Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/nBNPWqk5T9sadQNzIbz8suIUGEA.roa
File: nBNPWqk5T9sadQNzIbz8suIUGEA.roa (raw, json)
Hash identifier: rye7oghFjqU3gI7Ul7mXjCS7jSJh7UX8eC1SztWJqRU=
Subject key identifier: 9C:13:4F:5A:A9:39:4F:DB:1A:75:03:73:21:BC:FC:B2:E2:14:18:40
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019422FBA9FB721DBBB6851C1235C5076BF8
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/nBNPWqk5T9sadQNzIbz8suIUGEA.roa
Signing time: Wed 01 Jan 2025 17:48:25 +0000
ROA not before: Wed 01 Jan 2025 17:48:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7342
IP address blocks: 81.19.192.0/24 maxlen: 24
81.19.193.0/24 maxlen: 24
81.19.196.0/24 maxlen: 24
81.19.197.0/24 maxlen: 24
81.19.198.0/24 maxlen: 24
81.19.199.0/24 maxlen: 24
81.19.200.0/24 maxlen: 24
81.19.201.0/24 maxlen: 24
81.19.202.0/24 maxlen: 24
81.19.203.0/24 maxlen: 24
81.19.204.0/24 maxlen: 24
81.19.205.0/24 maxlen: 24
81.19.206.0/24 maxlen: 24
81.19.207.0/24 maxlen: 24
185.100.3.0/24 maxlen: 24
193.109.220.0/24 maxlen: 24
194.110.75.0/24 maxlen: 24
217.30.80.0/24 maxlen: 24
217.30.80.7/32 maxlen: 32
217.30.81.0/24 maxlen: 24
217.30.82.0/24 maxlen: 24
217.30.83.0/24 maxlen: 24
217.30.84.0/24 maxlen: 24
217.30.85.0/24 maxlen: 24
217.30.87.0/24 maxlen: 24
217.30.92.0/24 maxlen: 24
217.30.94.0/24 maxlen: 24
217.30.95.0/24 maxlen: 24
2a10:eec0::/48 maxlen: 48
2a10:eec0:1::/48 maxlen: 48
2a10:eec0:2::/48 maxlen: 48
2a10:eec0:2:101::7/128 maxlen: 128
2a10:eec0:3::/48 maxlen: 48
2a10:eec0:4::/48 maxlen: 48
2a10:eec0:5::/48 maxlen: 48
2a10:eec0:6::/48 maxlen: 48
2a10:eec0:7::/48 maxlen: 48
2a10:eec0:8::/48 maxlen: 48
2a10:eec0:9::/48 maxlen: 48
2a10:eec0:a::/48 maxlen: 48
2a10:eec0:c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:a9:fb:72:1d:bb:b6:85:1c:12:35:c5:07:6b:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Jan 1 17:48:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9c134f5aa9394fdb1a75037321bcfcb2e2141840
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:a1:3e:a4:08:85:38:80:c0:40:ec:a4:97:71:
a0:61:75:44:70:d6:06:88:14:c6:80:32:65:29:52:
a7:98:f5:6f:f0:27:28:1f:4a:f1:30:a2:a7:2f:8c:
32:4c:60:03:60:bf:78:8a:db:bd:29:b9:a6:70:65:
df:19:5e:23:4a:11:66:ff:19:45:e6:95:f9:99:ac:
d5:e5:5c:ab:e1:1c:d6:e5:e5:42:fb:ad:de:21:5f:
f1:ea:0c:b0:e8:6f:70:0a:6d:48:f6:4d:9f:34:5e:
df:df:25:b7:bb:61:96:a0:ec:fe:a0:b5:4d:2d:27:
ec:ba:ea:24:d8:1b:2a:0c:09:d6:a1:54:78:40:d0:
4e:a3:03:96:67:06:80:f3:e7:e4:40:4e:f5:90:29:
b9:5e:fd:97:bb:b4:33:5a:6f:8f:37:a6:0f:96:8f:
a8:bd:9e:d8:09:17:e7:ba:45:f6:8d:40:7d:ae:0e:
f6:10:ec:4f:de:a2:6b:97:a1:ce:84:e8:a6:7c:aa:
11:0b:fc:2b:7c:34:bd:49:ca:d4:94:c4:52:b3:3b:
02:f9:41:0e:2d:76:bb:a9:5a:0d:d3:ec:ac:a3:da:
9d:a4:7f:74:b0:67:79:ce:22:54:ed:cb:f1:cb:bd:
cc:65:7b:20:c0:85:45:3f:ad:e1:5b:60:3f:26:c7:
46:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:13:4F:5A:A9:39:4F:DB:1A:75:03:73:21:BC:FC:B2:E2:14:18:40
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/nBNPWqk5T9sadQNzIbz8suIUGEA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.192.0/23
81.19.196.0-81.19.207.255
185.100.3.0/24
193.109.220.0/24
194.110.75.0/24
217.30.80.0-217.30.85.255
217.30.87.0/24
217.30.92.0/24
217.30.94.0/23
IPv6:
2a10:eec0::-2a10:eec0:a:ffff:ffff:ffff:ffff:ffff
2a10:eec0:c::/48
Signature Algorithm: sha256WithRSAEncryption
47:a8:34:b4:5f:61:28:2b:57:33:af:68:4e:76:7b:14:3b:2a:
dc:38:2f:8f:cb:42:76:5d:8f:b7:e1:78:e9:65:6a:c8:bd:a0:
bc:02:0d:8c:a5:eb:ce:93:3b:a1:fd:51:1e:48:76:5b:ad:62:
0b:fd:f8:87:41:14:d6:2f:94:12:fc:80:9a:1a:88:64:a7:99:
0f:0f:17:7d:44:9a:6e:db:8e:27:e0:08:d4:71:45:b1:83:5b:
66:3e:90:06:f7:a3:4b:50:9d:33:bb:0b:5d:e5:34:8f:7b:2d:
8b:c2:98:51:c7:49:68:58:6c:fa:df:b7:b1:c1:e2:78:23:02:
87:b7:ac:5d:b4:d0:60:8a:0a:41:cf:6b:69:18:83:82:a7:a2:
19:92:17:53:60:c5:4d:52:6b:ed:51:40:d0:0e:bb:21:98:15:
71:37:67:51:3a:8d:14:04:8b:41:9b:e1:40:68:ee:3b:a6:81:
9a:d4:9c:35:36:d3:33:7c:3b:de:f5:52:0c:52:b8:4a:27:52:
b8:be:ba:bc:5f:b4:a4:ba:53:5c:2e:b3:ec:5f:51:8e:f7:4f:
1c:12:6e:a5:15:ba:05:5e:f4:e2:6f:3f:3d:29:d2:75:db:91:
e5:df:77:9d:d9:de:b2:5f:55:e5:25:b6:ea:3d:70:40:25:9a:
f5:0d:2d:c6
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZQi+6n7ch27toUcEjXFB2v4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjUwMTAxMTc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzEzNGY1YWE5Mzk0ZmRiMWE3NTAzNzMyMWJjZmNiMmUyMTQxODQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqE+pAiFOIDAQOykl3GgYXVEcNYG
iBTGgDJlKVKnmPVv8CcoH0rxMKKnL4wyTGADYL94itu9KbmmcGXfGV4jShFm/xlF
5pX5mazV5Vyr4RzW5eVC+63eIV/x6gyw6G9wCm1I9k2fNF7f3yW3u2GWoOz+oLVN
LSfsuuok2BsqDAnWoVR4QNBOowOWZwaA8+fkQE71kCm5Xv2Xu7QzWm+PN6YPlo+o
vZ7YCRfnukX2jUB9rg72EOxP3qJrl6HOhOimfKoRC/wrfDS9ScrUlMRSszsC+UEO
LXa7qVoN0+yso9qdpH90sGd5ziJU7cvxy73MZXsgwIVFP63hW2A/JsdGqwIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFJwTT1qpOU/bGnUDcyG8/LLiFBhAMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvbkJOUFdxazVUOXNhZFFOekliejhzdUlVR0VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwTAQCAAEwRgMEAVETwDAM
AwQCURPEAwQEURPAAwQAuWQDAwQAwW3cAwQAwm5LMAwDBATZHlADBAHZHlQDBADZ
HlcDBADZHlwDBAHZHl4wIQQCAAIwGzAQAwUGKhDuwAMHACoQ7sAACgMHACoQ7sAA
DDANBgkqhkiG9w0BAQsFAAOCAQEAR6g0tF9hKCtXM69oTnZ7FDsq3Dgvj8tCdl2P
t+F46WVqyL2gvAINjKXrzpM7of1RHkh2W61iC/34h0EU1i+UEvyAmhqIZKeZDw8X
fUSabtuOJ+AI1HFFsYNbZj6QBvejS1CdM7sLXeU0j3sti8KYUcdJaFhs+t+3scHi
eCMCh7esXbTQYIoKQc9raRiDgqeiGZIXU2DFTVJr7VFA0A67IZgVcTdnUTqNFASL
QZvhQGjuO6aBmtScNTbTM3w73vVSDFK4SidSuL66vF+0pLpTXC6z7F9RjvdPHBJu
pRW6BV704m8/PSnSdduR5d93ndnesl9V5SW26j1wQCWa9Q0txg==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:26:45 2025 by rpki-client