Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/1nkbAUyMBTqm0zrFDH2BJFInn74.roa
File: 1nkbAUyMBTqm0zrFDH2BJFInn74.roa (raw, json)
Hash identifier: kSALWUCmn9r8Fvws/ekGIMLGIzxTE3Z8oBdBGKZ1vV8=
Subject key identifier: D6:79:1B:01:4C:8C:05:3A:A6:D3:3A:C5:0C:7D:81:24:52:27:9F:BE
Certificate issuer: /CN=f0cc7a447482e57b0604babb82a52409cde3b36d
Certificate serial: 0194228DAD522F25CCF8F784B0D51BB41EEA
Authority key identifier: F0:CC:7A:44:74:82:E5:7B:06:04:BA:BB:82:A5:24:09:CD:E3:B3:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/1nkbAUyMBTqm0zrFDH2BJFInn74.roa
Signing time: Wed 01 Jan 2025 15:48:17 +0000
ROA not before: Wed 01 Jan 2025 15:48:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 91.123.0.0/24 maxlen: 24
91.123.1.0/24 maxlen: 24
91.123.2.0/24 maxlen: 24
91.123.3.0/24 maxlen: 24
91.123.4.0/24 maxlen: 24
91.123.5.0/24 maxlen: 24
91.123.6.0/24 maxlen: 24
91.123.7.0/24 maxlen: 24
190.106.160.0/24 maxlen: 24
190.106.161.0/24 maxlen: 24
190.106.162.0/24 maxlen: 24
190.106.163.0/24 maxlen: 24
190.106.164.0/24 maxlen: 24
190.106.165.0/24 maxlen: 24
190.106.166.0/24 maxlen: 24
190.106.167.0/24 maxlen: 24
190.106.168.0/24 maxlen: 24
190.106.169.0/24 maxlen: 24
190.106.170.0/24 maxlen: 24
190.106.171.0/24 maxlen: 24
190.106.172.0/24 maxlen: 24
190.106.173.0/24 maxlen: 24
190.106.174.0/24 maxlen: 24
190.106.175.0/24 maxlen: 24
190.106.176.0/24 maxlen: 24
190.106.185.0/24 maxlen: 24
190.106.186.0/24 maxlen: 24
190.106.187.0/24 maxlen: 24
190.106.188.0/24 maxlen: 24
190.106.189.0/24 maxlen: 24
190.106.190.0/24 maxlen: 24
190.106.191.0/24 maxlen: 24
206.195.128.0/24 maxlen: 24
206.195.129.0/24 maxlen: 24
206.195.130.0/24 maxlen: 24
206.195.131.0/24 maxlen: 24
206.195.132.0/24 maxlen: 24
206.195.133.0/24 maxlen: 24
206.195.134.0/24 maxlen: 24
206.195.135.0/24 maxlen: 24
206.195.136.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/8Mx6RHSC5XsGBLq7gqUkCc3js20.crl
rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/8Mx6RHSC5XsGBLq7gqUkCc3js20.mft
rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:ad:52:2f:25:cc:f8:f7:84:b0:d5:1b:b4:1e:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0cc7a447482e57b0604babb82a52409cde3b36d
Validity
Not Before: Jan 1 15:48:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d6791b014c8c053aa6d33ac50c7d812452279fbe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:a3:d8:b8:c1:b6:07:4f:58:f1:3a:5d:e5:32:
11:62:37:fb:ec:05:f7:5e:5f:7b:62:7b:6e:65:4f:
cb:7f:98:6a:bc:13:17:ba:7a:a1:f6:a8:6b:3b:1a:
b0:a6:7d:37:59:39:a4:a2:8b:b5:ed:82:dc:cf:a7:
c9:5b:80:93:08:0e:cf:c6:e5:32:93:2b:22:98:60:
85:b2:3b:b2:b6:ef:0a:99:71:1b:b3:d5:b0:1d:88:
35:63:51:43:00:14:c3:4b:e1:74:ae:1b:8c:d8:a5:
51:e2:46:b2:9e:f1:20:6b:de:27:17:0f:92:19:44:
17:d6:5f:c3:a3:a2:a5:0d:a6:af:53:7d:27:c2:fe:
44:cb:54:85:1b:41:5f:34:0f:b2:5d:89:3b:65:bc:
0c:6a:1f:6e:0b:11:08:e7:ae:a6:e1:f0:2f:01:7d:
34:df:e3:f8:9a:9d:77:ae:ad:e6:91:f7:2b:1b:12:
89:26:c0:1c:8d:db:25:8c:2f:65:ca:0c:8e:d8:49:
f5:0b:d3:f2:71:4e:9e:83:8d:cb:e3:d9:22:f3:66:
c9:0a:6c:67:56:4c:ef:bb:52:4a:19:63:46:1f:75:
82:2a:e0:cb:f8:50:6e:18:d1:fe:5f:1d:73:02:4f:
0c:aa:83:cf:9f:be:1c:38:9e:d1:fb:5a:44:a4:b0:
fd:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:79:1B:01:4C:8C:05:3A:A6:D3:3A:C5:0C:7D:81:24:52:27:9F:BE
X509v3 Authority Key Identifier:
keyid:F0:CC:7A:44:74:82:E5:7B:06:04:BA:BB:82:A5:24:09:CD:E3:B3:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/1nkbAUyMBTqm0zrFDH2BJFInn74.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/8Mx6RHSC5XsGBLq7gqUkCc3js20.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.123.0.0/21
190.106.160.0-190.106.176.255
190.106.185.0-190.106.191.255
206.195.128.0-206.195.136.255
Signature Algorithm: sha256WithRSAEncryption
6f:00:13:fd:9e:c6:22:18:1c:f0:64:65:99:db:6d:93:dd:46:
4e:f3:80:89:5b:e0:11:65:e3:f8:14:c9:23:fd:ce:6f:a4:b4:
51:b0:9f:50:fd:48:85:c3:5d:f0:ff:ff:e7:b7:e5:b9:62:1b:
5f:b5:80:15:84:27:70:17:f3:2f:a7:1f:95:1f:1f:bb:19:39:
3d:2e:d8:8e:fb:c1:a4:03:62:5f:b8:3b:e9:cf:83:af:f0:62:
92:b1:c2:7f:56:b4:00:b6:ca:ad:4b:30:7f:a0:a6:5b:c1:76:
8c:85:70:00:05:1a:ed:7b:e6:35:19:8d:0c:06:3c:58:e8:f5:
15:cb:ef:99:6c:1f:cb:ce:64:33:f9:6a:d8:9c:ce:af:4a:c9:
42:dc:9e:e7:17:d2:70:8a:f4:89:ca:72:e2:a3:71:ea:6c:ee:
05:67:dc:c7:90:7f:1e:0f:12:64:0a:9d:d3:13:0d:9a:49:7e:
12:4b:12:ed:d8:10:de:3d:c0:d5:45:8d:7c:c4:ab:ae:6c:9a:
73:d4:d2:3d:b3:47:fe:48:f1:6c:32:12:75:a1:c2:ab:73:aa:
c1:14:a5:8a:5d:27:1f:71:28:0a:b4:ad:58:9c:a7:8c:c1:06:
7b:75:f7:2a:86:f6:7b:c4:69:2f:68:d2:8d:a1:42:8f:69:94:
75:52:e4:ba
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQija1SLyXM+PeEsNUbtB7qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwY2M3YTQ0NzQ4MmU1N2IwNjA0YmFiYjgyYTUyNDA5Y2Rl
M2IzNmQwHhcNMjUwMTAxMTU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjc5MWIwMTRjOGMwNTNhYTZkMzNhYzUwYzdkODEyNDUyMjc5ZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqPYuMG2B09Y8Tpd5TIRYjf77AX3
Xl97YntuZU/Lf5hqvBMXunqh9qhrOxqwpn03WTmkoou17YLcz6fJW4CTCA7PxuUy
kysimGCFsjuytu8KmXEbs9WwHYg1Y1FDABTDS+F0rhuM2KVR4kaynvEga94nFw+S
GUQX1l/Do6KlDaavU30nwv5Ey1SFG0FfNA+yXYk7ZbwMah9uCxEI566m4fAvAX00
3+P4mp13rq3mkfcrGxKJJsAcjdsljC9lygyO2En1C9PycU6eg43L49ki82bJCmxn
Vkzvu1JKGWNGH3WCKuDL+FBuGNH+Xx1zAk8MqoPPn74cOJ7R+1pEpLD9TwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNZ5GwFMjAU6ptM6xQx9gSRSJ5++MB8GA1UdIwQY
MBaAFPDMekR0guV7BgS6u4KlJAnN47NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE14NlJIU0M1WHNHQkxxN2dxVWtDYzNqczIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wZTU4ZGMtN2M5MC00OWQ3LTg4NTUt
ZmEzMmQyZDUyOTY4LzEvMW5rYkFVeU1CVHFtMHpyRkRIMkJKRklubjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wZTU4ZGMtN2M5MC00OWQ3LTg4NTUtZmEzMmQyZDUyOTY4
LzEvOE14NlJIU0M1WHNHQkxxN2dxVWtDYzNqczIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQDW3sAMAwD
BAW+aqADBAC+arAwDAMEAL5quQMEBr5qgDAMAwQHzsOAAwQAzsOIMA0GCSqGSIb3
DQEBCwUAA4IBAQBvABP9nsYiGBzwZGWZ222T3UZO84CJW+ARZeP4FMkj/c5vpLRR
sJ9Q/UiFw13w///nt+W5YhtftYAVhCdwF/Mvpx+VHx+7GTk9LtiO+8GkA2JfuDvp
z4Ov8GKSscJ/VrQAtsqtSzB/oKZbwXaMhXAABRrte+Y1GY0MBjxY6PUVy++ZbB/L
zmQz+WrYnM6vSslC3J7nF9JwivSJynLio3HqbO4FZ9zHkH8eDxJkCp3TEw2aSX4S
SxLt2BDePcDVRY18xKuubJpz1NI9s0f+SPFsMhJ1ocKrc6rBFKWKXScfcSgKtK1Y
nKeMwQZ7dfcqhvZ7xGkvaNKNoUKPaZR1UuS6
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:17:37 2025 by rpki-client