Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ns-jEI6_-DjRaSAjoB8LcroWUVc.roa
File: ns-jEI6_-DjRaSAjoB8LcroWUVc.roa (raw, json)
Hash identifier: vmny3XF3GQPQowk8HIbTxCku31yjq26kixMsFmjXGgw=
Subject key identifier: 9E:CF:A3:10:8E:BF:F8:38:D1:69:20:23:A0:1F:0B:72:BA:16:51:57
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019882BCFCC81EB884DF6BF1B5C94EED25FC
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ns-jEI6_-DjRaSAjoB8LcroWUVc.roa
Signing time: Thu 07 Aug 2025 04:14:40 +0000
ROA not before: Thu 07 Aug 2025 04:14:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.4.0/24 maxlen: 24
193.124.7.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.87.119.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.179.0/24 maxlen: 24
194.87.228.0/24 maxlen: 24
194.135.24.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.29.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.241.0/24 maxlen: 24
212.193.0.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:00:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:82:bc:fc:c8:1e:b8:84:df:6b:f1:b5:c9:4e:ed:25:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Aug 7 04:14:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9ecfa3108ebff838d1692023a01f0b72ba165157
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:b6:54:6f:87:09:c2:b5:fa:0b:20:db:4a:45:
31:94:7b:f6:d2:50:3d:ee:e9:ff:5b:ac:dd:da:55:
cf:45:96:e2:d5:44:8a:72:14:46:0d:40:03:b1:63:
f3:dc:8c:50:12:ec:f3:51:cd:c9:1c:3d:6e:f2:18:
7e:3b:ee:77:7c:49:e3:ed:72:8a:f4:75:f2:81:e8:
bb:e3:67:1d:3b:ca:57:ff:7f:c7:38:11:85:f1:c6:
49:44:28:f1:83:7f:c9:68:38:4c:31:dc:bb:39:79:
56:96:3d:e4:f7:05:b2:41:60:90:ce:ab:f9:60:73:
d9:ba:8c:52:1f:f1:39:87:0f:1d:93:75:ea:d8:e2:
73:42:b5:ec:34:31:95:df:3f:05:f6:f4:ab:32:1a:
c6:2e:fd:51:84:3c:d2:69:80:cc:a2:0c:a4:fd:33:
e9:8f:f9:70:01:2c:79:ab:22:53:0e:f3:a9:55:03:
83:fd:99:8a:17:58:f4:40:89:b1:d4:2c:20:37:28:
a4:37:59:8f:b5:21:74:cd:bf:67:d1:79:ad:dc:78:
8f:90:a6:cd:db:09:0b:10:bb:7c:91:d4:a8:f0:75:
73:27:2d:f0:cc:05:23:97:ee:31:04:c5:b1:34:60:
ff:fb:14:9d:16:5f:62:90:dc:d4:48:57:7f:31:fc:
5e:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:CF:A3:10:8E:BF:F8:38:D1:69:20:23:A0:1F:0B:72:BA:16:51:57
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ns-jEI6_-DjRaSAjoB8LcroWUVc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.4.0/24
193.124.7.0/24
194.58.155.0/24
194.87.53.0/24
194.87.119.0/24
194.87.169.0/24
194.87.179.0/24
194.87.228.0/24
194.135.24.0/24
195.133.24.0/23
195.133.29.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.241.0/24
212.193.0.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
60:ed:6d:28:94:c3:e4:07:83:9b:87:ca:49:3d:21:3a:91:34:
1c:72:d2:eb:98:7f:c4:83:c8:09:f2:58:c0:7b:8f:1a:14:fe:
77:78:3e:da:8b:de:f4:b3:3e:db:f7:8a:d7:02:51:7b:b8:d8:
14:47:93:25:e1:27:8c:46:ff:79:6f:b7:a0:d1:b4:d8:10:d7:
07:fd:c5:ae:b4:c0:eb:a8:4a:20:a8:61:ca:33:e2:a5:f5:94:
92:e4:72:dc:f3:42:a2:07:f5:f0:96:bf:46:1b:c6:c7:a2:aa:
50:98:ad:df:39:18:fd:de:ef:63:19:73:33:c2:f0:78:bb:88:
23:fe:27:ba:4e:2c:8f:2e:45:58:d4:59:ef:77:17:4d:dd:94:
ab:31:48:3d:54:df:99:34:d1:42:a5:25:16:c0:98:48:49:5b:
2b:02:1c:91:dd:e9:3a:80:8a:da:21:fe:56:a2:d2:9f:ef:0a:
9a:0a:77:fe:24:01:4e:e7:15:5b:59:c7:2d:1a:96:3e:31:95:
56:25:f6:45:07:6e:6b:7b:40:1a:84:45:c7:ff:f9:23:b1:38:
4e:90:28:88:05:36:47:c9:e8:8e:c1:52:e8:81:8f:ca:ca:37:
37:ba:a2:05:12:2a:f9:fe:a5:9c:c1:94:54:46:ae:39:6e:a7:
e1:4f:03:45
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgISAZiCvPzIHriE32vxtclO7SX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwODA3MDQxNDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWNmYTMxMDhlYmZmODM4ZDE2OTIwMjNhMDFmMGI3MmJhMTY1MTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybZUb4cJwrX6CyDbSkUxlHv20lA9
7un/W6zd2lXPRZbi1USKchRGDUADsWPz3IxQEuzzUc3JHD1u8hh+O+53fEnj7XKK
9HXygei742cdO8pX/3/HOBGF8cZJRCjxg3/JaDhMMdy7OXlWlj3k9wWyQWCQzqv5
YHPZuoxSH/E5hw8dk3Xq2OJzQrXsNDGV3z8F9vSrMhrGLv1RhDzSaYDMogyk/TPp
j/lwASx5qyJTDvOpVQOD/ZmKF1j0QImx1CwgNyikN1mPtSF0zb9n0Xmt3HiPkKbN
2wkLELt8kdSo8HVzJy3wzAUjl+4xBMWxNGD/+xSdFl9ikNzUSFd/MfxeawIDAQAB
o4ICgjCCAn4wHQYDVR0OBBYEFJ7PoxCOv/g40WkgI6AfC3K6FlFXMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbnMtakVJNl8tRGpSYVNBam9COExjcm9XVVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGXBggrBgEFBQcBBwEB/wSBhzCBhDBsBAIAATBmAwQAwXwE
AwQAwXwHAwQAwjqbAwQAwlc1AwQAwld3AwQAwlepAwQAwlezAwQAwlfkAwQAwocY
AwQBw4UYAwQAw4UdAwQBw4UoAwQBw4UyAwQBw4VcAwQA1MDxAwQA1MEAAwQB1MEa
MBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAYO1tKJTD
5AeDm4fKST0hOpE0HHLS65h/xIPICfJYwHuPGhT+d3g+2ove9LM+2/eK1wJRe7jY
FEeTJeEnjEb/eW+3oNG02BDXB/3FrrTA66hKIKhhyjPipfWUkuRy3PNCogf18Ja/
RhvGx6KqUJit3zkY/d7vYxlzM8LweLuII/4nuk4sjy5FWNRZ73cXTd2UqzFIPVTf
mTTRQqUlFsCYSElbKwIckd3pOoCK2iH+VqLSn+8Kmgp3/iQBTucVW1nHLRqWPjGV
ViX2RQdua3tAGoRFx//5I7E4TpAoiAU2R8nojsFS6IGPyso3N7qiBRIq+f6lnMGU
VEauOW6n4U8DRQ==
-----END CERTIFICATE-----
Generated at Sat Aug 23 10:13:04 2025 by rpki-client