Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/Nss2kO7vwED_lH6zuq8RSrb2rfE.roa
File: Nss2kO7vwED_lH6zuq8RSrb2rfE.roa (raw, json)
Hash identifier: 1BGYAn5SxYs9ABF+oBM6hfDnitlaPkyQv+8E/VsOmZ4=
Subject key identifier: 36:CB:36:90:EE:EF:C0:40:FF:94:7E:B3:BA:AF:11:4A:B6:F6:AD:F1
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 01941F8C4D8415F288D279D60B946CD01511
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/Nss2kO7vwED_lH6zuq8RSrb2rfE.roa
Signing time: Wed 01 Jan 2025 01:47:56 +0000
ROA not before: Wed 01 Jan 2025 01:47:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42375
IP address blocks: 2a04:fa00::/29 maxlen: 29
2a11:1480::/29 maxlen: 29
2a11:1540::/29 maxlen: 29
2a11:3440::/29 maxlen: 29
2a11:45c0::/29 maxlen: 29
2a11:4a80::/29 maxlen: 29
2a12:1c40::/29 maxlen: 29
2a12:2ec0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 11:01:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:4d:84:15:f2:88:d2:79:d6:0b:94:6c:d0:15:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Jan 1 01:47:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=36cb3690eeefc040ff947eb3baaf114ab6f6adf1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:7a:8e:3f:40:21:12:54:39:5a:74:aa:8c:1e:
bf:ec:55:77:42:34:bc:93:97:75:41:e0:89:05:92:
d1:28:d9:ca:23:3a:15:bc:04:bb:9f:88:be:34:09:
20:ed:01:82:72:c8:6e:ee:14:44:03:c1:74:48:57:
a2:02:6f:da:1a:25:6a:51:89:f4:ad:c8:a0:89:a8:
7e:e3:6b:dd:25:ea:e0:9c:97:d9:71:ba:16:7c:02:
81:5d:84:21:b2:fa:5c:b9:3f:36:0f:f0:ad:8d:98:
ab:8e:93:fb:29:11:d3:48:8e:c2:6f:89:ed:f5:40:
9c:bc:b2:54:41:56:b0:c1:3b:27:1b:b2:a4:47:10:
23:44:42:00:77:ee:19:1f:5b:31:50:6d:07:00:25:
45:c8:8f:33:a6:5b:4c:f6:c3:6c:e4:8c:3c:23:be:
e9:33:7b:9e:3a:c1:4e:13:21:0e:29:b3:a2:a1:4c:
c2:a3:4b:d2:1c:17:90:60:2e:fe:93:a3:26:78:8d:
8e:5d:a0:e4:2a:e3:09:f6:03:67:3f:fa:2e:81:ab:
31:18:89:1e:a6:16:ff:d1:22:f4:02:c9:86:ee:8c:
e6:51:f5:62:22:e5:7c:98:9a:38:97:9f:73:f4:90:
41:95:fd:4e:f1:b1:ef:a4:b1:fe:b3:29:78:ba:c1:
46:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:CB:36:90:EE:EF:C0:40:FF:94:7E:B3:BA:AF:11:4A:B6:F6:AD:F1
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/Nss2kO7vwED_lH6zuq8RSrb2rfE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a04:fa00::/29
2a11:1480::/29
2a11:1540::/29
2a11:3440::/29
2a11:45c0::/29
2a11:4a80::/29
2a12:1c40::/29
2a12:2ec0::/29
Signature Algorithm: sha256WithRSAEncryption
0d:07:c9:2d:59:5a:6b:5d:8d:8e:40:71:16:c5:55:ea:10:ab:
65:df:9d:d4:e0:3e:03:37:11:f7:49:4a:7d:0e:a7:20:9d:5f:
1e:60:97:91:04:59:87:b9:2c:8f:12:4f:a8:f8:2a:cb:47:8e:
28:a2:8b:49:9f:8d:42:d0:e4:f2:10:46:0c:38:93:94:21:42:
f9:ca:6f:31:50:53:c6:11:be:0d:93:24:4f:fa:65:8e:b4:82:
21:31:ae:f5:10:f8:60:b4:64:e8:7a:f2:e5:27:06:f9:b5:f2:
70:9c:af:58:a9:06:52:bc:17:37:f3:fe:bf:b0:c1:e5:f2:a3:
94:a5:e0:db:7e:0e:36:46:d4:9d:56:b5:ca:c6:9a:52:08:3a:
d5:2f:06:4b:c2:ba:3e:a3:9f:d0:47:ea:c0:3c:9e:7b:88:29:
35:c4:b0:fb:9a:b1:f3:d6:4c:db:54:0d:68:86:ec:31:93:af:
86:7a:c5:63:e3:d7:87:5e:b4:d5:e7:e4:27:ec:71:2d:8e:db:
17:ff:73:bd:5d:dd:42:d3:44:a8:1e:ab:ae:28:f4:72:cf:24:
49:c8:47:5a:bd:70:04:c3:3a:b9:19:36:bd:cb:19:44:ed:11:
ac:47:5d:05:48:ff:bc:8b:4a:67:19:47:76:b8:59:07:cb:18:
27:f2:32:1a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZQfjE2EFfKI0nnWC5Rs0BURMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmNiMzY5MGVlZWZjMDQwZmY5NDdlYjNiYWFmMTE0YWI2ZjZhZGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHqOP0AhElQ5WnSqjB6/7FV3QjS8
k5d1QeCJBZLRKNnKIzoVvAS7n4i+NAkg7QGCcshu7hREA8F0SFeiAm/aGiVqUYn0
rcigiah+42vdJergnJfZcboWfAKBXYQhsvpcuT82D/CtjZirjpP7KRHTSI7Cb4nt
9UCcvLJUQVawwTsnG7KkRxAjREIAd+4ZH1sxUG0HACVFyI8zpltM9sNs5Iw8I77p
M3ueOsFOEyEOKbOioUzCo0vSHBeQYC7+k6MmeI2OXaDkKuMJ9gNnP/ougasxGIke
phb/0SL0AsmG7ozmUfViIuV8mJo4l59z9JBBlf1O8bHvpLH+syl4usFGmQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFDbLNpDu78BA/5R+s7qvEUq29q3xMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvTnNzMmtPN3Z3RURfbEg2enVxOFJTcmIycmZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUDKgT6AAMF
AyoRFIADBQMqERVAAwUDKhE0QAMFAyoRRcADBQMqEUqAAwUDKhIcQAMFAyoSLsAw
DQYJKoZIhvcNAQELBQADggEBAA0HyS1ZWmtdjY5AcRbFVeoQq2XfndTgPgM3EfdJ
Sn0OpyCdXx5gl5EEWYe5LI8ST6j4KstHjiiii0mfjULQ5PIQRgw4k5QhQvnKbzFQ
U8YRvg2TJE/6ZY60giExrvUQ+GC0ZOh68uUnBvm18nCcr1ipBlK8Fzfz/r+wweXy
o5Sl4Nt+DjZG1J1WtcrGmlIIOtUvBkvCuj6jn9BH6sA8nnuIKTXEsPuasfPWTNtU
DWiG7DGTr4Z6xWPj14detNXn5CfscS2O2xf/c71d3ULTRKgeq64o9HLPJEnIR1q9
cATDOrkZNr3LGUTtEaxHXQVI/7yLSmcZR3a4WQfLGCfyMho=
-----END CERTIFICATE-----
Generated at Mon Apr 7 16:52:13 2025 by rpki-client