Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/nN0268R_P_aKT1sf7oXH85sdmdM.roa
File: nN0268R_P_aKT1sf7oXH85sdmdM.roa (raw, json)
Hash identifier: eRvUawuSfAWt04/TWTxPXx+OS/+ypZ4rVRQY70FXgF8=
Subject key identifier: 9C:DD:36:EB:C4:7F:3F:F6:8A:4F:5B:1F:EE:85:C7:F3:9B:1D:99:D3
Certificate issuer: /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial: 01942143F4CF6BBADDC06A958CCD244098D4
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/nN0268R_P_aKT1sf7oXH85sdmdM.roa
Signing time: Wed 01 Jan 2025 09:48:09 +0000
ROA not before: Wed 01 Jan 2025 09:48:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9123
IP address blocks: 5.42.220.0/24 maxlen: 24
45.91.236.0/24 maxlen: 24
45.91.237.0/24 maxlen: 24
45.91.238.0/24 maxlen: 24
80.68.156.0/24 maxlen: 24
91.240.254.0/24 maxlen: 24
185.201.28.0/24 maxlen: 24
185.211.170.0/24 maxlen: 24
195.206.243.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 07:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:f4:cf:6b:ba:dd:c0:6a:95:8c:cd:24:40:98:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Validity
Not Before: Jan 1 09:48:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9cdd36ebc47f3ff68a4f5b1fee85c7f39b1d99d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:2b:e0:54:c3:58:d2:41:49:42:4a:2f:33:f6:
91:57:d9:74:84:bd:eb:0b:4e:86:09:9e:83:01:46:
40:33:7c:3b:de:21:a5:0f:ca:86:50:6b:b0:66:a0:
92:48:5a:ab:b5:87:b1:ce:52:d8:ec:e9:b0:21:50:
bf:f1:85:a8:e2:ce:10:6a:72:38:18:6a:fd:f9:cf:
5d:26:5c:d3:0e:67:1d:50:7b:a1:1d:c5:20:55:70:
48:43:3f:35:ef:dd:6d:1b:73:45:28:6c:a2:a1:8f:
d5:dc:ac:87:3f:23:8b:39:74:9f:c9:df:ef:fc:58:
82:9e:a6:a1:4c:11:88:97:7a:fb:99:c1:fe:15:42:
73:f1:0d:2e:2c:47:c2:fe:5a:f9:87:00:33:b2:b2:
24:56:e6:17:d3:78:f3:81:54:1c:41:13:34:32:ff:
d6:32:54:2f:ff:8a:14:c4:3d:42:3e:9d:f2:61:23:
3f:24:7f:d3:08:8d:c5:73:2c:4b:3b:50:35:9f:74:
47:97:cf:e6:c3:4b:7d:92:d0:b8:dd:49:52:cf:51:
b4:72:57:79:0d:03:4c:32:d0:93:da:74:6e:03:7b:
d5:5b:9e:85:97:09:ec:ba:1d:df:bd:44:d5:9e:f2:
56:24:5e:2f:5d:4d:ec:61:32:64:52:31:a5:a5:43:
db:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:DD:36:EB:C4:7F:3F:F6:8A:4F:5B:1F:EE:85:C7:F3:9B:1D:99:D3
X509v3 Authority Key Identifier:
keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/nN0268R_P_aKT1sf7oXH85sdmdM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.220.0/24
45.91.236.0-45.91.238.255
80.68.156.0/24
91.240.254.0/24
185.201.28.0/24
185.211.170.0/24
195.206.243.0/24
Signature Algorithm: sha256WithRSAEncryption
31:94:53:79:b9:e0:92:94:4f:34:9f:7f:44:60:0e:25:81:36:
8f:39:92:cb:70:e4:b0:32:61:4e:83:05:4a:d9:da:9a:4d:25:
16:c7:62:8e:25:03:f7:ac:9b:dd:e1:49:22:22:ea:ab:d3:0e:
d1:45:31:8b:b1:6e:07:30:2c:52:be:f6:44:68:e8:8f:a9:bd:
36:35:d4:f3:7d:40:76:96:52:76:d8:27:33:42:f3:49:f4:7a:
e9:c3:9f:3c:75:68:65:cf:4e:b5:9d:a5:39:d8:54:60:33:2c:
4c:00:ba:d8:81:bc:6d:b6:1f:73:ca:3e:49:d9:68:87:b7:0a:
07:3f:e0:49:c6:a4:ee:97:3a:8a:96:06:bf:07:fb:32:43:9c:
f4:b3:f6:0a:30:11:98:38:77:69:e6:de:10:2d:93:a0:9a:52:
3c:17:71:49:51:33:6b:de:2b:d8:68:f6:5f:e0:91:a3:c6:0d:
6e:47:db:58:58:f5:ea:08:ee:be:83:a1:9d:01:c4:ca:c9:4a:
5c:d1:29:ba:fe:d5:bb:38:3f:80:3a:93:87:4d:00:79:02:9d:
0f:30:46:9b:3e:df:0f:93:c1:9c:7f:ef:2b:d4:f7:d6:d3:2c:
ae:78:27:e2:78:47:29:40:34:77:5c:8f:21:f6:e2:03:12:1c:
70:fc:d6:31
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZQhQ/TPa7rdwGqVjM0kQJjUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2RkMzZlYmM0N2YzZmY2OGE0ZjViMWZlZTg1YzdmMzliMWQ5OWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCvgVMNY0kFJQkovM/aRV9l0hL3r
C06GCZ6DAUZAM3w73iGlD8qGUGuwZqCSSFqrtYexzlLY7OmwIVC/8YWo4s4QanI4
GGr9+c9dJlzTDmcdUHuhHcUgVXBIQz81791tG3NFKGyioY/V3KyHPyOLOXSfyd/v
/FiCnqahTBGIl3r7mcH+FUJz8Q0uLEfC/lr5hwAzsrIkVuYX03jzgVQcQRM0Mv/W
MlQv/4oUxD1CPp3yYSM/JH/TCI3FcyxLO1A1n3RHl8/mw0t9ktC43UlSz1G0cld5
DQNMMtCT2nRuA3vVW56Flwnsuh3fvUTVnvJWJF4vXU3sYTJkUjGlpUPbpQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFJzdNuvEfz/2ik9bH+6Fx/ObHZnTMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvbk4wMjY4Ul9QX2FLVDFzZjdvWEg4NXNkbWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQABSrcMAwD
BAItW+wDBAAtW+4DBABQRJwDBABb8P4DBAC5yRwDBAC506oDBADDzvMwDQYJKoZI
hvcNAQELBQADggEBADGUU3m54JKUTzSff0RgDiWBNo85kstw5LAyYU6DBUrZ2ppN
JRbHYo4lA/esm93hSSIi6qvTDtFFMYuxbgcwLFK+9kRo6I+pvTY11PN9QHaWUnbY
JzNC80n0eunDnzx1aGXPTrWdpTnYVGAzLEwAutiBvG22H3PKPknZaIe3Cgc/4EnG
pO6XOoqWBr8H+zJDnPSz9gowEZg4d2nm3hAtk6CaUjwXcUlRM2veK9ho9l/gkaPG
DW5H21hY9eoI7r6DoZ0BxMrJSlzRKbr+1bs4P4A6k4dNAHkCnQ8wRps+3w+TwZx/
7yvU99bTLK54J+J4RylANHdcjyH24gMSHHD81jE=
-----END CERTIFICATE-----
Generated at Sun Apr 6 13:41:11 2025 by rpki-client