Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/nfr6E9zkQv5r--aB8dJ3-_TqHI4.roa
File: nfr6E9zkQv5r--aB8dJ3-_TqHI4.roa (raw, json)
Hash identifier: n9zGrojQL5TrkZAQJNWPPDvbK+7C83yGUjoSMTGxx/M=
Subject key identifier: 9D:FA:FA:13:DC:E4:42:FE:6B:FB:E6:81:F1:D2:77:FB:F4:EA:1C:8E
Certificate issuer: /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial: 01965A3737FD9C06730FB8CC1F66B59A4E1A
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/nfr6E9zkQv5r--aB8dJ3-_TqHI4.roa
Signing time: Mon 21 Apr 2025 21:18:10 +0000
ROA not before: Mon 21 Apr 2025 21:18:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215434
IP address blocks: 2a13:afc0::/29 maxlen: 29
2a13:c247::/33 maxlen: 33
2a14:61c0::/29 maxlen: 29
2a14:69c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 30 Apr 2025 08:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:5a:37:37:fd:9c:06:73:0f:b8:cc:1f:66:b5:9a:4e:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Validity
Not Before: Apr 21 21:18:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9dfafa13dce442fe6bfbe681f1d277fbf4ea1c8e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:4d:e0:b7:e9:df:18:78:a2:4b:d5:62:f8:6f:
ef:f9:fd:70:4f:7a:94:2a:fa:c1:31:7b:04:ed:c0:
4e:13:00:38:59:28:cb:49:3f:8b:21:a5:5a:81:eb:
41:f7:c2:a8:48:a8:33:7a:bd:b4:1b:5a:3b:a7:7c:
bf:e9:af:56:72:6a:c1:41:98:23:60:79:bd:d2:27:
8b:51:0e:80:88:b0:7a:39:d4:c2:bb:2e:71:25:f4:
8f:0a:dc:1c:e8:38:57:d0:03:9f:91:01:72:7a:99:
a6:b6:a2:e7:c9:33:c1:8a:ac:32:66:4c:29:95:95:
9b:fc:5b:18:e2:bb:9c:da:d2:b1:7a:66:d9:45:fa:
b8:98:b8:f2:fc:6c:c2:06:f2:55:f5:1a:a9:f1:da:
e6:44:c9:a2:63:62:c5:28:42:34:74:1f:39:ff:dd:
33:f0:43:1f:d8:45:e7:c2:58:b2:8e:54:5f:da:b3:
b2:e1:c1:2a:19:32:2a:80:87:f1:7b:b4:61:b6:4a:
98:3a:94:27:a1:54:7c:09:d6:c6:da:32:e8:d0:a8:
b7:64:47:3a:7f:5c:f5:92:78:1e:21:71:3d:c5:22:
e4:14:bf:68:82:9d:0c:c3:c8:29:40:3f:df:b3:32:
fe:32:12:ad:c5:65:8a:e6:ac:a6:d4:ad:3e:58:28:
07:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:FA:FA:13:DC:E4:42:FE:6B:FB:E6:81:F1:D2:77:FB:F4:EA:1C:8E
X509v3 Authority Key Identifier:
keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/nfr6E9zkQv5r--aB8dJ3-_TqHI4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:afc0::/29
2a13:c247::/33
2a14:61c0::/29
2a14:69c0::/29
Signature Algorithm: sha256WithRSAEncryption
ae:11:be:eb:00:44:e8:a5:6b:aa:9a:be:1c:80:6a:68:16:00:
9e:24:e1:a4:6d:5d:5e:b0:aa:81:56:36:2a:ef:b1:65:3a:98:
ea:23:60:77:d7:85:ee:a4:37:f1:6d:a7:2d:ab:8b:85:62:f0:
31:97:cb:5a:e7:12:86:7a:49:52:85:2b:9a:70:4f:c6:ad:ce:
59:f3:2a:5f:ac:bb:4a:ba:f2:81:6c:d0:b1:77:3a:be:02:e3:
d2:bc:f4:ab:75:83:27:2f:81:f0:5f:52:dc:16:48:39:84:11:
35:88:be:24:71:60:fc:5b:fd:21:ab:f6:30:f2:83:00:d2:ff:
ce:0b:40:82:7d:52:ee:49:11:ea:11:9f:60:dc:2a:01:77:d3:
d7:40:58:96:d4:39:47:a2:ce:e7:86:6e:96:eb:fa:75:9d:c0:
55:6b:4e:42:76:36:62:e6:69:31:00:36:4f:8a:57:ad:c7:c4:
68:b4:c0:37:91:08:ad:c0:0a:19:84:6e:b0:f9:9c:a7:30:18:
5f:f7:f0:0a:f2:ca:46:b6:24:ab:cd:6f:3d:23:1c:73:92:e6:
fb:9f:0e:1f:34:88:82:91:d8:4f:2c:d8:09:a5:8e:17:27:8a:
9f:f5:23:21:42:c4:e9:62:e9:d3:21:bb:03:b1:15:91:12:99:
d0:e5:38:93
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZZaNzf9nAZzD7jMH2a1mk4aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNDIxMjExODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGZhZmExM2RjZTQ0MmZlNmJmYmU2ODFmMWQyNzdmYmY0ZWExYzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuE3gt+nfGHiiS9Vi+G/v+f1wT3qU
KvrBMXsE7cBOEwA4WSjLST+LIaVagetB98KoSKgzer20G1o7p3y/6a9WcmrBQZgj
YHm90ieLUQ6AiLB6OdTCuy5xJfSPCtwc6DhX0AOfkQFyepmmtqLnyTPBiqwyZkwp
lZWb/FsY4ruc2tKxembZRfq4mLjy/GzCBvJV9Rqp8drmRMmiY2LFKEI0dB85/90z
8EMf2EXnwliyjlRf2rOy4cEqGTIqgIfxe7RhtkqYOpQnoVR8CdbG2jLo0Ki3ZEc6
f1z1kngeIXE9xSLkFL9ogp0Mw8gpQD/fszL+MhKtxWWK5qym1K0+WCgHMQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJ36+hPc5EL+a/vmgfHSd/v06hyOMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvbmZyNkU5emtRdjVyLS1hQjhkSjMtX1RxSEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdAwUDKhOvwAMG
ByoTwkcAAwUDKhRhwAMFAyoUacAwDQYJKoZIhvcNAQELBQADggEBAK4RvusAROil
a6qavhyAamgWAJ4k4aRtXV6wqoFWNirvsWU6mOojYHfXhe6kN/Ftpy2ri4Vi8DGX
y1rnEoZ6SVKFK5pwT8atzlnzKl+su0q68oFs0LF3Or4C49K89Kt1gycvgfBfUtwW
SDmEETWIviRxYPxb/SGr9jDygwDS/84LQIJ9Uu5JEeoRn2DcKgF309dAWJbUOUei
zueGbpbr+nWdwFVrTkJ2NmLmaTEANk+KV63HxGi0wDeRCK3AChmEbrD5nKcwGF/3
8Aryyka2JKvNbz0jHHOS5vufDh80iIKR2E8s2Amljhcnip/1IyFCxOli6dMhuwOx
FZESmdDlOJM=
-----END CERTIFICATE-----
Generated at Tue Apr 29 11:27:54 2025 by rpki-client