Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9afe35-0e3f-4d70-b1a4-2ae793da4770/1/1-NNWhK-5UZlX86GIvBS3F5KFXGM.roa
File: 1-NNWhK-5UZlX86GIvBS3F5KFXGM.roa (raw, json)
Hash identifier: ZnHYmG2JFMVQIt7lMjIb53DbqPPrkNie9D30hGqcWLQ=
Subject key identifier: F8:D3:56:84:AF:B9:51:99:57:F3:A1:88:BC:14:B7:17:92:85:5C:63
Certificate issuer: /CN=d7eaba53d6dfbab4e976120c1e20268bbfe8a0e0
Certificate serial: 01941FFAA42971E33D0CF4862E906896C834
Authority key identifier: D7:EA:BA:53:D6:DF:BA:B4:E9:76:12:0C:1E:20:26:8B:BF:E8:A0:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-q6U9bfurTpdhIMHiAmi7_ooOA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/9afe35-0e3f-4d70-b1a4-2ae793da4770/1/1-NNWhK-5UZlX86GIvBS3F5KFXGM.roa
Signing time: Wed 01 Jan 2025 03:48:27 +0000
ROA not before: Wed 01 Jan 2025 03:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33987
IP address blocks: 84.21.224.0/21 maxlen: 21
84.21.232.0/23 maxlen: 23
84.21.234.0/23 maxlen: 23
84.21.236.0/23 maxlen: 23
84.21.238.0/23 maxlen: 23
84.21.240.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/9afe35-0e3f-4d70-b1a4-2ae793da4770/1/1-q6U9bfurTpdhIMHiAmi7_ooOA.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/9afe35-0e3f-4d70-b1a4-2ae793da4770/1/1-q6U9bfurTpdhIMHiAmi7_ooOA.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-q6U9bfurTpdhIMHiAmi7_ooOA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 15:00:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:a4:29:71:e3:3d:0c:f4:86:2e:90:68:96:c8:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d7eaba53d6dfbab4e976120c1e20268bbfe8a0e0
Validity
Not Before: Jan 1 03:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f8d35684afb9519957f3a188bc14b71792855c63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:55:d7:79:f3:8a:f8:e9:ac:16:58:4a:1e:bf:
0d:63:17:4f:7d:fd:9e:f5:b5:a6:ce:16:be:66:61:
92:29:fb:b3:05:7f:d3:1d:32:30:f4:2d:00:98:b7:
5b:1f:fd:c1:0a:23:38:9d:da:4e:bf:51:0b:5f:70:
7e:22:12:31:b8:d3:d6:a2:e0:6b:4e:e3:85:8c:ff:
5f:df:c7:65:01:8d:92:b7:a3:a3:6f:4d:7e:69:9a:
dd:fd:71:c7:61:5f:0e:d6:91:4c:ec:0a:6c:ee:97:
b9:59:4d:38:76:6d:cf:b9:11:f9:fe:b4:2d:20:3f:
6b:12:aa:62:39:45:76:68:d3:b6:87:d4:9f:67:09:
39:af:17:c8:20:d6:cb:51:92:21:4a:ee:89:b6:c2:
7d:6e:68:5e:1b:9e:46:60:77:27:66:b4:56:0f:e7:
04:6b:27:80:5d:e6:40:61:b4:db:e0:e2:d8:93:f2:
dd:a8:13:9b:35:bf:cb:47:70:81:2c:b1:a6:41:54:
b7:d7:30:5e:8d:44:ac:db:db:fd:66:1b:4b:ee:22:
18:65:aa:f8:f4:27:da:28:3b:2e:68:e1:30:6a:9f:
88:b8:fa:19:31:38:2d:18:5c:f2:73:b4:1b:2c:fe:
eb:17:b5:24:ae:c7:f8:a9:b0:75:62:44:f4:a8:3a:
f0:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:D3:56:84:AF:B9:51:99:57:F3:A1:88:BC:14:B7:17:92:85:5C:63
X509v3 Authority Key Identifier:
keyid:D7:EA:BA:53:D6:DF:BA:B4:E9:76:12:0C:1E:20:26:8B:BF:E8:A0:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-q6U9bfurTpdhIMHiAmi7_ooOA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9afe35-0e3f-4d70-b1a4-2ae793da4770/1/1-NNWhK-5UZlX86GIvBS3F5KFXGM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9afe35-0e3f-4d70-b1a4-2ae793da4770/1/1-q6U9bfurTpdhIMHiAmi7_ooOA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.21.224.0/19
Signature Algorithm: sha256WithRSAEncryption
53:6c:c6:1e:0a:27:ac:bc:c2:3d:68:f2:31:66:1c:52:44:6f:
e3:a6:55:65:26:9f:2f:20:a1:ef:c1:1d:e3:0a:22:25:ac:ba:
65:f5:68:73:99:d7:1a:f4:90:03:54:5a:66:38:35:5e:56:6b:
83:8e:ec:f0:9d:49:c8:6f:64:7d:7a:40:7a:4b:a9:c3:73:1f:
fa:57:0b:fc:d6:02:5a:1b:87:15:e7:43:86:94:8a:b9:0f:5f:
e7:2b:5e:2c:ff:29:eb:a3:86:1a:d1:97:fd:ce:10:f8:f2:b5:
87:d7:4f:0f:79:29:38:95:ae:d6:c1:3f:ea:c2:b3:3b:7e:2e:
ce:6c:e7:5b:1b:bf:bd:9b:9a:bf:af:8b:65:31:b1:e2:58:83:
5c:47:34:72:de:f7:73:08:21:16:bd:a2:43:f3:7b:45:8e:13:
50:67:ef:0b:eb:35:ea:02:36:ae:f7:70:b5:74:bd:cf:72:9b:
ce:5d:c2:78:1c:96:f8:b8:03:56:94:cf:07:8d:03:13:8c:78:
fa:b4:3e:1a:45:ff:95:af:01:ad:cf:03:e8:c4:91:2f:81:cd:
f0:1d:3f:12:26:fb:1e:14:b2:43:79:3f:6f:28:da:88:e8:88:
f2:34:e5:18:f4:fe:87:ec:b7:f7:a8:52:d6:dc:f2:76:36:9b:
e5:41:51:f3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQf+qQpceM9DPSGLpBolsg0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZWFiYTUzZDZkZmJhYjRlOTc2MTIwYzFlMjAyNjhiYmZl
OGEwZTAwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGQzNTY4NGFmYjk1MTk5NTdmM2ExODhiYzE0YjcxNzkyODU1YzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1XXefOK+OmsFlhKHr8NYxdPff2e
9bWmzha+ZmGSKfuzBX/THTIw9C0AmLdbH/3BCiM4ndpOv1ELX3B+IhIxuNPWouBr
TuOFjP9f38dlAY2St6Ojb01+aZrd/XHHYV8O1pFM7Aps7pe5WU04dm3PuRH5/rQt
ID9rEqpiOUV2aNO2h9SfZwk5rxfIINbLUZIhSu6JtsJ9bmheG55GYHcnZrRWD+cE
ayeAXeZAYbTb4OLYk/LdqBObNb/LR3CBLLGmQVS31zBejUSs29v9ZhtL7iIYZar4
9CfaKDsuaOEwap+IuPoZMTgtGFzyc7QbLP7rF7Ukrsf4qbB1YkT0qDrwIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjTVoSvuVGZV/OhiLwUtxeShVxjMB8GA1UdIwQY
MBaAFNfqulPW37q06XYSDB4gJou/6KDgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1xNlU5YmZ1clRwZGhJTUhpQW1pN19vb09BLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85YWZlMzUtMGUzZi00ZDcwLWIxYTQt
MmFlNzkzZGE0NzcwLzEvMS1OTldoSy01VVpsWDg2R0l2QlMzRjVLRlhHTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTAvOWFmZTM1LTBlM2YtNGQ3MC1iMWE0LTJhZTc5M2RhNDc3
MC8xLzEtcTZVOWJmdXJUcGRoSU1IaUFtaTdfb29PQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBVQV4DAN
BgkqhkiG9w0BAQsFAAOCAQEAU2zGHgonrLzCPWjyMWYcUkRv46ZVZSafLyCh78Ed
4woiJay6ZfVoc5nXGvSQA1RaZjg1XlZrg47s8J1JyG9kfXpAekupw3Mf+lcL/NYC
WhuHFedDhpSKuQ9f5yteLP8p66OGGtGX/c4Q+PK1h9dPD3kpOJWu1sE/6sKzO34u
zmznWxu/vZuav6+LZTGx4liDXEc0ct73cwghFr2iQ/N7RY4TUGfvC+s16gI2rvdw
tXS9z3Kbzl3CeByW+LgDVpTPB40DE4x4+rQ+GkX/la8Brc8D6MSRL4HN8B0/Eib7
HhSyQ3k/byjaiOiI8jTlGPT+h+y396hS1tzydjab5UFR8w==
-----END CERTIFICATE-----
Generated at Fri Apr 18 00:41:29 2025 by rpki-client