Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/20NLCG2yB3P_lJPfZuVuzFu-TU4.roa
File: 20NLCG2yB3P_lJPfZuVuzFu-TU4.roa (raw, json)
Hash identifier: m9SiJ2stUV8q1CVCQ7Ha/GjMgmYPtHRZSUs0RL8C5GE=
Subject key identifier: DB:43:4B:08:6D:B2:07:73:FF:94:93:DF:66:E5:6E:CC:5B:BE:4D:4E
Certificate issuer: /CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
Certificate serial: 019427485D6A64A74DB1A0037AB5AA4739FF
Authority key identifier: 2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/20NLCG2yB3P_lJPfZuVuzFu-TU4.roa
Signing time: Thu 02 Jan 2025 13:50:41 +0000
ROA not before: Thu 02 Jan 2025 13:50:41 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9123
IP address blocks: 89.19.208.0/24 maxlen: 24
89.19.209.0/24 maxlen: 24
89.19.210.0/24 maxlen: 24
89.19.211.0/24 maxlen: 24
89.19.212.0/24 maxlen: 24
89.19.213.0/24 maxlen: 24
89.19.214.0/24 maxlen: 24
89.19.215.0/24 maxlen: 24
89.19.216.0/24 maxlen: 24
89.19.217.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 13:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:5d:6a:64:a7:4d:b1:a0:03:7a:b5:aa:47:39:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
Validity
Not Before: Jan 2 13:50:41 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=db434b086db20773ff9493df66e56ecc5bbe4d4e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:f4:73:26:f0:32:25:f7:03:f7:f2:3f:42:a7:
e3:f1:4e:09:8c:66:60:b1:8e:ad:82:09:47:e8:a2:
9b:0e:2d:fb:4a:c5:df:c1:ba:e9:c4:d2:e4:35:7f:
4c:8a:a5:6a:5c:69:a8:db:e6:0c:bd:fc:da:16:68:
f2:3f:df:ee:7c:0c:15:76:00:34:d8:2e:95:e1:5c:
f0:67:a4:82:eb:2a:a9:12:fc:bc:b1:51:b5:98:b6:
c2:0a:5e:47:5d:f2:72:6e:0c:0a:23:0c:20:88:9e:
a2:d5:f9:20:45:98:eb:25:45:9f:4e:39:1b:2a:db:
70:14:fe:ea:ca:83:35:a6:80:93:5c:d6:4b:8b:fc:
15:6c:af:2c:ec:36:1e:79:40:71:31:b7:9e:36:21:
0a:b5:10:d6:06:cd:4c:65:68:88:78:bd:64:74:f6:
15:1e:26:e7:f9:48:81:d5:f0:ee:6a:bc:65:10:aa:
8f:ec:89:d8:65:8b:1f:b2:62:63:6b:eb:72:12:4d:
7f:20:46:1c:a7:b9:72:04:74:ca:b3:93:10:c6:6c:
69:e5:0c:93:63:a4:ae:f8:9e:ec:f9:83:df:92:a3:
2d:6e:a0:5d:75:aa:5f:6e:8c:1c:99:b3:da:5e:26:
d4:70:81:1b:73:33:56:28:dc:a0:b7:1c:f6:86:3d:
4d:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:43:4B:08:6D:B2:07:73:FF:94:93:DF:66:E5:6E:CC:5B:BE:4D:4E
X509v3 Authority Key Identifier:
keyid:2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/20NLCG2yB3P_lJPfZuVuzFu-TU4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.19.208.0-89.19.217.255
