Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/nrfRU41c1HJ_3px9syP-SKCxxS8.roa
File: nrfRU41c1HJ_3px9syP-SKCxxS8.roa (raw, json)
Hash identifier: iGmF5sRlJj4OkJEFWlWXo8D5pbxAC9e9ayC3oxy+7K8=
Subject key identifier: 9E:B7:D1:53:8D:5C:D4:72:7F:DE:9C:7D:B3:23:FE:48:A0:B1:C5:2F
Certificate issuer: /CN=fce4f396729bf478e636549821f6f6970d893f52
Certificate serial: 018DD57FF1D9727112E22E668E44C7539168
Authority key identifier: FC:E4:F3:96:72:9B:F4:78:E6:36:54:98:21:F6:F6:97:0D:89:3F:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_OTzlnKb9HjmNlSYIfb2lw2JP1I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/nrfRU41c1HJ_3px9syP-SKCxxS8.roa
Signing time: Fri 23 Feb 2024 10:25:48 +0000
ROA not before: Fri 23 Feb 2024 10:25:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 47648
IP address blocks: 152.89.188.0/22 maxlen: 24
185.239.196.0/22 maxlen: 24
195.68.248.0/23 maxlen: 24
195.68.254.0/23 maxlen: 24
2a0c:6180::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/_OTzlnKb9HjmNlSYIfb2lw2JP1I.crl
rsync://rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/_OTzlnKb9HjmNlSYIfb2lw2JP1I.mft
rsync://rpki.ripe.net/repository/DEFAULT/_OTzlnKb9HjmNlSYIfb2lw2JP1I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 10:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:d5:7f:f1:d9:72:71:12:e2:2e:66:8e:44:c7:53:91:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fce4f396729bf478e636549821f6f6970d893f52
Validity
Not Before: Feb 23 10:25:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9eb7d1538d5cd4727fde9c7db323fe48a0b1c52f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:34:34:2f:12:a3:cd:96:c8:f3:b7:df:ab:0b:
4d:c2:57:50:64:bb:a7:4b:cf:86:68:ec:25:f7:28:
8c:4b:69:47:ef:1a:68:b5:bd:20:0c:39:ea:6b:6a:
86:c9:d9:83:15:cd:4c:ac:41:48:18:d6:fe:77:80:
ac:99:f2:25:71:58:ca:6c:ce:c5:bf:f8:d8:7a:e3:
85:45:a4:53:1c:58:b5:0e:09:80:3f:f7:53:23:bf:
75:5f:f7:12:ab:82:7d:e6:a0:48:66:e9:f4:64:04:
38:aa:ba:1f:87:4c:af:6d:1e:db:9c:5f:a8:70:c4:
4a:bd:f4:94:89:8b:83:49:df:9d:c8:c8:70:42:00:
3e:98:65:d2:7e:85:09:69:9a:9a:80:a2:12:0d:a5:
ce:48:f9:e5:b6:70:96:df:90:93:b4:12:a0:30:14:
6d:e7:c3:f9:e6:c7:f0:57:d8:a2:0f:33:79:48:b2:
5a:46:d2:ac:98:28:d1:1e:12:be:ed:68:62:34:8a:
2a:c4:30:77:dd:e2:4a:a8:38:ee:61:c4:0e:81:9d:
28:fe:9f:05:0a:42:a7:95:fc:3a:c4:b4:ed:da:f1:
3d:d4:72:25:ae:e7:85:e0:9d:60:e3:97:20:89:55:
26:db:92:a7:52:d2:9b:01:a8:3f:33:21:d2:7d:53:
a6:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:B7:D1:53:8D:5C:D4:72:7F:DE:9C:7D:B3:23:FE:48:A0:B1:C5:2F
X509v3 Authority Key Identifier:
keyid:FC:E4:F3:96:72:9B:F4:78:E6:36:54:98:21:F6:F6:97:0D:89:3F:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_OTzlnKb9HjmNlSYIfb2lw2JP1I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/nrfRU41c1HJ_3px9syP-SKCxxS8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/_OTzlnKb9HjmNlSYIfb2lw2JP1I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.188.0/22
