Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/ed3054-0a97-497c-9703-bc91c0670d03/1/nSZCrrugGYgpV2kpSk3jqr2LzfM.roa
File: nSZCrrugGYgpV2kpSk3jqr2LzfM.roa (raw, json)
Hash identifier: dkF/IyzVuAY00yNMBcnlRNr+PlCabKVgpyDEF61J7y4=
Subject key identifier: 9D:26:42:AE:BB:A0:19:88:29:57:69:29:4A:4D:E3:AA:BD:8B:CD:F3
Certificate issuer: /CN=8387c219c9841ebafaa3d40806c984f9f3e4e461
Certificate serial: 01988403F0DC6DF3B87BDA3E4D74F4A1BCB4
Authority key identifier: 83:87:C2:19:C9:84:1E:BA:FA:A3:D4:08:06:C9:84:F9:F3:E4:E4:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/g4fCGcmEHrr6o9QIBsmE-fPk5GE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/ed3054-0a97-497c-9703-bc91c0670d03/1/nSZCrrugGYgpV2kpSk3jqr2LzfM.roa
Signing time: Thu 07 Aug 2025 10:11:47 +0000
ROA not before: Thu 07 Aug 2025 10:11:47 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8648
IP address blocks: 185.65.220.0/22 maxlen: 24
195.181.248.0/22 maxlen: 24
212.57.32.0/21 maxlen: 24
2a00:1e40::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0b/ed3054-0a97-497c-9703-bc91c0670d03/1/g4fCGcmEHrr6o9QIBsmE-fPk5GE.crl
rsync://rpki.ripe.net/repository/DEFAULT/0b/ed3054-0a97-497c-9703-bc91c0670d03/1/g4fCGcmEHrr6o9QIBsmE-fPk5GE.mft
rsync://rpki.ripe.net/repository/DEFAULT/g4fCGcmEHrr6o9QIBsmE-fPk5GE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:84:03:f0:dc:6d:f3:b8:7b:da:3e:4d:74:f4:a1:bc:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8387c219c9841ebafaa3d40806c984f9f3e4e461
Validity
Not Before: Aug 7 10:11:47 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9d2642aebba01988295769294a4de3aabd8bcdf3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:c6:72:02:92:aa:a1:f0:1c:44:e2:dd:27:56:
cc:a0:12:71:cd:e1:dc:e7:e7:32:17:d6:7e:e3:18:
37:75:a3:d7:e4:79:36:33:b3:41:04:ed:25:12:eb:
25:e3:6c:dc:33:b7:fa:6a:b4:6b:64:d8:3f:f8:17:
22:25:97:df:3f:09:c9:5b:12:15:b3:a7:b5:fd:7c:
11:49:d1:d3:85:fc:f1:c3:c8:a5:ac:45:40:ec:a1:
10:a0:99:71:8d:1f:6c:ac:72:68:f9:b9:db:c7:51:
3f:d3:be:3e:71:30:97:5b:66:94:03:01:e6:b4:b9:
1c:67:58:f2:3c:d8:1b:75:dc:2f:c9:0c:aa:0c:8e:
16:6c:ad:fc:45:8b:5d:84:02:c7:92:df:b2:88:c8:
fc:04:a4:3b:74:38:69:a8:15:03:1c:f2:9e:56:85:
a9:5a:ae:d3:e6:13:01:eb:28:3a:02:11:00:aa:ce:
70:5b:56:f5:02:61:b0:14:f5:d8:ed:92:4b:09:77:
dc:cb:76:78:5e:85:fe:86:54:54:a1:ed:3c:3d:bf:
66:c6:f2:91:31:35:d1:bb:58:74:72:de:3a:a5:84:
d7:1d:6e:50:0c:93:46:ab:4c:0e:33:da:01:85:0f:
a0:cb:52:27:e0:31:80:79:b9:6d:c3:15:ea:5d:a8:
5c:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:26:42:AE:BB:A0:19:88:29:57:69:29:4A:4D:E3:AA:BD:8B:CD:F3
X509v3 Authority Key Identifier:
keyid:83:87:C2:19:C9:84:1E:BA:FA:A3:D4:08:06:C9:84:F9:F3:E4:E4:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g4fCGcmEHrr6o9QIBsmE-fPk5GE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/ed3054-0a97-497c-9703-bc91c0670d03/1/nSZCrrugGYgpV2kpSk3jqr2LzfM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/ed3054-0a97-497c-9703-bc91c0670d03/1/g4fCGcmEHrr6o9QIBsmE-fPk5GE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.65.220.0/22
