Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/nAXNwFgN4oUUiN2gukI8FexiZQY.roa
File: nAXNwFgN4oUUiN2gukI8FexiZQY.roa (raw, json)
Hash identifier: NwyuW012KA+LOGkG7qw0aPwiZJU8ZOq4NZ4ApNYqggQ=
Subject key identifier: 9C:05:CD:C0:58:0D:E2:85:14:88:DD:A0:BA:42:3C:15:EC:62:65:06
Certificate issuer: /CN=6b1ac6914bf8473d180b60387bd098f1d37dac80
Certificate serial: 01941FFA04C9AA07E74C908F3B0F2508F92C
Authority key identifier: 6B:1A:C6:91:4B:F8:47:3D:18:0B:60:38:7B:D0:98:F1:D3:7D:AC:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/axrGkUv4Rz0YC2A4e9CY8dN9rIA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/nAXNwFgN4oUUiN2gukI8FexiZQY.roa
Signing time: Wed 01 Jan 2025 03:47:46 +0000
ROA not before: Wed 01 Jan 2025 03:47:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202312
IP address blocks: 91.200.88.0/22 maxlen: 22
91.200.88.0/24 maxlen: 24
91.200.89.0/24 maxlen: 24
91.200.90.0/24 maxlen: 24
91.200.91.0/24 maxlen: 24
2a0c:69c0::/32 maxlen: 32
2a0c:69c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/axrGkUv4Rz0YC2A4e9CY8dN9rIA.crl
rsync://rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/axrGkUv4Rz0YC2A4e9CY8dN9rIA.mft
rsync://rpki.ripe.net/repository/DEFAULT/axrGkUv4Rz0YC2A4e9CY8dN9rIA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:04:c9:aa:07:e7:4c:90:8f:3b:0f:25:08:f9:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b1ac6914bf8473d180b60387bd098f1d37dac80
Validity
Not Before: Jan 1 03:47:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9c05cdc0580de2851488dda0ba423c15ec626506
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:8a:97:d1:ea:08:e0:f7:37:ec:29:b1:34:32:
b9:07:21:94:c7:39:4a:ca:07:9d:58:1f:83:44:7b:
14:a4:6c:b2:b5:80:01:06:db:e2:9c:0a:2d:08:cb:
ba:57:bc:7f:84:9d:b5:e9:63:4c:a9:76:fe:5f:fc:
e5:fa:e7:71:e8:80:69:b5:8b:ac:14:a3:cb:a0:de:
22:6d:3d:65:c6:02:93:16:0d:8e:ec:cb:8d:58:a1:
d3:c7:e4:f1:62:fd:2f:24:57:62:a6:80:9b:da:c2:
33:68:d8:3e:fc:0f:51:5e:d9:b0:90:9b:6a:08:d7:
c3:be:6c:39:a3:f4:02:bd:94:1a:3a:13:d4:7a:90:
e9:f7:b4:d0:31:5a:23:5b:40:46:dc:7a:c4:e7:57:
5f:22:6e:d4:f8:29:84:3c:64:02:cc:0f:0b:0a:1f:
a9:57:56:90:d2:7f:c2:d2:e7:5c:6f:82:7f:66:ab:
d5:5e:7e:32:a9:0f:97:26:56:f4:dd:ac:22:f2:b6:
65:79:ec:a1:7f:97:0a:e9:25:64:60:4d:83:a2:24:
0a:a3:a3:a1:46:79:80:e2:71:12:77:d8:db:26:c8:
0e:b5:86:25:a0:65:d4:c5:6e:76:54:50:91:c5:a7:
84:61:e8:9f:0f:8b:ef:d2:71:40:4e:a7:03:17:4d:
1a:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:05:CD:C0:58:0D:E2:85:14:88:DD:A0:BA:42:3C:15:EC:62:65:06
X509v3 Authority Key Identifier:
keyid:6B:1A:C6:91:4B:F8:47:3D:18:0B:60:38:7B:D0:98:F1:D3:7D:AC:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axrGkUv4Rz0YC2A4e9CY8dN9rIA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/nAXNwFgN4oUUiN2gukI8FexiZQY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1ffebd-bd37-4393-a33d-48c03520faf7/1/axrGkUv4Rz0YC2A4e9CY8dN9rIA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.200.88.0/22
