Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/2fQddCIl-7Oq1WuhVFDb_ItwFWs.roa
File: 2fQddCIl-7Oq1WuhVFDb_ItwFWs.roa (raw, json)
Hash identifier: G5bUTFThyurFxXPOBBEBFBWKjBkZ0p5sb4xbB9qr44M=
Subject key identifier: D9:F4:1D:74:22:25:FB:B3:AA:D5:6B:A1:54:50:DB:FC:8B:70:15:6B
Certificate issuer: /CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
Certificate serial: 0197E6AF782B989CB333A49DBE9F3BD61DF1
Authority key identifier: F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/2fQddCIl-7Oq1WuhVFDb_ItwFWs.roa
Signing time: Mon 07 Jul 2025 20:59:08 +0000
ROA not before: Mon 07 Jul 2025 20:59:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29551
IP address blocks: 88.214.25.0/24 maxlen: 24
91.228.101.0/24 maxlen: 24
193.24.208.0/22 maxlen: 22
193.24.208.0/23 maxlen: 23
193.24.210.0/24 maxlen: 24
194.24.160.0/23 maxlen: 23
194.24.160.0/24 maxlen: 24
2001:67c:2c58::/48 maxlen: 48
2a00:1910::/32 maxlen: 32
2a00:1911::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.mft
rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 23:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:e6:af:78:2b:98:9c:b3:33:a4:9d:be:9f:3b:d6:1d:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
Validity
Not Before: Jul 7 20:59:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9f41d742225fbb3aad56ba15450dbfc8b70156b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:a0:af:11:82:9b:16:1d:66:df:31:a0:c6:0d:
cf:70:76:4b:e7:81:9a:5d:69:56:9b:08:41:47:9a:
99:97:7f:f3:ac:d8:d0:61:b1:5a:55:3d:89:c8:8a:
17:1d:b2:a1:77:ce:ad:b8:9a:ee:54:5e:a3:d6:ab:
93:b8:d2:2c:09:f4:07:14:a6:3e:33:5f:e0:f0:6a:
8f:69:2e:83:c6:53:a7:0d:6f:16:b7:68:21:d4:c7:
af:4c:1d:07:ab:68:c6:da:8c:a9:eb:c8:bb:dd:31:
9e:a1:3e:53:51:87:53:be:f8:f6:18:61:af:04:b4:
4c:c6:92:c9:c5:5d:12:63:32:8e:65:22:ec:98:14:
09:8a:14:ae:ce:db:a5:d3:1e:7e:3d:f8:5d:85:75:
87:75:2a:29:21:6d:72:fd:1f:e4:00:6d:03:f7:e7:
70:e4:3e:b2:b2:5f:1a:b8:f7:7b:40:a6:4b:31:48:
59:a0:22:bb:35:ed:b9:bb:7f:27:fa:39:1a:c0:95:
0d:33:d3:92:00:e1:18:89:25:c4:57:e4:f1:97:91:
e8:34:87:15:bf:d4:b4:05:90:d9:89:60:e7:4c:2d:
f7:72:6d:57:ea:ce:ff:2a:4d:d1:72:4f:b7:2e:05:
84:1d:5b:f0:b9:fa:4b:6e:c2:8f:7e:61:dc:98:2b:
e0:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:F4:1D:74:22:25:FB:B3:AA:D5:6B:A1:54:50:DB:FC:8B:70:15:6B
X509v3 Authority Key Identifier:
keyid:F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/2fQddCIl-7Oq1WuhVFDb_ItwFWs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.214.25.0/24
91.228.101.0/24
