Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/NsOsVw0tEsl6tH5nPXR3jRYgCao.roa
File: NsOsVw0tEsl6tH5nPXR3jRYgCao.roa (raw, json)
Hash identifier: dqB0qEwgKUpqLxmTjv245g/7OBis0D4/NQ7AUFwWkdM=
Subject key identifier: 36:C3:AC:57:0D:2D:12:C9:7A:B4:7E:67:3D:74:77:8D:16:20:09:AA
Certificate issuer: /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial: 01990ACE000A2FBF742EB020C109B2270D65
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/NsOsVw0tEsl6tH5nPXR3jRYgCao.roa
Signing time: Tue 02 Sep 2025 14:21:36 +0000
ROA not before: Tue 02 Sep 2025 14:21:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216127
IP address blocks: 147.45.65.0/24 maxlen: 24
147.45.196.0/24 maxlen: 24
147.45.197.0/24 maxlen: 24
147.45.222.0/24 maxlen: 24
147.45.223.0/24 maxlen: 24
193.233.16.0/24 maxlen: 24
193.233.85.0/24 maxlen: 24
193.233.171.0/24 maxlen: 24
193.233.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 02:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0a:ce:00:0a:2f:bf:74:2e:b0:20:c1:09:b2:27:0d:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
Validity
Not Before: Sep 2 14:21:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=36c3ac570d2d12c97ab47e673d74778d162009aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:74:43:3b:31:79:cf:cf:aa:a5:44:f8:57:02:
e8:82:36:7b:dc:fc:b9:ce:4a:43:5f:26:ec:10:84:
c8:0a:6f:51:d6:37:79:80:a7:a8:27:dc:e4:4b:4b:
b3:2e:18:31:97:29:71:d1:ef:f8:0b:b5:37:b0:bd:
da:0c:c5:0d:72:64:63:f1:d6:75:f3:8e:27:ef:6f:
90:c1:15:4a:ea:aa:5e:fe:99:50:6a:40:fe:c3:b6:
01:56:a6:cb:bc:4b:75:1f:bd:8c:b2:45:16:f4:7c:
9e:0e:7e:2e:d8:0b:6c:68:b1:54:73:5a:ef:4e:38:
5e:08:cf:17:30:e9:0d:10:72:4e:92:a3:c6:6f:0d:
cd:0f:2c:11:e7:11:0b:51:99:b4:64:ef:6c:6d:3d:
f8:b9:e9:7b:14:f8:5d:cb:20:b0:a3:82:d5:ba:d5:
b7:30:e9:02:25:03:64:72:b1:4c:a3:38:fc:1e:83:
53:5d:2a:9d:65:ee:af:f9:eb:fa:89:24:ef:7e:a4:
fb:7f:19:29:ea:9d:8c:bb:17:3f:4c:d6:a0:9d:99:
54:3a:a9:2a:7f:77:0d:af:55:a5:4e:21:46:0e:b2:
ac:54:5d:65:8a:e6:e4:f1:54:c5:a5:ef:cf:7d:b9:
de:c3:8b:f8:71:19:0f:6a:30:a3:7b:f5:e5:19:f8:
78:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:C3:AC:57:0D:2D:12:C9:7A:B4:7E:67:3D:74:77:8D:16:20:09:AA
X509v3 Authority Key Identifier:
keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/NsOsVw0tEsl6tH5nPXR3jRYgCao.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.45.65.0/24
147.45.196.0/23
147.45.222.0/23
193.233.16.0/24
193.233.85.0/24
193.233.171.0/24
193.233.175.0/24
Signature Algorithm: sha256WithRSAEncryption
7b:21:22:ff:cb:04:62:e9:43:e3:7f:1b:99:8b:b0:bb:5c:91:
fe:af:98:80:79:18:5d:22:6a:7a:0b:52:a8:5b:57:23:c2:89:
fa:2f:c2:29:cf:67:d4:bf:e5:80:16:30:37:dc:20:77:25:b9:
84:53:5d:48:3b:ec:04:eb:b2:e7:b8:46:90:98:ee:18:3e:d0:
0b:dd:08:5d:9d:34:6c:d4:84:37:36:98:66:c6:41:6e:1d:78:
f3:79:3f:3f:8e:f2:39:47:8d:f2:8d:74:c6:ac:24:3f:dc:b5:
38:d9:c2:bc:83:ce:08:1a:e4:19:52:49:42:95:95:85:72:83:
c7:7f:c6:9e:33:36:50:2e:92:93:5b:c0:81:f0:6a:e9:0c:ae:
22:2e:70:6e:49:4f:4c:31:98:af:dc:bb:b4:5d:00:aa:37:6b:
ca:a5:a9:d7:7c:8f:8a:cd:f7:6a:f7:2c:0a:5d:07:a7:df:5e:
98:87:8e:33:e9:35:97:e8:54:00:62:88:17:b0:60:47:68:0f:
eb:6c:4e:6f:7a:d1:42:84:9a:c5:2c:83:91:4b:b2:ed:60:4e:
0d:ff:f6:a0:49:13:34:94:d1:ff:04:79:26:6a:09:d0:a5:d6:
16:52:b8:7a:0c:60:26:6b:3a:78:84:45:a9:ec:6a:9a:09:63:
bc:00:96:38
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZkKzgAKL790LrAgwQmyJw1lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwOTAyMTQyMTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmMzYWM1NzBkMmQxMmM5N2FiNDdlNjczZDc0Nzc4ZDE2MjAwOWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnRDOzF5z8+qpUT4VwLogjZ73Py5
zkpDXybsEITICm9R1jd5gKeoJ9zkS0uzLhgxlylx0e/4C7U3sL3aDMUNcmRj8dZ1
844n72+QwRVK6qpe/plQakD+w7YBVqbLvEt1H72MskUW9HyeDn4u2AtsaLFUc1rv
TjheCM8XMOkNEHJOkqPGbw3NDywR5xELUZm0ZO9sbT34uel7FPhdyyCwo4LVutW3
MOkCJQNkcrFMozj8HoNTXSqdZe6v+ev6iSTvfqT7fxkp6p2Muxc/TNagnZlUOqkq
f3cNr1WlTiFGDrKsVF1liubk8VTFpe/Pfbnew4v4cRkPajCje/XlGfh4IwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDbDrFcNLRLJerR+Zz10d40WIAmqMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvTnNPc1Z3MHRFc2w2dEg1blBYUjNqUllnQ2FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAky1BAwQB
ky3EAwQBky3eAwQAwekQAwQAwelVAwQAwemrAwQAwemvMA0GCSqGSIb3DQEBCwUA
A4IBAQB7ISL/ywRi6UPjfxuZi7C7XJH+r5iAeRhdImp6C1KoW1cjwon6L8Ipz2fU
v+WAFjA33CB3JbmEU11IO+wE67LnuEaQmO4YPtAL3QhdnTRs1IQ3NphmxkFuHXjz
eT8/jvI5R43yjXTGrCQ/3LU42cK8g84IGuQZUklClZWFcoPHf8aeMzZQLpKTW8CB
8GrpDK4iLnBuSU9MMZiv3Lu0XQCqN2vKpanXfI+Kzfdq9ywKXQen316Yh44z6TWX
6FQAYogXsGBHaA/rbE5vetFChJrFLIORS7LtYE4N//agSRM0lNH/BHkmagnQpdYW
Urh6DGAmazp4hEWp7GqaCWO8AJY4
-----END CERTIFICATE-----
Generated at Sat Sep 6 10:09:05 2025 by rpki-client