Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NSYa8azyYheyJvqkxteAT7qiyDw.roa
File: NSYa8azyYheyJvqkxteAT7qiyDw.roa (raw, json)
Hash identifier: 8QmfpRBEkRRwKtB+9D+0XKkyofyJEDITScVvxTzG8Co=
Subject key identifier: 35:26:1A:F1:AC:F2:62:17:B2:26:FA:A4:C6:D7:80:4F:BA:A2:C8:3C
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01953D2BEA0D96CC0D121808DA5DDC268357
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NSYa8azyYheyJvqkxteAT7qiyDw.roa
Signing time: Tue 25 Feb 2025 12:54:02 +0000
ROA not before: Tue 25 Feb 2025 12:54:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214025
IP address blocks: 109.176.14.0/24 maxlen: 24
212.38.81.0/24 maxlen: 24
213.210.52.0/24 maxlen: 24
213.210.53.0/24 maxlen: 24
213.218.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 11:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:3d:2b:ea:0d:96:cc:0d:12:18:08:da:5d:dc:26:83:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Feb 25 12:54:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35261af1acf26217b226faa4c6d7804fbaa2c83c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:35:71:f1:79:81:23:a5:2f:7e:71:8a:32:4d:
7a:c1:a3:51:82:b8:15:d3:88:2a:a6:2c:5b:c2:9a:
2c:16:56:8d:40:0a:f0:6d:93:fb:ee:10:cf:db:49:
48:8f:ad:c0:e8:3a:c5:51:08:e9:09:c2:0a:2c:ed:
99:3c:a3:d1:6f:6e:26:68:eb:17:05:68:28:0b:ed:
25:f5:e8:95:74:69:f6:cb:ac:6d:f8:a8:22:4e:ab:
fe:ee:9c:ee:5d:5d:3e:95:6f:93:07:aa:59:55:ec:
dc:00:d0:ce:8c:3a:20:82:1c:3d:09:1c:ad:0f:84:
b3:63:fa:09:3f:a4:f8:ed:54:37:e4:23:06:34:64:
de:6b:0b:ee:cc:d6:86:31:b1:cb:59:6c:72:9a:0b:
59:0f:b9:88:d2:21:c6:21:b7:0c:40:64:ac:db:2a:
5d:a8:8a:50:94:2b:43:bd:58:30:29:49:a1:d7:31:
1e:a9:e8:4e:5e:54:81:d7:06:14:5d:57:5b:d0:7f:
f3:8b:f5:5d:21:f4:b3:7b:00:13:e7:45:0d:bb:c8:
60:e4:39:af:0e:2e:0e:f3:8a:3d:05:a2:4f:06:bc:
e4:e5:08:64:89:de:a8:46:ef:73:b5:69:8b:d0:6a:
5f:ff:b4:c4:75:0f:eb:60:87:c6:4f:f7:a9:6f:7f:
cb:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:26:1A:F1:AC:F2:62:17:B2:26:FA:A4:C6:D7:80:4F:BA:A2:C8:3C
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NSYa8azyYheyJvqkxteAT7qiyDw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.176.14.0/24
212.38.81.0/24
213.210.52.0/23
213.218.239.0/24
Signature Algorithm: sha256WithRSAEncryption
06:bd:c9:f3:d7:35:b4:b6:4f:fc:54:79:e0:1c:f4:fd:78:e0:
28:e4:9a:70:6f:1b:e3:c5:f4:7f:1a:c7:90:04:e5:86:0e:15:
7f:1c:92:84:24:bf:6f:6e:34:e7:55:99:80:4d:e7:f8:46:d9:
75:b1:05:ab:b5:fb:fd:56:c7:87:a6:7c:7d:76:27:44:16:4e:
89:fa:62:25:70:05:96:d2:f0:53:a3:11:b0:9e:1c:6e:61:ff:
97:2b:f4:65:41:5f:f4:90:06:67:19:f1:72:b3:a4:8e:f5:5e:
ee:f7:92:cb:da:bd:60:16:d2:e6:f2:72:28:25:de:a0:86:16:
f0:35:b7:2a:6d:71:dd:41:de:c3:58:93:a3:03:33:ff:58:89:
b5:1c:a7:a0:45:43:ca:71:c2:96:34:6f:8b:24:11:3e:97:fb:
a7:2a:ab:29:b3:9c:07:af:49:c3:bb:4b:c5:42:76:ae:2f:6c:
0a:20:f9:d9:db:86:3e:c3:f6:21:bb:b0:f8:88:f8:c0:a3:21:
e0:32:8c:c0:a4:9d:eb:32:3a:22:48:ed:ac:a5:8a:1b:71:16:
67:61:9c:70:0d:25:4e:65:4f:86:70:53:44:ba:fa:17:64:30:
47:ea:f7:5e:86:8d:5c:4e:c0:e7:29:e3:b3:71:60:1b:74:ff:
f3:29:77:f0
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZU9K+oNlswNEhgI2l3cJoNXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMjI1MTI1NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTI2MWFmMWFjZjI2MjE3YjIyNmZhYTRjNmQ3ODA0ZmJhYTJjODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jVx8XmBI6UvfnGKMk16waNRgrgV
04gqpixbwposFlaNQArwbZP77hDP20lIj63A6DrFUQjpCcIKLO2ZPKPRb24maOsX
BWgoC+0l9eiVdGn2y6xt+KgiTqv+7pzuXV0+lW+TB6pZVezcANDOjDogghw9CRyt
D4SzY/oJP6T47VQ35CMGNGTeawvuzNaGMbHLWWxymgtZD7mI0iHGIbcMQGSs2ypd
qIpQlCtDvVgwKUmh1zEeqehOXlSB1wYUXVdb0H/zi/VdIfSzewAT50UNu8hg5Dmv
Di4O84o9BaJPBrzk5Qhkid6oRu9ztWmL0Gpf/7TEdQ/rYIfGT/epb3/LMQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDUmGvGs8mIXsib6pMbXgE+6osg8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTlNZYThhenlZaGV5SnZxa3h0ZUFUN3FpeUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbbAOAwQA
1CZRAwQB1dI0AwQA1drvMA0GCSqGSIb3DQEBCwUAA4IBAQAGvcnz1zW0tk/8VHng
HPT9eOAo5JpwbxvjxfR/GseQBOWGDhV/HJKEJL9vbjTnVZmATef4Rtl1sQWrtfv9
VseHpnx9didEFk6J+mIlcAWW0vBToxGwnhxuYf+XK/RlQV/0kAZnGfFys6SO9V7u
95LL2r1gFtLm8nIoJd6ghhbwNbcqbXHdQd7DWJOjAzP/WIm1HKegRUPKccKWNG+L
JBE+l/unKqsps5wHr0nDu0vFQnauL2wKIPnZ24Y+w/Yhu7D4iPjAoyHgMozApJ3r
MjoiSO2spYobcRZnYZxwDSVOZU+GcFNEuvoXZDBH6vdeho1cTsDnKeOzcWAbdP/z
KXfw
-----END CERTIFICATE-----
Generated at Sat Apr 5 21:17:24 2025 by rpki-client