Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/nbc0lQJ4aiwzoiYKL-73oCmKAGE.roa
File: nbc0lQJ4aiwzoiYKL-73oCmKAGE.roa (raw, json)
Hash identifier: LutCazvbMlJ57SKv3drKNnyqHhZWguS5ogCI+b+tWB4=
Subject key identifier: 9D:B7:34:95:02:78:6A:2C:33:A2:26:0A:2F:EE:F7:A0:29:8A:00:61
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 019535A1107EB8E00C5772B477B7C6405079
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/nbc0lQJ4aiwzoiYKL-73oCmKAGE.roa
Signing time: Mon 24 Feb 2025 01:45:02 +0000
ROA not before: Mon 24 Feb 2025 01:45:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 109.111.32.0/20 maxlen: 24
109.111.42.0/23 maxlen: 24
109.111.56.0/22 maxlen: 22
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:35:a1:10:7e:b8:e0:0c:57:72:b4:77:b7:c6:40:50:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Feb 24 01:45:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9db7349502786a2c33a2260a2feef7a0298a0061
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:b2:87:11:e4:7b:cc:99:fc:5e:15:8e:ee:50:
f2:03:f9:8e:8c:c3:95:94:71:47:83:fc:43:cd:cb:
32:82:5a:b9:c3:6b:d7:82:9b:a7:34:ac:3c:fd:a9:
bd:40:4a:06:d3:b1:f1:10:02:ad:c0:ea:78:8c:51:
1b:a5:8b:b8:47:99:aa:ad:b3:75:bd:70:bc:f4:c5:
7a:16:ab:70:58:9f:a9:24:cb:e5:a2:f3:e5:48:cf:
dd:bf:65:7a:e8:b4:d5:a9:ef:2c:28:e7:04:a3:74:
ae:70:c4:62:11:2e:5c:1a:5b:68:9b:2b:e1:ab:c5:
c2:36:f7:d7:09:cd:56:77:f9:e7:b5:f9:d9:d4:6f:
bb:7f:36:0b:6d:38:11:a3:d6:70:65:ac:c4:78:0f:
2f:fa:e1:c2:76:df:6d:14:50:91:cf:28:c4:87:79:
4d:4e:ab:c0:db:52:8e:24:a3:f8:49:a7:da:6b:fa:
3b:99:b6:c8:19:92:b8:16:6d:49:64:6e:b5:7f:c9:
ec:03:d8:9b:ba:c4:e2:69:b8:06:c8:31:45:fd:71:
6c:b3:75:25:f9:34:b9:35:65:08:71:da:e1:9c:5c:
2d:5d:30:6b:e3:60:ee:39:c0:43:1c:a1:21:bd:22:
d1:e9:12:f0:98:6d:c9:51:a4:be:c3:b8:5a:b8:53:
4d:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:B7:34:95:02:78:6A:2C:33:A2:26:0A:2F:EE:F7:A0:29:8A:00:61
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/nbc0lQJ4aiwzoiYKL-73oCmKAGE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.111.32.0/20
109.111.56.0/22
176.221.20.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
50:e7:e9:86:90:9a:4a:70:65:76:f4:71:5c:4a:a5:bc:c0:ef:
94:4d:91:20:e7:4f:73:c8:46:0f:45:c4:de:17:0b:c6:6f:ce:
b5:86:fc:0d:44:fe:05:fb:aa:94:dd:12:55:fe:89:50:a5:9e:
17:aa:70:9c:ac:71:05:bf:fe:3f:45:60:e5:50:6f:73:bb:15:
ac:5b:58:3d:69:19:c1:d4:39:36:f6:09:2d:25:98:5a:b1:95:
f7:25:49:e3:c3:40:2b:ab:2e:a8:a1:01:75:ee:3a:77:91:4f:
25:2f:7e:21:5d:c8:ff:6e:81:89:f4:00:83:b6:34:58:4a:15:
15:4e:8e:93:b4:75:03:97:4b:8f:5a:f4:b7:d4:2f:36:5b:0c:
53:db:0c:34:0a:2b:25:55:99:99:4f:2d:9b:1c:78:04:10:d7:
2a:a7:5d:e6:1e:5a:e1:f2:3d:f4:e4:c1:7d:85:77:ab:2c:34:
0c:32:6b:6e:ae:f9:1d:38:4d:fb:7a:4d:97:e0:00:4b:3d:00:
26:eb:e1:f4:9b:a6:76:91:9d:fa:33:09:1f:d1:c1:ca:10:13:
8e:ae:9d:43:41:de:d8:58:e0:e8:22:29:ae:e1:ba:85:7d:c1:
43:fa:b7:9e:e4:76:d6:f6:89:9d:0f:d1:05:f7:bb:65:36:54:
24:f8:97:67
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZU1oRB+uOAMV3K0d7fGQFB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwMjI0MDE0NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGI3MzQ5NTAyNzg2YTJjMzNhMjI2MGEyZmVlZjdhMDI5OGEwMDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbKHEeR7zJn8XhWO7lDyA/mOjMOV
lHFHg/xDzcsyglq5w2vXgpunNKw8/am9QEoG07HxEAKtwOp4jFEbpYu4R5mqrbN1
vXC89MV6FqtwWJ+pJMvlovPlSM/dv2V66LTVqe8sKOcEo3SucMRiES5cGltomyvh
q8XCNvfXCc1Wd/nntfnZ1G+7fzYLbTgRo9ZwZazEeA8v+uHCdt9tFFCRzyjEh3lN
TqvA21KOJKP4Safaa/o7mbbIGZK4Fm1JZG61f8nsA9ibusTiabgGyDFF/XFss3Ul
+TS5NWUIcdrhnFwtXTBr42DuOcBDHKEhvSLR6RLwmG3JUaS+w7hauFNN3QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJ23NJUCeGosM6ImCi/u96ApigBhMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvbmJjMGxRSjRhaXd6b2lZS0wtNzNvQ21LQUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQEbW8gAwQC
bW84MAwDBAKw3RQDBAKw3RgwDQYJKoZIhvcNAQELBQADggEBAFDn6YaQmkpwZXb0
cVxKpbzA75RNkSDnT3PIRg9FxN4XC8ZvzrWG/A1E/gX7qpTdElX+iVClnheqcJys
cQW//j9FYOVQb3O7FaxbWD1pGcHUOTb2CS0lmFqxlfclSePDQCurLqihAXXuOneR
TyUvfiFdyP9ugYn0AIO2NFhKFRVOjpO0dQOXS49a9LfULzZbDFPbDDQKKyVVmZlP
LZsceAQQ1yqnXeYeWuHyPfTkwX2Fd6ssNAwya26u+R04Tft6TZfgAEs9ACbr4fSb
pnaRnfozCR/RwcoQE46unUNB3thY4OgiKa7huoV9wUP6t57kdtb2iZ0P0QX3u2U2
VCT4l2c=
-----END CERTIFICATE-----
Generated at Thu Mar 13 07:13:44 2025 by rpki-client