Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/NsqSzw41-YuZhgDMX3Id8Yd837s.roa
File: NsqSzw41-YuZhgDMX3Id8Yd837s.roa (raw, json)
Hash identifier: BFduQOb/MErKWieJCpwc+pBjCGfO2J/Sauxk/e3hALI=
Subject key identifier: 36:CA:92:CF:0E:35:F9:8B:99:86:00:CC:5F:72:1D:F1:87:7C:DF:BB
Certificate issuer: /CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
Certificate serial: 018CCA2A9E98979D3131418594519655421C
Authority key identifier: E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/NsqSzw41-YuZhgDMX3Id8Yd837s.roa
Signing time: Tue 02 Jan 2024 12:33:59 +0000
ROA not before: Tue 02 Jan 2024 12:33:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 14618
IP address blocks: 151.186.189.0/24 maxlen: 24
151.186.187.0/24 maxlen: 24
151.186.188.0/24 maxlen: 24
151.186.192.0/24 maxlen: 24
151.186.190.0/24 maxlen: 24
151.186.191.0/24 maxlen: 24
151.186.192.0/20 maxlen: 24
151.186.193.0/24 maxlen: 24
151.186.196.0/24 maxlen: 24
151.186.194.0/24 maxlen: 24
151.186.195.0/24 maxlen: 24
151.186.199.0/24 maxlen: 24
151.186.197.0/24 maxlen: 24
151.186.198.0/24 maxlen: 24
151.186.203.0/24 maxlen: 24
151.186.201.0/24 maxlen: 24
151.186.202.0/24 maxlen: 24
151.186.206.0/24 maxlen: 24
151.186.204.0/24 maxlen: 24
151.186.205.0/24 maxlen: 24
151.186.200.0/24 maxlen: 24
151.186.207.0/24 maxlen: 24
151.186.172.0/22 maxlen: 24
151.186.172.0/24 maxlen: 24
151.186.176.0/20 maxlen: 24
151.186.175.0/24 maxlen: 24
151.186.176.0/24 maxlen: 24
151.186.173.0/24 maxlen: 24
151.186.174.0/24 maxlen: 24
151.186.178.0/24 maxlen: 24
151.186.179.0/24 maxlen: 24
151.186.177.0/24 maxlen: 24
151.186.182.0/24 maxlen: 24
151.186.180.0/24 maxlen: 24
151.186.181.0/24 maxlen: 24
151.186.185.0/24 maxlen: 24
151.186.186.0/24 maxlen: 24
151.186.183.0/24 maxlen: 24
151.186.184.0/24 maxlen: 24
2a04:e4c4:5::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl
rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.mft
rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 02 May 2024 14:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2a:9e:98:97:9d:31:31:41:85:94:51:96:55:42:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
Validity
Not Before: Jan 2 12:33:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=36ca92cf0e35f98b998600cc5f721df1877cdfbb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:61:02:02:e8:d6:03:7a:33:53:67:91:54:23:
22:24:44:5a:d6:60:9e:4d:ac:eb:cb:f7:84:be:1b:
fc:49:b1:15:7a:be:ab:5c:f2:52:7b:a4:37:44:52:
08:98:f7:a6:47:0c:81:97:13:69:8f:9f:4c:a9:60:
00:df:8d:fa:5e:dd:73:0e:77:55:69:89:80:87:14:
4a:7a:3f:e0:fd:a3:af:ec:75:1e:49:8b:37:0f:5a:
fa:72:86:bd:c6:3d:67:a3:f4:6b:e1:1f:f1:18:63:
0d:d5:5e:af:3e:60:85:4d:01:51:94:98:d1:4a:da:
42:ea:64:4b:54:29:15:c4:8c:79:f3:74:39:45:f5:
65:43:ad:88:2e:58:b3:21:a9:e4:b0:66:a9:6c:3a:
bd:15:1f:b5:0d:2d:9c:0f:70:d7:8e:be:56:3d:9b:
60:a0:44:f9:8c:cf:77:03:8e:2e:f0:99:6c:e2:b0:
21:09:b5:dd:24:fe:8a:54:f8:52:88:3a:9e:fa:ae:
