Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/NXAeb9IWUwyD7uJoDFhdlItryvQ.roa
File: NXAeb9IWUwyD7uJoDFhdlItryvQ.roa (raw, json)
Hash identifier: wnXj0dBxbPaa8Mn1Jw3F82zVQWHyblMHNktXthU6r5A=
Subject key identifier: 35:70:1E:6F:D2:16:53:0C:83:EE:E2:68:0C:58:5D:94:8B:6B:CA:F4
Certificate issuer: /CN=da24f35721ca31a83e2f6e937e17408e6e7b2c61
Certificate serial: 018CC80119127BD538DA0F9EC443AAA80B16
Authority key identifier: DA:24:F3:57:21:CA:31:A8:3E:2F:6E:93:7E:17:40:8E:6E:7B:2C:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2iTzVyHKMag-L26TfhdAjm57LGE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/NXAeb9IWUwyD7uJoDFhdlItryvQ.roa
Signing time: Tue 02 Jan 2024 02:29:24 +0000
ROA not before: Tue 02 Jan 2024 02:29:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205892
IP address blocks: 95.129.28.0/22 maxlen: 24
185.190.72.0/22 maxlen: 24
195.158.216.0/22 maxlen: 24
2a0a:540::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/2iTzVyHKMag-L26TfhdAjm57LGE.crl
rsync://rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/2iTzVyHKMag-L26TfhdAjm57LGE.mft
rsync://rpki.ripe.net/repository/DEFAULT/2iTzVyHKMag-L26TfhdAjm57LGE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 28 Dec 2024 18:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:19:12:7b:d5:38:da:0f:9e:c4:43:aa:a8:0b:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da24f35721ca31a83e2f6e937e17408e6e7b2c61
Validity
Not Before: Jan 2 02:29:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=35701e6fd216530c83eee2680c585d948b6bcaf4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:66:e2:7a:15:dc:41:db:d7:4e:34:b7:cc:98:
51:07:f6:85:ab:05:f3:d9:95:7e:02:f1:be:1d:77:
dc:9a:2b:0c:58:a8:24:d9:6f:37:28:97:f8:5f:8f:
28:3b:0e:e8:d4:13:f6:0b:c3:53:e5:bc:00:25:ce:
4a:4d:0c:a0:4c:97:98:5a:6b:bd:a1:1a:6d:ec:b6:
f6:08:f5:82:92:82:24:4f:25:2d:ba:52:f9:23:74:
0a:16:07:0e:27:79:80:f7:05:14:91:b0:34:b2:d7:
d6:fb:07:b8:b5:de:da:57:f6:03:a4:ef:c8:d0:0f:
20:75:96:d4:bc:ce:e8:31:31:e8:d2:ff:79:dc:0d:
fe:93:5c:e7:04:90:91:1a:89:85:9d:5d:cf:59:7d:
7d:4a:99:59:a6:38:a8:65:a4:ee:80:38:8d:90:a5:
bd:8f:21:52:e7:e6:9a:74:72:44:4c:70:19:f7:eb:
22:90:27:66:48:c5:14:ad:e6:7b:2d:9b:23:d4:0e:
f5:62:99:43:99:4b:ef:73:25:eb:76:73:69:a4:0d:
66:a0:fd:54:b5:55:8f:c8:6e:ce:7e:37:7a:32:e2:
df:ed:5b:04:56:e4:87:7f:a8:4e:25:a3:9c:a8:f2:
8b:66:e4:c7:d0:f2:c4:7a:fa:57:51:fc:4f:c5:21:
28:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:70:1E:6F:D2:16:53:0C:83:EE:E2:68:0C:58:5D:94:8B:6B:CA:F4
X509v3 Authority Key Identifier:
keyid:DA:24:F3:57:21:CA:31:A8:3E:2F:6E:93:7E:17:40:8E:6E:7B:2C:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2iTzVyHKMag-L26TfhdAjm57LGE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/NXAeb9IWUwyD7uJoDFhdlItryvQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ececf4-e930-4192-84dd-80f31d3ea152/1/2iTzVyHKMag-L26TfhdAjm57LGE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.129.28.0/22
