Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/NTSXzohORWZtttaszZbsV3DOOYA.roa
File: NTSXzohORWZtttaszZbsV3DOOYA.roa (raw, json)
Hash identifier: MaEVUaFakhLRs6dfJtYL3YU29Q2ZDO5rsA2rJVtVQpY=
Subject key identifier: 35:34:97:CE:88:4E:45:66:6D:B6:D6:AC:CD:96:EC:57:70:CE:39:80
Certificate issuer: /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial: 01966B90720F3832C9D404055D7BF810E1C2
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/NTSXzohORWZtttaszZbsV3DOOYA.roa
Signing time: Fri 25 Apr 2025 06:09:10 +0000
ROA not before: Fri 25 Apr 2025 06:09:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44901
IP address blocks: 152.89.28.0/24 maxlen: 24
152.89.29.0/24 maxlen: 24
193.135.174.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Apr 2025 02:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:6b:90:72:0f:38:32:c9:d4:04:05:5d:7b:f8:10:e1:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Validity
Not Before: Apr 25 06:09:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=353497ce884e45666db6d6accd96ec5770ce3980
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:e5:0b:6a:0f:7c:9d:50:f0:60:8a:cf:93:f4:
2b:ef:ba:ac:2d:ee:91:49:6a:c5:22:68:d4:07:49:
44:02:01:f0:65:89:04:92:a6:bb:03:a4:72:60:c9:
ef:d2:8a:15:f2:cb:59:cd:8c:fb:8e:f9:21:b9:8a:
ca:7a:93:4f:c4:26:01:bd:ab:a8:1f:02:ab:97:92:
4e:cf:18:7d:94:0b:7d:35:17:25:25:f0:1f:24:52:
28:18:77:a3:7e:cb:60:3e:b5:7e:79:34:cf:5b:da:
92:23:67:3b:fe:ea:35:68:18:0f:4c:e7:91:d6:a3:
45:96:f4:3e:cc:89:05:4d:48:29:b6:22:c6:08:ad:
be:77:f9:41:10:8e:62:ed:d4:67:c0:9a:11:07:fe:
07:58:07:af:39:d3:68:b4:49:9d:6a:e6:a2:94:24:
20:56:73:24:d5:c3:29:01:3a:29:ad:7e:75:a1:60:
8b:29:06:11:57:c4:d1:47:56:2b:70:70:5c:ff:5f:
a3:3e:76:24:14:14:6c:84:13:2d:5f:85:5c:68:8f:
5f:5f:36:65:74:03:a3:ed:56:0f:c4:15:ea:ff:b6:
30:0b:5b:3f:21:c4:cd:37:8e:c8:d5:41:3c:39:18:
8e:28:44:07:f9:aa:03:14:e5:be:e9:28:99:4f:77:
5d:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:34:97:CE:88:4E:45:66:6D:B6:D6:AC:CD:96:EC:57:70:CE:39:80
X509v3 Authority Key Identifier:
keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/NTSXzohORWZtttaszZbsV3DOOYA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.28.0/23
193.135.174.0/24
Signature Algorithm: sha256WithRSAEncryption
b0:00:5b:d2:39:b7:b1:fe:eb:c4:98:b7:86:82:87:b9:5d:2e:
17:c7:d6:a3:0d:a5:07:33:e0:d3:f1:ea:5a:7b:76:81:da:86:
96:c2:6a:50:98:9a:e6:bb:4b:60:d1:09:57:04:bb:73:10:be:
17:01:b3:e2:1c:c6:ce:fb:da:84:35:b4:44:4d:7b:c6:03:0d:
e6:44:4a:cb:53:6c:4a:f2:ec:57:a0:48:e0:cf:b8:2f:2c:a9:
93:dd:03:b9:92:57:93:33:b8:3b:7f:5d:e5:26:1c:57:d5:88:
15:94:4a:e4:c7:dc:9d:5c:fd:b8:6e:b9:d0:5b:0c:5f:a1:89:
1a:35:70:d6:6e:dc:94:6c:66:e1:d1:be:c5:4f:d5:e1:d9:59:
a6:f2:4a:96:3f:3f:1d:5e:b3:c0:5e:7c:91:c5:b5:55:93:b3:
1a:ea:e2:80:95:64:5c:fb:70:33:91:2b:28:88:08:b9:bc:50:
65:cd:61:c1:30:75:77:38:16:18:65:90:1b:54:cb:ca:1a:47:
f2:34:e3:cb:98:48:b3:5f:79:cb:ef:7b:7e:09:a2:88:03:29:
eb:e1:be:67:5c:23:68:89:cf:fa:a5:1d:90:77:c0:5a:0a:cb:
7e:5e:89:da:1e:8d:6e:43:81:4b:fe:e5:44:d9:d1:fc:ef:5d:
91:9c:f3:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZrkHIPODLJ1AQFXXv4EOHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjUwNDI1MDYwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTM0OTdjZTg4NGU0NTY2NmRiNmQ2YWNjZDk2ZWM1NzcwY2UzOTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+ULag98nVDwYIrPk/Qr77qsLe6R
SWrFImjUB0lEAgHwZYkEkqa7A6RyYMnv0ooV8stZzYz7jvkhuYrKepNPxCYBvauo
HwKrl5JOzxh9lAt9NRclJfAfJFIoGHejfstgPrV+eTTPW9qSI2c7/uo1aBgPTOeR
1qNFlvQ+zIkFTUgptiLGCK2+d/lBEI5i7dRnwJoRB/4HWAevOdNotEmdauailCQg
VnMk1cMpAToprX51oWCLKQYRV8TRR1YrcHBc/1+jPnYkFBRshBMtX4VcaI9fXzZl
dAOj7VYPxBXq/7YwC1s/IcTNN47I1UE8ORiOKEQH+aoDFOW+6SiZT3dd+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDU0l86ITkVmbbbWrM2W7FdwzjmAMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvTlRTWHpvaE9SV1p0dHRhc3paYnNWM0RPT1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBmFkcAwQA
wYeuMA0GCSqGSIb3DQEBCwUAA4IBAQCwAFvSObex/uvEmLeGgoe5XS4Xx9ajDaUH
M+DT8epae3aB2oaWwmpQmJrmu0tg0QlXBLtzEL4XAbPiHMbO+9qENbRETXvGAw3m
RErLU2xK8uxXoEjgz7gvLKmT3QO5kleTM7g7f13lJhxX1YgVlErkx9ydXP24brnQ
WwxfoYkaNXDWbtyUbGbh0b7FT9Xh2Vmm8kqWPz8dXrPAXnyRxbVVk7Ma6uKAlWRc
+3AzkSsoiAi5vFBlzWHBMHV3OBYYZZAbVMvKGkfyNOPLmEizX3nL73t+CaKIAynr
4b5nXCNoic/6pR2Qd8BaCst+XonaHo1uQ4FL/uVE2dH8712RnPOu
-----END CERTIFICATE-----
Generated at Sun Apr 27 07:01:11 2025 by rpki-client