Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/nxWUk2NAoFEOBnPl0EiSfXPDs08.roa
File: nxWUk2NAoFEOBnPl0EiSfXPDs08.roa (raw, json)
Hash identifier: q3fdK1UzGuKqIDpgZc+BavU5BV78iYLHi960+oEFG6E=
Subject key identifier: 9F:15:94:93:63:40:A0:51:0E:06:73:E5:D0:48:92:7D:73:C3:B3:4F
Certificate issuer: /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial: 019427B5F5727E802C030CE18BAACC024729
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/nxWUk2NAoFEOBnPl0EiSfXPDs08.roa
Signing time: Thu 02 Jan 2025 15:50:23 +0000
ROA not before: Thu 02 Jan 2025 15:50:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43700
IP address blocks: 14.102.4.0/22 maxlen: 24
31.172.224.0/22 maxlen: 22
45.84.244.0/22 maxlen: 22
78.158.0.0/19 maxlen: 19
78.158.0.0/20 maxlen: 20
78.158.16.0/20 maxlen: 20
95.215.140.0/22 maxlen: 22
185.246.240.0/22 maxlen: 22
185.252.108.0/22 maxlen: 22
185.252.204.0/22 maxlen: 22
216.25.0.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 14:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:f5:72:7e:80:2c:03:0c:e1:8b:aa:cc:02:47:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Validity
Not Before: Jan 2 15:50:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9f1594936340a0510e0673e5d048927d73c3b34f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:a7:e4:4c:82:48:9e:f4:f3:40:63:0c:f2:cd:
13:df:a3:8d:a9:75:91:3d:fa:f1:14:7b:c2:cc:97:
c4:ca:14:4d:c0:74:3b:3b:46:cf:19:27:e5:fa:86:
b0:05:d0:66:80:4c:a9:45:01:9a:30:6a:e5:9b:9e:
b3:8d:2a:d4:1e:84:a7:b6:a8:85:0e:f9:31:37:98:
fe:fb:29:d5:b6:f5:b0:f1:52:e3:28:10:a7:32:04:
d5:9f:a1:13:a6:05:ba:fe:e3:b8:07:25:58:ab:6d:
41:e0:d9:d0:f9:5b:68:a3:d1:82:b4:70:cb:1e:1d:
ec:bb:c1:73:9a:cc:8f:d0:8c:26:17:80:5e:db:9c:
28:41:48:35:dc:bf:ab:8b:51:7b:e1:62:94:54:d8:
89:d5:10:64:ce:02:4b:03:63:9c:fd:b4:06:5d:cf:
11:5b:1d:6a:f0:43:ea:0c:5f:cd:6b:ed:cc:c6:b5:
e8:41:23:c8:a5:62:2a:20:f4:a3:33:36:07:92:ec:
e3:cf:ca:87:79:6b:32:1d:33:a8:7c:66:f5:b0:0b:
e2:7f:42:42:2b:7e:33:24:c8:3d:85:8e:a3:2f:be:
1f:58:3b:79:8b:f0:d0:ab:05:b9:08:cb:ad:e6:25:
5f:b8:e4:8b:5f:5c:78:fc:3e:b7:e0:d8:b0:46:f8:
d5:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:15:94:93:63:40:A0:51:0E:06:73:E5:D0:48:92:7D:73:C3:B3:4F
X509v3 Authority Key Identifier:
keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/nxWUk2NAoFEOBnPl0EiSfXPDs08.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
