Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/71gvIX06FZhti5C8KqbG-iL3ji8.roa
File: 71gvIX06FZhti5C8KqbG-iL3ji8.roa (raw, json)
Hash identifier: ixliMnZsbefklIbCdZSQC08KvvVc2/x3CDK+CGl2CBA=
Subject key identifier: EF:58:2F:21:7D:3A:15:98:6D:8B:90:BC:2A:A6:C6:FA:22:F7:8E:2F
Certificate issuer: /CN=43af2e987d2b63addaa5adc178f31e90d876aaa7
Certificate serial: 0194282795C174FD2429015CF493B740B743
Authority key identifier: 43:AF:2E:98:7D:2B:63:AD:DA:A5:AD:C1:78:F3:1E:90:D8:76:AA:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/71gvIX06FZhti5C8KqbG-iL3ji8.roa
Signing time: Thu 02 Jan 2025 17:54:30 +0000
ROA not before: Thu 02 Jan 2025 17:54:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60185
IP address blocks: 185.2.244.0/22 maxlen: 22
185.2.244.0/23 maxlen: 23
185.2.244.0/24 maxlen: 24
185.2.245.0/24 maxlen: 24
185.2.246.0/23 maxlen: 23
185.2.246.0/24 maxlen: 24
185.2.247.0/24 maxlen: 24
2a02:4440::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.mft
rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 06:01:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:27:95:c1:74:fd:24:29:01:5c:f4:93:b7:40:b7:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43af2e987d2b63addaa5adc178f31e90d876aaa7
Validity
Not Before: Jan 2 17:54:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ef582f217d3a15986d8b90bc2aa6c6fa22f78e2f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:d1:33:13:b6:5b:99:7d:e0:08:cd:e2:11:79:
4a:58:df:02:79:d0:c1:15:ef:ae:0b:9f:6e:cb:2f:
35:fe:65:c4:6d:2b:50:2e:04:13:18:19:e0:ed:55:
e4:c8:4e:4e:c2:b0:ae:c6:74:d9:29:d4:bd:c1:16:
a8:08:2e:f3:07:73:ed:d2:41:cf:e2:ef:9a:02:a0:
80:98:6c:f3:98:36:5b:32:06:67:dc:22:c9:3d:f7:
15:a0:d3:fd:b3:ec:de:b7:b3:5d:89:c4:08:85:77:
3d:e1:b8:37:3c:71:1c:1a:6f:49:9c:5d:cb:8d:e6:
6b:04:8b:78:52:23:0a:b6:2a:97:19:01:a9:26:a1:
d5:a2:e7:96:41:2d:88:67:6e:ec:67:2e:04:15:24:
95:09:45:aa:e9:60:9a:6e:3b:ba:28:7b:d8:9d:cf:
ce:c2:09:77:76:5c:b5:5e:fd:1f:2d:5d:e2:e3:7a:
67:10:68:b4:4a:40:14:51:82:bc:71:5e:67:31:4e:
30:f0:52:5c:11:44:ef:b7:a1:6f:c3:fd:f1:4f:bc:
da:0b:28:9f:5c:17:3a:5c:2d:49:0d:34:d7:35:77:
41:d8:13:8c:b0:da:28:cd:8f:54:66:8b:09:3b:ed:
a4:1b:04:51:08:28:2a:86:68:45:9f:99:08:d4:00:
c5:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:58:2F:21:7D:3A:15:98:6D:8B:90:BC:2A:A6:C6:FA:22:F7:8E:2F
X509v3 Authority Key Identifier:
keyid:43:AF:2E:98:7D:2B:63:AD:DA:A5:AD:C1:78:F3:1E:90:D8:76:AA:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/71gvIX06FZhti5C8KqbG-iL3ji8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.2.244.0/22
IPv6:
2a02:4440::/32
Signature Algorithm: sha256WithRSAEncryption
62:89:55:85:29:2b:09:5e:18:09:d5:f6:3c:19:c1:e9:d8:92:
27:34:db:3f:a5:57:d8:5f:87:8f:cd:a0:7b:ee:c4:e3:bd:db:
22:af:3c:37:5c:42:ee:f3:21:b8:d1:ca:b5:5f:9e:dc:2c:2f:
a7:b7:02:d1:1f:77:10:9d:02:5d:83:00:e0:ab:63:1b:82:0b:
6e:e1:4d:a0:1f:0c:ef:d9:c6:70:0f:ee:81:70:24:5d:5c:2a:
7f:71:65:1a:f7:cc:d3:38:96:96:55:e8:ad:2f:db:fc:de:39:
4d:2e:38:92:76:ec:7a:b7:2f:e2:e6:1c:de:30:b7:06:fa:af:
10:8e:ea:da:58:df:1b:79:d5:f5:c6:31:9f:74:75:f5:ea:67:
67:7d:1f:f4:96:05:3c:fa:e8:60:12:aa:b6:e9:25:81:76:8c:
05:64:0f:bf:41:42:da:22:e4:31:27:87:0e:f6:10:b0:75:4f:
25:10:7e:eb:57:25:72:47:f7:1d:50:5b:3f:58:34:2b:e0:74:
48:35:dd:94:96:35:7d:19:40:0d:3b:89:a4:7c:79:3e:78:8d:
52:f8:d1:1b:43:69:92:09:53:c6:2d:7c:9d:0b:97:07:05:80:
da:ab:52:99:ab:fa:1d:ce:03:4a:96:d0:1d:fb:7b:6a:81:c4:
77:f5:25:a1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoJ5XBdP0kKQFc9JO3QLdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYWYyZTk4N2QyYjYzYWRkYWE1YWRjMTc4ZjMxZTkwZDg3
NmFhYTcwHhcNMjUwMTAyMTc1NDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjU4MmYyMTdkM2ExNTk4NmQ4YjkwYmMyYWE2YzZmYTIyZjc4ZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptEzE7ZbmX3gCM3iEXlKWN8CedDB
Fe+uC59uyy81/mXEbStQLgQTGBng7VXkyE5OwrCuxnTZKdS9wRaoCC7zB3Pt0kHP
4u+aAqCAmGzzmDZbMgZn3CLJPfcVoNP9s+zet7NdicQIhXc94bg3PHEcGm9JnF3L
jeZrBIt4UiMKtiqXGQGpJqHVoueWQS2IZ27sZy4EFSSVCUWq6WCabju6KHvYnc/O
wgl3dly1Xv0fLV3i43pnEGi0SkAUUYK8cV5nMU4w8FJcEUTvt6Fvw/3xT7zaCyif
XBc6XC1JDTTXNXdB2BOMsNoozY9UZosJO+2kGwRRCCgqhmhFn5kI1ADF8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO9YLyF9OhWYbYuQvCqmxvoi944vMB8GA1UdIwQY
MBaAFEOvLph9K2Ot2qWtwXjzHpDYdqqnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTY4dW1IMHJZNjNhcGEzQmVQTWVrTmgycXFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82Njg0MzctOTdjMi00OGMyLWI3Yzgt
Y2M3NzQ2NzE5NDA2LzEvNzFndklYMDZGWmh0aTVDOEtxYkctaUwzamk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82Njg0MzctOTdjMi00OGMyLWI3YzgtY2M3NzQ2NzE5NDA2
LzEvUTY4dW1IMHJZNjNhcGEzQmVQTWVrTmgycXFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQL0MA0E
AgACMAcDBQAqAkRAMA0GCSqGSIb3DQEBCwUAA4IBAQBiiVWFKSsJXhgJ1fY8GcHp
2JInNNs/pVfYX4ePzaB77sTjvdsirzw3XELu8yG40cq1X57cLC+ntwLRH3cQnQJd
gwDgq2Mbggtu4U2gHwzv2cZwD+6BcCRdXCp/cWUa98zTOJaWVeitL9v83jlNLjiS
dux6ty/i5hzeMLcG+q8QjuraWN8bedX1xjGfdHX16mdnfR/0lgU8+uhgEqq26SWB
dowFZA+/QULaIuQxJ4cO9hCwdU8lEH7rVyVyR/cdUFs/WDQr4HRINd2UljV9GUAN
O4mkfHk+eI1S+NEbQ2mSCVPGLXydC5cHBYDaq1KZq/odzgNKltAd+3tqgcR39SWh
-----END CERTIFICATE-----
Generated at Sun Apr 13 14:13:15 2025 by rpki-client