Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/NK7GdHMYRv_hDeWPBmQND98lvj8.roa
File: NK7GdHMYRv_hDeWPBmQND98lvj8.roa (raw, json)
Hash identifier: jBbpvQcqJ1jdxJjUVdSmEBEQDhr0KhV9KMUkwMQPtk8=
Subject key identifier: 34:AE:C6:74:73:18:46:FF:E1:0D:E5:8F:06:64:0D:0F:DF:25:BE:3F
Certificate issuer: /CN=0b1c6d0de70cc51805b63a5e2327622525d075b1
Certificate serial: 019427B59355FAEF88EE5C5200A23DB7B6F5
Authority key identifier: 0B:1C:6D:0D:E7:0C:C5:18:05:B6:3A:5E:23:27:62:25:25:D0:75:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/NK7GdHMYRv_hDeWPBmQND98lvj8.roa
Signing time: Thu 02 Jan 2025 15:49:58 +0000
ROA not before: Thu 02 Jan 2025 15:49:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 46.226.52.0/23 maxlen: 23
85.158.140.0/24 maxlen: 24
85.158.141.0/24 maxlen: 24
85.158.142.0/24 maxlen: 24
85.158.143.0/24 maxlen: 24
193.109.254.0/24 maxlen: 24
193.109.255.0/24 maxlen: 24
195.245.230.0/24 maxlen: 24
195.245.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.mft
rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 19:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:93:55:fa:ef:88:ee:5c:52:00:a2:3d:b7:b6:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b1c6d0de70cc51805b63a5e2327622525d075b1
Validity
Not Before: Jan 2 15:49:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=34aec674731846ffe10de58f06640d0fdf25be3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:95:e5:d4:e1:e4:1f:b9:b4:f4:74:e9:c0:ae:
b0:e0:42:06:72:02:6e:13:fd:12:98:e6:c0:1b:39:
82:63:8f:ea:eb:11:7b:0d:de:a3:46:a8:d4:18:c0:
dc:84:20:24:a0:d1:7a:16:09:d5:e3:b0:a6:2a:00:
1d:ee:40:26:f4:dd:5a:a0:48:0e:c0:7e:c0:94:0f:
4e:13:6c:32:4f:c2:6e:9b:e5:65:ac:91:86:5c:e1:
17:0c:e0:d2:38:05:c6:35:26:c8:1c:1c:52:b1:b7:
da:1c:90:86:a9:98:1d:4b:7a:e6:2b:ce:f1:36:4a:
1c:00:27:9f:d4:0b:6b:9a:71:de:b9:95:81:2e:7b:
ac:03:19:ae:24:54:3e:52:63:66:5a:a5:77:d3:a2:
5f:69:5c:02:10:ec:59:f5:1a:4c:73:50:16:6e:16:
d7:99:fd:27:3b:22:46:57:7b:7f:20:be:9e:75:f7:
4c:1a:10:cc:19:c1:41:d7:e9:92:68:3d:46:00:6d:
6f:2b:85:d9:e3:c8:5e:6f:16:97:17:45:bc:ac:8b:
ab:41:9c:9e:83:5b:08:25:da:3e:d9:45:41:d9:8d:
7e:d6:e6:ab:02:a9:1c:e6:bf:64:db:72:68:3c:8f:
0c:37:2b:cd:2e:4b:4b:ba:f7:96:84:4b:d2:cc:ea:
86:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:AE:C6:74:73:18:46:FF:E1:0D:E5:8F:06:64:0D:0F:DF:25:BE:3F
X509v3 Authority Key Identifier:
keyid:0B:1C:6D:0D:E7:0C:C5:18:05:B6:3A:5E:23:27:62:25:25:D0:75:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/NK7GdHMYRv_hDeWPBmQND98lvj8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.226.52.0/23
85.158.140.0/22
