Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/NTq0FDzH2xxPaa-1hxtnePIlEA4.roa
File: NTq0FDzH2xxPaa-1hxtnePIlEA4.roa (raw, json)
Hash identifier: LRFHdSsVugdN6TwKBfGKGPR3Nf4KsaI4iw69J8bmMBI=
Subject key identifier: 35:3A:B4:14:3C:C7:DB:1C:4F:69:AF:B5:87:1B:67:78:F2:25:10:0E
Certificate issuer: /CN=dd29c370460bec753010fc7e68365c5770bf45e4
Certificate serial: 0196CA1E1367B3BE382C5B22C5012D332472
Authority key identifier: DD:29:C3:70:46:0B:EC:75:30:10:FC:7E:68:36:5C:57:70:BF:45:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/NTq0FDzH2xxPaa-1hxtnePIlEA4.roa
Signing time: Tue 13 May 2025 14:48:10 +0000
ROA not before: Tue 13 May 2025 14:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214274
IP address blocks: 185.243.160.0/24 maxlen: 24
185.243.161.0/24 maxlen: 24
2a09:900::/47 maxlen: 47
2a09:900:2::/47 maxlen: 47
2a09:900:100::/40 maxlen: 40
2a09:900:200::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 14:25:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:ca:1e:13:67:b3:be:38:2c:5b:22:c5:01:2d:33:24:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd29c370460bec753010fc7e68365c5770bf45e4
Validity
Not Before: May 13 14:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=353ab4143cc7db1c4f69afb5871b6778f225100e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:81:29:9b:78:1c:a6:23:1d:9a:5d:26:77:ce:
97:78:25:f4:2b:12:40:b5:e3:e0:5c:13:9e:a7:8b:
01:1a:70:36:a7:8f:45:5f:6f:cf:6d:b6:5b:35:85:
be:61:63:04:ee:08:28:8a:d1:3d:9d:41:83:73:99:
0d:f3:80:21:17:71:da:0b:99:67:96:c5:a2:33:70:
c3:22:6b:5e:97:0b:4d:b0:3a:0c:92:ef:9d:8c:cc:
c3:fc:86:d4:82:e0:d0:26:af:95:8a:98:eb:34:0e:
7a:7b:46:35:25:51:1f:a0:94:57:34:be:3e:e1:42:
0a:26:31:f0:28:c4:56:2a:d3:3c:d7:71:01:bc:69:
ad:ba:54:13:79:0d:68:9f:c8:e4:6c:98:3d:0c:d1:
20:71:c5:f3:47:c0:5e:92:ff:28:b2:68:4a:86:06:
8e:9a:3b:5a:d6:ae:3d:e0:9c:ae:e0:c4:97:86:b0:
87:14:8d:63:26:c3:08:74:f4:86:90:b3:e6:62:6e:
98:e2:70:08:2e:23:58:f3:b0:34:21:9f:57:27:71:
8e:21:45:4d:79:3c:d4:19:3f:24:a2:5f:ca:1a:75:
ed:0c:9a:10:06:4e:1e:76:82:36:a5:d6:a7:0b:76:
8e:f4:b1:e0:4c:ee:b8:c6:b9:18:c4:75:76:5b:47:
f1:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:3A:B4:14:3C:C7:DB:1C:4F:69:AF:B5:87:1B:67:78:F2:25:10:0E
X509v3 Authority Key Identifier:
keyid:DD:29:C3:70:46:0B:EC:75:30:10:FC:7E:68:36:5C:57:70:BF:45:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/NTq0FDzH2xxPaa-1hxtnePIlEA4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.243.160.0/23
IPv6:
2a09:900::/46
2a09:900:100::-2a09:900:2ff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