Signature Algorithm: sha256WithRSAEncryption
7e:32:39:07:e0:1a:47:2d:1c:44:d5:97:cf:df:ff:72:d0:8b:
3c:6c:b0:9c:0d:8d:ae:53:c3:d8:3e:c1:1d:72:86:7e:10:0f:
06:49:4f:7c:d0:27:5e:b2:c2:01:34:22:b7:9e:ca:19:87:50:
0d:6f:5e:d9:cd:d8:97:f4:dd:a6:26:a7:b2:d6:af:86:68:84:
c6:31:de:96:af:0b:cd:d7:c7:11:8d:2d:ff:3b:85:76:3f:e9:
95:36:d6:3e:16:93:25:3d:cb:31:50:9d:1f:7a:00:50:35:41:
31:0c:d5:e1:dd:39:3e:80:fc:0a:f1:81:d2:9a:2f:b6:2c:8d:
6b:53:e0:4d:8d:b3:5c:d6:7d:a2:aa:43:59:43:f9:ff:58:80:
14:87:c0:21:b1:fc:28:d7:27:ed:39:36:94:62:11:e7:31:52:
13:64:f8:f7:13:79:29:a3:01:2f:cd:85:3a:4b:a4:6b:7f:7b:
c8:a1:be:ed:19:70:f6:b5:22:34:87:83:43:96:09:49:e6:b9:
c5:b7:c0:1f:72:c5:08:66:1a:a1:7f:54:03:d8:5d:f8:19:2f:
47:a2:d2:c2:30:72:80:d8:6e:45:9f:26:2d:b3:0a:8b:e4:d0:
0e:9c:8e:a5:e7:62:87:36:58:f2:78:f7:ee:82:52:cf:83:0e:
a3:a4:3f:81
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQnSF1qZKdNsaADerWqRzn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWJiNjkxYjI0ZjI4NzkyNTNlM2E2YTQ1ZTBiNWM1MjY3
M2IwOWQwHhcNMjUwMTAyMTM1MDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjQzNGIwODZkYjIwNzczZmY5NDkzZGY2NmU1NmVjYzViYmU0ZDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfRzJvAyJfcD9/I/Qqfj8U4JjGZg
sY6tgglH6KKbDi37SsXfwbrpxNLkNX9MiqVqXGmo2+YMvfzaFmjyP9/ufAwVdgA0
2C6V4VzwZ6SC6yqpEvy8sVG1mLbCCl5HXfJybgwKIwwgiJ6i1fkgRZjrJUWfTjkb
KttwFP7qyoM1poCTXNZLi/wVbK8s7DYeeUBxMbeeNiEKtRDWBs1MZWiIeL1kdPYV
Hibn+UiB1fDuarxlEKqP7InYZYsfsmJja+tyEk1/IEYcp7lyBHTKs5MQxmxp5QyT
Y6Su+J7s+YPfkqMtbqBddapfbowcmbPaXibUcIEbczNWKNygtxz2hj1N0wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNtDSwhtsgdz/5ST32blbsxbvk1OMB8GA1UdIwQY
MBaAFC7rtpGyTyh5JT46akXgtcUmc7CdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAt
ZGEzZTExOTJjZGY2LzEvMjBOTENHMnlCM1BfbEpQZlp1VnV6RnUtVFU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAtZGEzZTExOTJjZGY2
LzEvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARZE9AD
BAFZE9gwDQYJKoZIhvcNAQELBQADggEBAH4yOQfgGkctHETVl8/f/3LQizxssJwN
ja5Tw9g+wR1yhn4QDwZJT3zQJ16ywgE0IreeyhmHUA1vXtnN2Jf03aYmp7LWr4Zo
hMYx3pavC83XxxGNLf87hXY/6ZU21j4WkyU9yzFQnR96AFA1QTEM1eHdOT6A/Arx
gdKaL7YsjWtT4E2Ns1zWfaKqQ1lD+f9YgBSHwCGx/CjXJ+05NpRiEecxUhNk+PcT
eSmjAS/NhTpLpGt/e8ihvu0ZcPa1IjSHg0OWCUnmucW3wB9yxQhmGqF/VAPYXfgZ
L0ei0sIwcoDYbkWfJi2zCovk0A6cjqXnYoc2WPJ49+6CUs+DDqOkP4E=
-----END CERTIFICATE-----
Generated at Mon Apr 7 22:38:41 2025 by rpki-client