Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/NibkP4WwhFNgZ640yvtXLfFiJrg.roa
File: NibkP4WwhFNgZ640yvtXLfFiJrg.roa (raw, json)
Hash identifier: a/esbL59f+nmLVH7R2fnAmETOkLcHJ2GIe7zJ0dWkJ0=
Subject key identifier: 36:26:E4:3F:85:B0:84:53:60:67:AE:34:CA:FB:57:2D:F1:62:26:B8
Certificate issuer: /CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
Certificate serial: 01948D4248A1C0E020F838072996A26ACAE9
Authority key identifier: D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/NibkP4WwhFNgZ640yvtXLfFiJrg.roa
Signing time: Wed 22 Jan 2025 09:05:18 +0000
ROA not before: Wed 22 Jan 2025 09:05:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210055
IP address blocks: 176.119.132.0/22 maxlen: 22
176.119.132.0/24 maxlen: 24
176.119.133.0/24 maxlen: 24
176.119.134.0/24 maxlen: 24
176.119.135.0/24 maxlen: 24
185.214.170.0/23 maxlen: 23
185.214.170.0/24 maxlen: 24
185.214.171.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.mft
rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 23:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:8d:42:48:a1:c0:e0:20:f8:38:07:29:96:a2:6a:ca:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
Validity
Not Before: Jan 22 09:05:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3626e43f85b084536067ae34cafb572df16226b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:2e:38:68:11:38:0f:b7:1b:f8:5d:54:e3:80:
04:90:2c:d4:d6:75:35:48:61:b4:fb:c9:18:94:20:
70:cb:b6:39:de:de:c9:e0:ff:72:9f:a5:d9:2e:fe:
d7:0d:c3:c5:3c:96:fb:26:56:33:ce:21:a6:09:6e:
c3:ec:ae:cd:6c:5a:87:35:63:01:92:f1:ce:ed:20:
37:54:cb:7d:b4:38:06:a5:26:84:13:60:fd:82:26:
a3:0e:c0:d8:06:b3:b6:3d:ea:1a:98:8f:e3:a6:95:
7f:a4:5b:8f:9b:4f:0a:fd:11:89:e9:59:44:98:25:
32:e7:5f:23:49:56:b9:f6:2b:ef:d6:61:ff:8b:55:
39:06:bb:23:e9:7c:09:91:c4:1f:a2:9f:2d:6b:4b:
ee:16:73:d4:c2:71:d4:6c:eb:38:11:65:fa:dc:7d:
a3:4c:e4:67:af:e6:89:d0:74:ac:71:72:13:7a:d0:
e2:b6:4c:b2:09:18:0d:5b:7b:92:aa:ed:14:60:89:
a9:2e:66:0d:71:8d:b3:bf:21:17:f5:60:9d:ca:e4:
f1:73:cb:51:eb:17:88:70:71:0e:71:4d:bd:dd:86:
9e:d5:30:7f:1d:d2:2c:ff:25:40:52:f8:be:8f:08:
24:a3:28:71:9b:04:e2:69:80:a1:27:8f:73:2e:09:
9b:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:26:E4:3F:85:B0:84:53:60:67:AE:34:CA:FB:57:2D:F1:62:26:B8
X509v3 Authority Key Identifier:
keyid:D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/NibkP4WwhFNgZ640yvtXLfFiJrg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.119.132.0/22
