Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/16735d-6658-4b6f-a261-97ba37345aa8/1/KvOchdw6AYfLt261W6RR4KIthYY.roa
File: KvOchdw6AYfLt261W6RR4KIthYY.roa (raw, json)
Hash identifier: WXdEqSkBC/gQsasA/7q/ZdUFdpwAbrzjieJX5Z97f4U=
Subject key identifier: 2A:F3:9C:85:DC:3A:01:87:CB:B7:6E:B5:5B:A4:51:E0:A2:2D:85:86
Certificate issuer: /CN=7479df50a315029e80aa1947afe12db1e948628b
Certificate serial: 019420D5AFC56840B617CD1E3D255D668557
Authority key identifier: 74:79:DF:50:A3:15:02:9E:80:AA:19:47:AF:E1:2D:B1:E9:48:62:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dHnfUKMVAp6AqhlHr-EtselIYos.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/16735d-6658-4b6f-a261-97ba37345aa8/1/KvOchdw6AYfLt261W6RR4KIthYY.roa
Signing time: Wed 01 Jan 2025 07:47:42 +0000
ROA not before: Wed 01 Jan 2025 07:47:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30833
IP address blocks: 79.98.136.0/21 maxlen: 21
79.98.136.0/22 maxlen: 22
79.98.140.0/22 maxlen: 22
80.249.200.0/22 maxlen: 22
80.249.200.0/23 maxlen: 23
80.249.202.0/23 maxlen: 23
217.78.176.0/20 maxlen: 20
217.78.176.0/21 maxlen: 21
217.78.184.0/21 maxlen: 21
2a00:d98::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dc/16735d-6658-4b6f-a261-97ba37345aa8/1/dHnfUKMVAp6AqhlHr-EtselIYos.crl
rsync://rpki.ripe.net/repository/DEFAULT/dc/16735d-6658-4b6f-a261-97ba37345aa8/1/dHnfUKMVAp6AqhlHr-EtselIYos.mft
rsync://rpki.ripe.net/repository/DEFAULT/dHnfUKMVAp6AqhlHr-EtselIYos.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 19:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:af:c5:68:40:b6:17:cd:1e:3d:25:5d:66:85:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7479df50a315029e80aa1947afe12db1e948628b
Validity
Not Before: Jan 1 07:47:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2af39c85dc3a0187cbb76eb55ba451e0a22d8586
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:c4:74:44:ee:30:c9:09:c1:29:ad:a4:a8:36:
49:45:4b:75:dc:b9:f5:2a:04:aa:ff:a7:d1:f2:4f:
ec:f1:cc:73:91:cf:44:da:77:c9:b7:77:11:b2:53:
fb:d8:c6:bc:18:b3:0d:dd:b5:63:ba:91:bf:f3:bc:
6e:61:34:56:07:56:7e:30:ce:df:b4:59:28:69:a1:
77:92:a2:b6:07:47:70:d6:89:a1:d2:3f:1e:ec:48:
69:e4:a2:b4:47:5a:30:6e:a7:85:5d:8a:2a:65:94:
9d:d1:69:ba:36:3a:48:6b:3a:e0:f9:54:81:9d:4d:
2a:34:9b:51:31:85:f5:e9:1d:23:c4:55:23:34:30:
5b:dd:4f:48:bb:14:51:15:eb:79:bc:a0:54:33:cc:
c7:f9:15:03:c9:0b:61:af:68:1c:f8:e2:70:27:79:
7e:af:48:53:7d:fb:0d:64:cd:4a:35:86:3d:c9:f1:
08:c3:53:e6:9a:2f:d1:e4:31:63:43:d2:f3:73:85:
2a:f2:72:4c:ef:08:e6:13:02:ad:29:8a:17:81:fe:
50:5e:25:9d:7d:ca:a2:64:ba:f5:e1:5f:da:06:e2:
b5:3b:84:0c:3a:b1:42:36:78:55:49:44:d8:71:d9:
2a:34:a3:84:40:95:a9:bc:aa:2d:ee:bf:79:72:20:
9f:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:F3:9C:85:DC:3A:01:87:CB:B7:6E:B5:5B:A4:51:E0:A2:2D:85:86
X509v3 Authority Key Identifier:
