaS0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDbA8OyLvt8PYIRN_k_pOTaaS0A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:a2:f3:83:ab:da:fe:52:e5:9b:6f:17:81:3a:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b436c0f0ec8bbedf0f60844dfe4fe939369a4b40
Validity
Not Before: Jan 1 23:47:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=91d419e104b4b14a979f2c0a67c33bf615267d30
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:b3:07:88:d3:46:16:c5:89:a5:e4:d0:aa:d0:
57:cd:88:8d:7f:d2:1e:b9:0d:21:3b:b9:7c:a4:c7:
13:9d:d0:4c:74:bb:b6:25:6a:08:ea:a0:8f:bd:49:
7b:84:a1:30:1a:4e:5f:a7:65:a9:11:d2:53:fd:f4:
74:ec:56:45:c9:97:cc:82:c7:12:a8:59:01:e1:c4:
4f:d0:2c:e0:05:a8:2d:31:3a:7f:78:30:e2:0a:14:
5d:6f:fc:8a:2d:b7:e0:4d:8f:89:ff:17:bf:0c:43:
a4:ce:35:c3:64:4c:00:8c:63:db:c3:12:5f:0d:05:
12:7c:48:a1:f2:07:37:41:9f:71:91:8d:b5:1e:04:
36:57:d1:c1:d0:ab:8a:e7:c6:7d:91:ab:36:c5:0c:
30:d9:71:11:e8:89:7b:cb:92:3c:ba:ee:6b:e3:68:
4e:6f:b4:e2:e9:54:e1:88:bd:bc:9b:5e:1c:d4:ac:
bc:05:20:8d:d9:a7:d0:90:5c:be:30:4b:8d:40:ae:
77:7f:03:51:73:b9:34:b1:ed:dc:33:bf:c0:89:4a:
f1:70:97:0d:3a:72:0b:a7:30:00:78:4a:12:11:75:
f5:14:ac:02:93:bc:db:64:c9:4e:6d:47:be:a7:41:
a4:b0:62:65:39:8e:e1:17:d7:1d:fc:a6:3a:93:b5:
c5:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:D4:19:E1:04:B4:B1:4A:97:9F:2C:0A:67:C3:3B:F6:15:26:7D:30
X509v3 Authority Key Identifier:
keyid:B4:36:C0:F0:EC:8B:BE:DF:0F:60:84:4D:FE:4F:E9:39:36:9A:4B:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDbA8OyLvt8PYIRN_k_pOTaaS0A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/db66ab-70ac-41ad-9958-dd8b5afcee3b/1/kdQZ4QS0sUqXnywKZ8M79hUmfTA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/db66ab-70ac-41ad-9958-dd8b5afcee3b/1/tDbA8OyLvt8PYIRN_k_pOTaaS0A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.48.0/22
91.215.240.0/22
185.159.200.0/22
185.246.20.0/22
194.127.196.0/24
194.127.202.0/24
194.127.206.0/24
194.127.214.0/24
IPv6:
2a07:b6c0::/29
2a09:c940::/29
2a0d:6680::/29
2a0f:afc0::/29
Signature Algorithm: sha256WithRSAEncryption
3f:6e:d7:4c:50:6c:2b:8c:a8:44:24:52:b8:f8:dd:11:c3:c5:
a6:35:4e:e1:ae:3c:ea:52:44:bd:93:1d:e0:0c:e3:68:fd:01:
20:57:90:5f:b3:e9:8f:30:40:41:97:58:75:10:e8:52:27:1f:
db:97:4a:26:09:42:1a:bc:70:4c:ce:c2:a4:39:36:3c:f4:eb:
f7:db:59:7f:f8:e9:1b:39:36:54:46:c0:2d:b4:ed:43:80:13:
