Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nezOxNoI2UEND-eb70Na0D7-nMo.roa
File: nezOxNoI2UEND-eb70Na0D7-nMo.roa (raw, json)
Hash identifier: ryjOgeGiN3/wDA6lXvDLrRw6MXGP9VQO/VWSdVtwTig=
Subject key identifier: 9D:EC:CE:C4:DA:08:D9:41:0D:0F:E7:9B:EF:43:5A:D0:3E:FE:9C:CA
Certificate issuer: /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial: 0197D1288348482FDEEBF520C0269EEBD02F
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nezOxNoI2UEND-eb70Na0D7-nMo.roa
Signing time: Thu 03 Jul 2025 16:39:42 +0000
ROA not before: Thu 03 Jul 2025 16:39:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49870
IP address blocks: 2.56.167.0/24 maxlen: 24
45.81.22.0/23 maxlen: 23
45.140.222.0/23 maxlen: 23
77.83.240.0/24 maxlen: 24
89.190.156.0/24 maxlen: 24
89.190.159.0/24 maxlen: 24
194.50.16.0/23 maxlen: 24
212.107.12.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 08:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:d1:28:83:48:48:2f:de:eb:f5:20:c0:26:9e:eb:d0:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Validity
Not Before: Jul 3 16:39:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9deccec4da08d9410d0fe79bef435ad03efe9cca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:d0:24:2c:59:09:a6:fc:3e:5a:58:cd:12:36:
13:35:14:54:b3:3c:99:75:ae:e5:39:72:3c:e4:70:
58:02:fb:f2:ef:6d:df:1e:03:48:c7:55:2c:2f:b2:
bc:49:01:94:c7:3f:8a:69:5e:cb:ec:00:eb:e9:c4:
a6:3d:bd:ac:3c:d5:87:b7:41:05:8d:be:a6:15:bc:
9d:82:b4:ce:1b:54:83:14:b4:7b:09:b2:96:48:02:
09:5e:a6:5b:74:00:06:2e:04:6e:e3:fb:cc:f4:8e:
90:ac:d4:48:02:b1:42:b9:66:a1:60:38:29:08:ff:
5d:74:77:31:2b:5b:a9:85:57:41:62:4f:e3:95:77:
db:f3:bc:79:d2:74:51:57:77:53:05:a0:e6:9c:b6:
25:31:b0:39:54:53:df:03:4f:ae:f0:f6:a0:f1:7c:
f2:6f:0e:8d:ab:d4:3e:3e:e4:28:4c:1d:8b:43:29:
4e:db:17:cc:34:dd:ed:9d:52:d6:71:ca:d3:58:e4:
d9:23:a6:b8:05:f5:0b:1f:6d:20:20:90:04:8c:59:
0f:58:d0:f3:1e:a6:3d:32:41:46:29:47:b8:20:b0:
32:f0:25:08:1a:95:29:1d:db:a5:1f:a6:4f:bc:7f:
f8:e2:fa:90:11:cb:15:85:a7:c2:4d:9e:bc:2d:d2:
47:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:EC:CE:C4:DA:08:D9:41:0D:0F:E7:9B:EF:43:5A:D0:3E:FE:9C:CA
X509v3 Authority Key Identifier:
keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nezOxNoI2UEND-eb70Na0D7-nMo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.167.0/24
45.81.22.0/23
45.140.222.0/23
77.83.240.0/24
89.190.156.0/24
89.190.159.0/24
194.50.16.0/23
212.107.12.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:c2:31:ba:14:57:27:0f:aa:aa:6a:93:14:64:eb:f5:eb:fe:
5f:dd:7e:02:8c:ed:ba:d3:76:f5:97:6e:70:d2:a2:9b:eb:bb:
4b:80:1e:6d:67:de:ad:d4:9a:1b:e1:3a:88:27:88:22:d0:a4:
a5:bc:0a:37:9e:c1:32:fa:09:c9:bf:61:bc:1f:e8:ab:8e:cb:
e7:6c:35:56:e2:05:03:8e:78:f9:93:a2:5c:05:9f:21:4d:2d:
16:94:03:ce:e9:04:cc:7b:7f:a9:c8:ab:5d:e0:99:43:62:30:
33:b2:5d:c8:da:18:f6:ab:8f:9d:7e:60:7f:49:12:67:c7:6d:
ec:f0:df:12:ee:ca:6e:75:9c:4b:30:01:d0:d4:10:02:27:13:
a4:0e:c9:3c:f3:c3:76:72:b0:02:df:24:71:28:6e:9d:15:4c:
ae:f2:6d:43:27:e5:12:5c:a9:f4:cb:ed:1c:ab:8c:36:9d:69:
c1:6f:c2:0c:13:70:57:45:68:da:bb:a8:79:51:84:3e:f8:6f:
62:52:10:8e:6a:12:bd:03:ba:34:d8:ad:3c:c1:f4:89:78:03:
19:58:c0:23:4b:d3:76:56:6b:c5:9c:89:2b:9f:08:a1:89:5a:
0b:b8:e4:83:a0:6c:8b:7a:8e:73:28:af:a6:6b:1f:46:bc:46:
80:2b:e8:31
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZfRKINISC/e6/UgwCae69AvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwNzAzMTYzOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGVjY2VjNGRhMDhkOTQxMGQwZmU3OWJlZjQzNWFkMDNlZmU5Y2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29AkLFkJpvw+WljNEjYTNRRUszyZ
da7lOXI85HBYAvvy723fHgNIx1UsL7K8SQGUxz+KaV7L7ADr6cSmPb2sPNWHt0EF
jb6mFbydgrTOG1SDFLR7CbKWSAIJXqZbdAAGLgRu4/vM9I6QrNRIArFCuWahYDgp
CP9ddHcxK1uphVdBYk/jlXfb87x50nRRV3dTBaDmnLYlMbA5VFPfA0+u8Pag8Xzy
bw6Nq9Q+PuQoTB2LQylO2xfMNN3tnVLWccrTWOTZI6a4BfULH20gIJAEjFkPWNDz
HqY9MkFGKUe4ILAy8CUIGpUpHdulH6ZPvH/44vqQEcsVhafCTZ68LdJHDwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJ3szsTaCNlBDQ/nm+9DWtA+/pzKMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbmV6T3hOb0kyVUVORC1lYjcwTmEwRDctbk1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAAjinAwQB
LVEWAwQBLYzeAwQATVPwAwQAWb6cAwQAWb6fAwQBwjIQAwQA1GsMMA0GCSqGSIb3
DQEBCwUAA4IBAQBuwjG6FFcnD6qqapMUZOv16/5f3X4CjO2603b1l25w0qKb67tL
gB5tZ96t1Job4TqIJ4gi0KSlvAo3nsEy+gnJv2G8H+irjsvnbDVW4gUDjnj5k6Jc
BZ8hTS0WlAPO6QTMe3+pyKtd4JlDYjAzsl3I2hj2q4+dfmB/SRJnx23s8N8S7spu
dZxLMAHQ1BACJxOkDsk888N2crAC3yRxKG6dFUyu8m1DJ+USXKn0y+0cq4w2nWnB
b8IME3BXRWjau6h5UYQ++G9iUhCOahK9A7o02K08wfSJeAMZWMAjS9N2VmvFnIkr
nwihiVoLuOSDoGyLeo5zKK+max9GvEaAK+gx
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:52:19 2025 by rpki-client