Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/478aeb-d97f-47b7-81b0-a17dab701c41/1/ntvdVJbICi0R9EKd0r7xG3iZelY.roa
File: ntvdVJbICi0R9EKd0r7xG3iZelY.roa (raw, json)
Hash identifier: razAaMlB8zqEQ77wPjbF2iuiY5GgKR4OyK/BbbqXiig=
Subject key identifier: 9E:DB:DD:54:96:C8:0A:2D:11:F4:42:9D:D2:BE:F1:1B:78:99:7A:56
Certificate issuer: /CN=e7ae03329e3c0f73ea83fb637ca20aece16a8eb4
Certificate serial: 018CC64B41961AD9282472D81A4790C838E3
Authority key identifier: E7:AE:03:32:9E:3C:0F:73:EA:83:FB:63:7C:A2:0A:EC:E1:6A:8E:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/564DMp48D3Pqg_tjfKIK7OFqjrQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/63/478aeb-d97f-47b7-81b0-a17dab701c41/1/ntvdVJbICi0R9EKd0r7xG3iZelY.roa
Signing time: Mon 01 Jan 2024 18:31:09 +0000
ROA not before: Mon 01 Jan 2024 18:31:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204558
IP address blocks: 188.95.200.0/21 maxlen: 21
85.118.168.0/21 maxlen: 21
185.29.0.0/22 maxlen: 22
79.170.72.0/21 maxlen: 21
2a00:91c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/63/478aeb-d97f-47b7-81b0-a17dab701c41/1/564DMp48D3Pqg_tjfKIK7OFqjrQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/63/478aeb-d97f-47b7-81b0-a17dab701c41/1/564DMp48D3Pqg_tjfKIK7OFqjrQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/564DMp48D3Pqg_tjfKIK7OFqjrQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:41:96:1a:d9:28:24:72:d8:1a:47:90:c8:38:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7ae03329e3c0f73ea83fb637ca20aece16a8eb4
Validity
Not Before: Jan 1 18:31:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9edbdd5496c80a2d11f4429dd2bef11b78997a56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:17:90:06:f7:97:25:c9:39:ae:43:6f:06:80:
3f:c9:3b:ad:7a:90:2e:68:f4:99:4a:3c:50:e3:18:
1a:8c:64:c1:64:05:0d:8a:8a:d4:7d:f0:3f:8e:dd:
f5:69:44:b9:0e:74:79:70:d8:24:6f:84:ca:af:73:
44:7d:3b:43:cf:b2:04:21:09:55:0b:63:bf:c0:16:
69:24:8c:68:8c:ed:7c:7b:b0:2f:3c:5a:6b:dc:5f:
ea:b2:cb:1a:eb:e8:cf:81:ab:96:12:6e:31:1b:11:
80:1c:ad:18:0b:51:9f:11:cf:45:e7:84:f1:e5:30:
cc:2e:7e:39:8c:f3:bf:54:2d:3a:4b:9d:00:0c:79:
45:18:df:14:af:66:bb:8d:8e:9c:ec:16:42:74:dc:
a2:2c:78:39:b5:c2:37:b8:21:a7:89:14:7f:70:a2:
d7:c5:12:45:9b:ca:fa:cb:9b:3c:c1:77:73:ae:f6:
3a:e9:c2:7d:31:de:d8:52:2f:7c:c9:d5:bc:23:74:
a5:e9:73:24:38:00:19:bb:c1:a3:60:22:7e:3c:98:
7f:69:1d:31:b0:3c:ca:2c:9d:c2:b3:b3:a8:29:6b:
53:62:86:fa:d0:73:be:dc:b4:4e:f1:02:2b:4d:b3:
72:fd:ba:04:f7:92:db:cd:b2:23:cb:61:a1:32:bd:
69:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:DB:DD:54:96:C8:0A:2D:11:F4:42:9D:D2:BE:F1:1B:78:99:7A:56
X509v3 Authority Key Identifier:
keyid:E7:AE:03:32:9E:3C:0F:73:EA:83:FB:63:7C:A2:0A:EC:E1:6A:8E:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/564DMp48D3Pqg_tjfKIK7OFqjrQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/478aeb-d97f-47b7-81b0-a17dab701c41/1/ntvdVJbICi0R9EKd0r7xG3iZelY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/63/478aeb-d97f-47b7-81b0-a17dab701c41/1/564DMp48D3Pqg_tjfKIK7OFqjrQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.170.72.0/21
