Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/cZNThB_jk2noBG8YtvmrQUXM7A8.roa
File: cZNThB_jk2noBG8YtvmrQUXM7A8.roa (raw, json)
Hash identifier: iXfGM6dzzfNtT7f4YAxIq0/HoZkuUS3xKDy4j4hKu1k=
Subject key identifier: 71:93:53:84:1F:E3:93:69:E8:04:6F:18:B6:F9:AB:41:45:CC:EC:0F
Certificate issuer: /CN=ad4c830b11261483a62b6696a4c3720e8ad88a0d
Certificate serial: 019428230E1F29E103963D2FD7993F195935
Authority key identifier: AD:4C:83:0B:11:26:14:83:A6:2B:66:96:A4:C3:72:0E:8A:D8:8A:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rUyDCxEmFIOmK2aWpMNyDorYig0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/cZNThB_jk2noBG8YtvmrQUXM7A8.roa
Signing time: Thu 02 Jan 2025 17:49:33 +0000
ROA not before: Thu 02 Jan 2025 17:49:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3209
IP address blocks: 91.216.108.0/24 maxlen: 24
195.66.76.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/rUyDCxEmFIOmK2aWpMNyDorYig0.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/rUyDCxEmFIOmK2aWpMNyDorYig0.mft
rsync://rpki.ripe.net/repository/DEFAULT/rUyDCxEmFIOmK2aWpMNyDorYig0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 15:33:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:23:0e:1f:29:e1:03:96:3d:2f:d7:99:3f:19:59:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ad4c830b11261483a62b6696a4c3720e8ad88a0d
Validity
Not Before: Jan 2 17:49:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=719353841fe39369e8046f18b6f9ab4145ccec0f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:f3:9d:7f:ce:ec:f5:f6:64:c3:f6:4c:58:a9:
b1:d6:b3:d9:21:c2:83:69:e0:b3:ab:ef:88:e8:40:
cf:5e:59:35:91:fe:c1:20:ef:06:ec:c6:87:70:c7:
1f:fc:b6:9b:6a:d2:86:7d:89:a1:36:98:2f:7e:9d:
7a:6e:84:a1:b7:d5:94:67:f9:78:7f:10:34:eb:de:
49:7f:4e:9d:8e:dc:fa:b6:46:cf:27:d8:3a:81:06:
cb:50:9f:cd:08:34:f1:4a:c6:86:a5:de:0e:93:da:
ed:3b:03:a0:d4:e7:b8:c0:aa:79:cb:71:dc:4c:89:
ff:48:a1:8a:96:2e:6f:6a:39:41:ab:53:08:32:96:
bc:a2:2b:c0:35:62:1a:ac:4b:f2:83:b0:38:fd:5f:
c3:87:f4:5b:a9:56:50:2b:8a:75:0a:fb:ba:14:08:
93:77:e4:bc:76:0c:06:c4:a1:ca:4f:64:9d:af:d7:
aa:c8:d0:8a:9c:18:89:42:47:79:37:e2:f0:96:88:
c3:4d:c9:69:78:3e:bd:5b:c9:8a:29:47:9c:da:3f:
99:89:8d:00:ed:ac:55:b9:3c:db:32:dd:d8:48:02:
94:c0:fa:6d:3b:5c:e2:5d:39:73:5e:6e:b5:9c:e3:
92:e6:c0:22:1f:45:3f:c2:d6:15:4e:23:42:f6:1c:
e9:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:93:53:84:1F:E3:93:69:E8:04:6F:18:B6:F9:AB:41:45:CC:EC:0F
X509v3 Authority Key Identifier:
keyid:AD:4C:83:0B:11:26:14:83:A6:2B:66:96:A4:C3:72:0E:8A:D8:8A:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rUyDCxEmFIOmK2aWpMNyDorYig0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/cZNThB_jk2noBG8YtvmrQUXM7A8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6a6ba-ae05-4524-84d1-222ceb6c344c/1/rUyDCxEmFIOmK2aWpMNyDorYig0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.216.108.0/24
