Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/NHHiweZNj5X_oEscIWqjN4fHUE8.roa
File: NHHiweZNj5X_oEscIWqjN4fHUE8.roa (raw, json)
Hash identifier: MGSiZ7A04kD6SVx5EJJ9SDisYbkFZtAr2OJkCAfFB+Y=
Subject key identifier: 34:71:E2:C1:E6:4D:8F:95:FF:A0:4B:1C:21:6A:A3:37:87:C7:50:4F
Certificate issuer: /CN=9e1aca341635166f802f98a97e00280ccee64ce2
Certificate serial: 01971A64AD041AE720FF2F36BE9249773E7A
Authority key identifier: 9E:1A:CA:34:16:35:16:6F:80:2F:98:A9:7E:00:28:0C:CE:E6:4C:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/NHHiweZNj5X_oEscIWqjN4fHUE8.roa
Signing time: Thu 29 May 2025 04:54:54 +0000
ROA not before: Thu 29 May 2025 04:54:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200315
IP address blocks: 91.216.13.0/24 maxlen: 24
138.128.224.0/22 maxlen: 24
2a13:90c0::/29 maxlen: 29
2a13:90c0::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 11 Jun 2025 23:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:1a:64:ad:04:1a:e7:20:ff:2f:36:be:92:49:77:3e:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e1aca341635166f802f98a97e00280ccee64ce2
Validity
Not Before: May 29 04:54:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3471e2c1e64d8f95ffa04b1c216aa33787c7504f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:88:b5:53:63:e1:4f:6f:44:c2:73:13:06:90:
63:db:db:18:0f:be:43:9b:8c:26:8e:fd:dd:22:2f:
ed:b7:b7:a8:8f:27:36:3d:cc:09:00:f3:7c:41:e9:
82:45:49:e5:a1:ea:e2:bb:e5:d3:29:2b:c1:9b:02:
03:fc:80:69:6d:9d:3c:75:74:17:af:0b:7a:10:1d:
85:da:f1:c3:c3:9d:4c:0f:0d:92:cf:12:bb:0f:c6:
33:39:21:10:2d:fc:b2:4d:c9:b3:c9:7d:55:3c:5e:
dd:ac:2c:6a:e4:94:c4:99:35:7e:fe:96:fb:8c:47:
4d:c0:7b:7e:11:88:08:3e:cf:e2:ed:90:69:b2:da:
da:2d:85:0c:8f:24:10:54:d5:71:c5:a7:e6:f6:cd:
61:fc:25:43:29:62:e2:ff:ae:95:7f:20:47:bc:e4:
c7:65:cf:62:1b:b4:07:32:72:38:23:80:d2:0e:33:
75:62:10:73:29:71:55:57:36:92:ed:e0:3e:36:d1:
38:9b:b3:19:ef:67:1e:cf:fa:dd:6b:f4:2f:b9:e2:
c4:83:10:e1:6f:18:e4:a4:f8:5e:d0:cc:52:ac:d5:
27:18:b3:13:65:ce:f3:db:1f:73:c2:11:f2:3c:ba:
49:f2:7b:4e:3c:b8:a6:a1:c1:18:d2:ac:06:a4:5b:
d7:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:71:E2:C1:E6:4D:8F:95:FF:A0:4B:1C:21:6A:A3:37:87:C7:50:4F
X509v3 Authority Key Identifier:
keyid:9E:1A:CA:34:16:35:16:6F:80:2F:98:A9:7E:00:28:0C:CE:E6:4C:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/NHHiweZNj5X_oEscIWqjN4fHUE8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.216.13.0/24
138.128.224.0/22
IPv6:
2a13:90c0::/29
Signature Algorithm: sha256WithRSAEncryption