85.118.168.0/21
185.29.0.0/22
188.95.200.0/21
IPv6:
2a00:91c0::/32
Signature Algorithm: sha256WithRSAEncryption
26:06:a2:ec:42:42:ca:31:f4:a5:2b:5f:3a:15:f9:cf:16:91:
39:4f:5f:68:d9:fb:c9:a9:00:cb:a3:19:a4:8c:46:04:a2:33:
ef:18:d3:ae:bf:d8:43:65:8a:e7:06:0c:02:a9:93:d3:1c:4f:
4f:73:15:59:11:e1:1b:cc:70:1b:0c:9c:95:57:2a:35:0f:7a:
31:c7:73:45:8f:15:64:6e:8e:6c:8f:f7:f7:e6:05:d0:34:6b:
31:39:5f:ef:20:53:89:4a:69:43:a3:92:98:79:3a:de:af:35:
19:7c:c4:33:0e:ed:38:a3:a7:67:83:24:a4:bd:cd:f7:5e:77:
91:66:3d:b1:e6:60:14:fc:e0:f3:3d:4b:cc:fe:a6:64:c5:0b:
6e:d3:64:d0:aa:85:1f:09:fd:ba:0b:96:e3:fe:de:cb:e1:f6:
67:fe:99:fd:b8:7a:d2:20:04:16:ac:e0:74:de:d9:db:7d:a0:
52:22:77:79:cc:fc:61:73:11:55:ae:6d:ff:7e:7c:9e:6d:d7:
fd:d9:71:5a:19:92:2d:2b:34:38:e7:1c:59:77:d0:31:5b:05:
b0:d3:98:b1:28:06:26:e7:73:42:38:97:ed:c7:a2:15:e8:e6:
38:7b:06:de:2a:1e:8c:83:89:37:63:f9:ab:3c:59:b0:3b:48:
6e:dd:30:6d
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzGS0GWGtkoJHLYGkeQyDjjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3YWUwMzMyOWUzYzBmNzNlYTgzZmI2MzdjYTIwYWVjZTE2
YThlYjQwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWRiZGQ1NDk2YzgwYTJkMTFmNDQyOWRkMmJlZjExYjc4OTk3YTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwheQBveXJck5rkNvBoA/yTutepAu
aPSZSjxQ4xgajGTBZAUNiorUffA/jt31aUS5DnR5cNgkb4TKr3NEfTtDz7IEIQlV
C2O/wBZpJIxojO18e7AvPFpr3F/qsssa6+jPgauWEm4xGxGAHK0YC1GfEc9F54Tx
5TDMLn45jPO/VC06S50ADHlFGN8Ur2a7jY6c7BZCdNyiLHg5tcI3uCGniRR/cKLX
xRJFm8r6y5s8wXdzrvY66cJ9Md7YUi98ydW8I3Sl6XMkOAAZu8GjYCJ+PJh/aR0x
sDzKLJ3Cs7OoKWtTYob60HO+3LRO8QIrTbNy/boE95LbzbIjy2GhMr1psQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJ7b3VSWyAotEfRCndK+8Rt4mXpWMB8GA1UdIwQY
MBaAFOeuAzKePA9z6oP7Y3yiCuzhao60MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTY0RE1wNDhEM1BxZ190amZLSUs3T0ZxanJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My80NzhhZWItZDk3Zi00N2I3LTgxYjAt
YTE3ZGFiNzAxYzQxLzEvbnR2ZFZKYklDaTBSOUVLZDByN3hHM2laZWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My80NzhhZWItZDk3Zi00N2I3LTgxYjAtYTE3ZGFiNzAxYzQx
LzEvNTY0RE1wNDhEM1BxZ190amZLSUs3T0ZxanJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDT6pIAwQD
VXaoAwQCuR0AAwQDvF/IMA0EAgACMAcDBQAqAJHAMA0GCSqGSIb3DQEBCwUAA4IB
AQAmBqLsQkLKMfSlK186FfnPFpE5T19o2fvJqQDLoxmkjEYEojPvGNOuv9hDZYrn
BgwCqZPTHE9PcxVZEeEbzHAbDJyVVyo1D3oxx3NFjxVkbo5sj/f35gXQNGsxOV/v
IFOJSmlDo5KYeTrerzUZfMQzDu04o6dngySkvc33XneRZj2x5mAU/ODzPUvM/qZk
xQtu02TQqoUfCf26C5bj/t7L4fZn/pn9uHrSIAQWrOB03tnbfaBSInd5zPxhcxFV
rm3/fnyebdf92XFaGZItKzQ45xxZd9AxWwWw05ixKAYm53NCOJftx6IV6OY4ewbe
Kh6Mg4k3Y/mrPFmwO0hu3TBt
-----END CERTIFICATE-----
Generated at Sat Nov 23 12:02:09 2024 by rpki-client on console-fra.rpki-client.org