Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/13150c-85da-458d-bc6c-9e24968e6664/1/7NPjy0_LNEtrF1BCG60HRzqdKlw.roa
File: 7NPjy0_LNEtrF1BCG60HRzqdKlw.roa (raw, json)
Hash identifier: QFPKpHBMjVle5FlNRbqdK60lHpC8YmYJkA7cV7MHx8U=
Subject key identifier: EC:D3:E3:CB:4F:CB:34:4B:6B:17:50:42:1B:AD:07:47:3A:9D:2A:5C
Certificate issuer: /CN=63a759b06e6fed03b0930749153fc16a12a501e0
Certificate serial: 01953C653E06304DEED9A3CCC4463A15849B
Authority key identifier: 63:A7:59:B0:6E:6F:ED:03:B0:93:07:49:15:3F:C1:6A:12:A5:01:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y6dZsG5v7QOwkwdJFT_BahKlAeA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/13150c-85da-458d-bc6c-9e24968e6664/1/7NPjy0_LNEtrF1BCG60HRzqdKlw.roa
Signing time: Tue 25 Feb 2025 09:17:02 +0000
ROA not before: Tue 25 Feb 2025 09:17:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207589
IP address blocks: 89.40.210.0/24 maxlen: 24
91.205.43.0/24 maxlen: 24
185.109.254.0/24 maxlen: 24
2a06:c900::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/13150c-85da-458d-bc6c-9e24968e6664/1/Y6dZsG5v7QOwkwdJFT_BahKlAeA.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/13150c-85da-458d-bc6c-9e24968e6664/1/Y6dZsG5v7QOwkwdJFT_BahKlAeA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Y6dZsG5v7QOwkwdJFT_BahKlAeA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:3c:65:3e:06:30:4d:ee:d9:a3:cc:c4:46:3a:15:84:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63a759b06e6fed03b0930749153fc16a12a501e0
Validity
Not Before: Feb 25 09:17:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ecd3e3cb4fcb344b6b1750421bad07473a9d2a5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:2e:f8:a3:1e:5e:65:11:03:c5:9f:5e:1e:e1:
36:1f:bd:ea:66:5b:4f:ad:73:6f:da:bb:83:2a:e6:
79:cb:08:43:43:5d:fa:8f:09:0d:b3:9a:48:3f:a3:
b9:20:e6:6a:54:e4:92:ac:c8:fe:f0:eb:fa:44:b9:
8d:3d:65:75:87:47:db:22:8e:19:52:ab:41:c9:6a:
bf:6a:72:95:ed:ac:70:a3:e0:1a:f6:20:4d:02:75:
8b:94:89:ab:d0:99:15:50:e1:94:46:e5:c3:c1:51:
77:6e:b5:7b:84:16:f3:68:ff:f3:ea:2d:4a:3a:35:
32:c9:3b:79:de:6f:b3:5a:9f:3f:86:54:ba:dc:cd:
b0:82:0d:e7:68:20:61:2a:2b:fa:76:b7:a9:cc:c1:
d8:44:ad:74:9d:6e:cc:8d:52:2c:6a:ca:be:9e:84:
ae:eb:02:80:7f:a0:68:11:15:ff:7e:a3:5d:6e:29:
47:06:4a:91:a0:c3:df:58:07:92:0b:dc:cc:4b:89:
d9:2f:77:c1:1a:d6:06:e3:c2:9e:83:8d:94:0e:c8:
5d:e4:41:01:e5:3a:89:06:d2:47:70:6f:30:ca:ec:
4b:11:0c:dd:c3:6c:d4:b8:e8:f1:a3:e3:2c:29:99:
61:8b:23:78:5a:31:48:2d:84:c9:47:0d:d8:4d:03:
8e:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:D3:E3:CB:4F:CB:34:4B:6B:17:50:42:1B:AD:07:47:3A:9D:2A:5C
X509v3 Authority Key Identifier:
keyid:63:A7:59:B0:6E:6F:ED:03:B0:93:07:49:15:3F:C1:6A:12:A5:01:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y6dZsG5v7QOwkwdJFT_BahKlAeA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/13150c-85da-458d-bc6c-9e24968e6664/1/7NPjy0_LNEtrF1BCG60HRzqdKlw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/13150c-85da-458d-bc6c-9e24968e6664/1/Y6dZsG5v7QOwkwdJFT_BahKlAeA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.210.0/24