185.239.196.0/22
195.68.248.0/23
195.68.254.0/23
IPv6:
2a0c:6180::/29
Signature Algorithm: sha256WithRSAEncryption
d6:76:7f:00:49:cb:ec:f5:78:2a:76:02:2e:87:66:2f:a0:ab:
62:65:f1:31:c5:3d:be:b7:5d:a6:d3:df:f2:b2:e0:05:5d:05:
63:90:50:f2:dc:bd:cf:5e:91:7c:3e:da:8c:b2:f3:df:77:99:
18:59:39:3c:e1:75:fb:ca:47:f6:e5:8f:c1:df:e8:04:e2:5e:
a8:55:52:c5:6e:f6:16:45:db:26:e2:ec:f4:55:0b:28:ad:8e:
e1:64:aa:3b:87:2e:10:21:d0:5f:f5:b3:0b:ad:5a:f2:a5:3d:
32:1b:b2:15:97:56:05:80:75:f3:b7:9b:50:97:a8:ff:91:a9:
94:bb:92:8e:21:9f:d2:84:7a:4f:14:ce:45:5e:50:88:fe:b5:
a6:1a:0d:bf:f0:1a:c5:1a:d7:33:25:90:aa:2e:98:b1:f3:d9:
3a:55:04:bd:4e:03:4b:fb:e6:ec:7f:9b:b1:e6:c5:59:7d:ff:
53:a5:e7:85:c0:47:71:02:e0:2a:e8:2b:01:f7:a6:26:9c:14:
ac:12:71:b9:fe:bd:ef:69:6a:58:24:bc:be:d3:4c:f4:10:f2:
1c:30:1f:0c:4e:87:e6:f8:ae:e3:00:2d:05:53:58:43:c9:64:
f1:e8:ac:08:de:21:57:8f:f3:6d:8f:92:02:74:a8:a9:84:4d:
1d:34:ab:34
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY3Vf/HZcnES4i5mjkTHU5FoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZTRmMzk2NzI5YmY0NzhlNjM2NTQ5ODIxZjZmNjk3MGQ4
OTNmNTIwHhcNMjQwMjIzMTAyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWI3ZDE1MzhkNWNkNDcyN2ZkZTljN2RiMzIzZmU0OGEwYjFjNTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjQ0LxKjzZbI87ffqwtNwldQZLun
S8+GaOwl9yiMS2lH7xpotb0gDDnqa2qGydmDFc1MrEFIGNb+d4CsmfIlcVjKbM7F
v/jYeuOFRaRTHFi1DgmAP/dTI791X/cSq4J95qBIZun0ZAQ4qrofh0yvbR7bnF+o
cMRKvfSUiYuDSd+dyMhwQgA+mGXSfoUJaZqagKISDaXOSPnltnCW35CTtBKgMBRt
58P55sfwV9iiDzN5SLJaRtKsmCjRHhK+7WhiNIoqxDB33eJKqDjuYcQOgZ0o/p8F
CkKnlfw6xLTt2vE91HIlrueF4J1g45cgiVUm25KnUtKbAag/MyHSfVOmXwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJ630VONXNRyf96cfbMj/kigscUvMB8GA1UdIwQY
MBaAFPzk85Zym/R45jZUmCH29pcNiT9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX09UemxuS2I5SGptTmxTWUlmYjJsdzJKUDFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zNjI3NWUtNjc1OS00ZDUyLWIyZDEt
OGM3MGRlOWU5YjlkLzEvbnJmUlU0MWMxSEpfM3B4OXN5UC1TS0N4eFM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zNjI3NWUtNjc1OS00ZDUyLWIyZDEtOGM3MGRlOWU5Yjlk
LzEvX09UemxuS2I5SGptTmxTWUlmYjJsdzJKUDFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCmFm8AwQC
ue/EAwQBw0T4AwQBw0T+MA0EAgACMAcDBQMqDGGAMA0GCSqGSIb3DQEBCwUAA4IB
AQDWdn8AScvs9XgqdgIuh2YvoKtiZfExxT2+t12m09/ysuAFXQVjkFDy3L3PXpF8
PtqMsvPfd5kYWTk84XX7ykf25Y/B3+gE4l6oVVLFbvYWRdsm4uz0VQsorY7hZKo7
hy4QIdBf9bMLrVrypT0yG7IVl1YFgHXzt5tQl6j/kamUu5KOIZ/ShHpPFM5FXlCI
/rWmGg2/8BrFGtczJZCqLpix89k6VQS9TgNL++bsf5ux5sVZff9TpeeFwEdxAuAq
6CsB96YmnBSsEnG5/r3vaWpYJLy+00z0EPIcMB8MTofm+K7jAC0FU1hDyWTx6KwI
3iFXj/Ntj5ICdKiphE0dNKs0
-----END CERTIFICATE-----
Generated at Sat Jun 1 12:55:48 2024 by rpki-client on console-ams.rpki-client.org