Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/NsP8M1MMA3vcd67Jqg1Acd0f8pc.roa
File: NsP8M1MMA3vcd67Jqg1Acd0f8pc.roa (raw, json)
Hash identifier: o+Png3e+yZxXIdxIbA8MaZ+s3tRftA963n78jgudtXk=
Subject key identifier: 36:C3:FC:33:53:0C:03:7B:DC:77:AE:C9:AA:0D:40:71:DD:1F:F2:97
Certificate issuer: /CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Certificate serial: 0197A8CF88B0FB9A7801A72E1F0C8E26E291
Authority key identifier: BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/NsP8M1MMA3vcd67Jqg1Acd0f8pc.roa
Signing time: Wed 25 Jun 2025 20:37:42 +0000
ROA not before: Wed 25 Jun 2025 20:37:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58285
IP address blocks: 2a09:bc00::/29 maxlen: 29
2a09:c700::/29 maxlen: 29
2a09:cf00::/29 maxlen: 29
2a09:e700::/29 maxlen: 29
2a0b:9000::/29 maxlen: 29
2a0d:fcc0::/29 maxlen: 29
2a0e:3f40::/29 maxlen: 29
2a0e:5880::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.mft
rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 01 Jul 2025 08:01:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:a8:cf:88:b0:fb:9a:78:01:a7:2e:1f:0c:8e:26:e2:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Validity
Not Before: Jun 25 20:37:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=36c3fc33530c037bdc77aec9aa0d4071dd1ff297
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:1d:0f:a8:20:08:2d:91:8b:c9:ec:0d:b6:4a:
7d:38:58:03:e0:d8:ca:41:77:8a:30:09:08:d1:aa:
11:58:69:54:da:0a:be:31:7e:a7:6e:a7:3e:0e:86:
4a:ec:93:62:40:2a:d4:98:71:b2:19:16:f8:43:b3:
16:67:e0:0b:cd:eb:51:b1:d9:cb:c8:18:8d:51:51:
42:cb:d8:78:dd:61:ec:1a:c6:a7:f6:4a:8a:9c:b9:
5a:d0:b1:25:d5:60:c5:a6:03:75:7b:c6:a7:5c:ae:
13:a5:49:9e:9a:88:71:f9:29:56:6a:a8:69:b9:6a:
27:09:0d:c4:da:93:17:fa:50:f4:81:56:6d:aa:bd:
18:69:7b:87:59:d1:9b:a4:fe:1a:c7:19:e0:b7:c7:
9c:17:c4:98:03:ec:30:89:31:0a:57:4e:a5:25:ac:
68:ad:e7:b4:de:61:f7:83:01:a7:2c:8d:a2:4d:78:
28:06:46:c2:eb:ab:a5:40:1d:6d:c6:73:70:c1:9a:
12:0f:9e:84:8a:d8:87:b1:2f:db:32:dc:7c:05:2f:
7f:a9:a6:95:0a:46:7f:01:00:c8:3a:9d:2d:39:cf:
a8:28:81:71:4c:f5:13:16:94:de:bf:83:15:6b:cf:
6f:7d:72:e4:3d:d7:4c:ed:d1:7d:73:5a:dd:c5:9e:
63:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:C3:FC:33:53:0C:03:7B:DC:77:AE:C9:AA:0D:40:71:DD:1F:F2:97
X509v3 Authority Key Identifier:
keyid:BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/NsP8M1MMA3vcd67Jqg1Acd0f8pc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:bc00::/29
2a09:c700::/29
2a09:cf00::/29
2a09:e700::/29
