Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/nfNNIREj-Z96OSZNk3-V3otkOh0.roa
File: nfNNIREj-Z96OSZNk3-V3otkOh0.roa (raw, json)
Hash identifier: mrGZpIJsQzPOcR85e9Cto4thcUrRC1E7sA5RfG1E4Xg=
Subject key identifier: 9D:F3:4D:21:11:23:F9:9F:7A:39:26:4D:93:7F:95:DE:8B:64:3A:1D
Certificate issuer: /CN=003b2c3871069002ad0b2f42b0cbf5e92e3be4b3
Certificate serial: 018CC56DE4DE485B2072AF09B0DF6A2D7084
Authority key identifier: 00:3B:2C:38:71:06:90:02:AD:0B:2F:42:B0:CB:F5:E9:2E:3B:E4:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/nfNNIREj-Z96OSZNk3-V3otkOh0.roa
Signing time: Mon 01 Jan 2024 14:29:22 +0000
ROA not before: Mon 01 Jan 2024 14:29:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204506
IP address blocks: 93.157.207.0/24 maxlen: 24
45.152.23.0/24 maxlen: 24
2001:678:210::/48 maxlen: 48
2a0f:4507:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.mft
rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 12 May 2024 17:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6d:e4:de:48:5b:20:72:af:09:b0:df:6a:2d:70:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=003b2c3871069002ad0b2f42b0cbf5e92e3be4b3
Validity
Not Before: Jan 1 14:29:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9df34d211123f99f7a39264d937f95de8b643a1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:54:12:5f:f5:ac:c1:a3:da:84:d3:38:5e:df:
bb:10:51:0b:a9:52:63:08:67:59:66:2d:58:20:ab:
fc:24:98:b3:b9:93:f1:3e:2f:85:90:e1:22:4a:65:
71:68:12:5c:99:15:8b:8f:93:0d:c8:f3:f3:23:51:
50:a2:d9:14:59:c7:07:fe:cd:79:6e:53:5f:ad:c6:
5c:51:7e:a6:6c:14:c3:4a:b4:78:21:fe:c7:77:dc:
58:95:f2:ed:4f:c7:af:d3:2f:c9:85:8d:eb:72:60:
fe:d2:f5:f0:f0:4c:55:e8:48:21:ed:ba:ae:15:d4:
37:76:07:65:46:9d:e6:ed:1b:0c:1b:00:04:5b:46:
5c:2c:e6:c8:b9:94:f9:49:09:d7:bb:59:cc:6b:04:
23:cc:7a:7f:0c:27:46:ca:f2:b9:08:7e:84:42:b7:
02:67:b2:37:9b:36:2a:5a:d0:44:d6:2e:33:9d:16:
54:2f:a6:2d:e8:95:33:98:1e:4d:89:83:fd:4d:78:
44:24:2e:4c:dc:7f:f5:18:be:47:76:c2:82:32:cf:
36:ff:71:bd:2a:a0:1a:3d:47:c7:e1:37:da:be:9f:
3a:b0:20:90:c3:0d:9c:4b:f3:83:4c:cb:67:a7:d2:
23:c2:cb:10:7d:06:a5:ce:c7:21:18:a8:a8:bd:1c:
16:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:F3:4D:21:11:23:F9:9F:7A:39:26:4D:93:7F:95:DE:8B:64:3A:1D
X509v3 Authority Key Identifier:
keyid:00:3B:2C:38:71:06:90:02:AD:0B:2F:42:B0:CB:F5:E9:2E:3B:E4:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/nfNNIREj-Z96OSZNk3-V3otkOh0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.152.23.0/24
93.157.207.0/24
IPv6:
2001:678:210::/48
2a0f:4507:8000::/33
Signature Algorithm: sha256WithRSAEncryption
