Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/nna5EA2g1qX6KviopTAzfZKYgqM.roa
File: nna5EA2g1qX6KviopTAzfZKYgqM.roa (raw, json)
Hash identifier: +1+cT+lcsXs8CMprSc3uLnHvYXXY0ACjWW6HRhv0N78=
Subject key identifier: 9E:76:B9:10:0D:A0:D6:A5:FA:2A:F8:A8:A5:30:33:7D:92:98:82:A3
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 0195EE7D642D6A0CD7BB00B0CC89D2F49B64
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/nna5EA2g1qX6KviopTAzfZKYgqM.roa
Signing time: Mon 31 Mar 2025 23:15:49 +0000
ROA not before: Mon 31 Mar 2025 23:15:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 87.58.64.0/24 maxlen: 24
87.58.65.0/24 maxlen: 24
159.254.0.0/24 maxlen: 24
159.254.1.0/24 maxlen: 24
159.254.2.0/24 maxlen: 24
159.254.3.0/24 maxlen: 24
159.254.4.0/24 maxlen: 24
159.254.5.0/24 maxlen: 24
159.254.6.0/24 maxlen: 24
159.254.7.0/24 maxlen: 24
159.254.8.0/24 maxlen: 24
159.254.9.0/24 maxlen: 24
159.254.10.0/24 maxlen: 24
159.254.11.0/24 maxlen: 24
159.254.12.0/24 maxlen: 24
194.9.116.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 19:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ee:7d:64:2d:6a:0c:d7:bb:00:b0:cc:89:d2:f4:9b:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Mar 31 23:15:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9e76b9100da0d6a5fa2af8a8a530337d929882a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:5e:59:6a:36:09:9f:86:e0:89:0a:02:36:13:
e2:b5:75:a8:8f:c4:a2:5d:48:23:b4:de:74:7a:65:
7a:04:36:66:48:21:88:59:f6:23:7a:5b:f0:f0:4c:
ef:3c:ef:4c:63:4c:e5:f8:f5:b4:8c:72:d7:de:17:
9b:df:53:46:bd:5f:44:d2:e7:4d:e8:93:f3:1d:bd:
f9:bb:dd:67:ad:4d:ba:fa:52:8e:40:e1:a4:1f:c6:
56:0b:de:6d:9f:1a:9c:1b:98:3a:3d:9a:fc:14:9d:
cf:3c:d2:dd:91:96:d2:08:c2:25:41:3b:91:38:bc:
a1:22:f0:b5:f5:c1:4a:e8:c3:e3:35:48:87:ce:c6:
c4:68:28:da:08:27:af:2a:11:e3:0d:6f:13:d4:e1:
e4:69:2b:d5:c1:01:05:69:50:d9:7f:aa:93:b4:1e:
de:2a:15:0a:10:0a:7b:45:22:ac:3e:30:9d:48:1c:
6e:9a:0f:30:01:f1:be:aa:cc:d4:39:1e:9f:a0:b8:
19:c4:48:01:83:ae:a9:f4:ba:26:96:40:4b:59:e9:
f5:20:7d:6f:9a:d8:a3:ca:d7:20:26:69:6d:c9:d0:
e9:46:36:6a:7f:af:37:6f:fe:a9:77:78:e4:d3:12:
51:6c:64:08:7c:6a:92:00:f1:44:d8:80:e1:f8:b4:
08:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:76:B9:10:0D:A0:D6:A5:FA:2A:F8:A8:A5:30:33:7D:92:98:82:A3
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/nna5EA2g1qX6KviopTAzfZKYgqM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.58.64.0/23
159.254.0.0-159.254.12.255
194.9.116.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:d4:b9:91:a8:b9:8b:18:53:0b:0f:b6:59:18:18:9d:5f:bd:
25:6c:c7:25:26:0a:29:66:20:b8:41:e1:02:3f:43:a0:d2:fe:
fe:83:dd:bc:e7:58:d5:82:8c:e5:8e:46:f0:f9:90:1c:88:75:
98:c7:4d:0a:c6:bf:4d:48:5a:fe:0a:79:de:dc:84:78:f1:55:
d4:0d:f8:02:5f:b3:13:60:ad:4e:5f:fe:e3:ab:66:7a:ae:8c:
73:9d:d3:dc:ed:57:e5:a7:5e:e3:a4:32:ab:bf:f6:8b:d8:d3:
44:24:0f:53:e7:bd:ba:de:db:88:0d:2e:be:51:cb:3a:eb:78:
5e:fc:7a:c8:b3:22:05:32:d1:36:48:f6:29:f0:3b:03:1d:99:
4d:ad:4c:1e:bf:f1:bd:72:d3:4d:64:d3:af:49:c1:f5:0b:a1:
98:ba:1d:a2:7e:73:bd:e4:98:c7:cc:27:53:11:c6:d0:47:dd:
0e:18:43:41:d1:c8:52:56:b0:c4:6c:6a:00:23:e1:c0:8a:35:
7c:28:f9:2d:7a:57:7e:d6:27:5e:c8:f9:ae:42:94:6f:26:50:
2e:44:fd:7d:58:9f:96:6e:23:8c:68:a5:a1:96:25:1c:64:59:
75:a0:5f:f9:25:32:da:aa:3f:e2:52:aa:dd:a3:7f:57:c7:c3:
62:e7:35:66
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZXufWQtagzXuwCwzInS9JtkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjUwMzMxMjMxNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTc2YjkxMDBkYTBkNmE1ZmEyYWY4YThhNTMwMzM3ZDkyOTg4MmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwl5ZajYJn4bgiQoCNhPitXWoj8Si
XUgjtN50emV6BDZmSCGIWfYjelvw8EzvPO9MY0zl+PW0jHLX3heb31NGvV9E0udN
6JPzHb35u91nrU26+lKOQOGkH8ZWC95tnxqcG5g6PZr8FJ3PPNLdkZbSCMIlQTuR
OLyhIvC19cFK6MPjNUiHzsbEaCjaCCevKhHjDW8T1OHkaSvVwQEFaVDZf6qTtB7e
KhUKEAp7RSKsPjCdSBxumg8wAfG+qszUOR6foLgZxEgBg66p9LomlkBLWen1IH1v
mtijytcgJmltydDpRjZqf683b/6pd3jk0xJRbGQIfGqSAPFE2IDh+LQIsQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFJ52uRANoNal+ir4qKUwM32SmIKjMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvbm5hNUVBMmcxcVg2S3Zpb3BUQXpmWktZZ3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAATAZAwQBVzpAMAsD
AwGf/gMEAJ/+DAMEAMIJdDANBgkqhkiG9w0BAQsFAAOCAQEAK9S5kai5ixhTCw+2
WRgYnV+9JWzHJSYKKWYguEHhAj9DoNL+/oPdvOdY1YKM5Y5G8PmQHIh1mMdNCsa/
TUha/gp53tyEePFV1A34Al+zE2CtTl/+46tmeq6Mc53T3O1X5ade46Qyq7/2i9jT
RCQPU+e9ut7biA0uvlHLOut4Xvx6yLMiBTLRNkj2KfA7Ax2ZTa1MHr/xvXLTTWTT
r0nB9QuhmLodon5zveSYx8wnUxHG0EfdDhhDQdHIUlawxGxqACPhwIo1fCj5LXpX
ftYnXsj5rkKUbyZQLkT9fViflm4jjGiloZYlHGRZdaBf+SUy2qo/4lKq3aN/V8fD
Yuc1Zg==
-----END CERTIFICATE-----
Generated at Fri Apr 4 23:56:47 2025 by rpki-client