Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/4ba5ff-562e-4354-9600-f762929f1f08/1/NmyYIbuzbIXUj9jJPjF3BR9optE.roa
File: NmyYIbuzbIXUj9jJPjF3BR9optE.roa (raw, json)
Hash identifier: wSdjb/vMyeBBwt44mj9k7sBn6y3WZbUfXBs3kYVLtv8=
Subject key identifier: 36:6C:98:21:BB:B3:6C:85:D4:8F:D8:C9:3E:31:77:05:1F:68:A6:D1
Certificate issuer: /CN=80fab550d827a2def0d4d2616061425c2f694c84
Certificate serial: 0195ED95C2B00F71B83213088DBB56110DCB
Authority key identifier: 80:FA:B5:50:D8:27:A2:DE:F0:D4:D2:61:60:61:42:5C:2F:69:4C:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gPq1UNgnot7w1NJhYGFCXC9pTIQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/4ba5ff-562e-4354-9600-f762929f1f08/1/NmyYIbuzbIXUj9jJPjF3BR9optE.roa
Signing time: Mon 31 Mar 2025 19:02:49 +0000
ROA not before: Mon 31 Mar 2025 19:02:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13631
IP address blocks: 46.255.29.0/24 maxlen: 24
194.59.56.0/23 maxlen: 24
2a13:bb80::/29 maxlen: 29
2a13:bb87::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/4ba5ff-562e-4354-9600-f762929f1f08/1/gPq1UNgnot7w1NJhYGFCXC9pTIQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/4ba5ff-562e-4354-9600-f762929f1f08/1/gPq1UNgnot7w1NJhYGFCXC9pTIQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/gPq1UNgnot7w1NJhYGFCXC9pTIQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 13:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ed:95:c2:b0:0f:71:b8:32:13:08:8d:bb:56:11:0d:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=80fab550d827a2def0d4d2616061425c2f694c84
Validity
Not Before: Mar 31 19:02:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=366c9821bbb36c85d48fd8c93e3177051f68a6d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:8a:0d:87:56:6c:ff:7e:bf:45:92:44:1b:a9:
8f:61:be:05:6f:b4:19:86:f5:b3:58:cf:3b:73:c4:
9e:2f:61:76:31:d8:a7:f0:7e:1c:ca:2c:85:1e:a0:
7d:36:8b:ca:38:ca:d0:ec:44:d8:66:fb:7a:bc:c5:
63:9f:12:3c:a8:47:33:23:10:9d:ed:bc:db:a0:89:
79:70:93:12:11:7f:d4:ee:e4:43:36:32:54:92:0c:
ac:f1:82:cd:1c:0b:4a:b3:06:f0:58:ef:b0:b9:09:
51:d1:ba:8e:cc:0c:ac:73:6b:ad:f4:08:a9:64:f5:
84:6d:e4:1a:8e:53:ce:d8:99:df:79:1a:3f:b6:07:
8e:36:06:30:63:8a:d8:6d:fd:6b:ef:ac:24:2d:96:
5b:94:13:95:a4:92:8a:c9:fa:35:d7:b1:a0:bc:14:
5e:fd:82:2a:c1:e1:10:cd:7c:32:80:37:6d:14:91:
b6:06:de:0d:45:70:70:61:7a:26:4f:57:d7:36:a4:
50:00:b0:22:7f:7e:df:99:67:24:c0:90:42:ac:b8:
9a:43:fb:c8:1a:a7:21:b3:98:a8:e4:d2:6d:68:bf:
5e:bc:f3:a0:f8:4a:3b:e4:06:1a:7e:35:e3:71:54:
45:e1:81:9a:ba:86:60:70:07:52:7f:b2:81:2d:46:
d1:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:6C:98:21:BB:B3:6C:85:D4:8F:D8:C9:3E:31:77:05:1F:68:A6:D1
X509v3 Authority Key Identifier:
keyid:80:FA:B5:50:D8:27:A2:DE:F0:D4:D2:61:60:61:42:5C:2F:69:4C:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gPq1UNgnot7w1NJhYGFCXC9pTIQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/4ba5ff-562e-4354-9600-f762929f1f08/1/NmyYIbuzbIXUj9jJPjF3BR9optE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/4ba5ff-562e-4354-9600-f762929f1f08/1/gPq1UNgnot7w1NJhYGFCXC9pTIQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.255.29.0/24
194.59.56.0/23
IPv6:
2a13:bb80::/29
Signature Algorithm: sha256WithRSAEncryption
1c:ae:46:cd:0c:d6:c1:41:c6:ef:98:c6:08:9a:ed:c3:2a:29:
db:d7:e1:fc:45:87:e7:c8:1d:26:b4:7e:fe:58:b4:b1:2c:fd:
5e:3d:20:52:f5:a7:2c:4c:58:01:95:49:20:de:fb:40:c2:44:
bb:9d:59:2b:0b:b6:a4:a5:ef:9b:b4:b3:af:42:28:97:18:43:
46:6b:85:37:2d:e9:75:54:4f:21:70:15:2a:11:71:6b:4d:04:
24:5f:0e:d8:19:e7:49:ab:7c:76:2a:ad:e4:3e:ba:4e:09:1f:
90:f5:4f:f5:36:0b:a3:e6:92:87:1d:db:3e:96:ab:d0:9f:96:
f4:0b:52:ee:76:f2:1c:49:90:64:4c:02:d1:dc:19:59:5e:53:
1c:38:aa:06:5b:11:68:2d:12:3f:1f:94:d9:6c:8e:e5:28:72:
76:2b:0e:ab:ef:a1:e7:a0:28:3d:58:5d:5c:84:37:4c:5c:98:
4c:7c:d1:f9:0e:83:e2:0b:08:d0:6a:c0:55:f8:a3:32:67:c1:
13:e2:c9:99:37:84:a8:c2:17:79:3c:53:4c:ad:de:a3:96:81:
57:87:da:76:c8:eb:d5:45:35:69:ee:34:a5:2b:49:33:e3:37:
04:77:e7:97:39:36:6e:09:5f:43:ce:e0:d3:83:89:b8:49:5d:
50:38:32:4e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZXtlcKwD3G4MhMIjbtWEQ3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZmFiNTUwZDgyN2EyZGVmMGQ0ZDI2MTYwNjE0MjVjMmY2
OTRjODQwHhcNMjUwMzMxMTkwMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjZjOTgyMWJiYjM2Yzg1ZDQ4ZmQ4YzkzZTMxNzcwNTFmNjhhNmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIoNh1Zs/36/RZJEG6mPYb4Fb7QZ
hvWzWM87c8SeL2F2Mdin8H4cyiyFHqB9NovKOMrQ7ETYZvt6vMVjnxI8qEczIxCd
7bzboIl5cJMSEX/U7uRDNjJUkgys8YLNHAtKswbwWO+wuQlR0bqOzAysc2ut9Aip
ZPWEbeQajlPO2JnfeRo/tgeONgYwY4rYbf1r76wkLZZblBOVpJKKyfo117GgvBRe
/YIqweEQzXwygDdtFJG2Bt4NRXBwYXomT1fXNqRQALAif37fmWckwJBCrLiaQ/vI
Gqchs5io5NJtaL9evPOg+Eo75AYafjXjcVRF4YGauoZgcAdSf7KBLUbR3QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDZsmCG7s2yF1I/YyT4xdwUfaKbRMB8GA1UdIwQY
MBaAFID6tVDYJ6Le8NTSYWBhQlwvaUyEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1BxMVVOZ25vdDd3MU5KaFlHRkNYQzlwVElRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS80YmE1ZmYtNTYyZS00MzU0LTk2MDAt
Zjc2MjkyOWYxZjA4LzEvTm15WUlidXpiSVhVajlqSlBqRjNCUjlvcHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS80YmE1ZmYtNTYyZS00MzU0LTk2MDAtZjc2MjkyOWYxZjA4
LzEvZ1BxMVVOZ25vdDd3MU5KaFlHRkNYQzlwVElRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALv8dAwQB
wjs4MA0EAgACMAcDBQMqE7uAMA0GCSqGSIb3DQEBCwUAA4IBAQAcrkbNDNbBQcbv
mMYImu3DKinb1+H8RYfnyB0mtH7+WLSxLP1ePSBS9acsTFgBlUkg3vtAwkS7nVkr
C7akpe+btLOvQiiXGENGa4U3Lel1VE8hcBUqEXFrTQQkXw7YGedJq3x2Kq3kPrpO
CR+Q9U/1Nguj5pKHHds+lqvQn5b0C1LudvIcSZBkTALR3BlZXlMcOKoGWxFoLRI/
H5TZbI7lKHJ2Kw6r76HnoCg9WF1chDdMXJhMfNH5DoPiCwjQasBV+KMyZ8ET4smZ
N4Sowhd5PFNMrd6jloFXh9p2yOvVRTVp7jSlK0kz4zcEd+eXOTZuCV9DzuDTg4m4
SV1QODJO
-----END CERTIFICATE-----
Generated at Sat Apr 5 21:58:52 2025 by rpki-client