Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/a-NQd2A5-UKTWQxrkPEE8uEU9FM.roa
File: a-NQd2A5-UKTWQxrkPEE8uEU9FM.roa (raw, json)
Hash identifier: zZF7m9NZGOOaoR8OtOkThhIHNI48ThB+aCgwCzfbVXA=
Subject key identifier: 6B:E3:50:77:60:39:F9:42:93:59:0C:6B:90:F1:04:F2:E1:14:F4:53
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 01979254D9D5883CB82507F66DEE7FC1E192
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/a-NQd2A5-UKTWQxrkPEE8uEU9FM.roa
Signing time: Sat 21 Jun 2025 11:52:03 +0000
ROA not before: Sat 21 Jun 2025 11:52:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41691
IP address blocks: 81.22.192.0/24 maxlen: 24
87.117.128.0/21 maxlen: 21
87.117.132.0/24 maxlen: 24
87.117.136.0/23 maxlen: 23
87.117.138.0/24 maxlen: 24
87.117.140.0/22 maxlen: 22
87.117.146.0/23 maxlen: 23
87.117.148.0/23 maxlen: 23
89.221.192.0/22 maxlen: 22
89.221.197.0/24 maxlen: 24
89.221.205.0/24 maxlen: 24
109.172.48.0/22 maxlen: 22
109.172.52.0/23 maxlen: 23
109.172.72.0/23 maxlen: 23
109.172.102.0/23 maxlen: 23
109.172.104.0/22 maxlen: 22
109.172.118.0/23 maxlen: 23
2a02:25e0:f00::/40 maxlen: 40
2a02:25e0:7700::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 19:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:92:54:d9:d5:88:3c:b8:25:07:f6:6d:ee:7f:c1:e1:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Jun 21 11:52:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6be350776039f94293590c6b90f104f2e114f453
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:e8:91:b8:31:72:57:2e:0a:e2:62:e1:d5:0d:
dc:7e:d4:8b:79:e6:ae:9a:dd:d5:bb:83:fd:75:2f:
b9:24:4c:39:3a:d7:1c:f8:38:91:87:97:2a:91:18:
4b:cb:94:fb:2f:1b:d5:ad:a4:75:ec:6e:c0:19:a2:
7a:f9:a0:2e:df:4d:25:fe:bb:bb:98:78:d1:e4:b0:
d5:be:d1:d1:6d:a7:fe:ae:a9:0c:e1:52:d8:20:bd:
48:6c:8d:76:91:8c:48:c2:43:66:57:39:a9:2e:84:
6e:4a:d4:19:dc:77:49:08:59:1b:66:90:9d:39:7f:
45:d6:7e:0f:79:57:44:0c:41:33:ca:3e:36:77:e0:
33:4b:77:f5:47:6d:d6:22:9e:46:46:0e:63:2a:28:
5a:e9:d0:91:f2:61:d6:e3:4c:a4:50:69:c5:c2:dd:
73:cc:e1:9d:8d:f8:e7:1d:7c:6e:54:b2:43:3f:e5:
20:aa:6f:d4:9e:da:ee:51:6c:00:e9:ce:97:f0:c2:
73:4e:1e:a5:4d:82:29:6e:18:c5:6f:ef:85:70:05:
9c:2e:e8:f6:f9:be:d5:13:e3:8d:1b:de:12:11:e7:
42:b0:ec:19:a0:57:0e:aa:41:1b:75:cc:cc:e7:fc:
d4:a3:e8:3d:fe:32:6d:b3:a0:18:ed:55:72:88:1a:
29:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:E3:50:77:60:39:F9:42:93:59:0C:6B:90:F1:04:F2:E1:14:F4:53
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/a-NQd2A5-UKTWQxrkPEE8uEU9FM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.22.192.0/24
87.117.128.0-87.117.138.255