91.205.43.0/24
185.109.254.0/24
IPv6:
2a06:c900::/29
Signature Algorithm: sha256WithRSAEncryption
27:a8:fc:ba:10:8e:0a:54:12:05:82:c0:6f:19:31:19:d1:da:
5a:ce:32:c2:72:3d:97:f2:9a:33:0e:d3:e6:f8:0e:df:4a:4a:
cb:b9:ac:22:28:4c:37:06:08:08:77:f6:b1:2a:b7:c3:ba:28:
79:0c:db:32:31:70:62:c8:46:1e:aa:0c:a7:e7:aa:0a:b8:88:
35:4e:0a:33:18:34:0b:63:71:58:9c:14:26:4c:3c:0d:27:49:
86:4c:fa:37:6a:6a:1c:6a:53:66:aa:3d:e9:6f:b1:4b:f3:4b:
13:12:51:46:e8:8c:a2:e3:6e:96:34:84:27:d4:0e:3d:8c:f3:
4f:f6:6b:b1:ce:db:bd:5b:4c:b0:e9:b2:9a:32:b0:97:e9:5e:
21:df:48:84:af:49:97:b8:c3:90:81:c4:5a:0d:f6:ce:82:63:
cd:bc:84:45:79:c5:55:30:8c:fc:e6:76:b1:6d:1c:be:3c:97:
27:0a:91:c3:4b:e7:e8:1e:65:8d:a6:ac:31:f2:3e:f5:00:da:
83:3b:39:02:2c:66:41:70:01:8c:34:6e:a2:02:63:a1:6e:df:
71:11:9e:8c:84:21:85:03:9e:63:81:e1:37:80:44:9f:db:5b:
c2:03:16:3c:ce:e3:3c:dd:69:28:d7:39:ec:ba:08:f5:bd:6b:
15:6f:a6:bd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZU8ZT4GME3u2aPMxEY6FYSbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYTc1OWIwNmU2ZmVkMDNiMDkzMDc0OTE1M2ZjMTZhMTJh
NTAxZTAwHhcNMjUwMjI1MDkxNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2QzZTNjYjRmY2IzNDRiNmIxNzUwNDIxYmFkMDc0NzNhOWQyYTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS74ox5eZREDxZ9eHuE2H73qZltP
rXNv2ruDKuZ5ywhDQ136jwkNs5pIP6O5IOZqVOSSrMj+8Ov6RLmNPWV1h0fbIo4Z
UqtByWq/anKV7axwo+Aa9iBNAnWLlImr0JkVUOGURuXDwVF3brV7hBbzaP/z6i1K
OjUyyTt53m+zWp8/hlS63M2wgg3naCBhKiv6drepzMHYRK10nW7MjVIsasq+noSu
6wKAf6BoERX/fqNdbilHBkqRoMPfWAeSC9zMS4nZL3fBGtYG48Keg42UDshd5EEB
5TqJBtJHcG8wyuxLEQzdw2zUuOjxo+MsKZlhiyN4WjFILYTJRw3YTQOOKwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFOzT48tPyzRLaxdQQhutB0c6nSpcMB8GA1UdIwQY
MBaAFGOnWbBub+0DsJMHSRU/wWoSpQHgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTZkWnNHNXY3UU93a3dkSkZUX0JhaEtsQWVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8xMzE1MGMtODVkYS00NThkLWJjNmMt
OWUyNDk2OGU2NjY0LzEvN05QankwX0xORXRyRjFCQ0c2MEhSenFkS2x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8xMzE1MGMtODVkYS00NThkLWJjNmMtOWUyNDk2OGU2NjY0
LzEvWTZkWnNHNXY3UU93a3dkSkZUX0JhaEtsQWVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAWSjSAwQA
W80rAwQAuW3+MA0EAgACMAcDBQMqBskAMA0GCSqGSIb3DQEBCwUAA4IBAQAnqPy6
EI4KVBIFgsBvGTEZ0dpazjLCcj2X8pozDtPm+A7fSkrLuawiKEw3BggId/axKrfD
uih5DNsyMXBiyEYeqgyn56oKuIg1TgozGDQLY3FYnBQmTDwNJ0mGTPo3amocalNm
qj3pb7FL80sTElFG6Iyi426WNIQn1A49jPNP9muxztu9W0yw6bKaMrCX6V4h30iE
r0mXuMOQgcRaDfbOgmPNvIRFecVVMIz85naxbRy+PJcnCpHDS+foHmWNpqwx8j71
ANqDOzkCLGZBcAGMNG6iAmOhbt9xEZ6MhCGFA55jgeE3gESf21vCAxY8zuM83Wko
1znsugj1vWsVb6a9
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:19:06 2025 by rpki-client