193.109.254.0/23
195.245.230.0/23
Signature Algorithm: sha256WithRSAEncryption
a7:dc:71:c6:e7:4b:c1:84:43:3d:fd:3c:55:b5:83:94:32:a8:
cb:78:b7:e0:6c:18:19:6d:1a:a2:e7:e3:3a:9a:d0:e6:ea:15:
29:fe:4b:29:12:b9:4f:81:2f:10:78:96:63:bd:a5:d2:5b:4d:
99:8e:c8:f0:83:79:19:69:ed:dc:79:e2:8f:68:24:ad:ca:56:
58:34:26:3d:9d:5f:14:de:85:76:3a:63:b7:29:1f:f1:13:0f:
46:e1:54:8d:52:74:ef:3b:02:07:7e:11:16:6d:c1:e6:4f:d4:
83:2d:70:5f:99:99:f6:bb:5e:86:21:91:2e:18:64:11:9c:6e:
39:2b:97:1c:d7:b7:9a:2f:ef:4e:79:36:a8:1c:13:12:e2:b0:
8a:68:0a:9e:da:49:5d:d8:55:4b:e9:b9:4a:45:e7:23:65:96:
74:5e:10:5b:5e:57:c7:bd:1f:9c:48:02:fb:f0:5e:b3:f3:75:
6d:b4:f4:f5:27:59:ed:92:79:b6:46:b9:01:d9:97:8b:1a:b2:
7c:f8:0a:e3:82:b8:34:9d:63:5d:99:ad:1b:3a:f8:34:83:78:
df:35:7a:74:65:66:d4:e8:56:44:a3:06:59:2d:45:23:33:ea:
22:53:2b:fa:6a:5c:0b:61:18:2a:bb:d9:bc:79:f7:6b:7a:f1:
6a:81:81:05
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQntZNV+u+I7lxSAKI9t7b1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWM2ZDBkZTcwY2M1MTgwNWI2M2E1ZTIzMjc2MjI1MjVk
MDc1YjEwHhcNMjUwMTAyMTU0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFlYzY3NDczMTg0NmZmZTEwZGU1OGYwNjY0MGQwZmRmMjViZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJXl1OHkH7m09HTpwK6w4EIGcgJu
E/0SmObAGzmCY4/q6xF7Dd6jRqjUGMDchCAkoNF6FgnV47CmKgAd7kAm9N1aoEgO
wH7AlA9OE2wyT8Jum+VlrJGGXOEXDODSOAXGNSbIHBxSsbfaHJCGqZgdS3rmK87x
NkocACef1AtrmnHeuZWBLnusAxmuJFQ+UmNmWqV306JfaVwCEOxZ9RpMc1AWbhbX
mf0nOyJGV3t/IL6edfdMGhDMGcFB1+mSaD1GAG1vK4XZ48hebxaXF0W8rIurQZye
g1sIJdo+2UVB2Y1+1uarAqkc5r9k23JoPI8MNyvNLktLuveWhEvSzOqGAQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDSuxnRzGEb/4Q3ljwZkDQ/fJb4/MB8GA1UdIwQY
MBaAFAscbQ3nDMUYBbY6XiMnYiUl0HWxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3h4dERlY014UmdGdGpwZUl5ZGlKU1hRZGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMTk3MmEtOWUxOC00NzkxLTg1MzAt
Zjc3NGYxZWFmYmZmLzEvTks3R2RITVlSdl9oRGVXUEJtUU5EOThsdmo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMTk3MmEtOWUxOC00NzkxLTg1MzAtZjc3NGYxZWFmYmZm
LzEvQ3h4dERlY014UmdGdGpwZUl5ZGlKU1hRZGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBLuI0AwQC
VZ6MAwQBwW3+AwQBw/XmMA0GCSqGSIb3DQEBCwUAA4IBAQCn3HHG50vBhEM9/TxV
tYOUMqjLeLfgbBgZbRqi5+M6mtDm6hUp/kspErlPgS8QeJZjvaXSW02Zjsjwg3kZ
ae3ceeKPaCStylZYNCY9nV8U3oV2OmO3KR/xEw9G4VSNUnTvOwIHfhEWbcHmT9SD
LXBfmZn2u16GIZEuGGQRnG45K5cc17eaL+9OeTaoHBMS4rCKaAqe2kld2FVL6blK
RecjZZZ0XhBbXlfHvR+cSAL78F6z83VttPT1J1ntknm2RrkB2ZeLGrJ8+Arjgrg0
nWNdma0bOvg0g3jfNXp0ZWbU6FZEowZZLUUjM+oiUyv6alwLYRgqu9m8efdrevFq
gYEF
-----END CERTIFICATE-----
Generated at Sat Apr 5 00:00:31 2025 by rpki-client