Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/NOxJnoU4lwihn16i4CMOYrsiBKg.roa
File: NOxJnoU4lwihn16i4CMOYrsiBKg.roa (raw, json)
Hash identifier: 5FYdl3/DrqY2o6XapqngUb5quoQMLJ6ufA49O6K0iqA=
Subject key identifier: 34:EC:49:9E:85:38:97:08:A1:9F:5E:A2:E0:23:0E:62:BB:22:04:A8
Certificate issuer: /CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
Certificate serial: 0196C2F9C371234A97B9ACD9009A90641792
Authority key identifier: 6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/NOxJnoU4lwihn16i4CMOYrsiBKg.roa
Signing time: Mon 12 May 2025 05:31:10 +0000
ROA not before: Mon 12 May 2025 05:31:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214143
IP address blocks: 212.102.236.0/24 maxlen: 24
212.102.248.0/24 maxlen: 24
212.102.249.0/24 maxlen: 24
212.102.250.0/24 maxlen: 24
212.102.251.0/24 maxlen: 24
212.102.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl
rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.mft
rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 14 May 2025 14:31:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:c2:f9:c3:71:23:4a:97:b9:ac:d9:00:9a:90:64:17:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
Validity
Not Before: May 12 05:31:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=34ec499e85389708a19f5ea2e0230e62bb2204a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:63:4b:1a:30:f5:35:eb:c5:f1:01:d0:e9:49:
4f:7c:05:bb:07:84:5b:db:36:6c:29:7d:2c:ce:48:
33:b7:a5:e6:30:0d:4e:c3:19:4b:e8:60:64:b3:74:
81:f8:b0:82:d9:11:ca:16:07:6e:9d:9d:15:86:8c:
33:92:d9:15:59:33:91:92:53:13:58:3e:35:a0:c0:
e2:0e:f3:1d:c1:35:66:ac:22:92:cc:5c:5a:0d:8e:
fd:fa:cc:0a:d3:64:ea:82:f1:48:61:10:05:da:30:
8d:85:39:11:a7:72:1a:3e:4c:79:aa:d4:ae:5d:84:
d2:ff:af:a5:ce:1b:e7:34:cb:89:8c:32:69:16:6f:
24:e5:a8:ab:68:f2:b4:f6:c8:a2:71:d6:a9:d4:0f:
c9:d9:dd:c3:6f:64:b6:37:00:c5:5b:b0:cc:6c:c3:
9f:9e:b9:1f:f2:3f:a1:70:ed:b3:ff:93:85:31:ac:
41:2b:4d:b3:7a:0c:d7:42:5c:ce:19:cd:99:d9:9d:
92:35:e1:55:32:05:16:22:82:4c:8f:85:f3:56:16:
02:b3:38:2b:4f:fe:d8:22:e0:2d:7c:5e:f2:83:41:
a5:f5:80:b7:19:61:9b:4b:63:39:b9:7c:6b:0c:72:
33:53:aa:b4:2c:a5:5d:1a:00:f4:1f:5d:00:bd:80:
1f:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:EC:49:9E:85:38:97:08:A1:9F:5E:A2:E0:23:0E:62:BB:22:04:A8
X509v3 Authority Key Identifier:
keyid:6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/NOxJnoU4lwihn16i4CMOYrsiBKg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.102.236.0/24
