Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vznB2ihzHHifAL4_q9OPw1jjqTg.roa
File: vznB2ihzHHifAL4_q9OPw1jjqTg.roa (raw, json)
Hash identifier: mnZNuxrokq+eb/aQ1RRIvh4smJloLjTyKXrfx+S/IF0=
Subject key identifier: BF:39:C1:DA:28:73:1C:78:9F:00:BE:3F:AB:D3:8F:C3:58:E3:A9:38
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01983631BEB329703FAE96ECF89C21D38AF9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vznB2ihzHHifAL4_q9OPw1jjqTg.roa
Signing time: Wed 23 Jul 2025 07:31:26 +0000
ROA not before: Wed 23 Jul 2025 07:31:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215730
IP address blocks: 2.59.253.0/24 maxlen: 24
81.31.192.0/24 maxlen: 24
87.120.93.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 26 Jul 2025 17:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:36:31:be:b3:29:70:3f:ae:96:ec:f8:9c:21:d3:8a:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 23 07:31:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bf39c1da28731c789f00be3fabd38fc358e3a938
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:8b:80:5c:08:2f:b2:3f:9c:d1:a8:15:6f:87:
89:71:b7:62:ca:10:00:27:35:10:59:e7:6c:ab:fa:
fe:c9:ab:29:c9:e2:b5:68:31:1d:3f:b9:e7:50:b1:
21:75:10:3c:82:78:51:7c:94:20:c7:48:27:2e:30:
02:a1:6b:51:f5:e8:ba:7c:de:68:77:dd:8f:39:b5:
53:13:0b:3c:85:e9:b6:b7:64:8f:15:fd:1d:ff:3e:
ed:ee:94:b3:85:76:97:7a:e4:b1:ea:83:2f:25:4a:
40:ba:3b:76:60:6f:ac:bc:b5:29:4f:a6:5f:54:1a:
e3:4a:db:bb:fc:1f:ea:7a:72:a5:91:e7:68:5f:72:
ba:8b:c3:2e:03:de:08:f0:08:98:c1:ab:4d:3a:8e:
be:e5:a6:ae:79:52:89:7e:b6:e9:9d:c5:a7:84:06:
3c:72:0d:f6:d2:ca:70:34:34:d7:f3:26:61:32:34:
a1:64:90:e3:c9:1a:e2:bd:1a:e8:8a:7f:01:4a:85:
fb:31:ae:98:cd:a1:8a:8a:21:74:46:10:fe:54:f8:
bc:df:27:c4:00:6c:c5:87:22:3e:05:60:ab:7b:e4:
7a:02:c7:7d:22:7e:37:cf:e5:31:b2:26:d1:1a:3d:
c1:7e:44:45:89:8b:7c:9a:1a:34:f1:21:e6:8e:19:
d4:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:39:C1:DA:28:73:1C:78:9F:00:BE:3F:AB:D3:8F:C3:58:E3:A9:38
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vznB2ihzHHifAL4_q9OPw1jjqTg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
81.31.192.0/24
87.120.93.0/24
87.120.126.0/24
94.156.232.0/24
Signature Algorithm: sha256WithRSAEncryption
aa:36:d8:fe:f6:e5:ae:e8:dc:b6:e0:d7:70:3a:0b:6a:eb:e9:
2e:41:f1:74:16:83:c5:4c:37:aa:27:c9:e7:65:02:da:29:73:
ba:18:df:c3:0a:0d:87:79:b0:b5:a5:3e:23:a4:92:12:15:47:
5a:41:10:48:43:10:e7:13:94:91:5a:40:01:66:90:c7:94:1a:
b8:33:97:02:87:06:91:d0:35:48:c1:04:2e:05:cb:d5:75:8b:
01:b9:1b:09:06:78:39:a6:b9:37:b1:0c:99:c1:ef:35:f2:f1:
84:6b:88:76:7a:90:16:31:6b:5d:2a:24:de:7e:a8:d8:2a:99:
4a:0e:7a:06:d3:65:6d:ce:48:43:ec:19:ed:48:60:e6:8f:a6:
5d:38:a7:44:f0:68:f7:79:f9:58:89:17:68:b6:07:81:8f:56:
80:d9:d1:68:db:fc:b4:99:6e:e9:a2:d9:78:a8:6d:6e:96:1d:
d4:18:11:d8:bd:ae:c7:00:88:d3:12:58:d5:52:a9:ca:44:5a:
c4:84:dd:91:f3:fc:a4:b1:56:2c:82:76:fc:15:84:85:bd:aa:
b8:6d:6d:ab:b1:e1:46:53:79:9f:55:21:35:05:10:0c:41:8b:
32:e0:ec:03:c1:af:1a:a5:16:95:a7:34:fd:fc:0a:a9:72:4a:
47:69:4d:27
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZg2Mb6zKXA/rpbs+Jwh04r5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNzIzMDczMTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjM5YzFkYTI4NzMxYzc4OWYwMGJlM2ZhYmQzOGZjMzU4ZTNhOTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44uAXAgvsj+c0agVb4eJcbdiyhAA
JzUQWedsq/r+yaspyeK1aDEdP7nnULEhdRA8gnhRfJQgx0gnLjACoWtR9ei6fN5o
d92PObVTEws8hem2t2SPFf0d/z7t7pSzhXaXeuSx6oMvJUpAujt2YG+svLUpT6Zf
VBrjStu7/B/qenKlkedoX3K6i8MuA94I8AiYwatNOo6+5aaueVKJfrbpncWnhAY8
cg320spwNDTX8yZhMjShZJDjyRrivRroin8BSoX7Ma6YzaGKiiF0RhD+VPi83yfE
AGzFhyI+BWCre+R6Asd9In43z+UxsibRGj3BfkRFiYt8mho08SHmjhnUvwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFL85wdoocxx4nwC+P6vTj8NY46k4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdnpuQjJpaHpISGlmQUw0X3E5T1B3MWpqcVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAAjv9AwQA
UR/AAwQAV3hdAwQAV3h+AwQAXpzoMA0GCSqGSIb3DQEBCwUAA4IBAQCqNtj+9uWu
6Ny24NdwOgtq6+kuQfF0FoPFTDeqJ8nnZQLaKXO6GN/DCg2HebC1pT4jpJISFUda
QRBIQxDnE5SRWkABZpDHlBq4M5cChwaR0DVIwQQuBcvVdYsBuRsJBng5prk3sQyZ
we818vGEa4h2epAWMWtdKiTefqjYKplKDnoG02VtzkhD7BntSGDmj6ZdOKdE8Gj3
eflYiRdotgeBj1aA2dFo2/y0mW7potl4qG1ulh3UGBHYva7HAIjTEljVUqnKRFrE
hN2R8/yksVYsgnb8FYSFvaq4bW2rseFGU3mfVSE1BRAMQYsy4OwDwa8apRaVpzT9
/AqpckpHaU0n
-----END CERTIFICATE-----
Generated at Sat Jul 26 00:10:42 2025 by rpki-client