14.102.4.0/22
31.172.224.0/22
45.84.244.0/22
78.158.0.0/19
95.215.140.0/22
185.246.240.0/22
185.252.108.0/22
185.252.204.0/22
216.25.0.0/22
Signature Algorithm: sha256WithRSAEncryption
2a:76:62:70:3b:b1:b8:88:4e:00:ef:4f:1c:38:fe:d8:81:5e:
14:2a:6e:a3:85:3e:e9:5d:9c:ed:1f:3c:fc:12:61:84:49:3e:
45:f7:df:33:ec:43:ef:02:75:ff:63:0b:b0:ce:51:cd:d9:7d:
64:a7:7b:20:f8:8b:11:f9:71:9c:46:55:69:8c:86:65:18:01:
f0:69:a7:66:2f:f0:34:73:73:97:8a:be:ad:66:d5:40:92:08:
c7:89:77:0a:fe:e0:20:19:4c:fd:73:95:e6:e6:84:0f:3b:62:
f1:66:db:ce:18:d7:5b:bc:9e:2f:3b:e3:83:5e:8f:65:90:f9:
16:fd:f4:1b:e7:77:74:22:6a:2a:e4:89:0f:c7:47:fa:10:30:
38:2f:e1:b6:4a:ef:c9:56:9f:3d:ba:a7:23:ad:f6:71:ea:3c:
1b:9a:51:9b:f3:f0:ff:c3:9b:6a:51:2a:12:80:4e:c6:63:22:
86:ed:00:a8:c3:d1:d3:80:55:1b:f7:e8:36:bc:03:b2:92:85:
ec:8b:60:ba:5e:f3:d4:48:51:d0:09:ad:e8:0e:87:27:e2:f0:
c5:ca:d2:f8:ba:3e:31:3a:32:06:20:a5:47:db:2a:b1:a8:42:
58:52:77:71:b6:ae:e0:c4:59:45:d4:47:c4:36:87:19:04:b1:
ce:8b:13:65
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQntfVyfoAsAwzhi6rMAkcpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjUwMTAyMTU1MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjE1OTQ5MzYzNDBhMDUxMGUwNjczZTVkMDQ4OTI3ZDczYzNiMzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqfkTIJInvTzQGMM8s0T36ONqXWR
PfrxFHvCzJfEyhRNwHQ7O0bPGSfl+oawBdBmgEypRQGaMGrlm56zjSrUHoSntqiF
DvkxN5j++ynVtvWw8VLjKBCnMgTVn6ETpgW6/uO4ByVYq21B4NnQ+Vtoo9GCtHDL
Hh3su8FzmsyP0IwmF4Be25woQUg13L+ri1F74WKUVNiJ1RBkzgJLA2Oc/bQGXc8R
Wx1q8EPqDF/Na+3MxrXoQSPIpWIqIPSjMzYHkuzjz8qHeWsyHTOofGb1sAvif0JC
K34zJMg9hY6jL74fWDt5i/DQqwW5CMut5iVfuOSLX1x4/D634NiwRvjVhQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJ8VlJNjQKBRDgZz5dBIkn1zw7NPMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvbnhXVWsyTkFvRkVPQm5QbDBFaVNmWFBEczA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCDmYEAwQC
H6zgAwQCLVT0AwQFTp4AAwQCX9eMAwQCufbwAwQCufxsAwQCufzMAwQC2BkAMA0G
CSqGSIb3DQEBCwUAA4IBAQAqdmJwO7G4iE4A708cOP7YgV4UKm6jhT7pXZztHzz8
EmGEST5F998z7EPvAnX/YwuwzlHN2X1kp3sg+IsR+XGcRlVpjIZlGAHwaadmL/A0
c3OXir6tZtVAkgjHiXcK/uAgGUz9c5Xm5oQPO2LxZtvOGNdbvJ4vO+ODXo9lkPkW
/fQb53d0Imoq5IkPx0f6EDA4L+G2Su/JVp89uqcjrfZx6jwbmlGb8/D/w5tqUSoS
gE7GYyKG7QCow9HTgFUb9+g2vAOykoXsi2C6XvPUSFHQCa3oDocn4vDFytL4uj4x
OjIGIKVH2yqxqEJYUndxtq7gxFlF1EfENocZBLHOixNl
-----END CERTIFICATE-----
Generated at Sun Apr 6 23:00:19 2025 by rpki-client