Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NZacVhcMIBZPlrCCgKUr9qaRngo.roa
File: NZacVhcMIBZPlrCCgKUr9qaRngo.roa (raw, json)
Hash identifier: N4LWigwHxA6BI6YknNBS3qV/TMpO4OkHnKw0VzTcN70=
Subject key identifier: 35:96:9C:56:17:0C:20:16:4F:96:B0:82:80:A5:2B:F6:A6:91:9E:0A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01994D370A59D7E378D255442840735CFEEA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NZacVhcMIBZPlrCCgKUr9qaRngo.roa
Signing time: Mon 15 Sep 2025 11:51:16 +0000
ROA not before: Mon 15 Sep 2025 11:51:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
79.110.51.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
82.115.211.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
85.217.128.0/24 maxlen: 24
85.217.130.0/23 maxlen: 24
87.120.33.0/24 maxlen: 24
87.120.38.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.88.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.27.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.37.0/24 maxlen: 32
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.177.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.37.40.0/24 maxlen: 24
193.222.98.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.59.28.0/23 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.111.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Sep 2025 17:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:4d:37:0a:59:d7:e3:78:d2:55:44:28:40:73:5c:fe:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Sep 15 11:51:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35969c56170c20164f96b08280a52bf6a6919e0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:55:bb:0e:28:53:f8:4e:fa:7b:5c:16:34:f8:
f6:2a:51:5f:df:21:92:25:43:9d:25:e3:df:69:26:
a5:7b:f1:78:6e:85:11:03:f6:65:08:ed:21:05:af:
23:4d:d5:2c:2d:e6:72:f0:c2:03:3d:2e:15:31:06:
6c:ac:af:b6:80:2e:c3:49:50:af:1f:62:08:59:cd:
1b:06:b7:4c:70:c8:e8:95:55:44:3e:54:14:5a:09:
8a:ca:03:c9:6d:a6:87:20:e7:25:1d:19:4a:80:30:
12:7c:98:8f:94:ee:c5:0a:22:63:ef:c5:f6:01:3e:
d1:90:e0:49:27:96:4d:45:83:e7:e0:91:a2:72:a2:
e6:12:fc:ec:dc:4d:99:88:5a:e9:66:ab:0f:92:0f:
f5:ee:6d:9d:7a:f0:c8:0e:4d:6e:d8:eb:61:29:b7:
4d:5c:b3:a6:0d:a7:87:51:f1:c4:8e:98:81:7f:45:
df:e6:90:a5:97:df:1d:e9:c0:94:f1:35:8f:fd:27:
54:ce:c5:0e:a4:c0:b0:5c:41:01:8a:86:84:15:b6:
d9:5a:bb:10:b5:b3:60:95:c0:10:56:d9:f2:49:bb:
39:ea:0a:88:b9:5a:ec:51:00:6d:f2:92:51:d5:6c:
0a:b9:7d:a4:f0:f1:d3:12:c2:d4:ab:ef:b6:ee:45:
1c:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:96:9C:56:17:0C:20:16:4F:96:B0:82:80:A5:2B:F6:A6:91:9E:0A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NZacVhcMIBZPlrCCgKUr9qaRngo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.66.228.0/24
45.66.231.0/24
45.81.39.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
79.110.51.0/24
81.161.238.0/24
82.115.211.0/24
83.219.97.0/24
85.217.128.0/24
85.217.130.0/23
87.120.33.0/24
87.120.38.0/24
87.120.87.0/24
87.120.126.0/24
87.120.166.0/24
