Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/w_nsALBEni9bN7oziLT6x-v5vMw.roa
File: w_nsALBEni9bN7oziLT6x-v5vMw.roa (raw, json)
Hash identifier: bV1O6/pTWkVcLgUfCwZY2geOQH931QXPvOJiCvTyGdc=
Subject key identifier: C3:F9:EC:00:B0:44:9E:2F:5B:37:BA:33:88:B4:FA:C7:EB:F9:BC:CC
Certificate issuer: /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial: 01986CB8D4722F8B52D2472267F0D540AA30
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/w_nsALBEni9bN7oziLT6x-v5vMw.roa
Signing time: Sat 02 Aug 2025 21:38:29 +0000
ROA not before: Sat 02 Aug 2025 21:38:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6736
IP address blocks: 94.184.0.0/16 maxlen: 24
185.62.232.0/22 maxlen: 22
194.225.0.0/16 maxlen: 24
2001:678:b0::/46 maxlen: 48
2001:14e8::/32 maxlen: 48
2001:14e8::/48 maxlen: 48
2001:14e8:0:405::405/128 maxlen: 128
2001:14e8:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 05:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:6c:b8:d4:72:2f:8b:52:d2:47:22:67:f0:d5:40:aa:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
Validity
Not Before: Aug 2 21:38:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c3f9ec00b0449e2f5b37ba3388b4fac7ebf9bccc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:f7:7d:5e:90:ff:fa:33:da:2a:a0:07:76:6d:
68:a8:27:1e:95:53:a0:6c:d0:e9:50:a3:9a:64:34:
7c:97:13:cf:cf:5e:e7:5f:36:59:eb:70:40:27:54:
3f:d8:d6:68:36:68:41:72:b1:e9:1b:46:de:ae:a0:
ae:ce:42:40:9f:1e:57:bc:6f:2c:3d:97:b6:db:84:
52:2d:c6:1c:7f:34:48:2e:dd:23:52:0f:2b:4d:12:
1b:55:e8:cf:db:5a:6f:63:1d:a0:a2:70:87:07:10:
a5:83:74:20:76:c7:5a:be:ae:8c:1c:0b:1d:e5:fb:
cf:54:92:7a:ee:43:78:95:c1:0e:dc:16:0a:72:a6:
90:48:ca:b9:4d:25:4e:67:88:4b:fb:1d:8f:7f:bc:
a2:2b:98:40:f5:6c:70:98:a6:59:9b:f7:c7:93:e2:
6c:99:97:cf:ec:9d:be:58:4a:10:b1:c8:80:ac:7f:
cb:68:c6:59:e8:6a:9a:45:91:ce:2d:f4:af:07:3f:
9e:b4:60:5c:a5:f9:e2:0c:65:64:a2:2c:0b:7b:4a:
f0:f8:14:2d:e3:1c:25:61:ae:a2:64:24:44:a5:6a:
d9:76:9f:ee:5e:84:14:a8:b1:1b:14:73:f9:42:85:
0c:e9:7c:17:4b:ce:25:3a:bb:dc:05:38:34:99:4c:
a4:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:F9:EC:00:B0:44:9E:2F:5B:37:BA:33:88:B4:FA:C7:EB:F9:BC:CC
X509v3 Authority Key Identifier:
keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/w_nsALBEni9bN7oziLT6x-v5vMw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.184.0.0/16
185.62.232.0/22
194.225.0.0/16
IPv6:
2001:678:b0::/46
2001:14e8::/32
Signature Algorithm: sha256WithRSAEncryption
8c:5a:8b:9a:23:be:dc:0e:44:c9:67:17:3f:88:31:61:3c:09:
6c:3f:bd:27:72:63:37:25:9a:32:30:0d:23:b9:af:13:b3:03:
8c:64:95:8a:98:87:f3:7f:ce:54:33:38:ce:bb:ee:60:02:a3:
3a:04:14:51:fd:1b:a2:5c:f9:fe:05:8c:73:bf:aa:f4:a7:9e:
57:2a:78:7e:ab:6b:1b:bc:72:e6:4e:1b:f5:0b:d4:2c:80:da:
f3:e6:93:2b:72:d0:11:8a:10:dd:31:80:04:19:53:f0:e2:99:
5c:80:ea:82:65:5e:77:be:ae:da:f6:47:64:24:0d:7d:66:1b:
f2:8e:cc:24:ed:a0:e9:86:2f:17:41:19:bb:eb:48:65:4d:f1:
81:02:a9:f4:79:9a:af:86:e2:74:79:5d:54:64:bd:37:15:16:
e0:c4:2f:dd:39:61:7e:45:3f:6b:57:c0:09:a7:8c:cd:e4:54:
5b:3c:09:0c:83:69:fe:8e:aa:42:4f:80:9d:f3:0c:24:3c:48:
8a:ba:27:5d:bb:40:65:87:72:17:48:e2:1a:c1:f7:bd:ab:6e:
3e:e5:1f:68:81:de:ac:81:2a:6c:b6:5f:ea:93:17:22:fb:ea:
49:d4:45:51:cc:5e:a9:42:14:5f:e1:72:74:49:b8:2b:c1:79:
31:64:d9:14
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZhsuNRyL4tS0kciZ/DVQKowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjUwODAyMjEzODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Y5ZWMwMGIwNDQ5ZTJmNWIzN2JhMzM4OGI0ZmFjN2ViZjliY2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/d9XpD/+jPaKqAHdm1oqCcelVOg
bNDpUKOaZDR8lxPPz17nXzZZ63BAJ1Q/2NZoNmhBcrHpG0berqCuzkJAnx5XvG8s
PZe224RSLcYcfzRILt0jUg8rTRIbVejP21pvYx2gonCHBxClg3Qgdsdavq6MHAsd
5fvPVJJ67kN4lcEO3BYKcqaQSMq5TSVOZ4hL+x2Pf7yiK5hA9WxwmKZZm/fHk+Js
mZfP7J2+WEoQsciArH/LaMZZ6GqaRZHOLfSvBz+etGBcpfniDGVkoiwLe0rw+BQt
4xwlYa6iZCREpWrZdp/uXoQUqLEbFHP5QoUM6XwXS84lOrvcBTg0mUyk5wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFMP57ACwRJ4vWze6M4i0+sfr+bzMMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvd19uc0FMQkVuaTliTjdvemlMVDZ4LXY1dk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAWBAIAATAQAwMAXrgDBAK5
PugDAwDC4TAWBAIAAjAQAwcCIAEGeACwAwUAIAEU6DANBgkqhkiG9w0BAQsFAAOC
AQEAjFqLmiO+3A5EyWcXP4gxYTwJbD+9J3JjNyWaMjANI7mvE7MDjGSVipiH83/O
VDM4zrvuYAKjOgQUUf0bolz5/gWMc7+q9KeeVyp4fqtrG7xy5k4b9QvULIDa8+aT
K3LQEYoQ3TGABBlT8OKZXIDqgmVed76u2vZHZCQNfWYb8o7MJO2g6YYvF0EZu+tI
ZU3xgQKp9Hmar4bidHldVGS9NxUW4MQv3TlhfkU/a1fACaeMzeRUWzwJDINp/o6q
Qk+AnfMMJDxIironXbtAZYdyF0jiGsH3vatuPuUfaIHerIEqbLZf6pMXIvvqSdRF
UcxeqUIUX+FydEm4K8F5MWTZFA==
-----END CERTIFICATE-----
Generated at Sat Aug 9 15:11:08 2025 by rpki-client