Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/ny_FOqKdcKxW2aMlHbVAlwWW-0g.roa
File: ny_FOqKdcKxW2aMlHbVAlwWW-0g.roa (raw, json)
Hash identifier: bVovQUFF5/cCoKkjWHFqwVp9ffYI5r3hMJ9pZsZnKpo=
Subject key identifier: 9F:2F:C5:3A:A2:9D:70:AC:56:D9:A3:25:1D:B5:40:97:05:96:FB:48
Certificate issuer: /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial: 01982DEFC7AEC597376CBCC7B1674E362085
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/ny_FOqKdcKxW2aMlHbVAlwWW-0g.roa
Signing time: Mon 21 Jul 2025 17:02:25 +0000
ROA not before: Mon 21 Jul 2025 17:02:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30788
IP address blocks: 2a07:d940::/29 maxlen: 29
2a0a:f8c0::/29 maxlen: 29
2a0b:2a80::/29 maxlen: 29
2a0c:7b80::/32 maxlen: 32
2a0f:a380::/29 maxlen: 29
2a11:52c0::/29 maxlen: 29
2a11:8d80::/29 maxlen: 29
2a12:23c0::/29 maxlen: 29
2a12:5640::/29 maxlen: 29
2a12:e580::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 14:00:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:2d:ef:c7:ae:c5:97:37:6c:bc:c7:b1:67:4e:36:20:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Validity
Not Before: Jul 21 17:02:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9f2fc53aa29d70ac56d9a3251db540970596fb48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:bc:e6:02:cd:f2:a1:5a:83:ee:3d:6f:a5:7b:
2f:29:b2:5f:63:c2:4c:73:4a:30:a0:86:68:71:1d:
cf:ac:6b:05:9b:2e:e1:e8:03:cf:ec:1d:87:a8:07:
e9:a6:e6:84:aa:e8:c3:61:ac:20:72:45:b0:90:55:
2c:79:5a:ad:00:96:22:6c:10:b1:4a:55:b2:44:62:
41:8a:ac:64:39:58:9e:2b:79:48:f5:24:98:25:db:
54:f1:35:88:ee:3e:69:ec:3b:a6:ad:70:aa:3c:31:
91:a7:d4:ad:c9:a4:af:ad:23:81:0d:b3:0b:3b:f9:
c8:81:93:26:ad:9c:9d:d7:e1:f2:3a:71:cf:0b:94:
09:f4:56:86:fc:be:63:d2:26:41:2a:ce:97:f8:97:
a3:04:38:db:fa:80:ef:cd:bb:ae:40:60:29:69:77:
90:1b:14:26:c8:2f:c5:09:25:b9:68:af:85:8a:0a:
e8:1a:05:52:2c:15:f5:a2:19:73:af:b8:4b:9b:ad:
0e:be:47:9d:01:89:8e:59:9e:d1:af:59:d7:bf:84:
14:28:27:58:c5:c1:0a:7b:8e:0e:1d:84:28:d5:25:
81:bf:1f:d7:7d:e1:e6:67:a0:2a:6b:a5:dd:3e:6d:
25:f0:ba:f3:2d:ea:f2:d4:d2:72:17:c0:ea:e3:f1:
60:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:2F:C5:3A:A2:9D:70:AC:56:D9:A3:25:1D:B5:40:97:05:96:FB:48
X509v3 Authority Key Identifier:
keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/ny_FOqKdcKxW2aMlHbVAlwWW-0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a07:d940::/29
2a0a:f8c0::/29
