Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/NZtS_yd4-bo9e2cvGKzyKvYI3pE.roa
File: NZtS_yd4-bo9e2cvGKzyKvYI3pE.roa (raw, json)
Hash identifier: +rJHNNOfAgRLW2AYZ2GQZ4sJIXJPzKob0SOJ3Knzwec=
Subject key identifier: 35:9B:52:FF:27:78:F9:BA:3D:7B:67:2F:18:AC:F2:2A:F6:08:DE:91
Certificate issuer: /CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
Certificate serial: 0197208D375A8FF0FF508D36C60A6ED6280C
Authority key identifier: DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/NZtS_yd4-bo9e2cvGKzyKvYI3pE.roa
Signing time: Fri 30 May 2025 09:36:54 +0000
ROA not before: Fri 30 May 2025 09:36:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204057
IP address blocks: 116.204.153.0/24 maxlen: 24
178.23.189.0/24 maxlen: 24
185.255.96.0/23 maxlen: 23
217.28.140.0/24 maxlen: 24
2a0d:6240::/32 maxlen: 32
2a0d:6241::/32 maxlen: 32
2a0d:6242::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.mft
rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 10 Jun 2025 11:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:20:8d:37:5a:8f:f0:ff:50:8d:36:c6:0a:6e:d6:28:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
Validity
Not Before: May 30 09:36:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=359b52ff2778f9ba3d7b672f18acf22af608de91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:5f:b2:56:3d:85:b4:04:70:82:ec:62:4a:6a:
c1:4b:78:fa:21:78:9c:a2:97:bc:ca:0d:62:09:28:
91:13:51:b0:ba:b9:75:9c:8e:10:c0:8f:43:74:ba:
ff:18:e3:b4:23:1e:06:d0:1f:f6:34:34:e2:c7:17:
5b:4c:b8:62:11:41:f9:ee:45:58:1b:cd:48:eb:23:
67:4f:3b:2d:cd:7f:d0:13:e0:97:fa:68:e4:83:4a:
2e:2b:a5:2a:d8:26:91:19:d1:fa:6b:8a:66:17:c8:
68:1b:ae:da:24:7a:80:02:3a:cf:96:16:94:34:d0:
0b:94:6a:0b:28:f6:7b:f5:97:53:c4:bd:2f:df:db:
8d:df:aa:42:20:65:d3:6c:bd:3e:2c:31:dd:f5:47:
5c:51:08:28:25:5b:b6:cb:6e:30:23:9c:69:56:28:
3a:7b:65:6d:09:8f:2f:31:1d:5e:4c:89:80:97:84:
09:ad:de:77:d3:ea:02:4e:20:a0:d6:b8:f4:38:27:
aa:b6:61:61:d7:c5:04:3c:c2:75:13:e2:9d:3c:f6:
a2:15:9c:49:c5:7d:28:dd:b3:c5:b1:8d:56:af:b9:
77:82:9d:20:c8:18:1c:0f:00:8b:1f:9c:b8:df:13:
5f:ac:79:48:de:d4:9c:5a:37:25:55:fe:bb:55:d8:
c0:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:9B:52:FF:27:78:F9:BA:3D:7B:67:2F:18:AC:F2:2A:F6:08:DE:91
X509v3 Authority Key Identifier:
keyid:DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/NZtS_yd4-bo9e2cvGKzyKvYI3pE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
116.204.153.0/24
178.23.189.0/24
185.255.96.0/23
217.28.140.0/24