74:01:32:e8:c1:b1:8d:e9:f9:18:8e:f2:c9:b4:6c:4f:43:36:
bc:74:8f:b5:05:da:41:37:99:fb:5b:2c:6b:e7:1c:49:50:0c:
8d:c4:f6:1e:34:5d:aa:ce:38:a3:61:02:11:81:e6:9d:34:c0:
02:4d:24:da:4b:da:45:3e:85:4b:d1:b8:3e:e1:44:ec:46:5e:
1a:26:8b:b7:ac:a6:68:59:1f:d2:dc:9e:b5:f4:8d:27:fd:d6:
b7:74:09:d5:fc:89:9f:49:dc:04:cb:64:b4:34:73:8d:b9:cc:
14:dd:6a:36:0a:88:d3:62:a7:23:46:cd:17:09:d3:48:32:98:
b1:bd:b8:0f:38:bc:22:c8:86:1d:c5:11:4a:d9:af:25:0d:34:
23:16:66:e6:26:75:e1:14:bb:f3:8e:2f:e0:2a:45:e2:9e:fc:
3b:9e:0e:f3:6c:77:67:72:46:fb:16:62:58:fb:84:27:bc:a6:
ff:cf:f1:6a:57:ae:06:d7:8f:ee:6b:f9:73:a4:cd:dd:03:92:
58:1f:c3:97:99:5a:14:e2:ba:ae:5e:c5:a9:24:55:a6:45:41:
c6:d7:a9:cb:24:df:ce:e3:1f:4c:bf:b9:e8:3a:cf:32:14:15:
21:23:7e:2d:36:16:04:ae:0c:eb:94:21:fc:a0:17:a3:22:2d:
ce:f9:7c:44
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYzFbeTeSFsgcq8JsN9qLXCEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwM2IyYzM4NzEwNjkwMDJhZDBiMmY0MmIwY2JmNWU5MmUz
YmU0YjMwHhcNMjQwMTAxMTQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGYzNGQyMTExMjNmOTlmN2EzOTI2NGQ5MzdmOTVkZThiNjQzYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFQSX/WswaPahNM4Xt+7EFELqVJj
CGdZZi1YIKv8JJizuZPxPi+FkOEiSmVxaBJcmRWLj5MNyPPzI1FQotkUWccH/s15
blNfrcZcUX6mbBTDSrR4If7Hd9xYlfLtT8ev0y/JhY3rcmD+0vXw8ExV6Egh7bqu
FdQ3dgdlRp3m7RsMGwAEW0ZcLObIuZT5SQnXu1nMawQjzHp/DCdGyvK5CH6EQrcC
Z7I3mzYqWtBE1i4znRZUL6Yt6JUzmB5NiYP9TXhEJC5M3H/1GL5HdsKCMs82/3G9
KqAaPUfH4Tfavp86sCCQww2cS/ODTMtnp9IjwssQfQalzschGKiovRwWBQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFJ3zTSERI/mfejkmTZN/ld6LZDodMB8GA1UdIwQY
MBaAFAA7LDhxBpACrQsvQrDL9ekuO+SzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQURzc09IRUdrQUt0Q3k5Q3NNdjE2UzQ3NUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kOTY2ODgtMmQ5OC00NjM0LTg2ZGIt
YjM1YTBhMTQ1M2ZiLzEvbmZOTklSRWotWjk2T1NaTmszLVYzb3RrT2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kOTY2ODgtMmQ5OC00NjM0LTg2ZGItYjM1YTBhMTQ1M2Zi
LzEvQURzc09IRUdrQUt0Q3k5Q3NNdjE2UzQ3NUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTASBAIAATAMAwQALZgXAwQA
XZ3PMBcEAgACMBEDBwAgAQZ4AhADBgcqD0UHgDANBgkqhkiG9w0BAQsFAAOCAQEA
dAEy6MGxjen5GI7yybRsT0M2vHSPtQXaQTeZ+1ssa+ccSVAMjcT2HjRdqs44o2EC
EYHmnTTAAk0k2kvaRT6FS9G4PuFE7EZeGiaLt6ymaFkf0tyetfSNJ/3Wt3QJ1fyJ
n0ncBMtktDRzjbnMFN1qNgqI02KnI0bNFwnTSDKYsb24Dzi8IsiGHcURStmvJQ00
IxZm5iZ14RS7844v4CpF4p78O54O82x3Z3JG+xZiWPuEJ7ym/8/xaleuBteP7mv5
c6TN3QOSWB/Dl5laFOK6rl7FqSRVpkVBxtepyyTfzuMfTL+56DrPMhQVISN+LTYW
BK4M65Qh/KAXoyItzvl8RA==
-----END CERTIFICATE-----
Generated at Sat May 11 20:57:43 2024 by rpki-client on console-fra.rpki-client.org