Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nakK-bevg1beTxLEBKvQUKccG0w.roa
File: nakK-bevg1beTxLEBKvQUKccG0w.roa (raw, json)
Hash identifier: jB+aXYF3mpDSRgKeE3Ccm1nZ67dLwJJ8wLrj8+ULa0I=
Subject key identifier: 9D:A9:0A:F9:B7:AF:83:56:DE:4F:12:C4:04:AB:D0:50:A7:1C:1B:4C
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 01942823611B317996FB53A2B0FCBCD0CBFC
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nakK-bevg1beTxLEBKvQUKccG0w.roa
Signing time: Thu 02 Jan 2025 17:49:54 +0000
ROA not before: Thu 02 Jan 2025 17:49:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204104
IP address blocks: 217.60.199.0/24 maxlen: 24
217.60.237.0/24 maxlen: 24
217.60.238.0/24 maxlen: 24
217.60.243.0/24 maxlen: 24
217.60.246.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 09:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:23:61:1b:31:79:96:fb:53:a2:b0:fc:bc:d0:cb:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Jan 2 17:49:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9da90af9b7af8356de4f12c404abd050a71c1b4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:b6:ff:cb:93:b6:75:b4:9c:29:79:36:13:a8:
93:2d:cf:37:2f:d7:bb:f4:5a:b4:d1:b4:09:45:bc:
04:da:cd:2e:d8:ec:d9:1d:8f:a7:6f:b7:c0:62:b9:
be:70:a1:ba:49:73:c8:f8:a8:9a:07:87:79:43:f4:
fc:f5:89:a8:1a:f8:bd:61:f6:dc:3c:2d:6f:03:91:
f8:29:c1:51:29:9e:d0:c9:21:70:2e:11:1b:e9:bc:
b0:26:02:52:f5:71:52:7e:01:cd:91:8f:b0:af:43:
bc:a5:3b:fc:c8:49:f4:f3:78:02:ae:fd:a0:18:2c:
b5:3d:88:3b:c7:86:a9:e6:95:2c:3a:81:49:3d:4e:
d8:c8:6e:ec:45:53:31:ea:e5:39:ab:9f:31:a5:fd:
3e:2a:d7:ad:11:e3:83:51:33:97:a7:ed:de:a9:c2:
68:03:c0:56:83:dd:14:53:f4:78:d7:17:64:fb:b2:
84:bb:01:db:28:19:40:35:23:3c:80:e8:9e:d4:a9:
67:b7:98:83:4f:9f:56:91:f8:0d:f2:da:8c:20:d2:
4d:7e:b3:1f:c7:b8:3e:64:08:69:22:7a:4f:57:6b:
1e:cc:49:0f:08:4a:6e:42:62:a1:8b:9f:c4:9c:9e:
3c:52:da:9c:9b:42:05:b4:43:3c:0a:ef:80:02:f5:
10:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:A9:0A:F9:B7:AF:83:56:DE:4F:12:C4:04:AB:D0:50:A7:1C:1B:4C
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/nakK-bevg1beTxLEBKvQUKccG0w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.60.199.0/24
217.60.237.0-217.60.238.255
217.60.243.0/24
217.60.246.0/24
Signature Algorithm: sha256WithRSAEncryption
98:02:ae:74:0d:d5:c4:ad:31:6e:54:01:85:0b:64:0e:be:cc:
70:06:e9:ac:46:f5:da:bb:54:10:ad:93:c4:e7:0c:37:94:74:
c4:f3:1a:65:1e:0b:d5:30:b1:df:97:a6:86:27:33:c0:19:6c:
2b:c8:70:cb:40:f5:e6:7f:89:23:5e:b5:a2:59:b1:f9:d2:75:
a7:f4:7c:d4:c4:27:34:c3:c0:00:3e:af:64:cd:07:e7:6b:87:
1d:60:3b:71:16:e3:c4:60:c3:dd:78:2e:c4:f3:e9:c7:11:db:
3a:dc:8d:f6:5b:b0:7c:b7:b5:87:d3:29:11:49:e9:18:7c:38:
59:e0:a2:25:8a:ed:d6:0d:4d:3b:d1:ad:95:7b:0f:01:1e:4f:
c7:ce:3e:82:ad:68:8c:4a:06:a6:ac:3a:5c:78:ba:4c:08:00:
cd:29:cc:d5:7a:66:92:ec:fd:01:91:45:73:10:66:0f:e4:70:
82:60:48:2f:e6:3b:e5:f2:91:69:6a:55:97:e4:23:83:38:0b:
29:fd:06:1c:f6:02:bb:59:07:7b:20:6b:5c:40:de:c9:0a:b6:
aa:ec:c5:27:21:ad:59:fa:31:62:55:eb:b1:cd:37:07:79:2b:
cf:f3:e1:ae:26:54:18:42:0e:a0:7a:fd:88:39:0e:03:97:85:
17:8e:d1:21
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQoI2EbMXmW+1OisPy80Mv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGE5MGFmOWI3YWY4MzU2ZGU0ZjEyYzQwNGFiZDA1MGE3MWMxYjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bb/y5O2dbScKXk2E6iTLc83L9e7
9Fq00bQJRbwE2s0u2OzZHY+nb7fAYrm+cKG6SXPI+KiaB4d5Q/T89YmoGvi9Yfbc
PC1vA5H4KcFRKZ7QySFwLhEb6bywJgJS9XFSfgHNkY+wr0O8pTv8yEn083gCrv2g
GCy1PYg7x4ap5pUsOoFJPU7YyG7sRVMx6uU5q58xpf0+KtetEeODUTOXp+3eqcJo
A8BWg90UU/R41xdk+7KEuwHbKBlANSM8gOie1Klnt5iDT59WkfgN8tqMINJNfrMf
x7g+ZAhpInpPV2sezEkPCEpuQmKhi5/EnJ48Utqcm0IFtEM8Cu+AAvUQPwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJ2pCvm3r4NW3k8SxASr0FCnHBtMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbmFrSy1iZXZnMWJlVHhMRUJLdlFVS2NjRzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQA2TzHMAwD
BADZPO0DBADZPO4DBADZPPMDBADZPPYwDQYJKoZIhvcNAQELBQADggEBAJgCrnQN
1cStMW5UAYULZA6+zHAG6axG9dq7VBCtk8TnDDeUdMTzGmUeC9Uwsd+XpoYnM8AZ
bCvIcMtA9eZ/iSNetaJZsfnSdaf0fNTEJzTDwAA+r2TNB+drhx1gO3EW48Rgw914
LsTz6ccR2zrcjfZbsHy3tYfTKRFJ6Rh8OFngoiWK7dYNTTvRrZV7DwEeT8fOPoKt
aIxKBqasOlx4ukwIAM0pzNV6ZpLs/QGRRXMQZg/kcIJgSC/mO+XykWlqVZfkI4M4
Cyn9Bhz2ArtZB3sga1xA3skKtqrsxSchrVn6MWJV67HNNwd5K8/z4a4mVBhCDqB6
/Yg5DgOXhReO0SE=
-----END CERTIFICATE-----
Generated at Wed Feb 5 13:58:14 2025 by rpki-client