87.121.88.0/24
87.121.165.0/24
91.92.27.0/24
92.119.196.0/23
92.249.50.0/24
93.123.37.0/24
93.123.109.0/24
93.123.117.0/24
94.103.125.0/24
94.154.161.0-94.154.163.255
94.156.177.0/24
94.156.239.0/24
141.98.6.0/24
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.37.40.0/24
193.222.98.0/24
194.55.186.0/24
194.59.28.0/23
194.169.175.0/24
195.178.111.0/24
Signature Algorithm: sha256WithRSAEncryption
44:ec:42:5b:37:70:81:28:7e:03:7d:40:4e:1c:91:f8:8d:04:
00:58:e0:27:d6:ea:4f:50:8c:6e:e8:f2:43:d0:6d:25:1f:a0:
af:3f:40:53:f4:fd:a9:b9:c1:a0:1b:ad:35:6c:28:5c:af:73:
5f:ca:fe:3c:68:04:8c:55:26:03:13:4c:50:97:59:d7:e0:61:
0e:5c:22:b8:06:2d:64:24:03:ac:eb:96:c4:97:67:6b:cd:11:
aa:fd:1a:45:25:ed:3e:a1:2f:9f:0c:71:be:d4:58:3b:c8:67:
8b:03:bb:7c:75:89:79:7d:2f:0c:8b:b7:a5:82:4d:52:9f:2c:
35:63:05:f9:0a:c5:b7:04:08:16:92:14:94:32:2b:84:17:b0:
87:d9:07:81:a0:ed:cb:36:65:44:71:ba:11:29:60:98:cf:96:
35:1a:9f:73:d0:9d:b1:3a:5a:50:ed:92:38:a1:26:b6:d6:67:
fc:7f:fd:f2:2c:70:e3:20:17:76:74:fb:ed:87:e3:d0:eb:fb:
10:6d:03:84:aa:f0:ca:c3:ad:68:3b:61:84:3c:3a:f5:0e:1a:
0e:c7:2c:5a:c0:cd:70:8b:ff:89:14:37:bb:5b:39:55:34:02:
b8:ff:fc:63:ea:7c:ac:41:1f:c9:44:9c:33:ac:b6:4c:da:69:
a3:8b:0c:32
-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgISAZlNNwpZ1+N40lVEKEBzXP7qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwOTE1MTE1MTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTk2OWM1NjE3MGMyMDE2NGY5NmIwODI4MGE1MmJmNmE2OTE5ZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1W7DihT+E76e1wWNPj2KlFf3yGS
JUOdJePfaSale/F4boURA/ZlCO0hBa8jTdUsLeZy8MIDPS4VMQZsrK+2gC7DSVCv
H2IIWc0bBrdMcMjolVVEPlQUWgmKygPJbaaHIOclHRlKgDASfJiPlO7FCiJj78X2
AT7RkOBJJ5ZNRYPn4JGicqLmEvzs3E2ZiFrpZqsPkg/17m2devDIDk1u2OthKbdN
XLOmDaeHUfHEjpiBf0Xf5pCll98d6cCU8TWP/SdUzsUOpMCwXEEBioaEFbbZWrsQ
tbNglcAQVtnySbs56gqIuVrsUQBt8pJR1WwKuX2k8PHTEsLUq++27kUcvQIDAQAB
o4IDFzCCAxMwHQYDVR0OBBYEFDWWnFYXDCAWT5awgoClK/amkZ4KMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTlphY1ZoY01JQlpQbHJDQ2dLVXI5cWFSbmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKwYIKwYBBQUHAQcBAf8EggEaMIIBFjCCARIEAgABMIIB
CgMEAgX8hAMEAB8N0wMEAC0JnQMEAC1C5AMEAC1C5wMEAC1RJwMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NngMEAE9uMwMEAFGh7gMEAFJz0wMEAFPbYQMEAFXZgAMEAVXZ
ggMEAFd4IQMEAFd4JgMEAFd4VwMEAFd4fgMEAFd4pgMEAFd5WAMEAFd5pQMEAFtc
GwMEAVx3xAMEAFz5MgMEAF17JQMEAF17bQMEAF17dQMEAF5nfTAMAwQAXpqhAwQC
XpqgAwQAXpyxAwQAXpzvAwQAjWIGAwQAstfjAwQCudhUAwQAwRnYAwQAwSUoAwQA
wd5iAwQAwje6AwQBwjscAwQAwqmvAwQAw7JvMA0GCSqGSIb3DQEBCwUAA4IBAQBE
7EJbN3CBKH4DfUBOHJH4jQQAWOAn1upPUIxu6PJD0G0lH6CvP0BT9P2pucGgG601
bChcr3Nfyv48aASMVSYDE0xQl1nX4GEOXCK4Bi1kJAOs65bEl2drzRGq/RpFJe0+
oS+fDHG+1Fg7yGeLA7t8dYl5fS8Mi7elgk1Snyw1YwX5CsW3BAgWkhSUMiuEF7CH
2QeBoO3LNmVEcboRKWCYz5Y1Gp9z0J2xOlpQ7ZI4oSa21mf8f/3yLHDjIBd2dPvt
h+PQ6/sQbQOEqvDKw61oO2GEPDr1DhoOxyxawM1wi/+JFDe7WzlVNAK4//xj6nys
QR/JRJwzrLZM2mmjiwwy
-----END CERTIFICATE-----
Generated at Thu Sep 18 01:38:22 2025 by rpki-client