Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/ncstDbEEJNmrMxxK2UE_gBED9t8.roa
File: ncstDbEEJNmrMxxK2UE_gBED9t8.roa (raw, json)
Hash identifier: bytivv4P7l0F7luhHCBlkP+IGUZ4L9tUQ43UhSBpNYY=
Subject key identifier: 9D:CB:2D:0D:B1:04:24:D9:AB:33:1C:4A:D9:41:3F:80:11:03:F6:DF
Certificate issuer: /CN=833e0e480411b9c88e916def90fc3a901026394a
Certificate serial: 0194228D7113AC12776DB2D45952BD5D778E
Authority key identifier: 83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/ncstDbEEJNmrMxxK2UE_gBED9t8.roa
Signing time: Wed 01 Jan 2025 15:48:02 +0000
ROA not before: Wed 01 Jan 2025 15:48:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34173
IP address blocks: 185.7.72.0/22 maxlen: 24
185.7.72.0/24 maxlen: 24
185.7.73.0/24 maxlen: 24
185.7.74.0/24 maxlen: 24
185.7.75.0/24 maxlen: 24
193.105.43.0/24 maxlen: 24
195.64.164.0/23 maxlen: 23
2a03:1780::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.crl
rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.mft
rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 09:00:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:71:13:ac:12:77:6d:b2:d4:59:52:bd:5d:77:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=833e0e480411b9c88e916def90fc3a901026394a
Validity
Not Before: Jan 1 15:48:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9dcb2d0db10424d9ab331c4ad9413f801103f6df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:02:c9:91:a0:3f:b0:a2:96:18:fb:74:ba:7a:
df:b2:aa:fa:c2:e6:92:8c:64:35:ef:7e:05:9b:98:
db:fd:ed:0f:0c:da:fe:58:fd:38:1e:ce:58:d0:9d:
ce:2b:2b:eb:fd:9f:96:d8:2c:20:89:a2:e9:c8:35:
49:fc:c8:b6:e1:f1:94:64:4c:4d:41:54:bb:0a:72:
aa:c9:c4:1d:f8:90:8a:c4:c4:cd:2d:ef:40:38:ac:
86:88:94:e4:f8:32:80:1e:45:91:2c:cb:63:bb:44:
5f:6d:9f:80:89:09:6a:e3:a3:d2:41:1f:f4:6f:7b:
66:c1:63:54:20:05:4e:62:cc:35:35:9b:8c:98:15:
2f:ad:93:eb:d5:37:3c:09:c0:81:85:b2:19:57:73:
81:3f:12:34:47:73:e8:5a:9e:9f:97:85:07:a6:8a:
57:87:41:7a:5c:c8:7f:80:fe:70:93:1c:07:45:46:
2b:8f:20:86:e6:90:c4:cf:d1:ec:2e:8a:5c:e5:4f:
3b:4b:bb:84:97:7c:29:26:46:ca:4f:cc:91:c1:a9:
f6:a5:eb:73:8a:53:21:99:41:cc:b3:21:d7:3b:f2:
3b:03:be:00:1b:ac:25:a9:a7:30:ca:da:08:20:97:
9d:7b:a9:94:35:26:dc:21:2a:a3:de:7c:1d:55:ad:
3c:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:CB:2D:0D:B1:04:24:D9:AB:33:1C:4A:D9:41:3F:80:11:03:F6:DF
X509v3 Authority Key Identifier:
keyid:83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/ncstDbEEJNmrMxxK2UE_gBED9t8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.7.72.0/22
193.105.43.0/24
195.64.164.0/23
IPv6:
2a03:1780::/32
