Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/nHW9BLq4zRW7_GDpHKk8LDtfSmI.roa
File: nHW9BLq4zRW7_GDpHKk8LDtfSmI.roa (raw, json)
Hash identifier: wgNVfFr1EUmSTQMiYZD3CFdfwE6KU5e+fnSwgZEt6SA=
Subject key identifier: 9C:75:BD:04:BA:B8:CD:15:BB:FC:60:E9:1C:A9:3C:2C:3B:5F:4A:62
Certificate issuer: /CN=6b92cf3390caa5879e759729cd9008c6eca55a27
Certificate serial: 019422FBBD320ACEB9BD95A96181176086E8
Authority key identifier: 6B:92:CF:33:90:CA:A5:87:9E:75:97:29:CD:90:08:C6:EC:A5:5A:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/nHW9BLq4zRW7_GDpHKk8LDtfSmI.roa
Signing time: Wed 01 Jan 2025 17:48:30 +0000
ROA not before: Wed 01 Jan 2025 17:48:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21874
IP address blocks: 168.168.40.0/22 maxlen: 22
168.168.44.0/22 maxlen: 22
168.168.48.0/21 maxlen: 21
168.168.56.0/23 maxlen: 23
168.168.60.0/22 maxlen: 22
168.168.64.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/a5LPM5DKpYeedZcpzZAIxuylWic.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/a5LPM5DKpYeedZcpzZAIxuylWic.mft
rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 04:01:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:bd:32:0a:ce:b9:bd:95:a9:61:81:17:60:86:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b92cf3390caa5879e759729cd9008c6eca55a27
Validity
Not Before: Jan 1 17:48:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9c75bd04bab8cd15bbfc60e91ca93c2c3b5f4a62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:ea:e3:0d:b3:3a:c0:a3:0c:5a:1e:fd:90:fa:
21:ec:5b:fa:3f:93:29:af:2c:8f:7e:37:0c:05:1f:
ae:d9:02:81:28:0d:a8:d5:23:c1:2d:6c:71:f2:25:
f3:36:e9:a9:34:8e:c8:11:fd:73:6f:d5:9f:85:17:
ff:36:3d:5e:99:cf:f8:b8:82:ea:b6:b6:6d:b2:7f:
0d:d3:44:e8:4e:87:f9:41:ba:f7:e7:f3:d5:63:b0:
22:cc:10:e4:58:05:b5:eb:c1:7e:3c:40:b3:06:13:
f7:29:91:38:15:88:6c:95:b1:4b:50:cb:b6:e2:b5:
84:3e:46:a8:e5:dd:58:7b:e8:e5:bd:a3:26:3a:18:
0f:5c:35:89:06:7f:f4:22:5c:b9:a2:3d:2a:e1:35:
51:27:17:10:0d:51:c2:5a:ef:8a:2d:24:22:f2:0c:
ec:9a:b9:25:52:c0:76:27:89:b0:36:76:b4:e7:95:
c1:c3:db:89:98:4a:39:c0:39:50:4e:4b:6f:40:95:
51:89:d9:0f:20:a4:1d:55:17:a4:2a:43:d5:75:cd:
7d:f8:ee:b5:cf:98:a6:ff:f2:4a:ab:4f:a2:4f:59:
44:19:d3:00:d9:40:f3:5a:79:6a:d3:bb:0a:88:b1:
20:24:3a:c1:51:3a:a9:4f:cf:a1:54:0e:df:92:b1:
ac:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:75:BD:04:BA:B8:CD:15:BB:FC:60:E9:1C:A9:3C:2C:3B:5F:4A:62
X509v3 Authority Key Identifier:
keyid:6B:92:CF:33:90:CA:A5:87:9E:75:97:29:CD:90:08:C6:EC:A5:5A:27
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/nHW9BLq4zRW7_GDpHKk8LDtfSmI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/a5LPM5DKpYeedZcpzZAIxuylWic.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