2a0b:9000::/29
2a0d:fcc0::/29
2a0e:3f40::/29
2a0e:5880::/29
Signature Algorithm: sha256WithRSAEncryption
1d:5d:85:05:06:1a:ca:e2:b3:82:b5:30:79:20:7a:e2:93:c9:
bd:ec:31:21:f9:2b:6f:cc:36:70:b4:69:59:4e:b7:43:02:a7:
6d:53:52:d1:e2:ed:2f:e4:e7:cd:56:b3:19:45:23:61:77:31:
66:9e:a5:f8:6e:1a:bd:24:8f:f5:13:e7:62:58:a9:20:fb:9e:
5e:4a:81:fc:9d:20:25:9c:88:26:84:f3:dd:1c:ac:85:b1:7e:
88:b9:eb:db:86:5b:7e:78:6f:36:fa:f9:18:dc:d0:73:34:ca:
55:fa:da:99:a0:58:70:b5:fc:4b:59:7b:ed:18:89:f7:75:03:
bd:5b:02:9a:4e:d0:23:0a:a7:1b:b5:d3:85:99:51:1a:cb:70:
27:69:da:86:2a:d8:6e:0f:d7:1e:b2:4a:da:e8:ba:c2:3c:9e:
bd:62:5d:3a:f6:7d:8e:c6:a9:ca:6f:bf:33:7f:10:ff:ee:b8:
99:d7:97:c7:8c:dc:f5:db:ff:80:97:f0:e8:ad:a4:48:2a:ba:
42:9d:72:5c:b9:3c:1f:69:fc:0e:c3:32:e6:a2:d3:29:73:ca:
7d:bd:a5:2b:bc:2b:19:2a:00:32:5a:c9:14:b0:51:54:e6:62:
38:9d:e4:36:40:24:c9:f9:a6:14:95:a2:3e:d9:2e:d4:07:83:
85:fb:17:dd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZeoz4iw+5p4AacuHwyOJuKRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTBmMjU4ZWVmNGIyYmY0YmJhYTg0MzBjMWU1OGNhOGMx
ODhlYTcwHhcNMjUwNjI1MjAzNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmMzZmMzMzUzMGMwMzdiZGM3N2FlYzlhYTBkNDA3MWRkMWZmMjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsx0PqCAILZGLyewNtkp9OFgD4NjK
QXeKMAkI0aoRWGlU2gq+MX6nbqc+DoZK7JNiQCrUmHGyGRb4Q7MWZ+ALzetRsdnL
yBiNUVFCy9h43WHsGsan9kqKnLla0LEl1WDFpgN1e8anXK4TpUmemohx+SlWaqhp
uWonCQ3E2pMX+lD0gVZtqr0YaXuHWdGbpP4axxngt8ecF8SYA+wwiTEKV06lJaxo
ree03mH3gwGnLI2iTXgoBkbC66ulQB1txnNwwZoSD56EitiHsS/bMtx8BS9/qaaV
CkZ/AQDIOp0tOc+oKIFxTPUTFpTev4MVa89vfXLkPddM7dF9c1rdxZ5jSQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFDbD/DNTDAN73HeuyaoNQHHdH/KXMB8GA1UdIwQY
MBaAFLqg8lju9LK/S7qoQwweWMqMGI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEt
ZTU3NjhkNmIxODJjLzEvTnNQOE0xTU1BM3ZjZDY3SnFnMUFjZDBmOHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEtZTU3NjhkNmIxODJj
LzEvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUDKgm8AAMF
AyoJxwADBQMqCc8AAwUDKgnnAAMFAyoLkAADBQMqDfzAAwUDKg4/QAMFAyoOWIAw
DQYJKoZIhvcNAQELBQADggEBAB1dhQUGGsris4K1MHkgeuKTyb3sMSH5K2/MNnC0
aVlOt0MCp21TUtHi7S/k581WsxlFI2F3MWaepfhuGr0kj/UT52JYqSD7nl5Kgfyd
ICWciCaE890crIWxfoi569uGW354bzb6+Rjc0HM0ylX62pmgWHC1/EtZe+0Yifd1
A71bAppO0CMKpxu104WZURrLcCdp2oYq2G4P1x6yStrousI8nr1iXTr2fY7Gqcpv
vzN/EP/uuJnXl8eM3PXb/4CX8OitpEgqukKdcly5PB9p/A7DMuai0ylzyn29pSu8
KxkqADJayRSwUVTmYjid5DZAJMn5phSVoj7ZLtQHg4X7F90=
-----END CERTIFICATE-----
Generated at Mon Jun 30 16:21:43 2025 by rpki-client