IPv6:
2a0d:6240::-2a0d:6242:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
7b:8c:76:40:1b:9d:34:8f:b0:55:36:30:38:b5:6f:65:30:5d:
e5:90:42:8a:73:2d:97:ba:18:bf:68:69:05:af:50:1f:f1:a3:
11:72:7f:4c:5a:b9:7b:78:00:4a:5f:61:9d:1c:66:53:21:4e:
1f:f3:35:f7:cf:2d:27:6f:8b:29:fe:f2:4b:65:7b:dd:b4:b8:
32:d1:a8:d2:c9:a1:48:17:14:1c:23:43:ff:71:67:2e:78:59:
b6:0d:41:76:ef:9b:ec:0d:4d:b4:b0:fb:1d:41:ea:e9:7c:8b:
1b:aa:9e:49:e8:73:bc:8b:68:a6:74:1f:3c:ef:db:01:39:7d:
16:f7:b4:37:2c:28:e2:e4:8a:b4:3d:cf:82:89:0f:c0:1a:e3:
30:58:17:f1:cf:d3:65:d3:90:cd:23:bc:ee:2f:9c:d8:c3:76:
ea:17:b2:9a:3b:0e:11:3e:ed:0e:95:99:6e:e2:8c:d6:58:26:
98:dc:0a:31:ba:32:b1:80:11:da:c8:b7:b3:f3:76:8c:84:0f:
62:0f:42:c6:4a:56:d8:bc:98:cc:c0:e1:b0:67:53:5b:51:63:
b6:c0:d6:e0:3a:6b:1e:ba:27:89:b9:67:af:50:40:8c:59:7e:
d7:2f:1b:46:e3:2c:be:10:f6:22:7e:88:89:1e:82:3c:f2:ab:
34:e9:e7:52
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZcgjTdaj/D/UI02xgpu1igMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjFmNmUwMDE1M2E0OTE4NjExYjE0YjZiMDNmNjgxMmVk
ODhhNDMwHhcNMjUwNTMwMDkzNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTliNTJmZjI3NzhmOWJhM2Q3YjY3MmYxOGFjZjIyYWY2MDhkZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiF+yVj2FtARwguxiSmrBS3j6IXic
ope8yg1iCSiRE1Gwurl1nI4QwI9DdLr/GOO0Ix4G0B/2NDTixxdbTLhiEUH57kVY
G81I6yNnTzstzX/QE+CX+mjkg0ouK6Uq2CaRGdH6a4pmF8hoG67aJHqAAjrPlhaU
NNALlGoLKPZ79ZdTxL0v39uN36pCIGXTbL0+LDHd9UdcUQgoJVu2y24wI5xpVig6
e2VtCY8vMR1eTImAl4QJrd530+oCTiCg1rj0OCeqtmFh18UEPMJ1E+KdPPaiFZxJ
xX0o3bPFsY1Wr7l3gp0gyBgcDwCLH5y43xNfrHlI3tScWjclVf67VdjAqwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDWbUv8nePm6PXtnLxis8ir2CN6RMB8GA1UdIwQY
MBaAFN+x9uABU6SRhhGxS2sD9oEu2IpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEt
ODEwNjI3ZmIyNjcxLzEvTlp0U195ZDQtYm85ZTJjdkdLenlLdllJM3BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEtODEwNjI3ZmIyNjcx
LzEvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQAdMyZAwQA
she9AwQBuf9gAwQA2RyMMBYEAgACMBAwDgMFBioNYkADBQAqDWJCMA0GCSqGSIb3
DQEBCwUAA4IBAQB7jHZAG500j7BVNjA4tW9lMF3lkEKKcy2Xuhi/aGkFr1Af8aMR
cn9MWrl7eABKX2GdHGZTIU4f8zX3zy0nb4sp/vJLZXvdtLgy0ajSyaFIFxQcI0P/
cWcueFm2DUF275vsDU20sPsdQerpfIsbqp5J6HO8i2imdB8879sBOX0W97Q3LCji
5Iq0Pc+CiQ/AGuMwWBfxz9Nl05DNI7zuL5zYw3bqF7KaOw4RPu0OlZlu4ozWWCaY
3AoxujKxgBHayLez83aMhA9iD0LGSlbYvJjMwOGwZ1NbUWO2wNbgOmseuieJuWev
UECMWX7XLxtG4yy+EPYifoiJHoI88qs06edS
-----END CERTIFICATE-----
Generated at Mon Jun 9 17:29:01 2025 by rpki-client