195.181.248.0/22
212.57.32.0/21
IPv6:
2a00:1e40::/32
Signature Algorithm: sha256WithRSAEncryption
a9:0f:ef:05:94:ef:e0:11:39:fd:81:0e:97:13:84:a9:a8:10:
a8:08:ad:6e:ca:09:d5:d9:e9:68:8a:0a:fb:aa:af:11:2e:af:
b6:c3:8f:65:ed:1e:f1:96:c7:3c:eb:32:54:bd:75:c0:88:7d:
e8:c5:bc:a2:b7:94:0f:47:ba:a7:d9:18:a5:07:66:0b:a2:26:
a6:e7:a4:9e:30:3f:fc:d9:c2:93:47:6d:fd:01:91:2a:38:e8:
28:ce:bc:db:47:8a:5a:25:4b:b7:2c:40:e7:f3:22:fb:75:39:
23:db:eb:de:b2:7c:b5:50:fc:87:39:f9:88:10:4e:d1:ff:8b:
3c:1e:8a:52:d1:b3:ba:cf:95:a6:c0:79:75:31:25:b3:a6:5b:
b0:1b:75:e3:16:f4:1f:e6:50:0f:cc:7a:24:65:ab:d9:27:8c:
ad:e0:dd:5f:01:b3:2e:14:1a:f0:b4:71:ad:02:07:97:d1:a7:
5b:9e:5f:a2:82:92:8e:6a:e3:f6:52:26:d4:f6:08:8b:b5:a7:
88:4e:49:fc:18:37:19:cc:45:ee:29:7f:56:d5:b6:1f:6e:df:
2c:a2:d6:c4:b2:96:32:3a:7a:7e:50:c0:19:17:21:f2:d4:a4:
53:af:18:bc:d5:bc:8c:d7:ce:49:2c:7e:a0:45:0a:cd:d9:15:
1c:12:5f:ab
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZiEA/DcbfO4e9o+TXT0oby0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzODdjMjE5Yzk4NDFlYmFmYWEzZDQwODA2Yzk4NGY5ZjNl
NGU0NjEwHhcNMjUwODA3MTAxMTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDI2NDJhZWJiYTAxOTg4Mjk1NzY5Mjk0YTRkZTNhYWJkOGJjZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycZyApKqofAcROLdJ1bMoBJxzeHc
5+cyF9Z+4xg3daPX5Hk2M7NBBO0lEusl42zcM7f6arRrZNg/+BciJZffPwnJWxIV
s6e1/XwRSdHThfzxw8ilrEVA7KEQoJlxjR9srHJo+bnbx1E/074+cTCXW2aUAwHm
tLkcZ1jyPNgbddwvyQyqDI4WbK38RYtdhALHkt+yiMj8BKQ7dDhpqBUDHPKeVoWp
Wq7T5hMB6yg6AhEAqs5wW1b1AmGwFPXY7ZJLCXfcy3Z4XoX+hlRUoe08Pb9mxvKR
MTXRu1h0ct46pYTXHW5QDJNGq0wOM9oBhQ+gy1In4DGAebltwxXqXahcCwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJ0mQq67oBmIKVdpKUpN46q9i83zMB8GA1UdIwQY
MBaAFIOHwhnJhB66+qPUCAbJhPnz5ORhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzRmQ0djbUVIcnI2bzlRSUJzbUUtZlBrNUdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9lZDMwNTQtMGE5Ny00OTdjLTk3MDMt
YmM5MWMwNjcwZDAzLzEvblNaQ3JydWdHWWdwVjJrcFNrM2pxcjJMemZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9lZDMwNTQtMGE5Ny00OTdjLTk3MDMtYmM5MWMwNjcwZDAz
LzEvZzRmQ0djbUVIcnI2bzlRSUJzbUUtZlBrNUdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuUHcAwQC
w7X4AwQD1DkgMA0EAgACMAcDBQAqAB5AMA0GCSqGSIb3DQEBCwUAA4IBAQCpD+8F
lO/gETn9gQ6XE4SpqBCoCK1uygnV2eloigr7qq8RLq+2w49l7R7xlsc86zJUvXXA
iH3oxbyit5QPR7qn2RilB2YLoiam56SeMD/82cKTR239AZEqOOgozrzbR4paJUu3
LEDn8yL7dTkj2+vesny1UPyHOfmIEE7R/4s8HopS0bO6z5WmwHl1MSWzpluwG3Xj
FvQf5lAPzHokZavZJ4yt4N1fAbMuFBrwtHGtAgeX0adbnl+igpKOauP2UibU9giL
taeITkn8GDcZzEXuKX9W1bYfbt8sotbEspYyOnp+UMAZFyHy1KRTrxi81byM185J
LH6gRQrN2RUcEl+r
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:14:05 2025 by rpki-client