Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nKQ_3QI26EHZ4yU0O8VXhy3Vw5o.roa
File: nKQ_3QI26EHZ4yU0O8VXhy3Vw5o.roa (raw, json)
Hash identifier: geAfwQyPzGvcmv77M4uEl69p9YMyhXQcOsk2FWtYV2U=
Subject key identifier: 9C:A4:3F:DD:02:36:E8:41:D9:E3:25:34:3B:C5:57:87:2D:D5:C3:9A
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 01977685073B0F21BCCC3BDB53FF6FD7BB71
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nKQ_3QI26EHZ4yU0O8VXhy3Vw5o.roa
Signing time: Mon 16 Jun 2025 02:15:18 +0000
ROA not before: Mon 16 Jun 2025 02:15:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212995
IP address blocks: 2a0e:b107:b80::/44 maxlen: 48
2a10:2f00:13e::/48 maxlen: 48
2a10:2f01:2a0::/44 maxlen: 48
2a10:cc44:180::/44 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 21 Jun 2025 04:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:76:85:07:3b:0f:21:bc:cc:3b:db:53:ff:6f:d7:bb:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Jun 16 02:15:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9ca43fdd0236e841d9e325343bc557872dd5c39a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:11:62:dd:bc:17:b2:bd:fb:06:36:db:1c:ef:
9a:41:1b:11:3b:28:c4:0a:55:4a:7d:3a:28:a9:ea:
9e:35:8e:23:ca:ff:30:7d:8d:7c:05:a5:10:16:2e:
45:5e:4a:13:dd:64:a5:f6:45:37:0c:63:57:b4:97:
90:52:cb:fc:b1:a7:68:6f:cd:73:1e:a6:ff:5a:94:
cb:cd:b9:11:f8:e7:58:77:bd:3e:ab:5b:cd:5e:61:
70:37:b1:b8:86:61:2a:90:a0:07:07:d5:7f:87:6f:
5e:8c:97:e5:57:3f:5a:ce:6a:a9:db:af:f0:a5:ca:
92:62:79:fe:ac:9c:0b:84:03:9e:85:ab:6c:db:7e:
e8:88:6a:14:69:e8:10:60:55:5c:82:0d:8b:0a:00:
69:05:fe:4f:32:fc:25:99:f6:74:9a:c3:66:50:93:
0a:fd:90:77:97:9c:26:50:6f:e9:a5:1f:4d:4e:1d:
26:84:04:19:df:ae:01:45:07:ab:f9:ca:0a:80:63:
40:1f:79:b6:2c:a6:ed:a6:a4:9c:2d:61:5f:1d:19:
56:0a:16:f9:3a:38:fe:10:08:a9:9e:7e:b2:76:d0:
13:28:eb:43:79:61:a5:23:b6:71:ec:20:df:1c:0f:
be:27:f7:22:90:0e:19:7c:09:85:ef:04:71:df:44:
b9:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:A4:3F:DD:02:36:E8:41:D9:E3:25:34:3B:C5:57:87:2D:D5:C3:9A
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nKQ_3QI26EHZ4yU0O8VXhy3Vw5o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:b107:b80::/44
2a10:2f00:13e::/48
2a10:2f01:2a0::/44
2a10:cc44:180::/44
Signature Algorithm: sha256WithRSAEncryption
a5:f1:df:8c:c3:e8:25:49:3e:1b:44:8b:55:73:d8:58:d6:40:
05:93:2e:4d:6f:e2:ae:ab:6c:c2:40:32:1d:9f:41:d5:f5:94:
c1:19:2a:2e:87:81:be:f8:d4:81:56:41:ac:d0:73:84:6f:06:
d4:86:1f:02:59:91:0f:16:0b:77:94:e1:53:02:35:ae:f4:95:
5a:c3:ee:51:82:70:dd:44:9f:09:d2:b0:cc:38:fb:68:e3:16:
08:bd:cc:73:78:8c:f2:ea:03:1d:e3:0f:df:b0:d2:35:e2:ab:
b7:9d:f8:9c:f6:48:06:21:e3:0f:a3:ba:14:96:b6:35:8a:6a:
27:f6:92:ce:42:60:53:bd:ba:2c:9e:1e:17:5c:d6:49:ab:38:
09:ce:32:b0:55:75:b9:98:92:dc:37:3f:66:d8:6e:2b:d5:ee:
5c:1e:2f:c4:9f:5f:32:3d:50:d1:f0:94:d5:c5:5a:91:69:e3:
94:42:0e:ae:e2:f3:a7:f7:9c:79:16:92:0b:96:74:a7:82:2b:
a0:55:c5:bc:47:49:3a:c7:ea:cc:de:dd:b9:7f:7c:46:1d:cf:
b2:2e:71:10:1a:20:4d:19:df:5e:6f:a5:29:7c:40:b4:20:86:
0f:73:53:78:c6:c8:19:5f:36:2c:db:3d:12:92:1e:8d:f8:94:
41:d0:9b:68
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZd2hQc7DyG8zDvbU/9v17txMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNjE2MDIxNTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E0M2ZkZDAyMzZlODQxZDllMzI1MzQzYmM1NTc4NzJkZDVjMzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxFi3bwXsr37BjbbHO+aQRsROyjE
ClVKfTooqeqeNY4jyv8wfY18BaUQFi5FXkoT3WSl9kU3DGNXtJeQUsv8sadob81z
Hqb/WpTLzbkR+OdYd70+q1vNXmFwN7G4hmEqkKAHB9V/h29ejJflVz9azmqp26/w
pcqSYnn+rJwLhAOehats237oiGoUaegQYFVcgg2LCgBpBf5PMvwlmfZ0msNmUJMK
/ZB3l5wmUG/ppR9NTh0mhAQZ364BRQer+coKgGNAH3m2LKbtpqScLWFfHRlWChb5
Ojj+EAipnn6ydtATKOtDeWGlI7Zx7CDfHA++J/cikA4ZfAmF7wRx30S5iwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJykP90CNuhB2eMlNDvFV4ct1cOaMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbktRXzNRSTI2RUhaNHlVME84VlhoeTNWdzVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcEKg6xBwuA
AwcAKhAvAAE+AwcEKhAvAQKgAwcEKhDMRAGAMA0GCSqGSIb3DQEBCwUAA4IBAQCl
8d+Mw+glST4bRItVc9hY1kAFky5Nb+Kuq2zCQDIdn0HV9ZTBGSouh4G++NSBVkGs
0HOEbwbUhh8CWZEPFgt3lOFTAjWu9JVaw+5RgnDdRJ8J0rDMOPto4xYIvcxzeIzy
6gMd4w/fsNI14qu3nfic9kgGIeMPo7oUlrY1imon9pLOQmBTvbosnh4XXNZJqzgJ
zjKwVXW5mJLcNz9m2G4r1e5cHi/En18yPVDR8JTVxVqRaeOUQg6u4vOn95x5FpIL
lnSngiugVcW8R0k6x+rM3t25f3xGHc+yLnEQGiBNGd9eb6UpfEC0IIYPc1N4xsgZ
XzYs2z0Skh6N+JRB0Jto
-----END CERTIFICATE-----
Generated at Fri Jun 20 13:51:40 2025 by rpki-client