ae:cd:18:0b:58:05:10:9e:af:b3:c2:95:47:ea:7c:6b:b4:fb:
4b:b1:a9:4e:79:07:d3:e9:12:0a:ac:c3:53:17:3d:10:05:ca:
7c:66:60:0f:4c:0c:a8:52:51:8e:34:3e:4e:ac:61:0b:57:57:
4a:bb:1f:05:2b:dc:6d:d4:0b:08:1c:82:71:0c:0c:15:fe:ac:
6c:ae:12:16:4b:d7:47:4f:3c:7d:f5:0e:75:46:04:25:8c:ad:
fc:51:ab:85:ed:82:71:13:36:cd:8f:5b:95:4a:35:c2:d0:9a:
d9:58:1f:ca:1f:08:ac:4b:b7:3f:9d:e6:05:ac:ab:ee:0d:c5:
b3:5b:eb:12:42:8a:22:03:f1:2c:3f:cc:48:6b:ae:d4:9c:a7:
e1:f8:e7:e0:77:06:45:fa:ce:98:ac:d1:b4:a9:ec:88:80:6d:
55:14:24:4c:65:e2:9e:00:dc:83:44:89:b9:2f:56:06:c4:5f:
a1:6b:bd:42:c6:99:6e:40:7b:56:b0:39:b9:eb:2f:51:b2:57:
38:54:bf:58:01:71:97:c1:e5:de:d4:3d:7b:ac:d4:72:36:a5:
a2:c6:73:e3:0a:96:ca:ff:d8:b4:80:98:48:01:dc:3e:7a:2a:
62:50:fa:fd:4b:ae:b6:77:4c:48:41:b4:69:a5:ff:53:9a:3f:
ae:98:60:8b
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZbKHhNns744LFsixQEtMyRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMjljMzcwNDYwYmVjNzUzMDEwZmM3ZTY4MzY1YzU3NzBi
ZjQ1ZTQwHhcNMjUwNTEzMTQ0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTNhYjQxNDNjYzdkYjFjNGY2OWFmYjU4NzFiNjc3OGYyMjUxMDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYEpm3gcpiMdml0md86XeCX0KxJA
tePgXBOep4sBGnA2p49FX2/PbbZbNYW+YWME7ggoitE9nUGDc5kN84AhF3HaC5ln
lsWiM3DDImtelwtNsDoMku+djMzD/IbUguDQJq+VipjrNA56e0Y1JVEfoJRXNL4+
4UIKJjHwKMRWKtM813EBvGmtulQTeQ1on8jkbJg9DNEgccXzR8Bekv8osmhKhgaO
mjta1q494Jyu4MSXhrCHFI1jJsMIdPSGkLPmYm6Y4nAILiNY87A0IZ9XJ3GOIUVN
eTzUGT8kol/KGnXtDJoQBk4edoI2pdanC3aO9LHgTO64xrkYxHV2W0fx3wIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFDU6tBQ8x9scT2mvtYcbZ3jyJRAOMB8GA1UdIwQY
MBaAFN0pw3BGC+x1MBD8fmg2XFdwv0XkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1NuRGNFWUw3SFV3RVB4LWFEWmNWM0NfUmVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9iMzAxOWMtNjZjZi00Zjk4LWE4NTYt
MTM0YzQ3Yjk0OTEzLzEvTlRxMEZEekgyeHhQYWEtMWh4dG5lUElsRUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9iMzAxOWMtNjZjZi00Zjk4LWE4NTYtMTM0YzQ3Yjk0OTEz
LzEvM1NuRGNFWUw3SFV3RVB4LWFEWmNWM0NfUmVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAMBAIAATAGAwQBufOgMCEE
AgACMBsDBwIqCQkAAAAwEAMGACoJCQABAwYAKgkJAAIwDQYJKoZIhvcNAQELBQAD
ggEBAK7NGAtYBRCer7PClUfqfGu0+0uxqU55B9PpEgqsw1MXPRAFynxmYA9MDKhS
UY40Pk6sYQtXV0q7HwUr3G3UCwgcgnEMDBX+rGyuEhZL10dPPH31DnVGBCWMrfxR
q4XtgnETNs2PW5VKNcLQmtlYH8ofCKxLtz+d5gWsq+4NxbNb6xJCiiID8Sw/zEhr
rtScp+H45+B3BkX6zpis0bSp7IiAbVUUJExl4p4A3INEibkvVgbEX6FrvULGmW5A
e1awObnrL1GyVzhUv1gBcZfB5d7UPXus1HI2paLGc+MKlsr/2LSAmEgB3D56KmJQ
+v1LrrZ3TEhBtGml/1OaP66YYIs=
-----END CERTIFICATE-----
Generated at Mon Jun 16 21:27:17 2025 by rpki-client