Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/NDP41gN8CNlECLeeTXiB3irVa-U.roa
File: NDP41gN8CNlECLeeTXiB3irVa-U.roa (raw, json)
Hash identifier: NHPnUFyVxDx6ULqS5NRDRG6OIw5kEx/T23RBy4+HG3M=
Subject key identifier: 34:33:F8:D6:03:7C:08:D9:44:08:B7:9E:4D:78:81:DE:2A:D5:6B:E5
Certificate issuer: /CN=8f2824c61357dc344bbdf35b83577459b9d3fc44
Certificate serial: 019425FD9D4B726F12E82CDE9779D4199960
Authority key identifier: 8F:28:24:C6:13:57:DC:34:4B:BD:F3:5B:83:57:74:59:B9:D3:FC:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/NDP41gN8CNlECLeeTXiB3irVa-U.roa
Signing time: Thu 02 Jan 2025 07:49:25 +0000
ROA not before: Thu 02 Jan 2025 07:49:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 93.157.38.0/23 maxlen: 24
2a00:4bc0:2000::/44 maxlen: 56
2a00:4bc0:2100::/40 maxlen: 48
2a00:4bc0:2300::/40 maxlen: 48
2a00:4bc0:2400::/40 maxlen: 48
2a00:4bc0:2600::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 19:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:9d:4b:72:6f:12:e8:2c:de:97:79:d4:19:99:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8f2824c61357dc344bbdf35b83577459b9d3fc44
Validity
Not Before: Jan 2 07:49:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3433f8d6037c08d94408b79e4d7881de2ad56be5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:e4:ff:2b:26:eb:38:00:56:3b:1e:39:4f:20:
e0:0d:62:1e:94:b1:ac:63:59:59:bc:c8:79:b5:71:
ed:c7:aa:3f:00:11:c7:a0:2d:b4:3f:18:00:20:0b:
ba:4f:2f:9d:de:30:a8:c5:6f:39:b1:b8:17:1a:4d:
2b:c0:62:ec:3c:8d:a8:09:0f:30:ac:8d:4e:a4:a3:
da:04:f1:f0:13:01:ff:3e:a1:e0:4e:d5:36:c5:38:
e9:8c:51:9b:90:b7:68:4f:bd:14:2c:af:e3:42:6e:
4a:65:0d:5d:a5:8e:35:36:ab:ec:c3:f8:f8:f1:51:
48:53:62:af:d8:70:6a:f9:79:b5:bf:fd:08:9c:4a:
ab:a1:9a:09:84:01:e6:37:6a:da:99:2d:15:9a:4b:
c7:92:dd:89:5e:c6:d1:67:94:49:20:0f:64:aa:0e:
7c:d9:0b:52:5c:ec:f7:e6:9b:d9:45:6f:cc:8c:f2:
1a:fe:2b:a5:cc:7d:93:b6:76:0f:bb:b5:f5:b5:92:
0b:60:69:bf:38:5b:7d:30:36:b9:f4:ce:9f:0c:ea:
be:79:7b:f2:8e:07:49:a3:87:0a:37:ec:fc:1b:83:
9c:85:30:72:9a:72:81:34:ed:ff:ad:30:be:2e:b7:
21:8c:ec:2e:82:d9:87:eb:97:bc:39:c5:c9:7c:68:
47:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:33:F8:D6:03:7C:08:D9:44:08:B7:9E:4D:78:81:DE:2A:D5:6B:E5
X509v3 Authority Key Identifier:
keyid:8F:28:24:C6:13:57:DC:34:4B:BD:F3:5B:83:57:74:59:B9:D3:FC:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/NDP41gN8CNlECLeeTXiB3irVa-U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.157.38.0/23
IPv6:
2a00:4bc0:2000::/44
2a00:4bc0:2100::/40
2a00:4bc0:2300::-2a00:4bc0:24ff:ffff:ffff:ffff:ffff:ffff
2a00:4bc0:2600::/40
Signature Algorithm: sha256WithRSAEncryption
