Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/PF-NBKp7Nqqe7s5WVvewkf3f2h0.roa
File: PF-NBKp7Nqqe7s5WVvewkf3f2h0.roa (raw, json)
Hash identifier: 8C0c1yCie+sLZsze6Aqu2ayrdhRNZkMbL/iz4QQCq1Q=
Subject key identifier: 3C:5F:8D:04:AA:7B:36:AA:9E:EE:CE:56:56:F7:B0:91:FD:DF:DA:1D
Certificate issuer: /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial: 0198C64199A5042284AE3936862B40C09B50
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/PF-NBKp7Nqqe7s5WVvewkf3f2h0.roa
Signing time: Wed 20 Aug 2025 06:54:04 +0000
ROA not before: Wed 20 Aug 2025 06:54:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 185.244.104.0/24 maxlen: 24
2a05:9a40::/29 maxlen: 29
2a06:5fc0::/29 maxlen: 29
2a0b:ac00::/29 maxlen: 29
2a10:3c80::/29 maxlen: 29
2a10:3f80::/29 maxlen: 29
2a10:77c0::/29 maxlen: 29
2a13:b4c1::/32 maxlen: 32
2a13:b9c0::/29 maxlen: 29
2a13:bb40::/29 maxlen: 29
2a13:c240::/29 maxlen: 29
2a13:c340::/29 maxlen: 29
2a13:c3c0::/29 maxlen: 29
2a14:42c0::/29 maxlen: 29
2a14:62c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c6:41:99:a5:04:22:84:ae:39:36:86:2b:40:c0:9b:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Validity
Not Before: Aug 20 06:54:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3c5f8d04aa7b36aa9eeece5656f7b091fddfda1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:9c:69:20:d8:23:f2:bf:3a:c5:87:bb:d7:a4:
c9:bf:80:3b:ee:d0:14:73:03:15:cc:0c:aa:7a:d7:
df:22:6d:9a:62:df:53:85:b0:ce:93:f2:26:59:e8:
c4:c6:71:49:72:9a:7d:86:3b:af:01:4e:2c:66:77:
69:e0:77:4d:a7:a5:94:52:f0:db:ef:b7:dc:6b:5e:
cf:79:e2:95:59:0f:cf:c9:e6:f9:9c:03:7f:dc:c8:
5b:f7:0a:5b:89:9a:05:e4:11:b2:f0:8f:7d:c9:d4:
a1:b5:88:0f:4c:fb:86:63:a5:cc:fd:e8:93:8a:2b:
b0:52:c2:03:db:e6:8c:15:36:90:a2:09:8a:87:83:
34:3d:50:4d:13:01:d1:15:d5:8c:93:96:2a:6c:4f:
9a:d8:05:30:82:dc:fe:38:ec:9a:83:af:11:46:a2:
7f:a5:62:62:e2:80:a8:44:87:27:78:dd:ae:1b:ff:
3d:57:09:e9:c4:0e:b0:68:cf:22:ec:07:c4:35:cb:
c9:59:ad:ff:70:b4:41:b2:c1:ba:e5:f9:76:6e:da:
1a:fd:5b:63:42:bd:fe:fb:c9:44:15:a2:12:27:37:
f4:46:29:37:2d:d5:ed:3b:f5:cf:41:2b:92:00:d1:
21:45:b2:cd:4d:3e:c9:d3:5d:71:2f:48:27:db:80:
98:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:5F:8D:04:AA:7B:36:AA:9E:EE:CE:56:56:F7:B0:91:FD:DF:DA:1D
X509v3 Authority Key Identifier:
keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/PF-NBKp7Nqqe7s5WVvewkf3f2h0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.244.104.0/24
IPv6:
2a05:9a40::/29
2a06:5fc0::/29
2a0b:ac00::/29
2a10:3c80::/29
