Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/Wzt-Ou1QVSJEG5lh6mPjN_ZX0o8.roa
File: Wzt-Ou1QVSJEG5lh6mPjN_ZX0o8.roa (raw, json)
Hash identifier: KIeE4BRemOsByP9NZcIanx6wVETopkaYtA+bHc7KopI=
Subject key identifier: 5B:3B:7E:3A:ED:50:55:22:44:1B:99:61:EA:63:E3:37:F6:57:D2:8F
Certificate issuer: /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial: 0198E1ACF12EFF33C6CDA60BDFA9CAFB6702
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/Wzt-Ou1QVSJEG5lh6mPjN_ZX0o8.roa
Signing time: Mon 25 Aug 2025 14:41:04 +0000
ROA not before: Mon 25 Aug 2025 14:41:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212921
IP address blocks: 2.59.152.0/24 maxlen: 24
2.59.155.0/24 maxlen: 24
45.91.227.0/24 maxlen: 24
45.142.152.0/24 maxlen: 24
45.142.155.0/24 maxlen: 24
193.239.150.0/24 maxlen: 24
193.239.154.0/24 maxlen: 24
194.126.202.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Sep 2025 11:01:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e1:ac:f1:2e:ff:33:c6:cd:a6:0b:df:a9:ca:fb:67:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
Validity
Not Before: Aug 25 14:41:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5b3b7e3aed505522441b9961ea63e337f657d28f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:dc:c5:6f:12:a1:e5:86:fc:1e:61:20:40:65:
d8:85:fd:42:4b:fa:4f:5c:e2:64:48:bb:70:85:65:
ef:0c:7b:f5:65:0d:9d:77:2a:ad:ce:85:cd:d8:2c:
20:01:6e:f3:03:67:67:c8:ad:3f:a4:c2:cd:be:23:
a4:48:0b:d4:a4:65:4b:25:15:b8:df:4a:a1:71:09:
3c:ae:56:a8:f7:73:42:30:80:aa:fa:f7:c2:f6:2d:
3e:5e:ea:d4:ca:c2:c1:ba:81:db:98:cd:0f:51:30:
df:2e:be:77:50:4e:25:47:ff:d9:66:9b:b5:c6:b9:
f5:c4:f9:b6:dc:89:2c:b4:4e:6b:df:56:1c:a4:f0:
e1:8d:58:ff:87:57:c2:8a:ee:5f:73:c0:05:f1:29:
7d:9b:a5:11:55:8e:85:46:5a:11:4e:e7:c1:1a:87:
a9:23:16:60:21:80:18:ce:67:09:fe:2d:b3:8f:72:
0d:a7:58:62:33:b6:19:fa:27:b3:2c:f4:2a:ef:08:
29:6f:5b:3c:e8:ed:d1:da:16:8f:88:68:2e:f9:c1:
26:4f:2b:36:95:dc:1a:21:3c:f7:8d:5a:1a:25:31:
6e:08:0e:b2:f8:ef:46:4f:dc:f8:06:39:39:cc:ad:
f8:e6:47:0d:ee:77:ec:22:27:69:4d:dc:38:77:2e:
02:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:3B:7E:3A:ED:50:55:22:44:1B:99:61:EA:63:E3:37:F6:57:D2:8F
X509v3 Authority Key Identifier:
keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/Wzt-Ou1QVSJEG5lh6mPjN_ZX0o8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.152.0/24
2.59.155.0/24
45.91.227.0/24
45.142.152.0/24
45.142.155.0/24
193.239.150.0/24
193.239.154.0/24
194.126.202.0/24
Signature Algorithm: sha256WithRSAEncryption
09:ff:fd:f3:09:06:09:10:38:8c:d3:b3:92:c5:18:27:16:c2:
05:13:de:fb:46:e0:dd:ae:fa:e2:cb:06:5f:12:09:a4:14:76:
70:16:0f:f8:10:49:a3:ed:03:6c:9e:94:88:d6:14:1c:9a:c6:
49:23:a1:b8:94:c8:8f:8f:16:1b:61:5e:e8:2d:d3:76:b6:35:
95:c8:4c:96:d9:3d:b1:32:e2:de:29:dd:12:78:2f:e0:a9:a8:
e4:f0:97:7d:42:33:db:e7:34:1b:da:62:52:45:d5:8a:57:c6:
f0:69:f5:65:10:fa:98:69:06:b2:99:46:60:ff:ed:97:38:9d:
88:c4:e3:4f:bf:11:d9:aa:c0:a9:de:1c:90:dc:0f:8c:bb:45:
e8:0f:70:98:f6:bf:51:1b:3a:7c:ea:2d:52:f1:b0:b5:f9:da:
30:6b:15:3d:12:26:4d:56:1b:69:86:0c:a0:ce:02:62:41:86:
a5:6e:bb:1c:4a:09:d4:33:2c:0a:c8:d2:68:41:c6:1f:1b:62:
e9:16:04:ca:a6:90:25:44:ac:32:fa:3f:66:bf:50:e9:29:b7:
85:06:fc:0d:1f:2a:ff:1f:c8:57:cb:12:b4:df:17:dd:01:a7:
d8:07:18:c7:f6:8d:d5:2a:1a:26:44:05:14:9d:e9:74:68:69:
b1:2a:a9:8d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZjhrPEu/zPGzaYL36nK+2cCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjUwODI1MTQ0MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjNiN2UzYWVkNTA1NTIyNDQxYjk5NjFlYTYzZTMzN2Y2NTdkMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dzFbxKh5Yb8HmEgQGXYhf1CS/pP
XOJkSLtwhWXvDHv1ZQ2ddyqtzoXN2CwgAW7zA2dnyK0/pMLNviOkSAvUpGVLJRW4
30qhcQk8rlao93NCMICq+vfC9i0+XurUysLBuoHbmM0PUTDfLr53UE4lR//ZZpu1
xrn1xPm23IkstE5r31YcpPDhjVj/h1fCiu5fc8AF8Sl9m6URVY6FRloRTufBGoep
IxZgIYAYzmcJ/i2zj3INp1hiM7YZ+iezLPQq7wgpb1s86O3R2haPiGgu+cEmTys2
ldwaITz3jVoaJTFuCA6y+O9GT9z4Bjk5zK345kcN7nfsIidpTdw4dy4C+wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFs7fjrtUFUiRBuZYepj4zf2V9KPMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvV3p0LU91MVFWU0pFRzVsaDZtUGpOX1pYMG84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAAjuYAwQA
AjubAwQALVvjAwQALY6YAwQALY6bAwQAwe+WAwQAwe+aAwQAwn7KMA0GCSqGSIb3
DQEBCwUAA4IBAQAJ//3zCQYJEDiM07OSxRgnFsIFE977RuDdrvriywZfEgmkFHZw
Fg/4EEmj7QNsnpSI1hQcmsZJI6G4lMiPjxYbYV7oLdN2tjWVyEyW2T2xMuLeKd0S
eC/gqajk8Jd9QjPb5zQb2mJSRdWKV8bwafVlEPqYaQaymUZg/+2XOJ2IxONPvxHZ
qsCp3hyQ3A+Mu0XoD3CY9r9RGzp86i1S8bC1+dowaxU9EiZNVhtphgygzgJiQYal
brscSgnUMywKyNJoQcYfG2LpFgTKppAlRKwy+j9mv1DpKbeFBvwNHyr/H8hXyxK0
3xfdAafYBxjH9o3VKhomRAUUnel0aGmxKqmN
-----END CERTIFICATE-----
Generated at Thu Sep 11 18:39:43 2025 by rpki-client