Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/nXaGHsEgPZBNKtmn56mRzt-VEzw.roa
File: nXaGHsEgPZBNKtmn56mRzt-VEzw.roa (raw, json)
Hash identifier: Ctb1FysygDYFjJRh3zZRcpuOzbIPJfh5qWmiEPC6f+0=
Subject key identifier: 9D:76:86:1E:C1:20:3D:90:4D:2A:D9:A7:E7:A9:91:CE:DF:95:13:3C
Certificate issuer: /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial: 01991AE030A71A3231C10A8B726663287A9B
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/nXaGHsEgPZBNKtmn56mRzt-VEzw.roa
Signing time: Fri 05 Sep 2025 17:15:24 +0000
ROA not before: Fri 05 Sep 2025 17:15:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200462
IP address blocks: 2.58.52.0/23 maxlen: 32
2.58.53.0/24 maxlen: 24
5.180.192.0/23 maxlen: 24
45.86.124.0/23 maxlen: 24
94.247.43.0/24 maxlen: 32
2a00:f826:8::/48 maxlen: 48
2a07:6fc0:10::/44 maxlen: 48
2a09:e1c0::/32 maxlen: 128
2a0c:8900::/29 maxlen: 128
2a0c:8905::/32 maxlen: 32
2a0c:8906::/32 maxlen: 32
2a0e:de80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 02:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:1a:e0:30:a7:1a:32:31:c1:0a:8b:72:66:63:28:7a:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Validity
Not Before: Sep 5 17:15:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9d76861ec1203d904d2ad9a7e7a991cedf95133c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:9a:50:6d:dd:b6:aa:c8:3e:66:a3:c8:43:c6:
0c:be:22:8c:5b:bd:d1:ad:84:1f:3c:df:ef:30:8f:
48:63:13:d8:7d:20:c0:3f:6d:5f:f2:d7:86:32:d3:
51:62:bf:e6:fe:55:ac:ab:57:9c:ff:e1:d3:33:e9:
d1:2f:b4:87:1b:ab:71:fd:97:7e:ca:cf:17:09:32:
ed:2a:5a:3c:7e:83:e5:b6:7d:07:b4:9e:77:df:d4:
08:e5:e5:bc:3a:15:3f:b1:34:0c:b9:30:fc:17:93:
1e:6c:94:de:08:6d:56:c0:b9:4f:88:86:f7:c3:a8:
63:ba:74:c9:a9:36:1d:26:72:6c:3b:ac:89:7d:f1:
20:94:fa:23:08:6e:4f:c5:7a:92:78:e2:b8:3e:37:
8c:70:a3:c1:4b:6d:2c:c7:d8:40:0d:d3:65:d4:81:
e6:91:7e:3b:98:78:6f:67:0b:c0:30:d0:3c:cc:dd:
34:31:e6:96:58:a8:fb:93:69:e2:2e:ad:27:ef:8d:
1d:31:b8:cb:40:66:e6:f8:b5:6c:9d:1e:4a:31:50:
27:c0:2a:1c:36:1c:72:d8:ba:8f:6a:ae:9f:4e:54:
4a:7b:bf:86:a2:28:1e:59:f8:95:25:70:e5:86:4c:
a0:4d:dd:ff:0c:86:7e:1e:1a:6a:62:ae:75:f9:09:
ac:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:76:86:1E:C1:20:3D:90:4D:2A:D9:A7:E7:A9:91:CE:DF:95:13:3C
X509v3 Authority Key Identifier:
keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/nXaGHsEgPZBNKtmn56mRzt-VEzw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.52.0/23
