Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/nj9G-OzQpiAjTdwIJjDporwf7TY.roa
File: nj9G-OzQpiAjTdwIJjDporwf7TY.roa (raw, json)
Hash identifier: h1mOIjYYHtBFjqT9cJHFzdo4w5is5qvc3RYBLt6s9Ms=
Subject key identifier: 9E:3F:46:F8:EC:D0:A6:20:23:4D:DC:08:26:30:E9:A2:BC:1F:ED:36
Certificate issuer: /CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Certificate serial: 019759F2DC319234ABF691C2645A8EF94A5B
Authority key identifier: D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/nj9G-OzQpiAjTdwIJjDporwf7TY.roa
Signing time: Tue 10 Jun 2025 13:06:17 +0000
ROA not before: Tue 10 Jun 2025 13:06:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48918
IP address blocks: 80.66.96.0/20 maxlen: 20
80.66.96.0/23 maxlen: 23
80.66.98.0/24 maxlen: 24
80.66.101.0/24 maxlen: 24
80.66.102.0/24 maxlen: 24
80.66.104.0/23 maxlen: 23
80.66.107.0/24 maxlen: 24
80.66.110.0/24 maxlen: 24
185.198.200.0/22 maxlen: 24
195.20.20.0/22 maxlen: 24
2a0a:8ec0::/29 maxlen: 29
2a0a:8ec0:2001::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.crl
rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.mft
rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:59:f2:dc:31:92:34:ab:f6:91:c2:64:5a:8e:f9:4a:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Validity
Not Before: Jun 10 13:06:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9e3f46f8ecd0a620234ddc082630e9a2bc1fed36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:8f:6d:cc:6b:17:76:96:d9:99:00:4c:d9:13:
c4:00:50:d5:fb:40:95:ed:e0:dc:01:d1:69:7e:bf:
f1:55:ee:82:c9:fa:c1:4c:94:f4:d2:e9:b2:2c:96:
dc:11:13:b1:4c:08:e5:e6:ca:2b:95:61:61:24:75:
34:ee:84:6e:98:d0:7b:0e:f0:a0:2e:62:82:8a:00:
79:0c:de:01:80:03:27:65:00:b2:e2:09:4c:f1:a8:
b5:75:dd:d1:84:99:88:dc:f7:86:c1:17:d7:59:fe:
4f:6a:1c:45:9c:57:7a:d7:36:4a:fa:12:71:32:b9:
42:45:d0:68:fe:71:95:34:41:76:28:b4:00:92:62:
af:35:d4:56:f7:5e:c6:4f:26:b8:12:db:98:63:a9:
89:da:7f:3e:1a:2c:d3:55:18:e8:66:16:a9:99:c0:
72:5f:f2:1f:fd:1b:6a:f6:52:cb:7a:39:fb:a3:a2:
13:b5:66:8c:d4:95:8b:5d:76:e7:7f:a4:d3:3e:31:
4d:af:58:43:93:8b:f1:4d:34:2e:19:cd:66:ef:4f:
5a:f1:27:b7:38:42:11:73:bc:3b:01:59:5f:4b:dc:
81:00:d6:c7:ed:9d:b5:c5:ca:cb:7a:4f:bb:e2:8e:
da:8e:36:f6:70:96:4c:43:f9:c2:16:aa:1b:0a:6c:
15:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:3F:46:F8:EC:D0:A6:20:23:4D:DC:08:26:30:E9:A2:BC:1F:ED:36
X509v3 Authority Key Identifier:
keyid:D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/nj9G-OzQpiAjTdwIJjDporwf7TY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.66.96.0/20