2b:d7:c4:8f:96:f9:a4:bc:68:36:a5:2c:3c:ee:ea:d5:4e:e3:
75:44:42:9b:7f:db:aa:6a:d6:50:70:6a:e4:2a:69:a4:39:24:
6e:7e:e5:0b:64:a6:d1:06:70:53:d9:72:7f:15:6a:ff:c1:1e:
c4:52:52:62:95:44:c7:67:d8:ca:72:90:5e:83:88:bc:9f:c9:
6f:1e:e3:24:f2:01:74:ac:dd:c0:4a:e6:f4:19:04:3d:62:09:
1b:21:1a:9a:1c:62:c6:c9:bd:96:2d:d8:40:6b:f3:a9:a9:a6:
2a:f3:d2:0d:86:8a:6a:5b:5c:c3:e3:62:f1:20:01:78:c6:21:
85:7f:9b:09:c3:1e:4a:fc:d8:8d:21:0c:04:31:0e:6f:8d:4f:
4a:3f:26:39:b7:9f:8d:25:89:25:83:0b:c2:d7:43:86:d7:d3:
43:f6:28:68:4e:b1:bb:f8:f8:99:b0:41:b4:7c:f7:fd:41:13:
9f:4a:cf:b2:5d:a9:40:8b:2f:a6:e3:cd:25:95:50:70:a7:a7:
86:6c:fe:53:81:be:b8:88:6b:42:52:76:ea:40:60:4c:03:a0:
66:f3:ea:2d:e5:55:dc:d0:f5:69:1c:33:4e:b2:85:b0:3a:77:
ae:be:f7:cd:44:eb:5f:67:13:b1:92:e0:c9:76:ff:fe:eb:57:
c4:51:be:37
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQl/Z1Lcm8S6Czel3nUGZlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMjgyNGM2MTM1N2RjMzQ0YmJkZjM1YjgzNTc3NDU5Yjlk
M2ZjNDQwHhcNMjUwMTAyMDc0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDMzZjhkNjAzN2MwOGQ5NDQwOGI3OWU0ZDc4ODFkZTJhZDU2YmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreT/KybrOABWOx45TyDgDWIelLGs
Y1lZvMh5tXHtx6o/ABHHoC20PxgAIAu6Ty+d3jCoxW85sbgXGk0rwGLsPI2oCQ8w
rI1OpKPaBPHwEwH/PqHgTtU2xTjpjFGbkLdoT70ULK/jQm5KZQ1dpY41Nqvsw/j4
8VFIU2Kv2HBq+Xm1v/0InEqroZoJhAHmN2ramS0VmkvHkt2JXsbRZ5RJIA9kqg58
2QtSXOz35pvZRW/MjPIa/iulzH2TtnYPu7X1tZILYGm/OFt9MDa59M6fDOq+eXvy
jgdJo4cKN+z8G4OchTBymnKBNO3/rTC+LrchjOwugtmH65e8OcXJfGhHxwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFDQz+NYDfAjZRAi3nk14gd4q1WvlMB8GA1UdIwQY
MBaAFI8oJMYTV9w0S73zW4NXdFm50/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanlna3hoTlgzRFJMdmZOYmcxZDBXYm5UX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82NTJlYjQtMzIxYy00OGMwLTkyNzIt
M2FlNzExYWYwMzRiLzEvTkRQNDFnTjhDTmxFQ0xlZVRYaUIzaXJWYS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82NTJlYjQtMzIxYy00OGMwLTkyNzItM2FlNzExYWYwMzRi
LzEvanlna3hoTlgzRFJMdmZOYmcxZDBXYm5UX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAMBAIAATAGAwQBXZ0mMDEE
AgACMCsDBwQqAEvAIAADBgAqAEvAITAQAwYAKgBLwCMDBgAqAEvAJAMGACoAS8Am
MA0GCSqGSIb3DQEBCwUAA4IBAQAr18SPlvmkvGg2pSw87urVTuN1REKbf9uqatZQ
cGrkKmmkOSRufuULZKbRBnBT2XJ/FWr/wR7EUlJilUTHZ9jKcpBeg4i8n8lvHuMk
8gF0rN3ASub0GQQ9YgkbIRqaHGLGyb2WLdhAa/OpqaYq89INhopqW1zD42LxIAF4
xiGFf5sJwx5K/NiNIQwEMQ5vjU9KPyY5t5+NJYklgwvC10OG19ND9ihoTrG7+PiZ
sEG0fPf9QROfSs+yXalAiy+m480llVBwp6eGbP5Tgb64iGtCUnbqQGBMA6Bm8+ot
5VXc0PVpHDNOsoWwOneuvvfNROtfZxOxkuDJdv/+61fEUb43
-----END CERTIFICATE-----
Generated at Fri Apr 4 23:44:17 2025 by rpki-client