Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/03490c-ea47-402a-8bb0-d5658d0f3292/1/NfD0bu6CTOHFOwKX83vXlWW-BFM.roa
File: NfD0bu6CTOHFOwKX83vXlWW-BFM.roa (raw, json)
Hash identifier: E6orvDZyM/U63REesg6yOGTM6Hs+Hh2EKGVP0jWzDOg=
Subject key identifier: 35:F0:F4:6E:EE:82:4C:E1:C5:3B:02:97:F3:7B:D7:95:65:BE:04:53
Certificate issuer: /CN=5d6317f6936e6b578b38c3dfb198025498fcaea1
Certificate serial: 01941F8C115EA41423131FDF68D3AC96D2BF
Authority key identifier: 5D:63:17:F6:93:6E:6B:57:8B:38:C3:DF:B1:98:02:54:98:FC:AE:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XWMX9pNua1eLOMPfsZgCVJj8rqE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/03490c-ea47-402a-8bb0-d5658d0f3292/1/NfD0bu6CTOHFOwKX83vXlWW-BFM.roa
Signing time: Wed 01 Jan 2025 01:47:40 +0000
ROA not before: Wed 01 Jan 2025 01:47:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208659
IP address blocks: 45.81.92.0/22 maxlen: 22
45.81.92.0/24 maxlen: 24
45.81.93.0/24 maxlen: 24
45.81.94.0/24 maxlen: 24
45.81.95.0/24 maxlen: 24
2a0e:5480::/29 maxlen: 29
2a0e:5480::/30 maxlen: 30
2a0e:5484::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/72/03490c-ea47-402a-8bb0-d5658d0f3292/1/XWMX9pNua1eLOMPfsZgCVJj8rqE.crl
rsync://rpki.ripe.net/repository/DEFAULT/72/03490c-ea47-402a-8bb0-d5658d0f3292/1/XWMX9pNua1eLOMPfsZgCVJj8rqE.mft
rsync://rpki.ripe.net/repository/DEFAULT/XWMX9pNua1eLOMPfsZgCVJj8rqE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 10:00:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:11:5e:a4:14:23:13:1f:df:68:d3:ac:96:d2:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5d6317f6936e6b578b38c3dfb198025498fcaea1
Validity
Not Before: Jan 1 01:47:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35f0f46eee824ce1c53b0297f37bd79565be0453
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:b6:de:a9:c0:71:40:2d:65:13:de:fe:bb:89:
52:74:38:f3:6c:10:50:89:cf:39:63:68:f1:03:7b:
53:64:f3:d5:2c:6f:dc:d9:d2:8b:76:fc:2e:c5:4a:
a1:53:f4:e5:6b:b3:ae:7b:d0:c9:0c:c8:20:b4:73:
9e:60:25:1a:df:4b:33:a3:f4:1d:55:33:d2:4f:97:
9c:78:25:7f:c2:09:fd:ec:b4:1c:ee:a9:18:5b:ae:
26:3e:89:c8:49:82:c8:bd:e8:59:b7:e4:e1:25:ff:
e0:62:8e:bf:08:dc:09:5a:c5:ff:15:5b:25:cd:3f:
b7:80:ba:ea:a8:07:a6:04:53:fc:97:bb:b4:c3:f8:
f0:08:8c:81:b5:d8:b9:0f:24:87:ff:39:2d:73:1e:
ff:36:cd:c3:24:8d:23:d8:9c:17:c2:05:5e:90:06:
ec:9c:51:21:fb:6d:0c:b7:94:6f:b2:db:6f:76:43:
2b:7f:f8:fa:f9:08:81:03:78:c9:f1:a9:91:0b:17:
19:e4:2c:c5:af:e4:c8:cd:c0:ed:e0:05:f4:a3:73:
1a:cd:c6:cf:f4:55:52:99:7e:28:af:d7:b8:16:4f:
7e:bd:41:4d:14:d9:c4:ad:cc:79:9f:11:0b:31:1d:
bc:fa:f9:65:c5:01:a4:e2:9b:b7:dc:25:d2:38:1b:
5a:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:F0:F4:6E:EE:82:4C:E1:C5:3B:02:97:F3:7B:D7:95:65:BE:04:53
X509v3 Authority Key Identifier:
keyid:5D:63:17:F6:93:6E:6B:57:8B:38:C3:DF:B1:98:02:54:98:FC:AE:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XWMX9pNua1eLOMPfsZgCVJj8rqE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/03490c-ea47-402a-8bb0-d5658d0f3292/1/NfD0bu6CTOHFOwKX83vXlWW-BFM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/03490c-ea47-402a-8bb0-d5658d0f3292/1/XWMX9pNua1eLOMPfsZgCVJj8rqE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.92.0/22
IPv6:
2a0e:5480::/29
Signature Algorithm: sha256WithRSAEncryption
38:9e:27:1c:cd:ba:8e:04:1a:dc:3c:ed:c0:89:ca:cf:0e:b4:
d1:62:02:96:fc:8d:f5:84:76:e0:50:33:ba:66:03:5d:75:5d:
a3:ee:b4:b2:4e:58:49:d2:47:4d:1a:87:e0:34:09:ab:70:b8:
e5:f4:26:ba:e7:ce:95:38:e9:33:83:ad:8d:bd:fb:d7:bf:ad:
77:14:d9:55:6a:6a:a6:a3:03:00:50:03:b5:b2:f4:17:c8:e3:
85:37:4a:05:4c:36:04:9c:06:a7:f4:4c:8f:00:90:cd:99:bb:
e6:88:02:49:6c:0a:e3:5e:f7:5a:80:c4:38:04:2a:a7:25:1e:
da:df:ef:f8:60:ac:e5:43:30:f1:7d:78:e0:5a:1e:12:0a:dd:
a5:df:c5:66:84:a5:7b:39:74:74:25:a0:77:68:8c:2a:09:07:
f0:61:df:82:a8:c7:bd:72:97:8c:6f:d1:5a:1c:e2:9d:82:e8:
9a:9a:aa:53:a9:c5:fb:09:b0:c5:9a:fe:87:9a:c5:7f:54:35:
c5:b1:c8:da:08:cf:17:0c:b9:4c:e1:c7:00:eb:34:7d:6a:a4:
18:db:84:a2:2d:20:eb:0e:52:0a:d5:d2:8f:83:b4:2f:79:13:
a2:a8:76:64:67:fc:51:e7:e5:4d:4e:30:51:df:af:19:dd:fe:
83:ac:c3:22
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjBFepBQjEx/faNOsltK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNjMxN2Y2OTM2ZTZiNTc4YjM4YzNkZmIxOTgwMjU0OThm
Y2FlYTEwHhcNMjUwMTAxMDE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWYwZjQ2ZWVlODI0Y2UxYzUzYjAyOTdmMzdiZDc5NTY1YmUwNDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbbeqcBxQC1lE97+u4lSdDjzbBBQ
ic85Y2jxA3tTZPPVLG/c2dKLdvwuxUqhU/Tla7Oue9DJDMggtHOeYCUa30szo/Qd
VTPST5eceCV/wgn97LQc7qkYW64mPonISYLIvehZt+ThJf/gYo6/CNwJWsX/FVsl
zT+3gLrqqAemBFP8l7u0w/jwCIyBtdi5DySH/zktcx7/Ns3DJI0j2JwXwgVekAbs
nFEh+20Mt5RvsttvdkMrf/j6+QiBA3jJ8amRCxcZ5CzFr+TIzcDt4AX0o3MazcbP
9FVSmX4or9e4Fk9+vUFNFNnErcx5nxELMR28+vllxQGk4pu33CXSOBtakwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDXw9G7ugkzhxTsCl/N715VlvgRTMB8GA1UdIwQY
MBaAFF1jF/aTbmtXizjD37GYAlSY/K6hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFdNWDlwTnVhMWVMT01QZnNaZ0NWSmo4cnFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8wMzQ5MGMtZWE0Ny00MDJhLThiYjAt
ZDU2NThkMGYzMjkyLzEvTmZEMGJ1NkNUT0hGT3dLWDgzdlhsV1ctQkZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8wMzQ5MGMtZWE0Ny00MDJhLThiYjAtZDU2NThkMGYzMjky
LzEvWFdNWDlwTnVhMWVMT01QZnNaZ0NWSmo4cnFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVFcMA0E
AgACMAcDBQMqDlSAMA0GCSqGSIb3DQEBCwUAA4IBAQA4nicczbqOBBrcPO3AicrP
DrTRYgKW/I31hHbgUDO6ZgNddV2j7rSyTlhJ0kdNGofgNAmrcLjl9Ca6586VOOkz
g62NvfvXv613FNlVamqmowMAUAO1svQXyOOFN0oFTDYEnAan9EyPAJDNmbvmiAJJ
bArjXvdagMQ4BCqnJR7a3+/4YKzlQzDxfXjgWh4SCt2l38VmhKV7OXR0JaB3aIwq
CQfwYd+CqMe9cpeMb9FaHOKdguiamqpTqcX7CbDFmv6HmsV/VDXFscjaCM8XDLlM
4ccA6zR9aqQY24SiLSDrDlIK1dKPg7QveROiqHZkZ/xR5+VNTjBR368Z3f6DrMMi
-----END CERTIFICATE-----
Generated at Tue Apr 22 15:29:57 2025 by rpki-client