87.117.140.0/22
87.117.146.0-87.117.149.255
89.221.192.0/22
89.221.197.0/24
89.221.205.0/24
109.172.48.0-109.172.53.255
109.172.72.0/23
109.172.102.0-109.172.107.255
109.172.118.0/23
IPv6:
2a02:25e0:f00::/40
2a02:25e0:7700::/40
Signature Algorithm: sha256WithRSAEncryption
1a:1f:b4:09:1a:9d:65:b4:ed:de:79:fa:85:04:3b:a9:cf:3b:
0a:23:c9:fd:bc:33:64:37:24:08:90:72:8f:2a:f8:3a:9c:61:
b1:c2:0c:11:3c:f0:1c:00:2c:b6:69:58:33:f3:db:fb:fc:ab:
a3:2a:df:e0:ef:f9:17:9c:f6:9b:fb:74:d7:11:5a:96:5f:34:
1f:7c:fa:d5:34:c0:84:fd:1b:7a:bf:5d:09:40:8e:b0:1b:7a:
04:9c:91:78:17:ea:6a:bf:3f:c0:57:2d:c9:f4:74:db:80:d6:
20:25:48:7e:d8:95:88:c5:db:e4:4f:f1:8d:33:38:08:b5:15:
88:4a:b1:be:55:28:b1:07:87:73:c1:fd:fb:37:e2:fe:4e:dd:
9e:71:ba:bf:07:5a:6c:6b:bb:c7:84:bc:ab:ab:16:00:73:7d:
74:12:c7:7b:f4:aa:8b:97:ac:e5:78:dc:b1:58:53:48:75:52:
11:bb:76:f5:c8:56:56:80:96:02:c6:c2:ce:0d:36:d5:02:e6:
66:b5:3a:8a:52:0e:a9:3c:54:82:70:ec:ec:81:03:e4:2a:c8:
ae:20:ff:73:c1:0c:67:d4:96:46:75:34:ca:62:00:12:5a:71:
19:09:b6:d2:bb:7f:50:08:24:f2:9b:cf:d0:ab:25:d3:8a:4b:
a5:21:b9:b8
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAZeSVNnViDy4JQf2be5/weGSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwNjIxMTE1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmUzNTA3NzYwMzlmOTQyOTM1OTBjNmI5MGYxMDRmMmUxMTRmNDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuiRuDFyVy4K4mLh1Q3cftSLeeau
mt3Vu4P9dS+5JEw5Otcc+DiRh5cqkRhLy5T7LxvVraR17G7AGaJ6+aAu300l/ru7
mHjR5LDVvtHRbaf+rqkM4VLYIL1IbI12kYxIwkNmVzmpLoRuStQZ3HdJCFkbZpCd
OX9F1n4PeVdEDEEzyj42d+AzS3f1R23WIp5GRg5jKiha6dCR8mHW40ykUGnFwt1z
zOGdjfjnHXxuVLJDP+Ugqm/UntruUWwA6c6X8MJzTh6lTYIpbhjFb++FcAWcLuj2
+b7VE+ONG94SEedCsOwZoFcOqkEbdczM5/zUo+g9/jJts6AY7VVyiBop0QIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFGvjUHdgOflCk1kMa5DxBPLhFPRTMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvYS1OUWQyQTUtVUtUV1F4cmtQRUU4dUVVOUZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGVBggrBgEFBQcBBwEB/wSBhTCBgjBoBAIAATBiAwQAURbA
MAwDBAdXdYADBABXdYoDBAJXdYwwDAMEAVd1kgMEAVd1lAMEAlndwAMEAFndxQME
AFndzTAMAwQEbawwAwQBbaw0AwQBbaxIMAwDBAFtrGYDBAJtrGgDBAFtrHYwFgQC
AAIwEAMGACoCJeAPAwYAKgIl4HcwDQYJKoZIhvcNAQELBQADggEBABoftAkanWW0
7d55+oUEO6nPOwojyf28M2Q3JAiQco8q+DqcYbHCDBE88BwALLZpWDPz2/v8q6Mq
3+Dv+Rec9pv7dNcRWpZfNB98+tU0wIT9G3q/XQlAjrAbegSckXgX6mq/P8BXLcn0
dNuA1iAlSH7YlYjF2+RP8Y0zOAi1FYhKsb5VKLEHh3PB/fs34v5O3Z5xur8HWmxr
u8eEvKurFgBzfXQSx3v0qouXrOV43LFYU0h1UhG7dvXIVlaAlgLGws4NNtUC5ma1
OopSDqk8VIJw7OyBA+QqyK4g/3PBDGfUlkZ1NMpiABJacRkJttK7f1AIJPKbz9Cr
JdOKS6Uhubg=
-----END CERTIFICATE-----
Generated at Sun Jul 27 05:00:50 2025 by rpki-client