2a10:3f80::/29
2a10:77c0::/29
2a13:b4c1::/32
2a13:b9c0::/29
2a13:bb40::/29
2a13:c240::/29
2a13:c340::/29
2a13:c3c0::/29
2a14:42c0::/29
2a14:62c0::/29
Signature Algorithm: sha256WithRSAEncryption
55:2c:98:83:56:31:13:d1:c9:e5:11:6c:6f:c6:7a:51:65:84:
91:f4:96:8c:83:8a:19:7e:24:ce:e9:ad:59:34:3d:60:80:56:
70:d9:89:4f:31:d5:b1:94:12:3e:7d:9e:cc:b6:6a:fb:d0:be:
52:1a:d9:fe:d4:34:93:04:58:80:d4:04:70:99:92:12:a9:2e:
b5:f6:0e:d3:0d:b4:8c:da:95:63:21:dc:9d:f0:9d:cf:34:73:
a1:ba:9f:7b:d1:46:d2:c8:4c:ea:07:dd:7c:bc:5d:82:dc:24:
a6:25:05:6e:13:a6:d2:5c:52:2d:cd:e6:49:bd:55:d4:04:78:
0e:af:f1:91:bd:06:6c:40:27:03:45:ee:7e:99:dd:a4:fa:a9:
d2:09:f0:af:61:8b:fe:af:1c:a0:c8:1a:23:3d:e4:0e:3f:1d:
d2:0e:92:d3:0c:23:b9:73:58:e9:93:09:24:c4:76:eb:02:ae:
33:17:e9:91:b7:33:d0:f5:09:d8:5d:cd:f5:62:d8:f1:57:87:
4e:3a:a7:3c:99:d0:4c:2f:c5:d7:66:73:13:71:f7:63:f0:a8:
4f:4e:b3:dc:ff:0e:b4:9d:54:87:e2:21:33:f4:85:62:4d:37:
2f:7f:cc:c2:d4:63:e2:ff:29:a9:a4:c7:6e:0a:7a:7d:d9:45:
81:ae:78:ce
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAZjGQZmlBCKErjk2hitAwJtQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwODIwMDY1NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzVmOGQwNGFhN2IzNmFhOWVlZWNlNTY1NmY3YjA5MWZkZGZkYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5xpINgj8r86xYe716TJv4A77tAU
cwMVzAyqetffIm2aYt9ThbDOk/ImWejExnFJcpp9hjuvAU4sZndp4HdNp6WUUvDb
77fca17PeeKVWQ/Pyeb5nAN/3Mhb9wpbiZoF5BGy8I99ydShtYgPTPuGY6XM/eiT
iiuwUsID2+aMFTaQogmKh4M0PVBNEwHRFdWMk5YqbE+a2AUwgtz+OOyag68RRqJ/
pWJi4oCoRIcneN2uG/89VwnpxA6waM8i7AfENcvJWa3/cLRBssG65fl2btoa/Vtj
Qr3++8lEFaISJzf0Rik3LdXtO/XPQSuSANEhRbLNTT7J011xL0gn24CYEwIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFDxfjQSqezaqnu7OVlb3sJH939odMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvUEYtTkJLcDdOcXFlN3M1V1Z2ZXdrZjNmMmgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwDAQCAAEwBgMEALn0aDBo
BAIAAjBiAwUDKgWaQAMFAyoGX8ADBQMqC6wAAwUDKhA8gAMFAyoQP4ADBQMqEHfA
AwUAKhO0wQMFAyoTucADBQMqE7tAAwUDKhPCQAMFAyoTw0ADBQMqE8PAAwUDKhRC
wAMFAyoUYsAwDQYJKoZIhvcNAQELBQADggEBAFUsmINWMRPRyeURbG/GelFlhJH0
loyDihl+JM7prVk0PWCAVnDZiU8x1bGUEj59nsy2avvQvlIa2f7UNJMEWIDUBHCZ
khKpLrX2DtMNtIzalWMh3J3wnc80c6G6n3vRRtLITOoH3Xy8XYLcJKYlBW4TptJc
Ui3N5km9VdQEeA6v8ZG9BmxAJwNF7n6Z3aT6qdIJ8K9hi/6vHKDIGiM95A4/HdIO
ktMMI7lzWOmTCSTEdusCrjMX6ZG3M9D1CdhdzfVi2PFXh046pzyZ0EwvxddmcxNx
92PwqE9Os9z/DrSdVIfiITP0hWJNNy9/zMLUY+L/Kamkx24Ken3ZRYGueM4=
-----END CERTIFICATE-----
Generated at Sat Aug 23 06:50:26 2025 by rpki-client