44:97:2b:b3:63:d5:11:3a:64:31:9b:0d:eb:7e:16:b4:a5:e4:
f9:8a:77:c0:5a:2d:4c:06:30:e0:73:97:00:67:bf:fa:cb:ab:
14:32:b9:98:b3:08:07:0c:0a:aa:49:51:c0:fd:1a:19:41:d6:
fd:19:e0:2c:39:98:90:2a:a8:cb:7f:fc:50:01:84:cb:ad:ba:
2e:90:14:2c:be:57:50:1e:fd:d3:d9:4c:a9:36:1d:a4:ec:f4:
6c:06:1f:23:c7:dc:64:5d:1c:da:69:03:b6:eb:61:12:1e:3b:
b2:ab:b6:ae:d1:3b:a8:6f:2a:c5:49:e8:4a:cf:dc:b2:55:01:
aa:1d:93:6d:d5:b1:f3:e9:c9:44:c3:96:2d:91:21:7d:56:ab:
ed:2c:31:0b:14:20:32:e4:7e:f7:5c:22:72:64:f6:c1:de:37:
27:3f:73:9b:c2:57:44:91:e4:9d:62:1b:7c:6d:66:f4:78:cd:
c8:02:1b:b8:e8:04:aa:e3:86:90:82:71:4e:8f:ba:49:c8:bc:
64:3a:5c:71:78:95:bc:4e:86:c5:e4:ca:8d:3d:89:6f:97:a4:
cf:ae:fb:c3:99:72:77:86:c0:e5:d9:9b:65:7e:13:97:89:52:
4c:82:7d:73:f5:5a:27:27:e9:66:5d:b2:39:5f:6b:84:ec:36:
e0:cc:3b:32
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZcaZK0EGucg/y82vpJJdz56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMWFjYTM0MTYzNTE2NmY4MDJmOThhOTdlMDAyODBjY2Vl
NjRjZTIwHhcNMjUwNTI5MDQ1NDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDcxZTJjMWU2NGQ4Zjk1ZmZhMDRiMWMyMTZhYTMzNzg3Yzc1MDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Ii1U2PhT29EwnMTBpBj29sYD75D
m4wmjv3dIi/tt7eojyc2PcwJAPN8QemCRUnloeriu+XTKSvBmwID/IBpbZ08dXQX
rwt6EB2F2vHDw51MDw2SzxK7D8YzOSEQLfyyTcmzyX1VPF7drCxq5JTEmTV+/pb7
jEdNwHt+EYgIPs/i7ZBpstraLYUMjyQQVNVxxafm9s1h/CVDKWLi/66VfyBHvOTH
Zc9iG7QHMnI4I4DSDjN1YhBzKXFVVzaS7eA+NtE4m7MZ72cez/rda/QvueLEgxDh
bxjkpPhe0MxSrNUnGLMTZc7z2x9zwhHyPLpJ8ntOPLimocEY0qwGpFvX6wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDRx4sHmTY+V/6BLHCFqozeHx1BPMB8GA1UdIwQY
MBaAFJ4ayjQWNRZvgC+YqX4AKAzO5kziMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhyS05CWTFGbS1BTDVpcGZnQW9ETTdtVE9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS83OWZiYzAtMzM1MS00ZmZmLWI5ZDUt
NzU1NjFjYmYxMDRkLzEvTkhIaXdlWk5qNVhfb0VzY0lXcWpONGZIVUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS83OWZiYzAtMzM1MS00ZmZmLWI5ZDUtNzU1NjFjYmYxMDRk
LzEvbmhyS05CWTFGbS1BTDVpcGZnQW9ETTdtVE9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9gNAwQC
ioDgMA0EAgACMAcDBQMqE5DAMA0GCSqGSIb3DQEBCwUAA4IBAQBElyuzY9UROmQx
mw3rfha0peT5infAWi1MBjDgc5cAZ7/6y6sUMrmYswgHDAqqSVHA/RoZQdb9GeAs
OZiQKqjLf/xQAYTLrboukBQsvldQHv3T2UypNh2k7PRsBh8jx9xkXRzaaQO262ES
Hjuyq7au0TuobyrFSehKz9yyVQGqHZNt1bHz6clEw5YtkSF9VqvtLDELFCAy5H73
XCJyZPbB3jcnP3ObwldEkeSdYht8bWb0eM3IAhu46ASq44aQgnFOj7pJyLxkOlxx
eJW8TobF5MqNPYlvl6TPrvvDmXJ3hsDl2ZtlfhOXiVJMgn1z9VonJ+lmXbI5X2uE
7DbgzDsy
-----END CERTIFICATE-----
Generated at Wed Jun 11 09:52:25 2025 by rpki-client