Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/NseX_PmvqgiHi02Bi8gmlYxGhIY.roa
File: NseX_PmvqgiHi02Bi8gmlYxGhIY.roa (raw, json)
Hash identifier: eTG247q6syS0nLyctbop0B1s+SIN4F7hMSSRHihV/Mg=
Subject key identifier: 36:C7:97:FC:F9:AF:AA:08:87:8B:4D:81:8B:C8:26:95:8C:46:84:86
Certificate issuer: /CN=3b3daef89306a75f0b88191440742a720afb3f20
Certificate serial: 0195B2A235781EF5B1EF14BE79AAE6EE0853
Authority key identifier: 3B:3D:AE:F8:93:06:A7:5F:0B:88:19:14:40:74:2A:72:0A:FB:3F:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/NseX_PmvqgiHi02Bi8gmlYxGhIY.roa
Signing time: Thu 20 Mar 2025 08:18:49 +0000
ROA not before: Thu 20 Mar 2025 08:18:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24796
IP address blocks: 185.33.108.0/22 maxlen: 22
185.33.108.0/23 maxlen: 23
185.33.108.0/24 maxlen: 24
185.33.109.0/24 maxlen: 24
185.33.110.0/23 maxlen: 23
185.33.110.0/24 maxlen: 24
185.33.111.0/24 maxlen: 24
193.24.29.0/24 maxlen: 24
193.201.40.0/24 maxlen: 24
2a0f:80:1::/48 maxlen: 48
2a0f:80:2::/48 maxlen: 48
2a0f:80:3::/48 maxlen: 48
2a0f:80:a::/48 maxlen: 48
2a0f:80:b::/48 maxlen: 48
2a0f:80:c::/48 maxlen: 48
2a0f:80:d::/48 maxlen: 48
2a0f:80:e::/48 maxlen: 48
2a0f:80:f::/48 maxlen: 48
2a0f:80:10::/48 maxlen: 48
2a0f:80:11::/48 maxlen: 48
2a0f:80:12::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/Oz2u-JMGp18LiBkUQHQqcgr7PyA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/Oz2u-JMGp18LiBkUQHQqcgr7PyA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 20 Apr 2025 17:00:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b2:a2:35:78:1e:f5:b1:ef:14:be:79:aa:e6:ee:08:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b3daef89306a75f0b88191440742a720afb3f20
Validity
Not Before: Mar 20 08:18:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=36c797fcf9afaa08878b4d818bc826958c468486
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:f9:7f:44:d1:b3:1f:70:7c:59:ec:e3:63:fd:
3a:2b:8f:9c:50:e8:e1:1d:dc:c1:c3:24:b6:ee:97:
fa:6e:8b:10:6a:a5:92:26:fb:62:82:83:87:c5:48:
da:66:d5:fc:9e:99:50:3f:c4:a2:61:ef:3f:7b:1b:
bc:1c:c3:37:28:e6:54:b7:52:4a:2e:d0:ff:d6:10:
ba:d3:5f:02:2d:5c:29:2c:fd:84:99:1c:55:57:89:
3f:e2:af:7e:7a:b5:87:60:a2:e5:5b:3e:d5:e6:06:
ab:77:ce:86:ac:1e:41:17:9b:65:ce:24:9b:02:02:
a3:73:b8:db:38:a4:2d:8a:c6:31:e0:73:d9:92:ae:
b2:d2:c7:a3:ed:7f:7c:d6:86:4e:b5:70:1c:56:22:
f8:d3:5a:e5:fd:55:a9:8c:56:79:74:af:44:aa:27:
89:cf:b1:f5:d6:df:30:71:05:71:f2:ea:32:fd:9d:
8a:2f:77:be:14:86:93:1b:23:bb:2d:ed:e5:d2:e4:
f6:fc:b7:35:6f:28:ad:62:ca:54:d6:d0:82:ee:1a:
5a:ac:c2:35:b6:da:e4:2c:7b:bd:d5:78:9c:56:1c:
b8:5c:2a:84:33:6c:ce:fc:5a:41:66:92:44:67:f1:
90:87:f7:01:95:f8:77:67:07:2a:d6:72:68:4c:c9:
83:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:C7:97:FC:F9:AF:AA:08:87:8B:4D:81:8B:C8:26:95:8C:46:84:86
X509v3 Authority Key Identifier:
keyid:3B:3D:AE:F8:93:06:A7:5F:0B:88:19:14:40:74:2A:72:0A:FB:3F:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/NseX_PmvqgiHi02Bi8gmlYxGhIY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/Oz2u-JMGp18LiBkUQHQqcgr7PyA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.33.108.0/22
193.24.29.0/24
193.201.40.0/24
IPv6:
2a0f:80:1::-2a0f:80:3:ffff:ffff:ffff:ffff:ffff
2a0f:80:a::-2a0f:80:12:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
4f:da:e0:e5:c9:1b:e4:b1:9b:f6:0e:de:c9:ee:5d:46:56:92:
1b:a5:d8:25:06:fb:e5:2c:da:71:45:40:7c:e2:06:4c:79:ab:
53:4c:f8:0e:b5:8f:8b:d5:19:05:09:65:87:fc:54:aa:d3:9b:
a2:d0:73:fb:0b:01:1c:f7:c5:e6:86:b6:4d:d7:26:6e:71:cf:
7e:48:33:f1:b7:b0:c3:75:2d:cf:cb:54:95:f0:73:85:55:80:
43:1c:90:a9:06:2b:1a:e7:a1:0f:2e:39:3d:fd:22:0e:ec:3d:
da:36:59:5e:47:75:e1:62:8a:c1:53:b0:f0:2e:fd:ec:fc:11:
97:ba:45:11:34:31:d5:66:88:a1:db:6f:c3:9b:ac:e2:c5:21:
65:6a:66:98:4c:4a:c6:42:25:3d:65:ed:92:62:b1:c5:a9:94:
da:b7:df:4b:9d:a4:f3:d5:ba:eb:c7:81:7b:eb:c1:ec:42:b4:
0d:61:8a:b0:f3:3f:de:7a:1c:df:a4:51:4a:e8:e6:2f:bc:28:
7e:bc:44:80:39:a1:44:85:10:18:99:6f:32:d3:73:6d:6b:cc:
9f:72:91:18:0c:2d:ff:1c:d0:81:a3:cb:0f:b9:7a:cf:90:03:
b5:0f:75:7d:e5:a3:a3:72:a0:7f:3f:1d:8e:05:7e:fe:0a:e3:
7d:3d:b7:dc
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZWyojV4HvWx7xS+earm7ghTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiM2RhZWY4OTMwNmE3NWYwYjg4MTkxNDQwNzQyYTcyMGFm
YjNmMjAwHhcNMjUwMzIwMDgxODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmM3OTdmY2Y5YWZhYTA4ODc4YjRkODE4YmM4MjY5NThjNDY4NDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPl/RNGzH3B8WezjY/06K4+cUOjh
HdzBwyS27pf6bosQaqWSJvtigoOHxUjaZtX8nplQP8SiYe8/exu8HMM3KOZUt1JK
LtD/1hC6018CLVwpLP2EmRxVV4k/4q9+erWHYKLlWz7V5gard86GrB5BF5tlziSb
AgKjc7jbOKQtisYx4HPZkq6y0sej7X981oZOtXAcViL401rl/VWpjFZ5dK9EqieJ
z7H11t8wcQVx8uoy/Z2KL3e+FIaTGyO7Le3l0uT2/Lc1byitYspU1tCC7hparMI1
ttrkLHu91XicVhy4XCqEM2zO/FpBZpJEZ/GQh/cBlfh3Zwcq1nJoTMmD3QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDbHl/z5r6oIh4tNgYvIJpWMRoSGMB8GA1UdIwQY
MBaAFDs9rviTBqdfC4gZFEB0KnIK+z8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3oydS1KTUdwMThMaUJrVVFIUXFjZ3I3UHlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9mMTUwYjEtNDNiOS00OTExLWEwMDUt
YWFjYWQ4NmM2MTdkLzEvTnNlWF9QbXZxZ2lIaTAyQmk4Z21sWXhHaElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9mMTUwYjEtNDNiOS00OTExLWEwMDUtYWFjYWQ4NmM2MTdk
LzEvT3oydS1KTUdwMThMaUJrVVFIUXFjZ3I3UHlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAYBAIAATASAwQCuSFsAwQA
wRgdAwQAwckoMC4EAgACMCgwEgMHACoPAIAAAQMHAioPAIAAADASAwcBKg8AgAAK
AwcAKg8AgAASMA0GCSqGSIb3DQEBCwUAA4IBAQBP2uDlyRvksZv2Dt7J7l1GVpIb
pdglBvvlLNpxRUB84gZMeatTTPgOtY+L1RkFCWWH/FSq05ui0HP7CwEc98XmhrZN
1yZucc9+SDPxt7DDdS3Py1SV8HOFVYBDHJCpBisa56EPLjk9/SIO7D3aNlleR3Xh
YorBU7DwLv3s/BGXukURNDHVZoih22/Dm6zixSFlamaYTErGQiU9Ze2SYrHFqZTa
t99LnaTz1brrx4F768HsQrQNYYqw8z/eehzfpFFK6OYvvCh+vESAOaFEhRAYmW8y
03Nta8yfcpEYDC3/HNCBo8sPuXrPkAO1D3V95aOjcqB/Px2OBX7+CuN9Pbfc
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:14:29 2025 by rpki-client