c4:6a:41:15:4e:6a:e2:7d:40:95:32:c8:74:e5:ed:
02:29:f3:46:b3:a1:78:7d:77:5b:a1:a3:97:a2:ee:
b3:9a:60:fc:75:01:5f:8b:14:d7:56:7d:42:3a:b0:
84:dc:45:53:9e:4a:15:5d:0a:71:55:28:76:12:a3:
25:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:CA:92:CF:0E:35:F9:8B:99:86:00:CC:5F:72:1D:F1:87:7C:DF:BB
X509v3 Authority Key Identifier:
keyid:E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/NsqSzw41-YuZhgDMX3Id8Yd837s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.186.172.0-151.186.207.255
IPv6:
2a04:e4c4:5::/48
Signature Algorithm: sha256WithRSAEncryption
bd:ab:50:b9:ee:85:2a:49:55:34:98:31:7e:af:38:98:34:0c:
8c:1c:ab:42:cf:0d:65:c0:f0:f3:f4:a8:97:6a:31:dd:a6:e1:
5b:86:d6:d4:e9:41:83:df:40:cd:04:e2:54:39:22:81:d0:dc:
5e:98:94:19:36:08:8b:8d:1a:44:c2:0c:41:8a:4a:5b:26:15:
12:d6:78:6e:61:11:05:fa:96:23:8c:b3:fc:6f:24:ec:44:b0:
77:f3:c5:93:87:6c:32:2e:c9:cf:c6:9e:8d:bb:19:b9:21:56:
32:db:b7:0d:e0:6d:a5:72:02:e0:33:8e:47:52:da:80:84:64:
54:6d:57:40:38:ce:3e:cd:b4:a7:f5:fb:7c:7f:9b:68:c2:63:
29:66:40:45:33:63:82:bf:0e:97:b7:54:2d:41:56:76:51:ab:
53:f5:c9:ce:da:0a:f2:1e:c5:18:d1:56:f2:a0:8a:4f:1b:8c:
56:eb:32:ba:fe:6a:f9:8d:a5:48:39:45:2b:4f:58:5e:e4:3b:
fc:e7:57:c0:77:12:d8:6e:cf:e1:f0:b1:e1:5b:30:d7:f3:24:
3a:84:9e:95:e9:f4:54:47:b4:5d:01:e0:42:c8:f8:7b:c4:a8:
e2:05:bd:8c:50:04:47:62:fb:0d:8f:63:82:d5:c4:d3:dd:27:
33:54:73:8f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzKKp6Yl50xMUGFlFGWVUIcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTMzZGNhZjJiMWViZjVkYWRlNWEzM2FhMWIyZmI5OWQy
Njg5YmEwHhcNMjQwMTAyMTIzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmNhOTJjZjBlMzVmOThiOTk4NjAwY2M1ZjcyMWRmMTg3N2NkZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGECAujWA3ozU2eRVCMiJERa1mCe
Tazry/eEvhv8SbEVer6rXPJSe6Q3RFIImPemRwyBlxNpj59MqWAA3436Xt1zDndV
aYmAhxRKej/g/aOv7HUeSYs3D1r6coa9xj1no/Rr4R/xGGMN1V6vPmCFTQFRlJjR
StpC6mRLVCkVxIx583Q5RfVlQ62ILlizIanksGapbDq9FR+1DS2cD3DXjr5WPZtg
oET5jM93A44u8Jls4rAhCbXdJP6KVPhSiDqe+q7EakEVTmrifUCVMsh05e0CKfNG
s6F4fXdboaOXou6zmmD8dQFfixTXVn1COrCE3EVTnkoVXQpxVSh2EqMlDwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDbKks8ONfmLmYYAzF9yHfGHfN+7MB8GA1UdIwQY
MBaAFOcTPcrysev12t5aM6obL7mdJom6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUt
MTljZTQ2YTQyZmE0LzEvTnNxU3p3NDEtWXVaaGdETVgzSWQ4WWQ4MzdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUtMTljZTQ2YTQyZmE0
LzEvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAKXuqwD
BASXusAwDwQCAAIwCQMHACoE5MQABTANBgkqhkiG9w0BAQsFAAOCAQEAvatQue6F
KklVNJgxfq84mDQMjByrQs8NZcDw8/Sol2ox3abhW4bW1OlBg99AzQTiVDkigdDc
XpiUGTYIi40aRMIMQYpKWyYVEtZ4bmERBfqWI4yz/G8k7ESwd/PFk4dsMi7Jz8ae
jbsZuSFWMtu3DeBtpXIC4DOOR1LagIRkVG1XQDjOPs20p/X7fH+baMJjKWZARTNj
gr8Ol7dULUFWdlGrU/XJztoK8h7FGNFW8qCKTxuMVusyuv5q+Y2lSDlFK09YXuQ7
/OdXwHcS2G7P4fCx4Vsw1/MkOoSelen0VEe0XQHgQsj4e8So4gW9jFAER2L7DY9j
gtXE090nM1Rzjw==
-----END CERTIFICATE-----
Generated at Wed May 1 22:44:17 2024 by rpki-client on console-fra.rpki-client.org