212.102.248.0/22
212.102.254.0/24
Signature Algorithm: sha256WithRSAEncryption
4a:7c:b2:9e:2e:c6:bc:19:f5:2a:fa:f5:51:0e:d0:c4:21:cc:
5c:b5:9d:71:0e:fa:c3:9c:d1:a4:1e:30:41:c4:92:72:7d:ea:
a3:83:4a:83:c2:ed:6a:f7:7e:79:29:62:56:7e:11:00:85:15:
2e:8b:5c:78:d5:3e:e5:a5:b3:ce:d6:fc:ce:a8:b7:d3:fe:ef:
89:ef:ff:70:a1:b8:12:9c:a7:87:72:b7:bd:85:6f:23:0d:50:
89:e9:42:b5:eb:fa:d8:b6:1d:4a:e4:4f:a2:e3:35:68:91:8b:
cd:43:a9:e6:19:fe:23:ea:de:65:3c:b8:d2:cf:99:c8:89:63:
fd:b0:12:ec:d4:fd:a5:81:5f:a8:5d:49:9d:58:81:ef:c9:88:
54:e1:7a:ad:df:64:9a:9b:c0:7c:53:e6:6b:98:8f:ae:b8:ff:
2d:0d:76:52:e9:6e:14:b5:ad:86:b9:3c:99:d4:a9:3b:af:73:
4f:2b:31:b7:ad:58:ae:57:ef:74:03:6b:bd:23:31:fd:bf:e8:
2e:8b:93:96:76:e8:1b:e7:6b:6b:f3:b0:b5:8d:23:89:71:18:
97:72:19:56:c6:c1:75:4c:a6:be:2a:59:82:2c:c5:12:b7:d6:
bb:c5:34:10:a3:d3:69:fd:a9:e5:6e:cf:cc:f2:0a:79:e8:f0:
62:40:8a:5d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbC+cNxI0qXuazZAJqQZBeSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMzI1MGE1YzFiZGFiNzRiMWJkMjNjMDFjNTRhOGQ3MGI2
ZGVmMjAwHhcNMjUwNTEyMDUzMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGVjNDk5ZTg1Mzg5NzA4YTE5ZjVlYTJlMDIzMGU2MmJiMjIwNGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWNLGjD1NevF8QHQ6UlPfAW7B4Rb
2zZsKX0szkgzt6XmMA1OwxlL6GBks3SB+LCC2RHKFgdunZ0VhowzktkVWTORklMT
WD41oMDiDvMdwTVmrCKSzFxaDY79+swK02TqgvFIYRAF2jCNhTkRp3IaPkx5qtSu
XYTS/6+lzhvnNMuJjDJpFm8k5airaPK09siicdap1A/J2d3Db2S2NwDFW7DMbMOf
nrkf8j+hcO2z/5OFMaxBK02zegzXQlzOGc2Z2Z2SNeFVMgUWIoJMj4XzVhYCszgr
T/7YIuAtfF7yg0Gl9YC3GWGbS2M5uXxrDHIzU6q0LKVdGgD0H10AvYAfgQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDTsSZ6FOJcIoZ9eouAjDmK7IgSoMB8GA1UdIwQY
MBaAFGwyUKXBvat0sb0jwBxUqNcLbe8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEt
MjU0NDY4M2FhMTI1LzEvTk94Sm5vVTRsd2lobjE2aTRDTU9ZcnNpQktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEtMjU0NDY4M2FhMTI1
LzEvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1GbsAwQC
1Gb4AwQA1Gb+MA0GCSqGSIb3DQEBCwUAA4IBAQBKfLKeLsa8GfUq+vVRDtDEIcxc
tZ1xDvrDnNGkHjBBxJJyfeqjg0qDwu1q9355KWJWfhEAhRUui1x41T7lpbPO1vzO
qLfT/u+J7/9wobgSnKeHcre9hW8jDVCJ6UK16/rYth1K5E+i4zVokYvNQ6nmGf4j
6t5lPLjSz5nIiWP9sBLs1P2lgV+oXUmdWIHvyYhU4Xqt32Sam8B8U+ZrmI+uuP8t
DXZS6W4Uta2GuTyZ1Kk7r3NPKzG3rViuV+90A2u9IzH9v+gui5OWdugb52tr87C1
jSOJcRiXchlWxsF1TKa+KlmCLMUSt9a7xTQQo9Np/anlbs/M8gp56PBiQIpd
-----END CERTIFICATE-----
Generated at Tue May 13 23:05:47 2025 by rpki-client