IPv6:
2a0c:69c0::/32
Signature Algorithm: sha256WithRSAEncryption
0b:01:1d:3f:35:cc:e6:e0:5f:f7:b4:b4:ef:17:2a:22:47:38:
ae:cd:ae:8b:fc:a2:20:56:8f:89:39:72:a6:60:53:0d:7a:40:
5b:35:3c:7c:b6:02:dd:ba:ca:b9:62:b0:3c:ca:6a:1f:4f:5e:
1d:2e:77:9d:53:13:bc:96:27:28:00:a4:8e:f3:a9:0d:cf:6e:
72:75:89:65:71:75:21:3c:3d:bb:bc:08:67:64:23:2a:05:ca:
4f:36:dc:5e:f5:b5:18:55:08:4b:29:62:51:f0:5e:e1:e3:dc:
77:80:06:f4:3c:0a:20:2f:54:b0:20:f8:d2:93:98:3d:5f:4b:
b3:e4:f5:bc:57:8f:5f:17:db:99:65:3c:d9:ae:0f:8d:95:39:
a8:81:83:f7:5a:b3:30:5e:8a:8d:df:37:97:c2:19:08:77:89:
ad:eb:4d:48:ea:ec:20:70:94:b4:9e:03:e3:f8:a4:de:ac:1d:
e9:51:1c:5f:48:07:84:b4:37:1d:f7:23:e6:1a:6a:49:5e:8e:
17:55:d1:d8:8a:2b:fb:61:e0:56:40:cb:20:e7:b6:f1:69:7a:
45:85:f9:00:93:36:2a:7c:c9:db:c5:24:86:35:67:da:1b:e6:
ce:33:4e:07:f6:3d:d6:90:c2:63:4c:4e:bf:9d:3b:13:aa:54:
e6:25:f8:1e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+gTJqgfnTJCPOw8lCPksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMWFjNjkxNGJmODQ3M2QxODBiNjAzODdiZDA5OGYxZDM3
ZGFjODAwHhcNMjUwMTAxMDM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzA1Y2RjMDU4MGRlMjg1MTQ4OGRkYTBiYTQyM2MxNWVjNjI2NTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4qX0eoI4Pc37CmxNDK5ByGUxzlK
ygedWB+DRHsUpGyytYABBtvinAotCMu6V7x/hJ216WNMqXb+X/zl+udx6IBptYus
FKPLoN4ibT1lxgKTFg2O7MuNWKHTx+TxYv0vJFdipoCb2sIzaNg+/A9RXtmwkJtq
CNfDvmw5o/QCvZQaOhPUepDp97TQMVojW0BG3HrE51dfIm7U+CmEPGQCzA8LCh+p
V1aQ0n/C0udcb4J/ZqvVXn4yqQ+XJlb03awi8rZleeyhf5cK6SVkYE2DoiQKo6Oh
RnmA4nESd9jbJsgOtYYloGXUxW52VFCRxaeEYeifD4vv0nFATqcDF00a2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJwFzcBYDeKFFIjdoLpCPBXsYmUGMB8GA1UdIwQY
MBaAFGsaxpFL+Ec9GAtgOHvQmPHTfayAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhyR2tVdjRSejBZQzJBNGU5Q1k4ZE45cklBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8xZmZlYmQtYmQzNy00MzkzLWEzM2Qt
NDhjMDM1MjBmYWY3LzEvbkFYTndGZ040b1VVaU4yZ3VrSThGZXhpWlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8xZmZlYmQtYmQzNy00MzkzLWEzM2QtNDhjMDM1MjBmYWY3
LzEvYXhyR2tVdjRSejBZQzJBNGU5Q1k4ZE45cklBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCW8hYMA0E
AgACMAcDBQAqDGnAMA0GCSqGSIb3DQEBCwUAA4IBAQALAR0/Nczm4F/3tLTvFyoi
Rziuza6L/KIgVo+JOXKmYFMNekBbNTx8tgLdusq5YrA8ymofT14dLnedUxO8lico
AKSO86kNz25ydYllcXUhPD27vAhnZCMqBcpPNtxe9bUYVQhLKWJR8F7h49x3gAb0
PAogL1SwIPjSk5g9X0uz5PW8V49fF9uZZTzZrg+NlTmogYP3WrMwXoqN3zeXwhkI
d4mt601I6uwgcJS0ngPj+KTerB3pURxfSAeEtDcd9yPmGmpJXo4XVdHYiiv7YeBW
QMsg57bxaXpFhfkAkzYqfMnbxSSGNWfaG+bOM04H9j3WkMJjTE6/nTsTqlTmJfge
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:58:35 2025 by rpki-client