Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u5vcNC_wsjN4JqOt-LZDBZFY6nM.roa
File: u5vcNC_wsjN4JqOt-LZDBZFY6nM.roa (raw, json)
Hash identifier: 4NMdIXLPVEp9qyNcHIn5kbYk9HJMEh520wmlSUwyABo=
Subject key identifier: BB:9B:DC:34:2F:F0:B2:33:78:26:A3:AD:F8:B6:43:05:91:58:EA:73
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019739478653DA0AA17DBBD1E0A7667E9DAB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u5vcNC_wsjN4JqOt-LZDBZFY6nM.roa
Signing time: Wed 04 Jun 2025 04:51:17 +0000
ROA not before: Wed 04 Jun 2025 04:51:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51659
IP address blocks: 194.87.68.0/22 maxlen: 22
194.87.68.0/23 maxlen: 23
194.87.70.0/24 maxlen: 24
194.87.106.0/24 maxlen: 24
194.87.196.0/23 maxlen: 23
195.58.48.0/23 maxlen: 23
195.133.5.0/24 maxlen: 24
195.133.23.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 03:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:39:47:86:53:da:0a:a1:7d:bb:d1:e0:a7:66:7e:9d:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jun 4 04:51:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bb9bdc342ff0b2337826a3adf8b643059158ea73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:33:1e:8e:76:c4:bc:62:09:cc:05:3b:72:0f:
7e:ce:e6:38:86:09:c2:68:e5:b0:e4:72:ac:d0:02:
82:1e:8a:eb:89:10:00:61:4d:78:3e:9d:32:e1:c1:
17:9a:a8:7e:28:97:8d:44:a6:05:3d:89:dd:35:12:
2c:af:bb:f3:10:95:ef:4c:e2:1c:29:a2:bb:8f:c3:
50:6e:98:5d:da:92:8d:7f:7b:7e:f3:eb:09:3a:2c:
ed:f8:ee:96:7e:69:0e:57:4a:4d:c6:e3:cf:2b:fb:
42:9a:f0:45:37:fd:a5:52:ea:9b:a8:ef:5a:37:1b:
4c:0f:bf:5b:54:3e:23:35:fe:17:1e:fb:dd:a2:89:
af:ba:19:38:6a:90:da:ed:72:f1:c0:a5:d7:58:90:
d4:fa:ff:ed:cc:c0:e3:5d:ba:ec:6f:42:be:81:f0:
c0:29:ff:1b:93:02:3e:13:05:7b:c3:6b:c7:76:9e:
69:2b:bd:7e:11:29:d3:bb:44:4d:eb:91:1b:a6:c5:
8a:6a:3a:7f:59:0c:da:51:1f:9e:c5:9b:81:a5:84:
6b:76:34:19:d1:24:6d:86:e5:e4:58:b3:d5:a9:65:
78:2e:73:91:13:fa:e7:42:25:39:56:4e:bf:27:34:
57:38:79:d8:c9:78:fe:e1:87:db:07:ff:2b:02:ae:
7f:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:9B:DC:34:2F:F0:B2:33:78:26:A3:AD:F8:B6:43:05:91:58:EA:73
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/u5vcNC_wsjN4JqOt-LZDBZFY6nM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.87.68.0/22
194.87.106.0/24
194.87.196.0/23
195.58.48.0/23
195.133.5.0/24
195.133.23.0/24
Signature Algorithm: sha256WithRSAEncryption
85:b6:36:c0:72:73:f4:db:8e:c2:41:68:c5:4a:2a:62:01:27:
c0:df:61:f8:04:ed:0a:5d:19:46:f7:48:a6:01:bf:2b:8d:3f:
b7:c0:17:8e:a5:14:aa:6d:61:30:c7:9c:f5:58:0b:ee:f3:1c:
90:b0:ec:87:b1:2f:46:9b:f6:c3:ed:a2:ab:6e:3f:0f:ef:b3:
b0:2b:98:90:1b:88:02:54:6c:bb:5f:63:bb:52:7f:f2:55:eb:
ff:1b:93:b4:ec:76:1c:ba:84:09:09:c6:6a:38:38:a2:5b:0a:
3b:92:90:77:68:de:fd:93:21:ef:eb:0e:61:62:45:c3:64:b9:
b9:c7:e2:7d:42:df:82:ae:80:33:ac:1c:4b:de:c8:68:9f:4f:
0d:70:a3:3b:37:59:cb:03:42:dc:1a:af:9a:4d:8d:f8:d0:c7:
b0:eb:48:94:af:89:c5:c8:ac:44:06:74:a4:70:23:2d:d7:81:
37:34:03:3d:95:4f:56:c0:74:33:27:fb:9d:4c:2a:f2:a2:4f:
91:08:1d:9c:28:86:56:2d:34:9c:f5:88:09:75:32:6f:e4:5c:
6e:05:0f:ca:e0:34:a2:74:d6:06:96:fd:4a:77:0c:5a:8e:25:
14:d3:cc:c7:d0:eb:6b:2f:35:9d:fb:12:24:dc:00:26:30:6e:
59:27:4f:c3
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZc5R4ZT2gqhfbvR4Kdmfp2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNjA0MDQ1MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjliZGMzNDJmZjBiMjMzNzgyNmEzYWRmOGI2NDMwNTkxNThlYTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TMejnbEvGIJzAU7cg9+zuY4hgnC
aOWw5HKs0AKCHorriRAAYU14Pp0y4cEXmqh+KJeNRKYFPYndNRIsr7vzEJXvTOIc
KaK7j8NQbphd2pKNf3t+8+sJOizt+O6WfmkOV0pNxuPPK/tCmvBFN/2lUuqbqO9a
NxtMD79bVD4jNf4XHvvdoomvuhk4apDa7XLxwKXXWJDU+v/tzMDjXbrsb0K+gfDA
Kf8bkwI+EwV7w2vHdp5pK71+ESnTu0RN65EbpsWKajp/WQzaUR+exZuBpYRrdjQZ
0SRthuXkWLPVqWV4LnORE/rnQiU5Vk6/JzRXOHnYyXj+4YfbB/8rAq5/3QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLub3DQv8LIzeCajrfi2QwWRWOpzMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdTV2Y05DX3dzak40SnFPdC1MWkRCWkZZNm5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCwldEAwQA
wldqAwQBwlfEAwQBwzowAwQAw4UFAwQAw4UXMA0GCSqGSIb3DQEBCwUAA4IBAQCF
tjbAcnP0247CQWjFSipiASfA32H4BO0KXRlG90imAb8rjT+3wBeOpRSqbWEwx5z1
WAvu8xyQsOyHsS9Gm/bD7aKrbj8P77OwK5iQG4gCVGy7X2O7Un/yVev/G5O07HYc
uoQJCcZqODiiWwo7kpB3aN79kyHv6w5hYkXDZLm5x+J9Qt+CroAzrBxL3shon08N
cKM7N1nLA0LcGq+aTY340Mew60iUr4nFyKxEBnSkcCMt14E3NAM9lU9WwHQzJ/ud
TCryok+RCB2cKIZWLTSc9YgJdTJv5FxuBQ/K4DSidNYGlv1KdwxajiUU08zH0Otr
LzWd+xIk3AAmMG5ZJ0/D
-----END CERTIFICATE-----
Generated at Sun Jun 8 14:37:04 2025 by rpki-client