Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/raNLX_Rlhb8qt_iqRNHRfzz2onw.roa
File: raNLX_Rlhb8qt_iqRNHRfzz2onw.roa (raw, json)
Hash identifier: CXUwU+ePCPV8g/dv883GbgzoP+FoppZgtKTpY2iI3OA=
Subject key identifier: AD:A3:4B:5F:F4:65:85:BF:2A:B7:F8:AA:44:D1:D1:7F:3C:F6:A2:7C
Certificate issuer: /CN=2fe5b7ccb403d30a44857d47c58cf1346546d283
Certificate serial: 0198EB579C6B25E547A88AFD9321DB941CFC
Authority key identifier: 2F:E5:B7:CC:B4:03:D3:0A:44:85:7D:47:C5:8C:F1:34:65:46:D2:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L-W3zLQD0wpEhX1HxYzxNGVG0oM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/raNLX_Rlhb8qt_iqRNHRfzz2onw.roa
Signing time: Wed 27 Aug 2025 11:44:04 +0000
ROA not before: Wed 27 Aug 2025 11:44:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29399
IP address blocks: 159.253.86.0/24 maxlen: 24
159.253.87.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/L-W3zLQD0wpEhX1HxYzxNGVG0oM.crl
rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/L-W3zLQD0wpEhX1HxYzxNGVG0oM.mft
rsync://rpki.ripe.net/repository/DEFAULT/L-W3zLQD0wpEhX1HxYzxNGVG0oM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 23:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:eb:57:9c:6b:25:e5:47:a8:8a:fd:93:21:db:94:1c:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2fe5b7ccb403d30a44857d47c58cf1346546d283
Validity
Not Before: Aug 27 11:44:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ada34b5ff46585bf2ab7f8aa44d1d17f3cf6a27c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:c4:93:84:7f:46:0f:df:6e:4b:2c:6c:d5:c5:
3d:9c:8f:f2:8c:a2:de:79:cf:a3:d5:53:a6:a6:b0:
b4:6a:ec:02:25:24:4f:88:f8:8c:0a:4f:a2:46:b1:
2f:66:a1:c3:63:c6:6e:26:27:eb:1d:b2:80:7b:c6:
a6:ee:69:39:4e:6a:62:5c:2f:a1:64:02:68:01:64:
95:33:d0:18:7e:70:83:a9:f4:f8:3a:ba:d2:37:f5:
f9:b2:f4:81:df:f7:6f:b2:56:67:64:f1:bd:c0:b5:
08:3b:c8:65:11:29:b3:f2:bb:1c:47:9f:67:13:ff:
e0:44:c8:bc:c1:1c:1b:b8:54:31:c6:72:a8:46:17:
9c:45:bb:47:c6:3f:f8:e4:c1:8c:41:24:80:98:4f:
0d:6c:6f:0b:f9:ac:04:be:35:e5:59:06:6e:ff:b8:
51:73:74:52:b4:5f:bb:b3:c0:c7:a8:5d:dd:0f:85:
16:e4:0a:70:88:a8:ad:d0:b6:4e:c8:69:c3:12:a0:
e5:5c:1f:1b:4f:55:2e:ce:50:e8:02:db:52:bc:4a:
6f:d6:03:70:e2:f5:dc:02:5b:37:25:0d:ee:c5:6d:
98:b9:37:24:9e:61:04:fd:85:f6:4f:43:a9:91:2a:
ff:92:13:de:2e:91:47:8f:30:08:3d:76:1d:20:14:
10:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:A3:4B:5F:F4:65:85:BF:2A:B7:F8:AA:44:D1:D1:7F:3C:F6:A2:7C
X509v3 Authority Key Identifier:
keyid:2F:E5:B7:CC:B4:03:D3:0A:44:85:7D:47:C5:8C:F1:34:65:46:D2:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L-W3zLQD0wpEhX1HxYzxNGVG0oM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/raNLX_Rlhb8qt_iqRNHRfzz2onw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/L-W3zLQD0wpEhX1HxYzxNGVG0oM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.253.86.0/23
