Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/nexXK3blSfUe2AnW7rizutBjFnk.roa
File: nexXK3blSfUe2AnW7rizutBjFnk.roa (raw, json)
Hash identifier: aMJOJmQD1QK7uvkJqxLadFyEvDf033Wfo8K+5EhuPDE=
Subject key identifier: 9D:EC:57:2B:76:E5:49:F5:1E:D8:09:D6:EE:B8:B3:BA:D0:63:16:79
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 018CC424FAE4CB9A6C0DE1E3BCEEFACE3232
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/nexXK3blSfUe2AnW7rizutBjFnk.roa
Signing time: Mon 01 Jan 2024 08:30:06 +0000
ROA not before: Mon 01 Jan 2024 08:30:06 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212249
IP address blocks: 160.20.111.0/24 maxlen: 24
160.20.110.0/24 maxlen: 24
185.85.236.0/24 maxlen: 24
93.190.15.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 01 May 2024 13:40:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:24:fa:e4:cb:9a:6c:0d:e1:e3:bc:ee:fa:ce:32:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jan 1 08:30:06 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9dec572b76e549f51ed809d6eeb8b3bad0631679
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:68:f8:64:e6:3c:a9:50:db:65:d0:00:d3:80:
32:ee:cf:db:22:dd:eb:64:c2:66:0b:ae:48:e5:8d:
a5:93:11:99:e1:b5:84:1b:35:7b:c4:de:b9:60:69:
7b:db:09:a8:40:86:f1:67:fc:cc:be:50:5a:3b:13:
8c:d3:5a:9c:25:a0:e3:e7:86:57:a7:7b:ca:96:1d:
f8:ca:be:20:bb:e7:3b:fa:99:a7:28:41:1d:4d:7c:
c7:5d:ba:1e:42:56:de:09:d0:73:b4:18:f3:40:f3:
0d:7f:58:27:26:48:1b:81:7a:09:ee:4a:ec:ce:5d:
26:a2:c2:17:5e:f0:62:6a:57:7a:b1:eb:da:57:7a:
4d:0d:06:4b:df:fd:64:93:31:3d:10:9f:49:56:a6:
99:a9:62:5d:9f:4a:1c:f4:2a:91:7b:bf:6c:58:2e:
e8:72:02:9a:f3:be:38:ca:e0:7d:ba:88:d4:e3:d4:
af:48:81:86:56:2d:76:9c:e1:5a:2d:a5:17:f0:42:
0e:08:49:26:17:54:74:42:48:e4:07:56:37:25:ca:
62:dd:f1:0d:b8:c7:e3:da:76:28:6e:dd:e0:37:b7:
6d:0a:4d:3e:56:40:26:b8:f1:cc:b3:ec:c7:c5:a0:
d9:9f:8b:a4:58:f1:0e:c4:d3:e6:bd:bd:8f:2b:ae:
c3:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:EC:57:2B:76:E5:49:F5:1E:D8:09:D6:EE:B8:B3:BA:D0:63:16:79
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/nexXK3blSfUe2AnW7rizutBjFnk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.190.15.0/24
160.20.110.0/23
185.85.236.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:04:bc:c2:6f:58:71:61:d5:cc:3b:1f:85:f1:e9:79:e3:30:
e2:41:61:28:91:31:64:76:6d:66:dc:29:f4:34:50:a2:44:c3:
b2:7d:1d:b8:1f:ac:03:5a:d7:8f:7a:d7:83:21:2c:3c:a7:cb:
28:d0:48:6c:d8:27:db:a0:a3:aa:59:37:de:7c:12:33:af:3b:
c2:fd:86:5e:ab:65:57:8c:e6:46:0a:0b:98:97:43:15:ab:58:
10:9d:cc:bb:7e:d3:07:73:ee:9a:18:9d:16:23:f5:9e:8d:70:
15:8f:d8:09:2c:1b:bc:0e:e0:71:92:87:7e:37:32:98:d4:e5:
b2:6d:5b:39:10:f1:27:b3:e6:df:87:81:d1:52:ec:31:86:80:
e5:b1:08:fd:4b:46:34:79:46:b9:95:9e:dd:ff:d4:dd:04:8f:
f2:6d:c9:e1:89:fc:41:24:fa:cf:f9:97:6d:48:fd:a1:aa:1c:
b1:fa:41:9c:b6:9c:0d:8b:5e:7d:07:b2:18:dd:62:d4:61:31:
54:ec:bb:1f:6b:e8:25:55:9d:24:5d:9d:2d:08:bc:8f:f3:bf:
ac:c2:8e:1d:1f:ca:a2:8d:89:d2:22:ce:90:b3:be:47:64:87:
71:55:b7:af:b2:d3:23:e1:49:79:9b:78:01:49:77:20:5b:e7:
b4:7f:ec:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEJPrky5psDeHjvO76zjIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGVjNTcyYjc2ZTU0OWY1MWVkODA5ZDZlZWI4YjNiYWQwNjMxNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22j4ZOY8qVDbZdAA04Ay7s/bIt3r
ZMJmC65I5Y2lkxGZ4bWEGzV7xN65YGl72wmoQIbxZ/zMvlBaOxOM01qcJaDj54ZX
p3vKlh34yr4gu+c7+pmnKEEdTXzHXboeQlbeCdBztBjzQPMNf1gnJkgbgXoJ7krs
zl0mosIXXvBiald6sevaV3pNDQZL3/1kkzE9EJ9JVqaZqWJdn0oc9CqRe79sWC7o
cgKa8744yuB9uojU49SvSIGGVi12nOFaLaUX8EIOCEkmF1R0QkjkB1Y3Jcpi3fEN
uMfj2nYobt3gN7dtCk0+VkAmuPHMs+zHxaDZn4ukWPEOxNPmvb2PK67DQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ3sVyt25Un1HtgJ1u64s7rQYxZ5MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvbmV4WEszYmxTZlVlMkFuVzdyaXp1dEJqRm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXb4PAwQB
oBRuAwQAuVXsMA0GCSqGSIb3DQEBCwUAA4IBAQCPBLzCb1hxYdXMOx+F8el54zDi
QWEokTFkdm1m3Cn0NFCiRMOyfR24H6wDWtePeteDISw8p8so0Ehs2CfboKOqWTfe
fBIzrzvC/YZeq2VXjOZGCguYl0MVq1gQncy7ftMHc+6aGJ0WI/WejXAVj9gJLBu8
DuBxkod+NzKY1OWybVs5EPEns+bfh4HRUuwxhoDlsQj9S0Y0eUa5lZ7d/9TdBI/y
bcnhifxBJPrP+ZdtSP2hqhyx+kGctpwNi159B7IY3WLUYTFU7Lsfa+glVZ0kXZ0t
CLyP87+swo4dH8qijYnSIs6Qs75HZIdxVbevstMj4Ul5m3gBSXcgW+e0f+xD
-----END CERTIFICATE-----
Generated at Tue Apr 30 19:22:09 2024 by rpki-client on console-fra.rpki-client.org