Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/NY6GkITWKlUtVSGSEXVFnWklUFA.roa
File: NY6GkITWKlUtVSGSEXVFnWklUFA.roa (raw, json)
Hash identifier: bc90pfjZ3z6bn5Sd1cSbU6mDm4LudyLIA08FEeaNBvM=
Subject key identifier: 35:8E:86:90:84:D6:2A:55:2D:55:21:92:11:75:45:9D:69:25:50:50
Certificate issuer: /CN=0f0f9f044e2b929878d747c5ffbb80ad10e3d6bd
Certificate serial: 019888C7EFD4B2F1217321EA493B04DE3996
Authority key identifier: 0F:0F:9F:04:4E:2B:92:98:78:D7:47:C5:FF:BB:80:AD:10:E3:D6:BD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Dw-fBE4rkph410fF_7uArRDj1r0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/NY6GkITWKlUtVSGSEXVFnWklUFA.roa
Signing time: Fri 08 Aug 2025 08:24:20 +0000
ROA not before: Fri 08 Aug 2025 08:24:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201589
IP address blocks: 91.108.187.0/24 maxlen: 24
2a13:1ec0::/44 maxlen: 44
2a13:1ec0:100::/44 maxlen: 44
2a13:1ec0:110::/44 maxlen: 44
2a13:1ec0:200::/44 maxlen: 44
2a13:1ec0:1000::/44 maxlen: 44
2a13:1ec0:1010::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/Dw-fBE4rkph410fF_7uArRDj1r0.crl
rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/Dw-fBE4rkph410fF_7uArRDj1r0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Dw-fBE4rkph410fF_7uArRDj1r0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 Aug 2025 23:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:88:c7:ef:d4:b2:f1:21:73:21:ea:49:3b:04:de:39:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0f0f9f044e2b929878d747c5ffbb80ad10e3d6bd
Validity
Not Before: Aug 8 08:24:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=358e869084d62a552d5521921175459d69255050
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:aa:e7:fe:0d:a1:7e:e5:aa:33:cd:51:4e:2a:
b1:04:e6:9e:88:3f:85:b2:17:62:78:8c:2b:f9:3e:
94:e8:16:e2:e2:00:d0:c4:e8:2a:04:6d:ae:77:2e:
69:4a:15:e1:da:a3:34:dc:2a:3e:1c:c0:bd:37:0b:
43:2e:f8:4c:a3:66:1c:9b:5e:ea:99:1c:4c:4b:1f:
e0:47:d1:3a:44:43:66:ff:c3:c0:a6:92:e8:ac:c6:
52:01:ae:b0:ba:46:54:0d:0c:ba:de:4c:37:67:73:
23:49:19:53:47:85:3f:96:0a:d6:ef:aa:d5:f2:fd:
1d:cc:44:ae:06:e4:4a:71:ff:9e:b3:de:d2:ab:63:
90:c9:f8:18:ee:bd:13:66:af:19:ed:21:43:2b:1b:
87:45:c1:18:7e:e0:72:10:da:29:05:97:c9:d5:a7:
2d:06:5f:0a:f6:3f:2b:39:dc:6d:92:7e:ad:d8:6d:
03:c9:9d:3d:08:b0:89:90:74:b8:c4:2f:f0:d5:50:
53:50:92:1d:23:2f:98:06:94:07:25:65:44:81:b8:
4d:30:4b:20:a2:06:2b:15:05:dd:31:ef:ff:f9:4d:
c5:7e:0e:5c:18:59:2d:79:0c:38:83:c5:12:58:d0:
c2:ab:8f:fe:e8:86:f6:82:4c:90:84:00:ed:41:c7:
2e:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:8E:86:90:84:D6:2A:55:2D:55:21:92:11:75:45:9D:69:25:50:50
X509v3 Authority Key Identifier:
keyid:0F:0F:9F:04:4E:2B:92:98:78:D7:47:C5:FF:BB:80:AD:10:E3:D6:BD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dw-fBE4rkph410fF_7uArRDj1r0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/NY6GkITWKlUtVSGSEXVFnWklUFA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/Dw-fBE4rkph410fF_7uArRDj1r0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.187.0/24