Signature Algorithm: sha256WithRSAEncryption
55:95:a4:31:de:93:82:0d:49:1e:5e:fe:07:75:ff:8b:d0:64:
0f:63:5a:00:b1:04:76:ab:02:16:58:de:4b:64:1a:f8:31:61:
b6:6e:f4:ab:6d:97:3c:e9:ab:4b:c0:1a:6a:fc:95:88:cf:5a:
bc:e2:b1:bb:4a:ab:84:79:5c:de:0b:2e:d4:2a:71:5b:e4:dd:
a2:7f:ad:db:75:9b:2a:c2:55:c7:72:21:08:0a:e2:03:91:fb:
86:28:c6:a5:f6:9c:14:a0:d3:74:6b:96:a2:44:7d:76:d4:93:
90:d9:54:cb:06:a7:6b:d5:03:14:bd:6b:29:ad:c7:e6:76:e9:
60:e1:6c:74:2d:16:5a:db:4b:13:46:9b:10:4d:ef:a5:aa:a0:
d4:a2:6d:a8:38:b2:e5:65:0a:fb:7e:bf:42:2c:b6:d4:7f:0b:
f5:07:66:f8:9a:b4:5a:d5:30:f7:eb:43:e9:e8:10:a5:91:90:
17:e9:f5:1f:26:83:db:74:0f:ab:15:cb:d7:14:de:92:10:41:
74:2f:a7:95:37:9d:a1:b5:29:88:3b:05:29:44:fe:c1:1e:6d:
3e:fb:78:67:af:ea:39:ba:59:99:e6:ec:24:c2:3e:2e:79:0d:
bf:8b:a9:fa:07:ab:69:5d:47:9d:f0:63:a7:98:62:21:55:af:
e1:78:4c:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjrV5xrJeVHqIr9kyHblBz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZTViN2NjYjQwM2QzMGE0NDg1N2Q0N2M1OGNmMTM0NjU0
NmQyODMwHhcNMjUwODI3MTE0NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGEzNGI1ZmY0NjU4NWJmMmFiN2Y4YWE0NGQxZDE3ZjNjZjZhMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsSThH9GD99uSyxs1cU9nI/yjKLe
ec+j1VOmprC0auwCJSRPiPiMCk+iRrEvZqHDY8ZuJifrHbKAe8am7mk5TmpiXC+h
ZAJoAWSVM9AYfnCDqfT4OrrSN/X5svSB3/dvslZnZPG9wLUIO8hlESmz8rscR59n
E//gRMi8wRwbuFQxxnKoRhecRbtHxj/45MGMQSSAmE8NbG8L+awEvjXlWQZu/7hR
c3RStF+7s8DHqF3dD4UW5ApwiKit0LZOyGnDEqDlXB8bT1UuzlDoAttSvEpv1gNw
4vXcAls3JQ3uxW2YuTcknmEE/YX2T0OpkSr/khPeLpFHjzAIPXYdIBQQPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2jS1/0ZYW/Krf4qkTR0X889qJ8MB8GA1UdIwQY
MBaAFC/lt8y0A9MKRIV9R8WM8TRlRtKDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTC1XM3pMUUQwd3BFaFgxSHhZenhOR1ZHMG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi85MWNkZmQtMmM3Mi00MjM2LWE0YzIt
MmI4ZjczNDZmMzUwLzEvcmFOTFhfUmxoYjhxdF9pcVJOSFJmenoyb253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi85MWNkZmQtMmM3Mi00MjM2LWE0YzItMmI4ZjczNDZmMzUw
LzEvTC1XM3pMUUQwd3BFaFgxSHhZenhOR1ZHMG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBn/1WMA0G
CSqGSIb3DQEBCwUAA4IBAQBVlaQx3pOCDUkeXv4Hdf+L0GQPY1oAsQR2qwIWWN5L
ZBr4MWG2bvSrbZc86atLwBpq/JWIz1q84rG7SquEeVzeCy7UKnFb5N2if63bdZsq
wlXHciEICuIDkfuGKMal9pwUoNN0a5aiRH121JOQ2VTLBqdr1QMUvWsprcfmdulg
4Wx0LRZa20sTRpsQTe+lqqDUom2oOLLlZQr7fr9CLLbUfwv1B2b4mrRa1TD360Pp
6BClkZAX6fUfJoPbdA+rFcvXFN6SEEF0L6eVN52htSmIOwUpRP7BHm0++3hnr+o5
ulmZ5uwkwj4ueQ2/i6n6B6tpXUed8GOnmGIhVa/heEwF
-----END CERTIFICATE-----
Generated at Tue Sep 9 06:39:24 2025 by rpki-client