193.24.208.0/22
194.24.160.0/23
IPv6:
2001:67c:2c58::/48
2a00:1910::/31
Signature Algorithm: sha256WithRSAEncryption
29:16:cf:d2:0b:82:75:62:b7:bb:84:77:aa:3e:55:ba:ef:ed:
f1:0f:b2:cc:57:1f:19:76:08:7a:0f:96:ae:7b:02:66:57:70:
79:8a:1e:9c:e9:73:f1:13:78:3d:f1:6f:bc:1e:65:49:c0:14:
d9:ef:b1:14:98:62:02:35:e0:92:a6:61:d8:7d:da:20:c1:5b:
f6:09:fe:32:50:8f:8a:4c:41:6c:cd:35:88:c2:b5:a2:3b:b0:
49:4f:a9:1e:6e:43:68:f4:65:e7:e1:58:98:38:d0:72:50:a9:
e7:a0:3e:eb:4a:28:b7:2b:e5:2d:fc:8e:2c:c2:4c:a0:a0:49:
02:ac:1f:e4:bc:10:23:eb:b9:d4:8d:84:51:3a:5a:50:e8:d9:
3b:6b:d6:cf:16:61:04:cc:c1:d5:87:5d:a1:32:a2:f7:ac:db:
5a:4b:4a:58:19:53:21:ea:f4:36:e6:72:21:1f:54:2b:0e:b1:
95:38:45:9f:32:32:1d:35:72:9d:76:a0:16:c7:a4:98:78:f3:
9f:2e:5a:42:33:18:c8:57:09:ca:8f:da:4a:50:c0:52:31:89:
b2:95:99:3e:f0:0d:7a:02:d2:be:33:ef:aa:49:93:4d:bb:b4:
72:9e:83:5f:9c:a4:7a:96:3d:7e:4d:06:d8:44:b1:ef:25:ca:
92:bd:e6:1e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZfmr3grmJyzM6Sdvp871h3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDlhOTI4MmM5ZDI1NDdjNTY2NjM0ZjNiYWNjY2JjZjI1
ODg4MjcwHhcNMjUwNzA3MjA1OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWY0MWQ3NDIyMjVmYmIzYWFkNTZiYTE1NDUwZGJmYzhiNzAxNTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqCvEYKbFh1m3zGgxg3PcHZL54Ga
XWlWmwhBR5qZl3/zrNjQYbFaVT2JyIoXHbKhd86tuJruVF6j1quTuNIsCfQHFKY+
M1/g8GqPaS6DxlOnDW8Wt2gh1MevTB0Hq2jG2oyp68i73TGeoT5TUYdTvvj2GGGv
BLRMxpLJxV0SYzKOZSLsmBQJihSuztul0x5+PfhdhXWHdSopIW1y/R/kAG0D9+dw
5D6ysl8auPd7QKZLMUhZoCK7Ne25u38n+jkawJUNM9OSAOEYiSXEV+Txl5HoNIcV
v9S0BZDZiWDnTC33cm1X6s7/Kk3Rck+3LgWEHVvwufpLbsKPfmHcmCvgHQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNn0HXQiJfuzqtVroVRQ2/yLcBVrMB8GA1UdIwQY
MBaAFPXZqSgsnSVHxWZjTzuszLzyWIgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjct
OGNmNDFjYWZkY2UyLzEvMmZRZGRDSWwtN09xMVd1aFZGRGJfSXR3RldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjctOGNmNDFjYWZkY2Uy
LzEvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQAWNYZAwQA
W+RlAwQCwRjQAwQBwhigMBYEAgACMBADBwAgAQZ8LFgDBQEqABkQMA0GCSqGSIb3
DQEBCwUAA4IBAQApFs/SC4J1Yre7hHeqPlW67+3xD7LMVx8Zdgh6D5auewJmV3B5
ih6c6XPxE3g98W+8HmVJwBTZ77EUmGICNeCSpmHYfdogwVv2Cf4yUI+KTEFszTWI
wrWiO7BJT6kebkNo9GXn4ViYONByUKnnoD7rSii3K+Ut/I4swkygoEkCrB/kvBAj
67nUjYRROlpQ6Nk7a9bPFmEEzMHVh12hMqL3rNtaS0pYGVMh6vQ25nIhH1QrDrGV
OEWfMjIdNXKddqAWx6SYePOfLlpCMxjIVwnKj9pKUMBSMYmylZk+8A16AtK+M++q
SZNNu7RynoNfnKR6lj1+TQbYRLHvJcqSveYe
-----END CERTIFICATE-----
Generated at Sun Jul 27 09:07:26 2025 by rpki-client