2a0b:2a80::/29
2a0c:7b80::/32
2a0f:a380::/29
2a11:52c0::/29
2a11:8d80::/29
2a12:23c0::/29
2a12:5640::/29
2a12:e580::/29
Signature Algorithm: sha256WithRSAEncryption
17:82:44:b0:b5:61:1d:94:28:09:38:73:16:a2:6f:99:b3:5e:
21:9a:55:db:5b:89:c2:cc:69:ac:03:7c:b2:ef:a4:a3:47:b0:
27:0e:a5:77:2a:3a:08:98:75:c5:e9:e1:1d:92:c1:ce:22:6d:
de:68:01:66:27:39:34:23:a6:ae:7f:1b:27:05:2e:f5:71:49:
a4:2c:0f:bc:07:e9:d3:9d:a1:e6:28:83:1a:f5:70:b0:3b:57:
01:4b:31:f3:86:f9:5b:3c:7f:74:28:fd:3f:68:4a:01:6b:41:
d5:4c:3f:c2:98:b0:8a:78:74:f8:e2:51:79:6f:7e:93:1f:38:
34:44:db:19:64:48:cf:45:b6:ba:6c:65:cc:35:78:74:fc:e4:
7b:78:d4:33:5a:32:3b:68:c4:4b:b7:03:bf:d8:b2:6c:fb:14:
13:a3:b1:58:6d:ec:a0:da:6d:0c:84:6a:60:a8:f5:47:3d:60:
95:e8:f2:54:f8:d3:3f:50:64:6d:72:bb:b5:7b:c5:36:c4:54:
8c:97:c9:e4:66:54:71:8f:03:d9:27:b8:c2:c8:df:35:c0:ba:
ca:37:7b:ce:fd:3a:e5:d4:90:e0:18:12:47:ea:e3:11:93:af:
ca:d8:16:2c:e3:84:a2:b7:f6:3b:7a:74:b5:07:8d:46:b8:87:
71:04:00:cf
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZgt78euxZc3bLzHsWdONiCFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjUwNzIxMTcwMjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjJmYzUzYWEyOWQ3MGFjNTZkOWEzMjUxZGI1NDA5NzA1OTZmYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrzmAs3yoVqD7j1vpXsvKbJfY8JM
c0owoIZocR3PrGsFmy7h6APP7B2HqAfppuaEqujDYawgckWwkFUseVqtAJYibBCx
SlWyRGJBiqxkOVieK3lI9SSYJdtU8TWI7j5p7DumrXCqPDGRp9StyaSvrSOBDbML
O/nIgZMmrZyd1+HyOnHPC5QJ9FaG/L5j0iZBKs6X+JejBDjb+oDvzbuuQGApaXeQ
GxQmyC/FCSW5aK+FigroGgVSLBX1ohlzr7hLm60OvkedAYmOWZ7Rr1nXv4QUKCdY
xcEKe44OHYQo1SWBvx/XfeHmZ6Aqa6XdPm0l8LrzLery1NJyF8Dq4/Fg8wIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFJ8vxTqinXCsVtmjJR21QJcFlvtIMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvbnlfRk9xS2RjS3hXMmFNbEhiVkFsd1dXLTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKgfZQAMF
AyoK+MADBQMqCyqAAwUAKgx7gAMFAyoPo4ADBQMqEVLAAwUDKhGNgAMFAyoSI8AD
BQMqElZAAwUDKhLlgDANBgkqhkiG9w0BAQsFAAOCAQEAF4JEsLVhHZQoCThzFqJv
mbNeIZpV21uJwsxprAN8su+ko0ewJw6ldyo6CJh1xenhHZLBziJt3mgBZic5NCOm
rn8bJwUu9XFJpCwPvAfp052h5iiDGvVwsDtXAUsx84b5Wzx/dCj9P2hKAWtB1Uw/
wpiwinh0+OJReW9+kx84NETbGWRIz0W2umxlzDV4dPzke3jUM1oyO2jES7cDv9iy
bPsUE6OxWG3soNptDIRqYKj1Rz1glejyVPjTP1BkbXK7tXvFNsRUjJfJ5GZUcY8D
2Se4wsjfNcC6yjd7zv065dSQ4BgSR+rjEZOvytgWLOOEorf2O3p0tQeNRriHcQQA
zw==
-----END CERTIFICATE-----
Generated at Wed Jul 23 17:57:38 2025 by rpki-client