6d:1e:d6:2e:18:49:3d:3f:11:ef:7d:37:ea:32:0d:2f:d4:17:
c2:77:6b:13:91:80:54:3c:4d:f3:84:c9:8e:73:d7:4e:8d:00:
83:b0:75:7b:d9:7c:90:b0:cd:4f:ab:80:54:87:7e:45:db:51:
5d:70:a7:eb:e9:c9:46:9c:a3:00:45:bc:a8:f8:03:92:d3:70:
1e:0d:af:3b:f0:a3:b1:2b:b3:99:f6:22:e2:1f:df:c9:17:e4:
20:ce:6b:9a:34:95:59:15:5c:02:a5:53:79:65:38:d2:61:82:
72:01:13:1c:0a:ce:9d:ae:20:87:dc:63:5d:a9:c0:b4:27:cf:
de:1c:f1:4e:44:5b:1b:c4:71:f0:af:10:bb:31:20:df:80:eb:
69:3d:29:28:8c:5a:e4:a1:e1:99:2a:26:fe:c0:8e:3d:21:5c:
5f:0d:0c:3a
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZQkRKLzg6va/lLlm28XgTqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzZjMGYwZWM4YmJlZGYwZjYwODQ0ZGZlNGZlOTM5MzY5
YTRiNDAwHhcNMjUwMTAxMjM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQ0MTllMTA0YjRiMTRhOTc5ZjJjMGE2N2MzM2JmNjE1MjY3ZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rMHiNNGFsWJpeTQqtBXzYiNf9Ie
uQ0hO7l8pMcTndBMdLu2JWoI6qCPvUl7hKEwGk5fp2WpEdJT/fR07FZFyZfMgscS
qFkB4cRP0CzgBagtMTp/eDDiChRdb/yKLbfgTY+J/xe/DEOkzjXDZEwAjGPbwxJf
DQUSfEih8gc3QZ9xkY21HgQ2V9HB0KuK58Z9kas2xQww2XER6Il7y5I8uu5r42hO
b7Ti6VThiL28m14c1Ky8BSCN2afQkFy+MEuNQK53fwNRc7k0se3cM7/AiUrxcJcN
OnILpzAAeEoSEXX1FKwCk7zbZMlObUe+p0GksGJlOY7hF9cd/KY6k7XFWQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFJHUGeEEtLFKl58sCmfDO/YVJn0wMB8GA1UdIwQY
MBaAFLQ2wPDsi77fD2CETf5P6Tk2mktAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERiQThPeUx2dDhQWUlSTl9rX3BPVGFhUzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9kYjY2YWItNzBhYy00MWFkLTk5NTgt
ZGQ4YjVhZmNlZTNiLzEva2RRWjRRUzBzVXFYbnl3S1o4TTc5aFVtZlRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9kYjY2YWItNzBhYy00MWFkLTk5NTgtZGQ4YjVhZmNlZTNi
LzEvdERiQThPeUx2dDhQWUlSTl9rX3BPVGFhUzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDA2BAIAATAwAwQCAjkwAwQC
W9fwAwQCuZ/IAwQCufYUAwQAwn/EAwQAwn/KAwQAwn/OAwQAwn/WMCIEAgACMBwD
BQMqB7bAAwUDKgnJQAMFAyoNZoADBQMqD6/AMA0GCSqGSIb3DQEBCwUAA4IBAQA/
btdMUGwrjKhEJFK4+N0Rw8WmNU7hrjzqUkS9kx3gDONo/QEgV5Bfs+mPMEBBl1h1
EOhSJx/bl0omCUIavHBMzsKkOTY89Ov321l/+OkbOTZURsAttO1DgBNtHtYuGEk9
PxHvfTfqMg0v1BfCd2sTkYBUPE3zhMmOc9dOjQCDsHV72XyQsM1Pq4BUh35F21Fd
cKfr6clGnKMARbyo+AOS03AeDa878KOxK7OZ9iLiH9/JF+QgzmuaNJVZFVwCpVN5
ZTjSYYJyARMcCs6driCH3GNdqcC0J8/eHPFORFsbxHHwrxC7MSDfgOtpPSkojFrk
oeGZKib+wI49IVxfDQw6
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:56:48 2025 by rpki-client