5.180.192.0/23
45.86.124.0/23
94.247.43.0/24
IPv6:
2a00:f826:8::/48
2a07:6fc0:10::/44
2a09:e1c0::/32
2a0c:8900::/29
2a0e:de80::/29
Signature Algorithm: sha256WithRSAEncryption
2e:bf:ce:a0:43:d6:3b:66:a6:05:6a:fd:06:0a:79:e3:9c:84:
1d:a2:28:d0:27:74:90:ca:a7:89:dc:c4:dc:83:75:de:17:88:
e3:0d:5e:0e:bc:05:dd:66:ec:63:ab:7a:3c:e4:a1:5f:a9:00:
b9:fe:15:fb:90:2a:18:26:57:29:14:2b:b0:f1:51:01:28:ae:
69:db:ab:57:a9:de:41:f3:69:39:c2:82:e8:08:26:6e:9b:ea:
09:15:78:35:a9:a1:61:cc:bf:a2:49:cb:c9:78:96:99:cd:d3:
8f:77:a4:2b:2b:da:90:72:2c:34:61:7c:af:a1:97:7c:ee:db:
d8:e0:56:13:32:4c:c4:f8:92:31:c3:ca:0d:71:f7:b0:cc:15:
35:87:0a:ed:8b:b9:5c:7e:a2:8c:34:5e:89:85:d2:e2:22:ef:
21:73:38:94:4f:6e:79:8c:b4:3f:09:4a:f3:da:32:24:a3:71:
a8:33:01:46:ac:c3:f6:d4:05:5a:2a:30:4b:70:83:a2:30:b9:
54:c7:60:3c:ad:e2:69:09:5f:1a:64:7a:7b:8c:23:62:28:f9:
c6:16:c6:cf:63:1f:bc:52:5e:62:74:75:7c:16:36:cc:23:51:
ca:9d:f6:ff:e7:bf:a5:a6:f4:fa:78:8e:79:f8:d6:f5:2e:cf:
53:07:18:fa
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZka4DCnGjIxwQqLcmZjKHqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwOTA1MTcxNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDc2ODYxZWMxMjAzZDkwNGQyYWQ5YTdlN2E5OTFjZWRmOTUxMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5pQbd22qsg+ZqPIQ8YMviKMW73R
rYQfPN/vMI9IYxPYfSDAP21f8teGMtNRYr/m/lWsq1ec/+HTM+nRL7SHG6tx/Zd+
ys8XCTLtKlo8foPltn0HtJ5339QI5eW8OhU/sTQMuTD8F5MebJTeCG1WwLlPiIb3
w6hjunTJqTYdJnJsO6yJffEglPojCG5PxXqSeOK4PjeMcKPBS20sx9hADdNl1IHm
kX47mHhvZwvAMNA8zN00MeaWWKj7k2niLq0n740dMbjLQGbm+LVsnR5KMVAnwCoc
Nhxy2LqPaq6fTlRKe7+GoigeWfiVJXDlhkygTd3/DIZ+HhpqYq51+QmsywIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJ12hh7BID2QTSrZp+epkc7flRM8MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvblhhR0hzRWdQWkJOS3RtbjU2bVJ6dC1WRXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAeBAIAATAYAwQBAjo0AwQB
BbTAAwQBLVZ8AwQAXvcrMC0EAgACMCcDBwAqAPgmAAgDBwQqB2/AABADBQAqCeHA
AwUDKgyJAAMFAyoO3oAwDQYJKoZIhvcNAQELBQADggEBAC6/zqBD1jtmpgVq/QYK
eeOchB2iKNAndJDKp4ncxNyDdd4XiOMNXg68Bd1m7GOrejzkoV+pALn+FfuQKhgm
VykUK7DxUQEormnbq1ep3kHzaTnCgugIJm6b6gkVeDWpoWHMv6JJy8l4lpnN0493
pCsr2pByLDRhfK+hl3zu29jgVhMyTMT4kjHDyg1x97DMFTWHCu2LuVx+oow0XomF
0uIi7yFzOJRPbnmMtD8JSvPaMiSjcagzAUasw/bUBVoqMEtwg6IwuVTHYDyt4mkJ
XxpkenuMI2Io+cYWxs9jH7xSXmJ0dXwWNswjUcqd9v/nv6Wm9Pp4jnn41vUuz1MH
GPo=
-----END CERTIFICATE-----
Generated at Sat Sep 6 04:58:55 2025 by rpki-client