185.214.170.0/23
Signature Algorithm: sha256WithRSAEncryption
34:7f:85:d0:39:44:3b:c6:30:0f:1b:c6:c5:34:32:a4:8d:cb:
ac:5d:f1:6e:c6:89:9b:60:db:7e:0b:8e:cf:3d:3c:56:85:13:
11:1f:31:05:b0:fb:c6:07:4b:89:15:9b:2c:05:aa:a7:55:6e:
59:b8:bb:e9:d6:da:f6:e1:e5:38:1e:9e:0e:42:54:3c:d4:58:
e6:86:a7:c5:ed:6a:ca:1c:b8:38:67:7e:aa:f2:8d:72:17:0a:
08:aa:d5:82:63:8b:33:2e:56:00:c1:71:ea:6c:f0:93:f9:17:
64:46:07:2d:82:3b:25:9a:94:56:23:5c:e7:2b:eb:9b:89:b1:
a7:73:2c:3c:14:aa:56:cc:b4:1b:84:2d:2f:1f:72:f0:f9:be:
c3:63:55:80:3f:5f:51:9d:96:82:16:9f:71:ee:bd:e9:b4:4d:
1d:d9:1e:23:66:eb:bb:cb:d4:63:24:97:d3:13:2f:5c:5d:d1:
21:f9:9a:a5:43:86:4d:12:cf:2a:e9:1f:87:ce:12:46:ac:e8:
a2:7f:57:d1:00:21:28:8d:94:46:44:11:0b:63:af:28:8a:a3:
72:79:0a:63:38:57:72:6e:46:f6:e8:05:bd:60:cc:52:c6:99:
82:d6:2c:24:06:d3:a4:11:d6:dc:02:40:c6:c5:53:32:c5:d8:
f0:21:7e:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSNQkihwOAg+DgHKZaiasrpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2JmNGZiZWE4OTRmNDNlZWIzZGIxYjIxNmU1Nzc2NmUw
MWFiODEwHhcNMjUwMTIyMDkwNTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjI2ZTQzZjg1YjA4NDUzNjA2N2FlMzRjYWZiNTcyZGYxNjIyNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC44aBE4D7cb+F1U44AEkCzU1nU1
SGG0+8kYlCBwy7Y53t7J4P9yn6XZLv7XDcPFPJb7JlYzziGmCW7D7K7NbFqHNWMB
kvHO7SA3VMt9tDgGpSaEE2D9giajDsDYBrO2PeoamI/jppV/pFuPm08K/RGJ6VlE
mCUy518jSVa59ivv1mH/i1U5Brsj6XwJkcQfop8ta0vuFnPUwnHUbOs4EWX63H2j
TORnr+aJ0HSscXITetDitkyyCRgNW3uSqu0UYImpLmYNcY2zvyEX9WCdyuTxc8tR
6xeIcHEOcU293Yae1TB/HdIs/yVAUvi+jwgkoyhxmwTiaYChJ49zLgmbgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDYm5D+FsIRTYGeuNMr7Vy3xYia4MB8GA1UdIwQY
MBaAFNF79PvqiU9D7rPbGyFuV3ZuAauBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDIt
MmMyMDFkMzBhZTA1LzEvTmlia1A0V3doRk5nWjY0MHl2dFhMZkZpSnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDItMmMyMDFkMzBhZTA1
LzEvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsHeEAwQB
udaqMA0GCSqGSIb3DQEBCwUAA4IBAQA0f4XQOUQ7xjAPG8bFNDKkjcusXfFuxomb
YNt+C47PPTxWhRMRHzEFsPvGB0uJFZssBaqnVW5ZuLvp1tr24eU4Hp4OQlQ81Fjm
hqfF7WrKHLg4Z36q8o1yFwoIqtWCY4szLlYAwXHqbPCT+RdkRgctgjslmpRWI1zn
K+ubibGncyw8FKpWzLQbhC0vH3Lw+b7DY1WAP19RnZaCFp9x7r3ptE0d2R4jZuu7
y9RjJJfTEy9cXdEh+ZqlQ4ZNEs8q6R+HzhJGrOiif1fRACEojZRGRBELY68oiqNy
eQpjOFdybkb26AW9YMxSxpmC1iwkBtOkEdbcAkDGxVMyxdjwIX6J
-----END CERTIFICATE-----
Generated at Wed Apr 23 06:50:05 2025 by rpki-client