168.168.40.0-168.168.57.255
168.168.60.0-168.168.64.255
Signature Algorithm: sha256WithRSAEncryption
2b:dc:4d:7b:f2:76:35:46:34:f7:37:9e:ba:51:41:1f:c8:e3:
6a:13:fa:df:42:e1:45:ad:f8:50:84:66:6b:27:75:64:ee:a7:
01:5a:48:87:f0:ae:d4:ae:e6:4c:7e:c7:a4:b5:5b:7f:05:50:
b1:06:96:16:80:ff:65:86:7d:af:ff:18:14:5c:00:1c:9d:71:
22:6b:dd:32:e6:8b:ee:a9:b7:58:d3:19:6b:39:a7:04:ed:a0:
3d:e5:3a:c9:8a:0f:86:04:87:4f:15:05:49:50:19:4b:3b:df:
73:15:de:5a:65:e1:0e:14:a4:c7:49:80:2e:ab:59:a5:af:89:
01:40:bc:f2:45:62:ab:09:09:33:86:c0:4b:66:7a:c7:77:2e:
03:2b:b2:94:b2:35:d3:d2:0d:52:49:14:82:3a:51:ad:ba:10:
29:3d:80:4e:64:9c:3d:07:ee:e0:9e:a3:29:43:8c:16:87:bd:
52:c0:2e:9d:b8:2a:71:9b:b7:5a:3e:1b:23:38:a0:aa:ac:65:
40:cb:3f:e0:a7:72:46:3e:d5:fb:fb:32:25:26:99:7b:9b:9e:
1c:b8:cb:1d:7c:17:6e:8f:8e:10:54:31:c4:1c:ed:20:2f:ef:
c6:a8:61:27:8e:2b:29:19:2a:5e:e6:83:d5:89:0d:ca:03:f6:
61:7b:0d:b7
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQi+70yCs65vZWpYYEXYIboMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiOTJjZjMzOTBjYWE1ODc5ZTc1OTcyOWNkOTAwOGM2ZWNh
NTVhMjcwHhcNMjUwMTAxMTc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzc1YmQwNGJhYjhjZDE1YmJmYzYwZTkxY2E5M2MyYzNiNWY0YTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OrjDbM6wKMMWh79kPoh7Fv6P5Mp
ryyPfjcMBR+u2QKBKA2o1SPBLWxx8iXzNumpNI7IEf1zb9WfhRf/Nj1emc/4uILq
trZtsn8N00ToTof5Qbr35/PVY7AizBDkWAW168F+PECzBhP3KZE4FYhslbFLUMu2
4rWEPkao5d1Ye+jlvaMmOhgPXDWJBn/0Ily5oj0q4TVRJxcQDVHCWu+KLSQi8gzs
mrklUsB2J4mwNna055XBw9uJmEo5wDlQTktvQJVRidkPIKQdVRekKkPVdc19+O61
z5im//JKq0+iT1lEGdMA2UDzWnlq07sKiLEgJDrBUTqpT8+hVA7fkrGsyQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJx1vQS6uM0Vu/xg6RypPCw7X0piMB8GA1UdIwQY
MBaAFGuSzzOQyqWHnnWXKc2QCMbspVonMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTVMUE01REtwWWVlZFpjcHpaQUl4dXlsV2ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xMjM0OWUtNTI4Mi00NzJhLWFlNTIt
MmEwNjIyMzYyM2UwLzEvbkhXOUJMcTR6Ulc3X0dEcEhLazhMRHRmU21JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xMjM0OWUtNTI4Mi00NzJhLWFlNTItMmEwNjIyMzYyM2Uw
LzEvYTVMUE01REtwWWVlZFpjcHpaQUl4dXlsV2ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAOoqCgD
BAGoqDgwDAMEAqioPAMEAKioQDANBgkqhkiG9w0BAQsFAAOCAQEAK9xNe/J2NUY0
9zeeulFBH8jjahP630LhRa34UIRmayd1ZO6nAVpIh/Cu1K7mTH7HpLVbfwVQsQaW
FoD/ZYZ9r/8YFFwAHJ1xImvdMuaL7qm3WNMZazmnBO2gPeU6yYoPhgSHTxUFSVAZ
SzvfcxXeWmXhDhSkx0mALqtZpa+JAUC88kViqwkJM4bAS2Z6x3cuAyuylLI109IN
UkkUgjpRrboQKT2ATmScPQfu4J6jKUOMFoe9UsAunbgqcZu3Wj4bIzigqqxlQMs/
4KdyRj7V+/syJSaZe5ueHLjLHXwXbo+OEFQxxBztIC/vxqhhJ44rKRkqXuaD1YkN
ygP2YXsNtw==
-----END CERTIFICATE-----
Generated at Sun Apr 13 14:02:38 2025 by rpki-client