IPv6:
2a13:1ec0::/44
2a13:1ec0:100::/43
2a13:1ec0:200::/44
2a13:1ec0:1000::/43
Signature Algorithm: sha256WithRSAEncryption
4b:0f:b6:e8:de:6c:9c:4e:78:b7:f8:1f:dc:77:47:81:2e:a0:
2b:9a:3d:f2:3c:80:2b:a9:2c:1f:f4:cc:8e:39:f8:07:d4:23:
8e:52:8b:ac:17:96:4f:a7:bf:bf:ac:af:92:a7:ea:0e:ef:59:
c1:7e:9b:ec:74:4d:61:f1:f9:61:ee:24:59:b8:22:d0:46:7a:
94:6a:7b:51:ed:3a:e2:85:b5:b5:7d:2c:8b:18:03:c4:4d:c3:
7b:61:33:04:47:02:7d:f7:c0:60:b5:03:1e:c1:11:16:86:0b:
fd:75:bc:0d:ab:f0:07:f2:1e:b1:b9:fe:0b:42:d8:18:b2:33:
95:f9:45:ab:c7:ec:cd:0a:4b:a2:9a:eb:4f:ef:c7:15:9f:7c:
21:b3:b9:5d:3a:3b:81:6b:1d:95:db:ed:2c:8f:8d:aa:66:1b:
07:f0:a8:03:2b:25:55:d0:29:50:4d:57:03:51:87:7f:6e:bf:
c0:5b:fd:52:03:eb:04:c4:78:31:e7:d4:20:8d:a3:5d:70:fd:
2c:58:5e:cd:5f:39:03:77:5f:e9:ae:b1:6b:8e:5c:fd:7b:80:
17:b9:23:40:f2:11:05:bd:06:ab:3f:b8:c6:3c:0d:72:b3:0a:
eb:e2:90:17:25:e9:93:94:1e:9e:4d:3e:bb:c5:39:db:15:94:
fd:40:45:c5
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZiIx+/UsvEhcyHqSTsE3jmWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMGY5ZjA0NGUyYjkyOTg3OGQ3NDdjNWZmYmI4MGFkMTBl
M2Q2YmQwHhcNMjUwODA4MDgyNDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNThlODY5MDg0ZDYyYTU1MmQ1NTIxOTIxMTc1NDU5ZDY5MjU1MDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKrn/g2hfuWqM81RTiqxBOaeiD+F
shdieIwr+T6U6Bbi4gDQxOgqBG2udy5pShXh2qM03Co+HMC9NwtDLvhMo2Ycm17q
mRxMSx/gR9E6RENm/8PAppLorMZSAa6wukZUDQy63kw3Z3MjSRlTR4U/lgrW76rV
8v0dzESuBuRKcf+es97Sq2OQyfgY7r0TZq8Z7SFDKxuHRcEYfuByENopBZfJ1act
Bl8K9j8rOdxtkn6t2G0DyZ09CLCJkHS4xC/w1VBTUJIdIy+YBpQHJWVEgbhNMEsg
ogYrFQXdMe//+U3Ffg5cGFkteQw4g8USWNDCq4/+6Ib2gkyQhADtQccurQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFDWOhpCE1ipVLVUhkhF1RZ1pJVBQMB8GA1UdIwQY
MBaAFA8PnwROK5KYeNdHxf+7gK0Q49a9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHctZkJFNHJrcGg0MTBmRl83dUFyUkRqMXIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85M2Q0NjAtMzY4Yy00NmQ3LThlN2Et
Y2RiZDNiNmNlNzc3LzEvTlk2R2tJVFdLbFV0VlNHU0VYVkZuV2tsVUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85M2Q0NjAtMzY4Yy00NmQ3LThlN2EtY2RiZDNiNmNlNzc3
LzEvRHctZkJFNHJrcGg0MTBmRl83dUFyUkRqMXIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAMBAIAATAGAwQAW2y7MCoE
AgACMCQDBwQqEx7AAAADBwUqEx7AAQADBwQqEx7AAgADBwUqEx7AEAAwDQYJKoZI
hvcNAQELBQADggEBAEsPtujebJxOeLf4H9x3R4EuoCuaPfI8gCupLB/0zI45+AfU
I45Si6wXlk+nv7+sr5Kn6g7vWcF+m+x0TWHx+WHuJFm4ItBGepRqe1HtOuKFtbV9
LIsYA8RNw3thMwRHAn33wGC1Ax7BERaGC/11vA2r8AfyHrG5/gtC2BiyM5X5RavH
7M0KS6Ka60/vxxWffCGzuV06O4FrHZXb7SyPjapmGwfwqAMrJVXQKVBNVwNRh39u
v8Bb/VID6wTEeDHn1CCNo11w/SxYXs1fOQN3X+musWuOXP17gBe5I0DyEQW9Bqs/
uMY8DXKzCuvikBcl6ZOUHp5NPrvFOdsVlP1ARcU=
-----END CERTIFICATE-----
Generated at Wed Aug 13 08:46:09 2025 by rpki-client