Signature Algorithm: sha256WithRSAEncryption
2a:14:15:7b:40:c8:66:53:d9:16:40:d0:5f:cb:0a:2d:32:e5:
25:2b:8a:bf:8b:66:71:da:75:f4:f8:36:ae:03:00:d4:c9:4e:
e3:d2:bb:6f:42:62:b0:a2:b8:b7:ad:1d:c2:27:21:4b:ec:bd:
6d:0e:fc:73:e0:7f:b0:55:c5:f1:11:3f:3e:ad:cb:aa:18:ea:
89:9e:e2:36:b7:4e:ef:7c:52:88:c7:16:89:06:f4:39:f3:f4:
22:f1:3b:b9:f2:59:32:54:56:d2:9d:65:5e:f2:3d:7e:ae:f9:
f4:af:4b:61:a9:52:db:c7:98:ad:c1:85:45:00:b3:0c:70:c3:
98:2c:67:1d:e9:59:fb:d2:c3:a4:2c:b0:3b:3e:68:ac:ed:dd:
a0:36:2e:2a:8a:dc:e9:2d:7f:33:d5:ee:3c:d4:1d:1a:c6:54:
45:fb:7e:32:99:32:f6:f8:18:ca:78:58:9d:dc:56:02:fc:8c:
97:44:03:18:b6:a8:97:3e:70:f9:ec:c5:b9:19:8e:2a:0b:dd:
83:1c:5f:3a:77:9f:62:14:bd:b9:bb:3b:2a:2a:23:4e:ed:46:
a5:85:ce:fc:11:ed:d1:73:67:f3:41:23:ea:5a:d9:00:d4:06:
e5:76:74:22:28:b6:34:f0:38:8b:02:a7:de:0e:a8:33:6e:42:
14:ec:f8:7d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQijXETrBJ3bbLUWVK9XXeOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UwZTQ4MDQxMWI5Yzg4ZTkxNmRlZjkwZmMzYTkwMTAy
NjM5NGEwHhcNMjUwMTAxMTU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGNiMmQwZGIxMDQyNGQ5YWIzMzFjNGFkOTQxM2Y4MDExMDNmNmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QLJkaA/sKKWGPt0unrfsqr6wuaS
jGQ1734Fm5jb/e0PDNr+WP04Hs5Y0J3OKyvr/Z+W2CwgiaLpyDVJ/Mi24fGUZExN
QVS7CnKqycQd+JCKxMTNLe9AOKyGiJTk+DKAHkWRLMtju0RfbZ+AiQlq46PSQR/0
b3tmwWNUIAVOYsw1NZuMmBUvrZPr1Tc8CcCBhbIZV3OBPxI0R3PoWp6fl4UHpopX
h0F6XMh/gP5wkxwHRUYrjyCG5pDEz9HsLopc5U87S7uEl3wpJkbKT8yRwan2petz
ilMhmUHMsyHXO/I7A74AG6wlqacwytoIIJede6mUNSbcISqj3nwdVa08bwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJ3LLQ2xBCTZqzMcStlBP4ARA/bfMB8GA1UdIwQY
MBaAFIM+DkgEEbnIjpFt75D8OpAQJjlKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0T1NBUVJ1Y2lPa1czdmtQdzZrQkFtT1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hNzgyY2MtMWUwOS00NDgwLWE2ZGMt
NmMyMGViYWYzMGE5LzEvbmNzdERiRUVKTm1yTXh4SzJVRV9nQkVEOXQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hNzgyY2MtMWUwOS00NDgwLWE2ZGMtNmMyMGViYWYzMGE5
LzEvZ3o0T1NBUVJ1Y2lPa1czdmtQdzZrQkFtT1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuQdIAwQA
wWkrAwQBw0CkMA0EAgACMAcDBQAqAxeAMA0GCSqGSIb3DQEBCwUAA4IBAQAqFBV7
QMhmU9kWQNBfywotMuUlK4q/i2Zx2nX0+DauAwDUyU7j0rtvQmKwori3rR3CJyFL
7L1tDvxz4H+wVcXxET8+rcuqGOqJnuI2t07vfFKIxxaJBvQ58/Qi8Tu58lkyVFbS
nWVe8j1+rvn0r0thqVLbx5itwYVFALMMcMOYLGcd6Vn70sOkLLA7Pmis7d2gNi4q
itzpLX8z1e481B0axlRF+34ymTL2+BjKeFid3FYC/IyXRAMYtqiXPnD57MW5GY4q
C92DHF86d59iFL25uzsqKiNO7Ualhc78Ee3Rc2fzQSPqWtkA1AbldnQiKLY08DiL
AqfeDqgzbkIU7Ph9
-----END CERTIFICATE-----
Generated at Sat Apr 5 17:52:33 2025 by rpki-client