Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/NfrImU14VyPFoYoWbQqSwcjt0NE.roa
File: NfrImU14VyPFoYoWbQqSwcjt0NE.roa (raw, json)
Hash identifier: MQdzlW7R+JzkpiS+Sg0oeOl5PeyecnB8iAb1AGvWxuA=
Subject key identifier: 35:FA:C8:99:4D:78:57:23:C5:A1:8A:16:6D:0A:92:C1:C8:ED:D0:D1
Certificate issuer: /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial: 01942445612BEA9596762AFFAB039DE39C0B
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/NfrImU14VyPFoYoWbQqSwcjt0NE.roa
Signing time: Wed 01 Jan 2025 23:48:34 +0000
ROA not before: Wed 01 Jan 2025 23:48:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30846
IP address blocks: 195.53.217.0/24 maxlen: 24
195.235.248.0/24 maxlen: 24
212.170.33.0/24 maxlen: 24
212.170.114.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 08:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:61:2b:ea:95:96:76:2a:ff:ab:03:9d:e3:9c:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Validity
Not Before: Jan 1 23:48:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35fac8994d785723c5a18a166d0a92c1c8edd0d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:4f:c0:c6:3c:ca:85:6d:57:b0:26:ba:e2:30:
9f:ec:dc:10:d1:df:69:de:d8:bc:d7:45:91:a4:aa:
51:34:74:a9:6a:66:26:41:e3:27:86:27:98:f5:33:
f2:c2:1e:02:4a:0b:00:c3:a6:b6:92:2c:d0:11:3f:
72:d0:5e:c6:06:fb:66:9c:8d:a4:b4:81:bb:be:ea:
9c:90:a2:5a:ba:d2:5a:53:a8:d3:d5:9a:03:71:f1:
0e:98:23:3a:4e:2e:bb:be:32:d6:bf:16:fe:ed:c0:
b9:e1:97:7d:c5:7a:e4:81:54:4a:d5:e4:b1:4c:dd:
0f:6c:5c:b2:8d:a6:eb:ff:2f:c9:db:7b:77:68:e8:
d5:5c:d7:17:0c:fe:20:2f:fb:2f:92:89:84:38:28:
d5:86:cb:cf:f5:26:37:8b:c8:cf:57:c0:5a:a2:c9:
1f:de:5d:c5:9a:a1:b7:3f:c1:b5:c0:e5:d0:3e:c6:
9a:cf:24:09:31:d9:e9:38:71:f9:c5:ee:2a:47:83:
3a:70:25:32:67:3b:a5:17:cb:ca:e0:a5:ec:16:44:
59:ea:6a:c6:b0:b8:10:7a:0b:66:37:c5:18:91:0b:
f0:df:7f:25:dd:b4:7b:18:f3:d2:54:43:b0:90:ff:
40:4e:65:5d:1a:41:9e:b2:4a:00:c7:cd:aa:41:61:
3d:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:FA:C8:99:4D:78:57:23:C5:A1:8A:16:6D:0A:92:C1:C8:ED:D0:D1
X509v3 Authority Key Identifier:
keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/NfrImU14VyPFoYoWbQqSwcjt0NE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.53.217.0/24
195.235.248.0/24
212.170.33.0/24
212.170.114.0/24
Signature Algorithm: sha256WithRSAEncryption
47:76:85:4d:ff:4d:b7:f6:c6:a7:14:a7:f3:01:82:be:97:a6:
8c:c1:f0:14:98:47:51:33:9a:80:74:68:d1:cb:6e:77:eb:08:
12:2f:09:3b:92:fd:51:f3:47:56:aa:cc:63:6f:a0:a8:15:e7:
46:41:d6:fb:63:ef:13:ac:a0:6c:01:c0:df:95:68:03:c6:bb:
55:f0:52:f0:11:fc:e1:18:2f:70:b5:e3:fe:58:ea:92:69:9c:
2f:9d:39:93:2d:c3:88:7a:3d:28:46:3c:bb:fc:05:12:f9:24:
bb:e7:1d:a1:81:09:c4:79:68:8e:88:97:36:e2:30:fa:fa:e8:
7e:dd:94:dd:c3:fa:ff:e7:be:4e:af:56:08:d8:9c:a0:2e:d4:
87:39:27:89:c4:84:48:e0:6b:cf:09:2f:cb:3a:9e:38:96:5f:
48:aa:84:49:37:40:ab:7e:72:ea:d1:d5:12:89:b1:63:02:e5:
32:2d:60:dd:20:02:44:98:81:d2:00:b4:bf:ca:fc:d9:5a:d2:
84:7e:5f:9c:91:86:cc:16:a5:a5:e0:ce:8e:f1:34:bb:1f:91:
35:75:f7:1a:e6:bd:71:07:b3:a3:a0:02:da:28:78:31:86:58:
19:9d:0d:c9:22:ee:cb:64:3d:30:72:0d:bb:49:a4:b1:71:9d:
c5:25:09:22
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQkRWEr6pWWdir/qwOd45wLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjUwMTAxMjM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZhYzg5OTRkNzg1NzIzYzVhMThhMTY2ZDBhOTJjMWM4ZWRkMGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApk/AxjzKhW1XsCa64jCf7NwQ0d9p
3ti810WRpKpRNHSpamYmQeMnhieY9TPywh4CSgsAw6a2kizQET9y0F7GBvtmnI2k
tIG7vuqckKJautJaU6jT1ZoDcfEOmCM6Ti67vjLWvxb+7cC54Zd9xXrkgVRK1eSx
TN0PbFyyjabr/y/J23t3aOjVXNcXDP4gL/svkomEOCjVhsvP9SY3i8jPV8Baoskf
3l3FmqG3P8G1wOXQPsaazyQJMdnpOHH5xe4qR4M6cCUyZzulF8vK4KXsFkRZ6mrG
sLgQegtmN8UYkQvw338l3bR7GPPSVEOwkP9ATmVdGkGeskoAx82qQWE9MQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDX6yJlNeFcjxaGKFm0KksHI7dDRMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvTmZySW1VMTRWeVBGb1lvV2JRcVN3Y2p0ME5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwzXZAwQA
w+v4AwQA1KohAwQA1KpyMA0GCSqGSIb3DQEBCwUAA4IBAQBHdoVN/0239sanFKfz
AYK+l6aMwfAUmEdRM5qAdGjRy2536wgSLwk7kv1R80dWqsxjb6CoFedGQdb7Y+8T
rKBsAcDflWgDxrtV8FLwEfzhGC9wteP+WOqSaZwvnTmTLcOIej0oRjy7/AUS+SS7
5x2hgQnEeWiOiJc24jD6+uh+3ZTdw/r/575Or1YI2JygLtSHOSeJxIRI4GvPCS/L
Op44ll9IqoRJN0CrfnLq0dUSibFjAuUyLWDdIAJEmIHSALS/yvzZWtKEfl+ckYbM
FqWl4M6O8TS7H5E1dfca5r1xB7OjoALaKHgxhlgZnQ3JIu7LZD0wcg27SaSxcZ3F
JQki
-----END CERTIFICATE-----
Generated at Tue Apr 8 14:45:21 2025 by rpki-client