185.190.72.0/22
195.158.216.0/22
IPv6:
2a0a:540::/29
Signature Algorithm: sha256WithRSAEncryption
88:b6:e2:5d:46:ed:ed:ff:08:be:da:50:27:7e:6a:98:67:20:
71:f2:55:c0:48:ce:21:5d:ab:ae:53:60:40:b3:45:ab:d1:6c:
d1:cf:b0:9d:72:d3:a0:15:bb:8e:18:44:2f:b5:ac:a9:99:1d:
6f:74:1e:ed:f0:d1:55:82:59:d6:6f:45:30:01:43:6a:5a:b9:
7c:b5:25:68:f9:12:c9:0d:e7:df:fe:6e:21:ff:e5:19:e0:7a:
c2:76:04:dc:43:ac:2e:35:21:e5:a5:7b:72:ef:6e:2f:ed:17:
2b:d2:f3:76:72:eb:09:58:94:ba:98:5d:90:5d:07:78:79:07:
21:6c:d8:4d:8d:a3:45:01:d8:16:33:d1:4c:7f:fb:c7:2e:c5:
a4:30:79:09:96:fb:5e:7f:92:90:34:2e:f5:82:38:2d:81:9d:
24:da:59:16:c2:84:dd:5b:56:a3:60:8d:f7:3b:4a:48:5c:93:
7a:aa:91:4e:d0:de:a4:89:73:5c:6d:20:50:91:0b:74:c7:3c:
22:e8:21:44:a4:ff:2a:d9:d9:9d:fc:e5:22:a6:66:4a:2c:87:
46:67:5f:03:b6:23:00:34:b8:e3:5f:d5:31:cb:0e:25:3b:17:
5f:e8:50:28:33:f7:2c:60:d8:b1:11:dc:e5:4f:e3:e3:e0:19:
18:49:d6:d1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzIARkSe9U42g+exEOqqAsWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMjRmMzU3MjFjYTMxYTgzZTJmNmU5MzdlMTc0MDhlNmU3
YjJjNjEwHhcNMjQwMTAyMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTcwMWU2ZmQyMTY1MzBjODNlZWUyNjgwYzU4NWQ5NDhiNmJjYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmbiehXcQdvXTjS3zJhRB/aFqwXz
2ZV+AvG+HXfcmisMWKgk2W83KJf4X48oOw7o1BP2C8NT5bwAJc5KTQygTJeYWmu9
oRpt7Lb2CPWCkoIkTyUtulL5I3QKFgcOJ3mA9wUUkbA0stfW+we4td7aV/YDpO/I
0A8gdZbUvM7oMTHo0v953A3+k1znBJCRGomFnV3PWX19SplZpjioZaTugDiNkKW9
jyFS5+aadHJETHAZ9+sikCdmSMUUreZ7LZsj1A71YplDmUvvcyXrdnNppA1moP1U
tVWPyG7Ofjd6MuLf7VsEVuSHf6hOJaOcqPKLZuTH0PLEevpXUfxPxSEoeQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDVwHm/SFlMMg+7iaAxYXZSLa8r0MB8GA1UdIwQY
MBaAFNok81chyjGoPi9uk34XQI5ueyxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmlUelZ5SEtNYWctTDI2VGZoZEFqbTU3TEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9lY2VjZjQtZTkzMC00MTkyLTg0ZGQt
ODBmMzFkM2VhMTUyLzEvTlhBZWI5SVdVd3lEN3VKb0RGaGRsSXRyeXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9lY2VjZjQtZTkzMC00MTkyLTg0ZGQtODBmMzFkM2VhMTUy
LzEvMmlUelZ5SEtNYWctTDI2VGZoZEFqbTU3TEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCX4EcAwQC
ub5IAwQCw57YMA0EAgACMAcDBQMqCgVAMA0GCSqGSIb3DQEBCwUAA4IBAQCItuJd
Ru3t/wi+2lAnfmqYZyBx8lXASM4hXauuU2BAs0Wr0WzRz7CdctOgFbuOGEQvtayp
mR1vdB7t8NFVglnWb0UwAUNqWrl8tSVo+RLJDeff/m4h/+UZ4HrCdgTcQ6wuNSHl
pXty724v7Rcr0vN2cusJWJS6mF2QXQd4eQchbNhNjaNFAdgWM9FMf/vHLsWkMHkJ
lvtef5KQNC71gjgtgZ0k2lkWwoTdW1ajYI33O0pIXJN6qpFO0N6kiXNcbSBQkQt0
xzwi6CFEpP8q2dmd/OUipmZKLIdGZ18DtiMANLjjX9Uxyw4lOxdf6FAoM/csYNix
EdzlT+Pj4BkYSdbR
-----END CERTIFICATE-----
Generated at Sat Dec 28 03:00:32 2024 by rpki-client on console-ams.rpki-client.org