Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/nRiXx1Cy-0W2GAGPF1eHDoWTRmk.roa
File: nRiXx1Cy-0W2GAGPF1eHDoWTRmk.roa (raw, json)
Hash identifier: DNHjNYm1Xu/Gv6zjTAG7OGLWylmQFWZFReqXZHqEfyQ=
Subject key identifier: 9D:18:97:C7:50:B2:FB:45:B6:18:01:8F:17:57:87:0E:85:93:46:69
Certificate issuer: /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial: 01965D9B23546B77B68F8F172655EE262B61
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/nRiXx1Cy-0W2GAGPF1eHDoWTRmk.roa
Signing time: Tue 22 Apr 2025 13:06:10 +0000
ROA not before: Tue 22 Apr 2025 13:06:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204104
IP address blocks: 46.38.136.0/24 maxlen: 24
46.38.137.0/24 maxlen: 24
46.38.138.0/24 maxlen: 24
46.38.143.0/24 maxlen: 24
109.94.164.0/24 maxlen: 24
212.80.8.0/24 maxlen: 24
212.80.9.0/24 maxlen: 24
212.80.10.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Apr 2025 08:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:5d:9b:23:54:6b:77:b6:8f:8f:17:26:55:ee:26:2b:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
Validity
Not Before: Apr 22 13:06:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9d1897c750b2fb45b618018f1757870e85934669
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:8a:7e:d6:1b:5f:dc:a6:a4:e2:d7:e4:95:b3:
c5:db:43:af:e6:c5:8f:9e:89:fa:3d:a4:88:49:18:
99:88:b7:eb:4a:56:5b:cb:12:c2:bd:fb:12:12:8a:
5b:30:ec:ae:0e:85:21:6c:fe:5d:17:2e:53:c1:bd:
48:23:16:00:c0:fc:fe:df:f6:b7:6b:4d:34:f7:f3:
45:03:ff:95:ff:0b:ee:2e:1b:93:6e:03:51:d9:53:
7f:bb:ce:d2:a6:4f:ca:3c:92:0e:09:41:9d:72:8f:
ea:24:7c:45:95:7d:f0:f4:f3:fc:a3:1f:ba:af:6c:
2f:12:1c:08:cd:05:18:06:8f:ff:24:6b:0f:2b:99:
9c:c9:6c:b5:51:d9:97:7e:2d:00:9f:75:12:79:78:
ad:cc:02:17:e3:be:f1:c6:3c:d7:d0:93:d9:ac:7a:
d0:33:8b:d3:d9:7b:e4:f6:f5:7b:3f:49:41:d8:e8:
69:f8:04:d9:35:71:cc:6f:2a:24:d8:fd:90:76:ca:
fa:4a:0b:c1:2a:76:66:72:3c:db:91:9c:9c:5d:d3:
e6:c0:84:65:c6:42:31:5f:da:8a:53:ab:83:9e:77:
ec:6f:fa:08:d1:18:9d:33:c8:7e:eb:e4:eb:76:dd:
dd:9c:25:a1:a3:5d:01:45:de:07:89:cf:8f:8b:43:
7f:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:18:97:C7:50:B2:FB:45:B6:18:01:8F:17:57:87:0E:85:93:46:69
X509v3 Authority Key Identifier:
keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/nRiXx1Cy-0W2GAGPF1eHDoWTRmk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.38.136.0-46.38.138.255
46.38.143.0/24
109.94.164.0/24
212.80.8.0-212.80.10.255
Signature Algorithm: sha256WithRSAEncryption
a0:6a:23:bb:2b:80:ed:2e:08:61:d7:1a:34:d4:fa:33:12:5c:
86:f4:b9:5d:94:f8:af:94:b0:55:32:f0:78:17:80:95:fe:30:
e3:bf:c5:76:18:b0:23:0f:8c:ef:b6:28:63:21:d4:ce:ef:36:
7b:a3:15:81:57:2f:1d:3a:e6:d0:b9:72:a8:05:aa:4c:7c:d5:
59:98:54:a6:94:70:17:2b:c8:1b:65:00:a2:2a:b8:af:b4:b5:
c9:4a:cb:30:7e:45:af:0c:dd:39:b3:c8:f6:a2:10:1a:b5:75:
6e:f2:eb:f6:d0:bc:47:9b:99:63:84:86:fb:75:29:80:36:8a:
30:01:f9:f0:2a:b5:47:03:6e:c2:f5:c4:5e:03:d6:13:d9:a1:
2c:03:58:8a:f4:0f:39:bd:7d:79:68:9d:40:50:a1:a4:0b:03:
5a:fc:7f:05:74:cf:7f:a8:5d:c4:db:4e:d5:de:10:b3:b2:8d:
62:7b:1d:ad:da:e0:77:d4:cb:cc:38:5b:37:f4:fc:75:47:9c:
c8:71:8b:1e:32:c8:e5:38:4c:a7:87:95:01:51:9d:1d:d7:ad:
28:41:24:01:93:f5:25:b3:d6:d3:46:80:5b:51:7d:e3:59:91:
a9:da:61:70:fd:b7:6c:08:03:c3:90:cd:2f:dd:a3:e3:7e:bd:
cf:6d:77:e1
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZZdmyNUa3e2j48XJlXuJithMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNDIyMTMwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDE4OTdjNzUwYjJmYjQ1YjYxODAxOGYxNzU3ODcwZTg1OTM0NjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYp+1htf3Kak4tfklbPF20Ov5sWP
non6PaSISRiZiLfrSlZbyxLCvfsSEopbMOyuDoUhbP5dFy5Twb1IIxYAwPz+3/a3
a0009/NFA/+V/wvuLhuTbgNR2VN/u87Spk/KPJIOCUGdco/qJHxFlX3w9PP8ox+6
r2wvEhwIzQUYBo//JGsPK5mcyWy1UdmXfi0An3USeXitzAIX477xxjzX0JPZrHrQ
M4vT2Xvk9vV7P0lB2Ohp+ATZNXHMbyok2P2Qdsr6SgvBKnZmcjzbkZycXdPmwIRl
xkIxX9qKU6uDnnfsb/oI0RidM8h+6+Trdt3dnCWho10BRd4Hic+Pi0N/ZQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFJ0Yl8dQsvtFthgBjxdXhw6Fk0ZpMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvblJpWHgxQ3ktMFcyR0FHUEYxZUhEb1dUUm1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAMuJogD
BAAuJooDBAAuJo8DBABtXqQwDAMEA9RQCAMEANRQCjANBgkqhkiG9w0BAQsFAAOC
AQEAoGojuyuA7S4IYdcaNNT6MxJchvS5XZT4r5SwVTLweBeAlf4w47/FdhiwIw+M
77YoYyHUzu82e6MVgVcvHTrm0LlyqAWqTHzVWZhUppRwFyvIG2UAoiq4r7S1yUrL
MH5FrwzdObPI9qIQGrV1bvLr9tC8R5uZY4SG+3UpgDaKMAH58Cq1RwNuwvXEXgPW
E9mhLANYivQPOb19eWidQFChpAsDWvx/BXTPf6hdxNtO1d4Qs7KNYnsdrdrgd9TL
zDhbN/T8dUecyHGLHjLI5ThMp4eVAVGdHdetKEEkAZP1JbPW00aAW1F941mRqdph
cP23bAgDw5DNL92j4369z2134Q==
-----END CERTIFICATE-----
Generated at Mon Apr 28 14:34:50 2025 by rpki-client