185.198.200.0/22
195.20.20.0/22
IPv6:
2a0a:8ec0::/29
Signature Algorithm: sha256WithRSAEncryption
2e:ba:3e:37:a2:fc:60:3d:f1:14:b8:7f:0e:11:e6:b0:6e:1e:
b8:76:07:81:73:c4:e9:bf:c5:78:f8:bb:65:0e:85:41:ec:38:
b2:9b:c8:46:d4:35:de:fb:66:e9:c4:df:39:1c:e6:38:4a:ef:
6e:97:8e:16:11:7a:8a:7c:15:15:82:b7:e8:d8:c6:a9:61:30:
d6:7c:cb:19:b2:6c:35:ad:23:d5:a4:33:74:70:d3:04:9b:83:
f0:a7:34:db:c0:88:0a:5b:bc:ed:e4:b7:5f:28:a8:38:92:19:
65:fa:5c:5d:ed:b6:ff:fe:c7:df:4f:f9:db:ff:4b:a9:08:63:
eb:92:48:ae:69:75:54:46:da:60:f8:9c:ac:32:b6:94:bb:be:
70:17:9c:b6:93:2c:7d:c1:17:49:e1:e5:ad:6f:9e:f7:96:12:
27:50:1e:b1:ae:9e:3c:5f:70:1d:f2:af:7c:7d:db:5e:bf:eb:
26:d8:9e:06:11:bc:82:e4:96:48:0b:16:89:a6:79:b2:6d:b6:
d0:d4:8e:64:00:04:30:2a:72:31:2f:c5:bb:d4:e9:20:80:7a:
44:0e:ac:f1:9c:d1:c2:3b:86:69:66:46:f1:41:7e:80:e4:d5:
1f:dc:c9:85:a7:66:62:2d:94:af:91:1c:a3:84:42:de:71:20:
61:91:c5:dc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZdZ8twxkjSr9pHCZFqO+UpbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzNiMTJjOGQ2MzUxOTBlYzkyODQzN2JiZDZjYjBlOGMz
OGY5YTkwHhcNMjUwNjEwMTMwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTNmNDZmOGVjZDBhNjIwMjM0ZGRjMDgyNjMwZTlhMmJjMWZlZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY9tzGsXdpbZmQBM2RPEAFDV+0CV
7eDcAdFpfr/xVe6CyfrBTJT00umyLJbcEROxTAjl5sorlWFhJHU07oRumNB7DvCg
LmKCigB5DN4BgAMnZQCy4glM8ai1dd3RhJmI3PeGwRfXWf5PahxFnFd61zZK+hJx
MrlCRdBo/nGVNEF2KLQAkmKvNdRW917GTya4EtuYY6mJ2n8+GizTVRjoZhapmcBy
X/If/Rtq9lLLejn7o6ITtWaM1JWLXXbnf6TTPjFNr1hDk4vxTTQuGc1m709a8Se3
OEIRc7w7AVlfS9yBANbH7Z21xcrLek+74o7ajjb2cJZMQ/nCFqobCmwVuwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJ4/Rvjs0KYgI03cCCYw6aK8H+02MB8GA1UdIwQY
MBaAFNTDsSyNY1GQ7JKEN7vWyw6MOPmpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTkt
MGY5ZDU3YTVkNGZhLzEvbmo5Ry1PelFwaUFqVGR3SUpqRHBvcndmN1RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTktMGY5ZDU3YTVkNGZh
LzEvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQEUEJgAwQC
ucbIAwQCwxQUMA0EAgACMAcDBQMqCo7AMA0GCSqGSIb3DQEBCwUAA4IBAQAuuj43
ovxgPfEUuH8OEeawbh64dgeBc8Tpv8V4+LtlDoVB7Diym8hG1DXe+2bpxN85HOY4
Su9ul44WEXqKfBUVgrfo2MapYTDWfMsZsmw1rSPVpDN0cNMEm4PwpzTbwIgKW7zt
5LdfKKg4khll+lxd7bb//sffT/nb/0upCGPrkkiuaXVURtpg+JysMraUu75wF5y2
kyx9wRdJ4eWtb573lhInUB6xrp48X3Ad8q98fdtev+sm2J4GEbyC5JZICxaJpnmy
bbbQ1I5kAAQwKnIxL8W71OkggHpEDqzxnNHCO4ZpZkbxQX6A5NUf3MmFp2ZiLZSv
kRyjhELecSBhkcXc
-----END CERTIFICATE-----
Generated at Sat Jun 14 13:02:21 2025 by rpki-client