Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/N_FJ7OIWFvIW9taFHsA2wT2zVwk.roa
File: N_FJ7OIWFvIW9taFHsA2wT2zVwk.roa (raw, json)
Hash identifier: bVU4MMFAW33uimGtPgAQzKj41nvECCYfDukXv4e4p0w=
Subject key identifier: 37:F1:49:EC:E2:16:16:F2:16:F6:D6:85:1E:C0:36:C1:3D:B3:57:09
Certificate issuer: /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial: 01956275759AD651DF0B1A51279773F05CA4
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/N_FJ7OIWFvIW9taFHsA2wT2zVwk.roa
Signing time: Tue 04 Mar 2025 18:40:19 +0000
ROA not before: Tue 04 Mar 2025 18:40:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41953
IP address blocks: 89.40.196.0/22 maxlen: 22
91.196.153.0/24 maxlen: 24
91.206.123.0/24 maxlen: 24
92.114.111.0/24 maxlen: 24
93.113.47.0/24 maxlen: 24
93.115.34.0/24 maxlen: 24
185.202.84.0/22 maxlen: 22
2a14:3700::/30 maxlen: 30
2a14:3704::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 14:01:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:62:75:75:9a:d6:51:df:0b:1a:51:27:97:73:f0:5c:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Validity
Not Before: Mar 4 18:40:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=37f149ece21616f216f6d6851ec036c13db35709
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:d3:e4:5d:ad:a2:0a:0d:39:25:09:9d:5c:cf:
9b:55:7a:29:82:6e:c2:f7:5d:d4:63:21:00:d0:52:
cc:1b:ef:72:c7:2a:38:4c:f2:07:5c:4f:21:74:2f:
0f:60:c3:69:3f:c7:88:61:6a:84:28:4d:1d:2f:bb:
dc:0d:a8:b9:55:e5:bf:ed:3a:79:84:38:72:09:48:
ad:f8:64:f3:cf:f5:54:00:c7:84:fa:f4:96:d9:cf:
f1:3e:1f:7b:62:91:16:7c:ff:96:00:0e:2a:18:3d:
91:9b:b0:32:57:fb:62:8e:3d:ef:d9:2d:ab:e8:14:
5d:8d:13:45:50:36:c0:3e:83:a8:10:ee:46:9d:28:
d8:ab:65:6d:72:97:bf:99:66:12:3e:74:e9:40:9d:
36:f6:bb:88:9c:df:d2:f6:4b:d0:09:8e:82:6b:c8:
5d:93:1f:b7:94:de:11:9c:af:61:37:5c:fc:eb:d5:
24:b1:5e:d3:18:ed:fe:58:d7:04:03:f8:0a:19:18:
82:14:54:3b:36:91:1a:26:35:e0:98:2f:ec:6a:95:
80:64:37:be:a2:f8:99:04:af:10:94:fd:23:f2:6d:
81:a1:79:22:36:61:3e:1b:19:52:0b:1a:54:e5:fa:
9f:2d:74:13:27:a1:59:6a:43:5e:fe:0b:b3:72:ac:
7c:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:F1:49:EC:E2:16:16:F2:16:F6:D6:85:1E:C0:36:C1:3D:B3:57:09
X509v3 Authority Key Identifier:
keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/N_FJ7OIWFvIW9taFHsA2wT2zVwk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.196.0/22
91.196.153.0/24
91.206.123.0/24
92.114.111.0/24
93.113.47.0/24
93.115.34.0/24
185.202.84.0/22
IPv6:
2a14:3700::/29
Signature Algorithm: sha256WithRSAEncryption
23:b0:fb:dc:d1:79:8a:3e:2b:21:95:a0:29:d8:34:98:04:97:
e1:52:61:a6:98:22:e3:30:31:60:65:d0:8a:b8:53:07:83:57:
1b:d6:3d:20:a6:6a:5e:11:5c:7a:d3:27:46:b5:9e:4d:c8:29:
c8:c7:cf:7a:41:93:ac:e0:3a:62:45:12:47:41:e0:2e:89:ef:
6e:8a:a8:21:c3:85:0e:a6:97:d9:16:e9:e6:03:aa:a6:63:6b:
ca:30:46:e4:f9:7e:30:30:b6:f5:62:71:13:ec:60:35:a7:bf:
c7:2c:9c:60:d0:e8:da:58:a7:17:80:ec:9c:43:6d:cf:73:64:
59:90:19:0e:5f:7f:02:2b:b1:78:3f:4d:78:9c:ac:5c:8a:8b:
38:8d:6f:70:37:d8:f8:11:dd:82:e4:66:f8:55:be:d7:38:e4:
42:57:74:fc:45:52:4e:04:e2:d0:ed:50:cb:03:05:e9:25:c7:
8c:53:c5:0a:4b:34:25:4f:cd:34:c5:7f:b3:cd:24:cf:3e:d0:
51:7e:7e:51:28:79:c3:36:53:08:6c:3a:c5:f9:87:e1:f5:a8:
b0:d9:0e:b1:4b:66:2a:c1:50:d7:3a:1c:a5:da:9f:80:5b:45:
38:9d:03:71:02:49:95:ec:d9:ab:e3:d6:fe:36:f7:b6:67:33:
11:b2:40:e2
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZVidXWa1lHfCxpRJ5dz8FykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwMzA0MTg0MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2YxNDllY2UyMTYxNmYyMTZmNmQ2ODUxZWMwMzZjMTNkYjM1NzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutPkXa2iCg05JQmdXM+bVXopgm7C
913UYyEA0FLMG+9yxyo4TPIHXE8hdC8PYMNpP8eIYWqEKE0dL7vcDai5VeW/7Tp5
hDhyCUit+GTzz/VUAMeE+vSW2c/xPh97YpEWfP+WAA4qGD2Rm7AyV/tijj3v2S2r
6BRdjRNFUDbAPoOoEO5GnSjYq2Vtcpe/mWYSPnTpQJ029ruInN/S9kvQCY6Ca8hd
kx+3lN4RnK9hN1z869UksV7TGO3+WNcEA/gKGRiCFFQ7NpEaJjXgmC/sapWAZDe+
oviZBK8QlP0j8m2BoXkiNmE+GxlSCxpU5fqfLXQTJ6FZakNe/guzcqx8mwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFDfxSeziFhbyFvbWhR7ANsE9s1cJMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvTl9GSjdPSVdGdklXOXRhRkhzQTJ3VDJ6VndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCWSjEAwQA
W8SZAwQAW857AwQAXHJvAwQAXXEvAwQAXXMiAwQCucpUMA0EAgACMAcDBQMqFDcA
MA0GCSqGSIb3DQEBCwUAA4IBAQAjsPvc0XmKPishlaAp2DSYBJfhUmGmmCLjMDFg
ZdCKuFMHg1cb1j0gpmpeEVx60ydGtZ5NyCnIx896QZOs4DpiRRJHQeAuie9uiqgh
w4UOppfZFunmA6qmY2vKMEbk+X4wMLb1YnET7GA1p7/HLJxg0OjaWKcXgOycQ23P
c2RZkBkOX38CK7F4P014nKxcios4jW9wN9j4Ed2C5Gb4Vb7XOORCV3T8RVJOBOLQ
7VDLAwXpJceMU8UKSzQlT800xX+zzSTPPtBRfn5RKHnDNlMIbDrF+Yfh9aiw2Q6x
S2YqwVDXOhyl2p+AW0U4nQNxAkmV7Nmr49b+Nve2ZzMRskDi
-----END CERTIFICATE-----
Generated at Mon Apr 7 16:54:59 2025 by rpki-client