keyid:74:79:DF:50:A3:15:02:9E:80:AA:19:47:AF:E1:2D:B1:E9:48:62:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHnfUKMVAp6AqhlHr-EtselIYos.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/16735d-6658-4b6f-a261-97ba37345aa8/1/KvOchdw6AYfLt261W6RR4KIthYY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/16735d-6658-4b6f-a261-97ba37345aa8/1/dHnfUKMVAp6AqhlHr-EtselIYos.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.98.136.0/21
80.249.200.0/22
217.78.176.0/20
IPv6:
2a00:d98::/32
Signature Algorithm: sha256WithRSAEncryption
87:6f:da:e2:f2:ce:b6:50:fb:80:a4:97:06:7a:9d:79:f5:ea:
23:e9:c2:50:dd:d2:47:59:34:35:ce:7e:b1:96:dc:fb:eb:92:
65:47:7b:82:92:35:2d:24:bf:48:2f:93:19:c5:25:66:a7:77:
29:97:ed:02:ae:c0:9c:09:e6:cb:d2:77:43:d9:b2:e5:3c:83:
bd:da:da:70:73:c1:cd:63:e6:e9:15:8b:61:06:26:9b:6d:22:
6d:50:1f:a9:02:f4:2c:a8:ee:fa:1b:2b:48:0b:29:7c:3a:23:
26:88:08:22:0d:4a:af:c1:68:12:d0:5b:6a:a3:f1:b3:40:cf:
6c:f0:45:0f:47:98:ea:65:e3:e8:78:9c:7f:54:83:62:b8:cd:
35:13:83:eb:04:13:78:da:34:9e:d2:a6:95:52:c9:ae:cf:82:
b6:cd:e3:27:0a:03:03:ed:77:42:27:35:29:57:01:7d:ea:2f:
2a:ac:47:f4:7d:25:c4:1e:7c:58:18:db:7f:50:46:72:fd:42:
01:ed:ab:16:df:6b:29:3d:6b:6e:d1:23:7a:af:65:78:c1:a2:
71:72:8e:5c:18:e6:31:92:e1:90:9c:84:fa:e4:da:29:6f:db:
71:00:4c:3b:d0:2a:20:dd:8d:06:3b:56:f6:eb:e9:66:9f:3d:
ac:79:18:22
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQg1a/FaEC2F80ePSVdZoVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NzlkZjUwYTMxNTAyOWU4MGFhMTk0N2FmZTEyZGIxZTk0
ODYyOGIwHhcNMjUwMTAxMDc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWYzOWM4NWRjM2EwMTg3Y2JiNzZlYjU1YmE0NTFlMGEyMmQ4NTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncR0RO4wyQnBKa2kqDZJRUt13Ln1
KgSq/6fR8k/s8cxzkc9E2nfJt3cRslP72Ma8GLMN3bVjupG/87xuYTRWB1Z+MM7f
tFkoaaF3kqK2B0dw1omh0j8e7Ehp5KK0R1owbqeFXYoqZZSd0Wm6NjpIazrg+VSB
nU0qNJtRMYX16R0jxFUjNDBb3U9IuxRRFet5vKBUM8zH+RUDyQthr2gc+OJwJ3l+
r0hTffsNZM1KNYY9yfEIw1Pmmi/R5DFjQ9Lzc4Uq8nJM7wjmEwKtKYoXgf5QXiWd
fcqiZLr14V/aBuK1O4QMOrFCNnhVSUTYcdkqNKOEQJWpvKot7r95ciCf1wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCrznIXcOgGHy7dutVukUeCiLYWGMB8GA1UdIwQY
MBaAFHR531CjFQKegKoZR6/hLbHpSGKLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEhuZlVLTVZBcDZBcWhsSHItRXRzZWxJWW9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNjczNWQtNjY1OC00YjZmLWEyNjEt
OTdiYTM3MzQ1YWE4LzEvS3ZPY2hkdzZBWWZMdDI2MVc2UlI0S0l0aFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNjczNWQtNjY1OC00YjZmLWEyNjEtOTdiYTM3MzQ1YWE4
LzEvZEhuZlVLTVZBcDZBcWhsSHItRXRzZWxJWW9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDT2KIAwQC
UPnIAwQE2U6wMA0EAgACMAcDBQAqAA2YMA0GCSqGSIb3DQEBCwUAA4IBAQCHb9ri
8s62UPuApJcGep159eoj6cJQ3dJHWTQ1zn6xltz765JlR3uCkjUtJL9IL5MZxSVm
p3cpl+0CrsCcCebL0ndD2bLlPIO92tpwc8HNY+bpFYthBiabbSJtUB+pAvQsqO76
GytICyl8OiMmiAgiDUqvwWgS0Ftqo/GzQM9s8EUPR5jqZePoeJx/VINiuM01E4Pr
BBN42jSe0qaVUsmuz4K2zeMnCgMD7XdCJzUpVwF96i8qrEf0fSXEHnxYGNt/UEZy
/UIB7asW32spPWtu0SN6r2V4waJxco5cGOYxkuGQnIT65Nopb9txAEw70Cog3Y0G
O1b26+lmnz2seRgi
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:52:54 2025 by rpki-client