Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/5d5f73-63b9-4aaa-a8ec-5afc3a4fe542/1/NN299CMGcNrQCWLhS0OXaJqVLGQ.roa
File: NN299CMGcNrQCWLhS0OXaJqVLGQ.roa (raw, json)
Hash identifier: 93xwbIS/LqBoxP2s7kvpuTwTAH+EjaA0+8jXoFMAE+Y=
Subject key identifier: 34:DD:BD:F4:23:06:70:DA:D0:09:62:E1:4B:43:97:68:9A:95:2C:64
Certificate issuer: /CN=9b23639060ff87a77fc67a6e03c0c4dd2ae4c391
Certificate serial: 019424458596A881CABA7D424234D96BCA01
Authority key identifier: 9B:23:63:90:60:FF:87:A7:7F:C6:7A:6E:03:C0:C4:DD:2A:E4:C3:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/myNjkGD_h6d_xnpuA8DE3Srkw5E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/5d5f73-63b9-4aaa-a8ec-5afc3a4fe542/1/NN299CMGcNrQCWLhS0OXaJqVLGQ.roa
Signing time: Wed 01 Jan 2025 23:48:43 +0000
ROA not before: Wed 01 Jan 2025 23:48:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 196678
IP address blocks: 131.117.216.0/24 maxlen: 24
131.117.217.0/24 maxlen: 24
131.117.218.0/23 maxlen: 24
131.117.220.0/22 maxlen: 22
2a00:bd40::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3e/5d5f73-63b9-4aaa-a8ec-5afc3a4fe542/1/myNjkGD_h6d_xnpuA8DE3Srkw5E.crl
rsync://rpki.ripe.net/repository/DEFAULT/3e/5d5f73-63b9-4aaa-a8ec-5afc3a4fe542/1/myNjkGD_h6d_xnpuA8DE3Srkw5E.mft
rsync://rpki.ripe.net/repository/DEFAULT/myNjkGD_h6d_xnpuA8DE3Srkw5E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:85:96:a8:81:ca:ba:7d:42:42:34:d9:6b:ca:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9b23639060ff87a77fc67a6e03c0c4dd2ae4c391
Validity
Not Before: Jan 1 23:48:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=34ddbdf4230670dad00962e14b4397689a952c64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:21:71:ca:73:ad:99:ea:6f:0d:92:50:c9:08:
a4:a9:ea:fa:92:4f:c0:f4:3f:0d:92:7b:fd:ab:a2:
ac:69:3c:6f:f9:89:d6:ee:44:b3:84:0c:85:f0:b5:
b4:fa:49:eb:b7:7a:fc:12:93:cc:c6:99:f2:3c:eb:
cc:58:78:d0:da:15:93:0e:2b:30:37:40:65:9c:09:
f7:06:7b:f6:38:7e:94:10:b2:c5:a6:c6:e1:3e:f5:
3a:02:11:e4:b7:b4:67:0d:1f:79:93:8e:99:a3:bf:
fc:d0:86:50:1f:7c:3e:22:c9:47:37:94:18:b6:07:
e1:f9:f9:fe:e5:4f:aa:42:d8:78:25:e0:8f:d0:5c:
f1:6b:5e:63:31:16:b2:de:bb:24:b9:bd:65:98:3a:
4c:92:06:3c:22:00:b7:0e:26:5d:fa:f8:0f:01:33:
93:5d:35:08:94:46:3e:29:e3:8e:52:b6:d3:23:4a:
34:04:68:12:ab:0a:75:2b:f9:82:cf:34:da:a1:6a:
56:76:dd:f9:ae:b8:48:8c:ac:ad:35:c3:e5:0c:ec:
6b:65:cf:cc:f2:1a:a9:d3:a1:6b:c9:af:77:b2:60:
18:1b:88:35:d5:a6:2d:54:85:5f:79:5e:b7:58:ed:
61:93:ce:50:b4:77:af:91:99:3a:94:5e:3b:6b:cc:
2e:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:DD:BD:F4:23:06:70:DA:D0:09:62:E1:4B:43:97:68:9A:95:2C:64
X509v3 Authority Key Identifier:
keyid:9B:23:63:90:60:FF:87:A7:7F:C6:7A:6E:03:C0:C4:DD:2A:E4:C3:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/myNjkGD_h6d_xnpuA8DE3Srkw5E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5d5f73-63b9-4aaa-a8ec-5afc3a4fe542/1/NN299CMGcNrQCWLhS0OXaJqVLGQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5d5f73-63b9-4aaa-a8ec-5afc3a4fe542/1/myNjkGD_h6d_xnpuA8DE3Srkw5E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.117.216.0/21
IPv6:
2a00:bd40::/32
Signature Algorithm: sha256WithRSAEncryption
0a:9d:81:65:49:26:a0:5e:0e:b3:21:7e:53:2e:a9:18:2d:53:
39:c1:a5:ab:0c:cc:8b:93:ef:12:59:39:d3:be:95:3d:ec:4f:
74:1e:ea:fd:f5:5f:9f:20:df:e0:71:95:a1:ea:77:61:78:94:
21:51:f5:65:70:77:c4:ea:ee:6f:e7:33:09:da:f0:44:70:b8:
5f:eb:79:14:eb:45:cf:aa:23:90:d8:7c:6b:ba:63:54:d3:b9:
d4:15:dc:fb:79:e6:f1:ef:43:e2:d1:eb:25:5d:0f:fd:3b:ed:
f9:cc:73:a3:bd:54:a5:fd:11:cb:e3:26:2d:9d:01:ae:ae:51:
15:b0:d5:39:8f:cf:bd:c1:ad:11:b4:39:5a:1c:4b:3b:56:c0:
32:61:60:ac:a0:74:e9:be:a6:b0:f5:b0:a5:ac:06:4b:9d:0d:
18:b4:ce:1c:7f:b8:96:b7:68:5c:d9:ff:99:e0:f9:9d:67:b2:
53:f9:d9:ba:e0:26:36:6f:9b:9b:2b:cc:40:24:11:0f:c7:2e:
84:01:4f:b9:f6:b9:09:f8:f3:44:26:66:c3:a9:1c:28:4f:4a:
f9:a8:b1:ac:de:3a:4c:b8:e7:9f:79:0b:1e:84:24:2e:ec:5d:
9e:5c:b1:50:6b:0f:24:cc:d8:a0:70:84:2b:f5:ef:ee:46:eb:
58:d8:fd:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRYWWqIHKun1CQjTZa8oBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMjM2MzkwNjBmZjg3YTc3ZmM2N2E2ZTAzYzBjNGRkMmFl
NGMzOTEwHhcNMjUwMTAxMjM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGRkYmRmNDIzMDY3MGRhZDAwOTYyZTE0YjQzOTc2ODlhOTUyYzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyFxynOtmepvDZJQyQikqer6kk/A
9D8Nknv9q6KsaTxv+YnW7kSzhAyF8LW0+knrt3r8EpPMxpnyPOvMWHjQ2hWTDisw
N0BlnAn3Bnv2OH6UELLFpsbhPvU6AhHkt7RnDR95k46Zo7/80IZQH3w+IslHN5QY
tgfh+fn+5U+qQth4JeCP0Fzxa15jMRay3rskub1lmDpMkgY8IgC3DiZd+vgPATOT
XTUIlEY+KeOOUrbTI0o0BGgSqwp1K/mCzzTaoWpWdt35rrhIjKytNcPlDOxrZc/M
8hqp06Frya93smAYG4g11aYtVIVfeV63WO1hk85QtHevkZk6lF47a8wuawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDTdvfQjBnDa0Ali4UtDl2ialSxkMB8GA1UdIwQY
MBaAFJsjY5Bg/4enf8Z6bgPAxN0q5MORMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXlOamtHRF9oNmRfeG5wdUE4REUzU3JrdzVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81ZDVmNzMtNjNiOS00YWFhLWE4ZWMt
NWFmYzNhNGZlNTQyLzEvTk4yOTlDTUdjTnJRQ1dMaFMwT1hhSnFWTEdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81ZDVmNzMtNjNiOS00YWFhLWE4ZWMtNWFmYzNhNGZlNTQy
LzEvbXlOamtHRF9oNmRfeG5wdUE4REUzU3JrdzVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDg3XYMA0E
AgACMAcDBQAqAL1AMA0GCSqGSIb3DQEBCwUAA4IBAQAKnYFlSSagXg6zIX5TLqkY
LVM5waWrDMyLk+8SWTnTvpU97E90Hur99V+fIN/gcZWh6ndheJQhUfVlcHfE6u5v
5zMJ2vBEcLhf63kU60XPqiOQ2HxrumNU07nUFdz7eebx70Pi0eslXQ/9O+35zHOj
vVSl/RHL4yYtnQGurlEVsNU5j8+9wa0RtDlaHEs7VsAyYWCsoHTpvqaw9bClrAZL
nQ0YtM4cf7iWt2hc2f+Z4PmdZ7JT+dm64CY2b5ubK8xAJBEPxy6EAU+59rkJ+PNE
JmbDqRwoT0r5qLGs3jpMuOefeQsehCQu7F2eXLFQaw8kzNigcIQr9e/uRutY2P09
-----END CERTIFICATE-----
Generated at Mon Apr 21 23:05:40 2025 by rpki-client