Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/67Mxj3KpQWipNpMlLApfSyTCvC0.roa
File: 67Mxj3KpQWipNpMlLApfSyTCvC0.roa (raw, json)
Hash identifier: Fv9QcoJhLdt0inevu/XCAdGmMRCdZt4H9qb4Kzk/RZ4=
Subject key identifier: EB:B3:31:8F:72:A9:41:68:A9:36:93:25:2C:0A:5F:4B:24:C2:BC:2D
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 0197F641AD87B49EB05D22BAC7A874BFFA64
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/67Mxj3KpQWipNpMlLApfSyTCvC0.roa
Signing time: Thu 10 Jul 2025 21:33:08 +0000
ROA not before: Thu 10 Jul 2025 21:33:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 137409
IP address blocks: 31.135.4.0/23 maxlen: 23
31.135.4.0/24 maxlen: 24
31.135.5.0/24 maxlen: 24
46.173.240.0/24 maxlen: 24
46.173.241.0/24 maxlen: 24
46.173.242.0/24 maxlen: 24
46.173.243.0/24 maxlen: 24
46.173.244.0/24 maxlen: 24
46.173.245.0/24 maxlen: 24
46.173.252.0/24 maxlen: 24
46.173.253.0/24 maxlen: 24
77.36.112.0/24 maxlen: 24
77.36.113.0/24 maxlen: 24
77.36.114.0/24 maxlen: 24
77.36.115.0/24 maxlen: 24
91.193.28.0/24 maxlen: 24
91.193.29.0/24 maxlen: 24
91.200.133.0/24 maxlen: 24
91.232.226.0/24 maxlen: 24
91.232.227.0/24 maxlen: 24
91.233.0.0/24 maxlen: 24
91.233.1.0/24 maxlen: 24
91.238.39.0/24 maxlen: 24
91.246.176.0/24 maxlen: 24
91.246.177.0/24 maxlen: 24
91.246.178.0/24 maxlen: 24
91.246.179.0/24 maxlen: 24
109.207.136.0/24 maxlen: 24
109.207.137.0/24 maxlen: 24
109.207.138.0/24 maxlen: 24
109.207.139.0/24 maxlen: 24
176.96.95.0/24 maxlen: 24
176.110.216.0/24 maxlen: 24
176.110.217.0/24 maxlen: 24
176.110.218.0/24 maxlen: 24
176.110.219.0/24 maxlen: 24
176.110.220.0/24 maxlen: 24
176.110.221.0/24 maxlen: 24
176.110.222.0/24 maxlen: 24
176.110.223.0/24 maxlen: 24
176.112.80.0/22 maxlen: 24
193.36.220.0/24 maxlen: 24
193.36.221.0/24 maxlen: 24
193.36.222.0/24 maxlen: 24
193.36.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 13:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f6:41:ad:87:b4:9e:b0:5d:22:ba:c7:a8:74:bf:fa:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Jul 10 21:33:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ebb3318f72a94168a93693252c0a5f4b24c2bc2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:ec:64:67:13:dc:40:b0:83:bb:5e:06:09:f0:
2a:fc:d2:b7:cb:9e:87:d2:20:be:91:8a:bc:8b:d5:
97:b5:fe:4e:3f:ca:ae:37:92:7d:b5:63:22:6a:85:
f3:83:43:14:33:35:0b:da:e4:6f:6c:13:09:52:aa:
e8:a9:a8:ef:0b:7e:2b:d4:bd:e6:01:b5:14:e2:ce:
b3:e9:33:32:a3:0a:da:6d:0b:85:c6:cf:6b:2c:84:
5c:89:c7:03:28:d2:7e:15:8c:09:13:5c:8f:0b:61:
e3:1d:e3:a2:68:09:07:fe:23:2c:33:b6:a9:eb:fb:
89:a7:76:8d:45:0e:0b:13:55:dd:ba:25:aa:6d:67:
99:24:76:ed:1e:13:6c:a6:6e:d5:47:ae:4d:5e:d6:
01:31:a8:78:24:ff:b3:fa:b9:96:25:75:32:13:e3:
3d:41:8c:f2:6f:4c:12:4f:fe:02:34:00:51:ec:5d:
40:3a:b4:d9:5b:e2:bc:f8:00:d3:bf:55:24:ea:51:
cc:05:d7:37:14:12:86:02:0e:f3:7d:93:6a:00:a6:
86:dc:b7:a1:11:0f:71:bf:5e:e4:04:2c:a0:11:9b:
68:f6:19:c9:c5:67:f8:68:c0:45:ad:17:56:d4:17:
31:98:a9:09:3f:15:35:83:7f:1b:98:7e:87:76:69:
16:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:B3:31:8F:72:A9:41:68:A9:36:93:25:2C:0A:5F:4B:24:C2:BC:2D
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/67Mxj3KpQWipNpMlLApfSyTCvC0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.135.4.0/23
46.173.240.0-46.173.245.255
46.173.252.0/23
77.36.112.0/22
91.193.28.0/23
91.200.133.0/24
91.232.226.0/23
91.233.0.0/23
91.238.39.0/24
91.246.176.0/22
109.207.136.0/22
176.96.95.0/24
176.110.216.0/21
176.112.80.0/22
193.36.220.0/22
Signature Algorithm: sha256WithRSAEncryption
2c:11:36:34:fc:c6:64:31:84:d8:86:7e:cc:3c:13:79:73:30:
2c:a8:67:1b:18:b2:0d:dc:2c:a4:9f:4b:d9:fc:86:84:26:ab:
59:7b:8f:44:f2:1a:af:a8:3e:6b:27:73:ac:59:8e:60:03:7c:
b3:ae:e5:20:b6:59:bb:1c:e2:86:cb:c9:75:14:20:f9:d2:f1:
d7:8b:6e:11:15:1c:ce:04:3e:35:23:60:63:91:3b:07:d4:77:
d0:33:52:af:aa:17:40:f7:14:8d:3e:86:73:ea:f1:b4:53:a8:
d0:86:47:f6:c7:9a:a9:d4:c3:80:2c:ac:bc:19:1f:e7:17:73:
73:92:73:d9:3b:93:0b:b5:2f:7b:51:9d:0f:5e:2f:b4:d2:c9:
ec:ab:84:42:c0:3c:d4:3f:02:8f:94:dc:d3:d8:de:f5:5b:08:
f1:fb:9d:7a:73:f0:6e:94:24:da:0d:e5:10:79:fd:ff:9c:34:
62:68:7e:2d:28:d3:af:df:a3:52:3f:ab:25:80:b8:ae:24:3f:
c0:d4:13:cd:62:fc:1d:db:ec:03:b7:aa:28:a9:84:68:8c:21:
70:8c:a6:1a:70:29:25:a1:d3:1f:ac:42:bf:07:1b:5c:3e:09:
72:31:1b:36:24:10:af:42:8b:89:5b:8c:8c:60:df:d1:16:ac:
0d:01:0a:0b
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAZf2Qa2HtJ6wXSK6x6h0v/pkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwNzEwMjEzMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmIzMzE4ZjcyYTk0MTY4YTkzNjkzMjUyYzBhNWY0YjI0YzJiYzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqexkZxPcQLCDu14GCfAq/NK3y56H
0iC+kYq8i9WXtf5OP8quN5J9tWMiaoXzg0MUMzUL2uRvbBMJUqroqajvC34r1L3m
AbUU4s6z6TMyowrabQuFxs9rLIRciccDKNJ+FYwJE1yPC2HjHeOiaAkH/iMsM7ap
6/uJp3aNRQ4LE1XduiWqbWeZJHbtHhNspm7VR65NXtYBMah4JP+z+rmWJXUyE+M9
QYzyb0wST/4CNABR7F1AOrTZW+K8+ADTv1Uk6lHMBdc3FBKGAg7zfZNqAKaG3Leh
EQ9xv17kBCygEZto9hnJxWf4aMBFrRdW1BcxmKkJPxU1g38bmH6HdmkWIQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFOuzMY9yqUFoqTaTJSwKX0skwrwtMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvNjdNeGozS3BRV2lwTnBNbExBcGZTeVRDdkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQBH4cEMAwD
BAQurfADBAEurfQDBAEurfwDBAJNJHADBAFbwRwDBABbyIUDBAFb6OIDBAFb6QAD
BABb7icDBAJb9rADBAJtz4gDBACwYF8DBAOwbtgDBAKwcFADBALBJNwwDQYJKoZI
hvcNAQELBQADggEBACwRNjT8xmQxhNiGfsw8E3lzMCyoZxsYsg3cLKSfS9n8hoQm
q1l7j0TyGq+oPmsnc6xZjmADfLOu5SC2Wbsc4obLyXUUIPnS8deLbhEVHM4EPjUj
YGOROwfUd9AzUq+qF0D3FI0+hnPq8bRTqNCGR/bHmqnUw4AsrLwZH+cXc3OSc9k7
kwu1L3tRnQ9eL7TSyeyrhELAPNQ/Ao+U3NPY3vVbCPH7nXpz8G6UJNoN5RB5/f+c
NGJofi0o06/fo1I/qyWAuK4kP8DUE81i/B3b7AO3qiiphGiMIXCMphpwKSWh0x+s
Qr8HG1w+CXIxGzYkEK9Ci4lbjIxg39EWrA0BCgs=
-----END CERTIFICATE-----
Generated at Sun Jul 20 20:11:01 2025 by rpki-client