195.66.76.0/24
Signature Algorithm: sha256WithRSAEncryption
52:b6:21:7c:3e:93:a6:a3:c6:da:ce:5a:af:7d:4f:ba:ef:37:
e8:91:43:e9:7f:80:02:d7:17:20:bd:4e:f4:6f:cf:56:36:14:
02:e5:44:2a:f9:ac:72:77:0d:bd:4b:8c:98:5e:76:e8:a4:82:
bc:e6:a2:41:f5:4b:9f:92:e6:2f:f4:a5:42:68:73:f5:f1:99:
6c:c9:06:c8:a8:b4:a4:4d:d9:48:52:d8:90:27:0f:5f:79:78:
04:5d:99:28:40:d1:94:e0:a8:47:da:de:a5:15:fe:03:15:56:
92:b6:7b:68:8d:eb:57:78:0a:17:95:45:f7:1c:12:ef:70:6b:
9e:86:fa:0e:21:23:6b:2f:47:dc:23:90:38:58:cd:98:cb:c3:
7f:6c:57:27:cc:21:94:f8:e2:39:0e:d9:33:21:ac:fa:15:75:
bf:0b:1a:17:ad:ed:45:b8:9d:1f:a1:ed:85:dc:21:fb:76:f2:
8d:57:98:8e:fd:f0:fb:d0:c1:88:db:f6:80:9a:a5:88:42:38:
ff:e5:85:37:ab:bc:93:1d:8a:92:d2:b2:e4:8b:4f:2d:26:6c:
a8:45:7e:d4:21:78:8f:19:cf:1c:a2:93:bb:99:2f:92:33:a7:
90:f6:de:d7:76:b7:d4:63:0f:00:a6:48:96:4b:b0:8b:ee:da:
7b:65:40:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoIw4fKeEDlj0v15k/GVk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNGM4MzBiMTEyNjE0ODNhNjJiNjY5NmE0YzM3MjBlOGFk
ODhhMGQwHhcNMjUwMTAyMTc0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTkzNTM4NDFmZTM5MzY5ZTgwNDZmMThiNmY5YWI0MTQ1Y2NlYzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovOdf87s9fZkw/ZMWKmx1rPZIcKD
aeCzq++I6EDPXlk1kf7BIO8G7MaHcMcf/LabatKGfYmhNpgvfp16boSht9WUZ/l4
fxA0695Jf06djtz6tkbPJ9g6gQbLUJ/NCDTxSsaGpd4Ok9rtOwOg1Oe4wKp5y3Hc
TIn/SKGKli5vajlBq1MIMpa8oivANWIarEvyg7A4/V/Dh/RbqVZQK4p1Cvu6FAiT
d+S8dgwGxKHKT2Sdr9eqyNCKnBiJQkd5N+LwlojDTclpeD69W8mKKUec2j+ZiY0A
7axVuTzbMt3YSAKUwPptO1ziXTlzXm61nOOS5sAiH0U/wtYVTiNC9hzprwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHGTU4Qf45Np6ARvGLb5q0FFzOwPMB8GA1UdIwQY
MBaAFK1MgwsRJhSDpitmlqTDcg6K2IoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclV5REN4RW1GSU9tSzJhV3BNTnlEb3JZaWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jNmE2YmEtYWUwNS00NTI0LTg0ZDEt
MjIyY2ViNmMzNDRjLzEvY1pOVGhCX2prMm5vQkc4WXR2bXJRVVhNN0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jNmE2YmEtYWUwNS00NTI0LTg0ZDEtMjIyY2ViNmMzNDRj
LzEvclV5REN4RW1GSU9tSzJhV3BNTnlEb3JZaWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9hsAwQA
w0JMMA0GCSqGSIb3DQEBCwUAA4IBAQBStiF8PpOmo8bazlqvfU+67zfokUPpf4AC
1xcgvU70b89WNhQC5UQq+axydw29S4yYXnbopIK85qJB9UufkuYv9KVCaHP18Zls
yQbIqLSkTdlIUtiQJw9feXgEXZkoQNGU4KhH2t6lFf4DFVaStntojetXeAoXlUX3
HBLvcGuehvoOISNrL0fcI5A4WM2Yy8N/bFcnzCGU+OI5DtkzIaz6FXW/CxoXre1F
uJ0foe2F3CH7dvKNV5iO/fD70MGI2/aAmqWIQjj/5YU3q7yTHYqS0rLki08tJmyo
RX7UIXiPGc8copO7mS+SM6eQ9t7XdrfUYw8ApkiWS7CL7tp7ZUCs
-----END CERTIFICATE-----
Generated at Thu Apr 17 18:43:14 2025 by rpki-client