Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/NXi6BiEUeLmLx0EnK11CHUUboHU.roa
File: NXi6BiEUeLmLx0EnK11CHUUboHU.roa (raw, json)
Hash identifier: S/TsUoCXZkfTfOOKvUTF8Zz4Fuiobz4qRMGvcIUvZaQ=
Subject key identifier: 35:78:BA:06:21:14:78:B9:8B:C7:41:27:2B:5D:42:1D:45:1B:A0:75
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019A4C69F292C26628365559ED6775E3A804
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/NXi6BiEUeLmLx0EnK11CHUUboHU.roa
Signing time: Tue 04 Nov 2025 01:10:02 +0000
ROA not before: Tue 04 Nov 2025 01:10:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 396982
IP address blocks: 159.254.52.0/24 maxlen: 24
159.254.53.0/24 maxlen: 24
159.254.104.0/21 maxlen: 24
159.254.112.0/21 maxlen: 24
159.254.120.0/21 maxlen: 24
159.254.128.0/21 maxlen: 24
159.254.136.0/21 maxlen: 24
159.254.144.0/21 maxlen: 24
159.254.152.0/21 maxlen: 24
159.254.160.0/21 maxlen: 24
159.254.168.0/21 maxlen: 24
2a03:eec0:3701::/48 maxlen: 48
2a03:eec0:3702::/48 maxlen: 48
2a03:eec0:3703::/48 maxlen: 48
2a03:eec0:3704::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4c:69:f2:92:c2:66:28:36:55:59:ed:67:75:e3:a8:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Nov 4 01:10:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3578ba06211478b98bc741272b5d421d451ba075
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:e6:52:35:1e:05:dc:2a:99:6f:25:db:93:ba:
e5:d2:02:12:af:63:1c:cd:91:5a:21:8e:d1:06:dc:
c8:b0:36:e9:ff:d3:22:b8:35:d0:81:3c:63:05:02:
6a:da:9e:c1:c7:68:19:90:ac:62:aa:cd:3b:b8:01:
f9:47:42:a2:6a:04:84:f9:de:e6:3f:f2:e7:5a:a9:
a5:c9:a9:27:28:67:61:83:83:ec:b8:11:1b:60:75:
f7:cd:66:5f:bb:ec:11:19:2d:cd:09:20:13:41:2d:
a7:04:77:e0:dc:36:77:83:d3:f0:eb:16:f1:fd:60:
17:db:17:63:e9:8f:89:ea:df:d3:af:53:c8:80:64:
f1:0c:ee:f5:3c:17:3e:17:ed:7a:04:9c:ce:08:30:
1b:e5:af:00:7b:ad:51:c6:a2:29:73:1f:24:51:4e:
29:19:c9:03:21:40:87:ca:f9:83:67:71:19:4c:87:
c1:d0:b6:40:97:90:42:cf:39:9d:91:b5:5d:d1:1c:
65:bb:d6:3a:68:6a:86:74:d3:ed:0a:3c:92:ae:5a:
5a:f6:27:87:1f:7c:86:0f:ce:d9:db:20:da:4f:2a:
eb:a9:d4:ef:e2:4e:3f:a5:7f:0a:72:68:03:6b:92:
ff:7d:7d:06:0d:01:55:95:02:6a:98:78:90:a1:84:
54:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:78:BA:06:21:14:78:B9:8B:C7:41:27:2B:5D:42:1D:45:1B:A0:75
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/NXi6BiEUeLmLx0EnK11CHUUboHU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.254.52.0/23
159.254.104.0-159.254.175.255
IPv6:
2a03:eec0:3701::-2a03:eec0:3704:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
77:84:c5:55:cc:b6:b1:0b:6b:9a:24:c3:7c:f9:8d:90:db:19:
d2:56:24:5a:ab:61:cb:11:42:ca:1e:d9:b2:68:a2:fb:6e:15:
4a:b4:98:b3:08:40:a7:79:79:b4:d4:d2:87:fd:77:15:c2:c9:
c4:7b:28:c7:37:a8:14:b6:de:eb:c9:a8:ee:fa:a4:92:53:7d:
34:13:85:9c:a2:cd:20:d7:03:10:a6:7a:7b:f4:09:43:be:f7:
50:5f:92:bf:e3:92:2b:0c:df:47:82:39:78:9f:2b:0f:5a:c6:
75:f8:41:98:a5:14:d9:7f:a6:6a:a0:dd:0c:72:a4:70:10:4d:
39:ab:55:23:db:42:54:2a:a8:b5:f5:9e:26:4d:10:3d:68:b1:
30:00:c3:ba:6b:37:28:c8:d5:52:57:09:10:e8:14:e8:ff:90:
40:6f:aa:8d:09:fb:d0:68:a8:6c:53:ca:03:89:ae:bc:c4:44:
e9:22:8e:1a:49:84:23:de:0b:aa:60:06:65:15:b6:f6:47:1e:
2d:9a:b5:c7:ff:47:28:8e:b1:87:d2:27:e2:b2:33:cb:3b:6c:
a9:a5:aa:4e:74:19:70:03:b1:a0:07:5c:32:27:0d:83:8d:28:
16:a6:58:cd:18:82:ce:f2:e3:cb:d2:ef:0e:b8:bc:0e:bf:ac:
7c:77:1b:d4
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZpMafKSwmYoNlVZ7Wd146gEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjUxMTA0MDExMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTc4YmEwNjIxMTQ3OGI5OGJjNzQxMjcyYjVkNDIxZDQ1MWJhMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5uZSNR4F3CqZbyXbk7rl0gISr2Mc
zZFaIY7RBtzIsDbp/9MiuDXQgTxjBQJq2p7Bx2gZkKxiqs07uAH5R0KiagSE+d7m
P/LnWqmlyaknKGdhg4PsuBEbYHX3zWZfu+wRGS3NCSATQS2nBHfg3DZ3g9Pw6xbx
/WAX2xdj6Y+J6t/Tr1PIgGTxDO71PBc+F+16BJzOCDAb5a8Ae61RxqIpcx8kUU4p
GckDIUCHyvmDZ3EZTIfB0LZAl5BCzzmdkbVd0Rxlu9Y6aGqGdNPtCjySrlpa9ieH
H3yGD87Z2yDaTyrrqdTv4k4/pX8KcmgDa5L/fX0GDQFVlQJqmHiQoYRUnQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDV4ugYhFHi5i8dBJytdQh1FG6B1MB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvTlhpNkJpRVVlTG1MeDBFbksxMUNIVVVib0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAaBAIAATAUAwQBn/40MAwD
BAOf/mgDBASf/qAwGgQCAAIwFDASAwcAKgPuwDcBAwcAKgPuwDcEMA0GCSqGSIb3
DQEBCwUAA4IBAQB3hMVVzLaxC2uaJMN8+Y2Q2xnSViRaq2HLEULKHtmyaKL7bhVK
tJizCECneXm01NKH/XcVwsnEeyjHN6gUtt7ryaju+qSSU300E4Wcos0g1wMQpnp7
9AlDvvdQX5K/45IrDN9Hgjl4nysPWsZ1+EGYpRTZf6ZqoN0McqRwEE05q1Uj20JU
Kqi19Z4mTRA9aLEwAMO6azcoyNVSVwkQ6BTo/5BAb6qNCfvQaKhsU8oDia68xETp
Io4aSYQj3guqYAZlFbb2Rx4tmrXH/0cojrGH0ifisjPLO2yppapOdBlwA7GgB1wy
Jw2DjSgWpljNGILO8uPL0u8OuLwOv6x8dxvU
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:30:47 2025 by rpki-client