Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/NkPgAsBwPPi223h4iUw2t-cEvWY.roa
File: NkPgAsBwPPi223h4iUw2t-cEvWY.roa (raw, json)
Hash identifier: ynaAeCHhaF8I4fYynmpFVpN8gHRf6H4SVtkjV4EJ3VY=
Subject key identifier: 36:43:E0:02:C0:70:3C:F8:B6:DB:78:78:89:4C:36:B7:E7:04:BD:66
Certificate issuer: /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial: 01972F9358C048013F366D028FEE2F0D7511
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/NkPgAsBwPPi223h4iUw2t-cEvWY.roa
Signing time: Mon 02 Jun 2025 07:37:54 +0000
ROA not before: Mon 02 Jun 2025 07:37:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48635
IP address blocks: 2.57.57.0/24 maxlen: 24
5.157.80.0/21 maxlen: 24
31.25.96.0/21 maxlen: 24
31.186.168.0/21 maxlen: 24
62.221.248.0/21 maxlen: 24
62.221.250.0/24 maxlen: 24
79.99.128.0/21 maxlen: 24
92.63.168.0/21 maxlen: 24
93.180.64.0/21 maxlen: 24
93.187.220.0/22 maxlen: 24
109.72.80.0/20 maxlen: 24
109.106.160.0/20 maxlen: 24
109.106.176.0/21 maxlen: 24
185.27.172.0/22 maxlen: 24
185.37.68.0/22 maxlen: 24
185.56.144.0/22 maxlen: 24
185.66.248.0/22 maxlen: 24
185.87.184.0/22 maxlen: 24
185.94.228.0/22 maxlen: 24
185.94.228.0/24 maxlen: 24
185.95.28.0/22 maxlen: 24
185.103.156.0/22 maxlen: 24
185.103.240.0/22 maxlen: 24
185.107.212.0/22 maxlen: 24
185.107.224.0/23 maxlen: 24
185.109.216.0/22 maxlen: 24
185.159.240.0/22 maxlen: 24
185.175.200.0/22 maxlen: 24
185.182.56.0/22 maxlen: 24
185.187.12.0/22 maxlen: 24
185.223.32.0/22 maxlen: 24
185.224.88.0/22 maxlen: 24
185.233.28.0/22 maxlen: 24
195.238.74.0/23 maxlen: 24
2a00:f10::/29 maxlen: 48
2a01:b940::/29 maxlen: 48
2a01:b942::/32 maxlen: 48
2a01:b944::/32 maxlen: 48
2a02:40c1::/32 maxlen: 48
2a03:3060::/29 maxlen: 48
2a04:6bc0::/36 maxlen: 48
2a05:1500::/29 maxlen: 48
2a05:1500:500::/40 maxlen: 40
2a0b:7280::/29 maxlen: 48
2a0b:8f80::/29 maxlen: 48
2a0b:8f80::/48 maxlen: 48
2a0c:84c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 10 Jun 2025 02:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:2f:93:58:c0:48:01:3f:36:6d:02:8f:ee:2f:0d:75:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Validity
Not Before: Jun 2 07:37:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3643e002c0703cf8b6db7878894c36b7e704bd66
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:26:18:a5:53:4e:5a:84:3f:76:2c:5e:96:4a:
8b:98:2b:b8:f2:65:9d:05:36:66:3d:2a:91:a4:2e:
3d:1a:74:b0:e3:03:4b:ff:00:95:ec:54:1f:0e:7c:
8a:5f:1d:6a:2f:4d:13:6c:f9:d4:95:19:7a:50:0c:
b1:d9:e7:4f:f5:bd:f4:ea:52:a2:d9:c4:4b:9d:0d:
79:b2:41:fc:5b:1b:c6:e4:58:41:08:8d:5c:d6:79:
99:bc:33:ac:74:cc:89:af:bc:35:a0:df:dc:58:d6:
ee:ab:fe:77:9b:21:3f:6b:cc:2e:17:4f:b1:88:a4:
e9:5c:49:03:a3:f0:24:e7:c9:ca:3f:47:59:46:97:
6b:09:7e:9e:5e:ff:6e:fd:f8:08:72:20:20:31:92:
24:30:54:ae:5c:ef:21:61:6b:c7:7c:78:a4:4b:0b:
3c:d4:a0:1a:4f:ee:4b:79:24:4e:67:1a:1e:ab:e0:
2e:7c:85:f8:4e:fd:b0:92:d3:06:06:7f:35:ac:4e:
a4:d3:22:20:5f:57:1b:05:07:b7:ea:ed:b5:a3:cd:
d8:ab:3d:79:9a:b1:76:84:d6:d1:9f:9e:3e:cc:cb:
84:af:2d:fc:16:23:14:bf:9e:40:92:86:02:cb:7a:
75:34:b8:0d:38:e8:03:89:05:e2:5b:49:51:00:bb:
c0:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:43:E0:02:C0:70:3C:F8:B6:DB:78:78:89:4C:36:B7:E7:04:BD:66
X509v3 Authority Key Identifier:
keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/NkPgAsBwPPi223h4iUw2t-cEvWY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.57.0/24
5.157.80.0/21
31.25.96.0/21
31.186.168.0/21
62.221.248.0/21
79.99.128.0/21
92.63.168.0/21
93.180.64.0/21
93.187.220.0/22
109.72.80.0/20
109.106.160.0-109.106.183.255
185.27.172.0/22
185.37.68.0/22
185.56.144.0/22
185.66.248.0/22
185.87.184.0/22
185.94.228.0/22
185.95.28.0/22
185.103.156.0/22
185.103.240.0/22
185.107.212.0/22
185.107.224.0/23
185.109.216.0/22
185.159.240.0/22
185.175.200.0/22
185.182.56.0/22
185.187.12.0/22
185.223.32.0/22
185.224.88.0/22
185.233.28.0/22
195.238.74.0/23
IPv6:
2a00:f10::/29
2a01:b940::/29
2a02:40c1::/32
2a03:3060::/29
2a04:6bc0::/36
2a05:1500::/29
2a0b:7280::/29
2a0b:8f80::/29
2a0c:84c0::/29
Signature Algorithm: sha256WithRSAEncryption
03:59:ff:3c:bb:02:c2:b0:2a:7c:b0:79:56:5e:ad:51:6d:93:
33:26:ae:dd:f3:1c:97:96:70:b6:5f:af:e8:a8:d3:a3:5e:6e:
c6:9f:df:8e:71:5e:79:54:c5:4e:fe:55:24:56:ef:4d:39:55:
24:b0:9c:b8:e5:7a:25:85:60:f2:3f:6c:39:12:ec:6d:eb:3e:
96:8f:c2:4b:f5:1d:78:2c:06:0e:81:d9:a8:e7:1a:a0:0f:f8:
f5:5d:35:e1:04:38:e0:80:7f:e0:f6:a1:ea:87:85:3f:4d:e3:
e1:1a:f2:8e:6d:75:a1:d6:0f:b3:18:e4:ae:22:51:a0:c5:15:
c4:e2:76:aa:c7:92:d1:a1:59:d8:0c:4d:1e:3e:01:c6:15:ed:
59:e1:af:75:b7:ab:ea:97:60:19:9e:f9:34:51:dd:90:35:3e:
bb:05:d1:15:43:f4:18:d3:e0:c1:7a:3c:db:87:85:d5:e4:e1:
e7:5a:3d:0c:ce:c0:73:22:54:70:e5:e7:c7:fb:e5:95:82:50:
30:f8:37:92:bc:2a:42:1f:fb:69:3f:59:de:85:12:ca:b4:77:
65:f3:23:6e:78:10:94:0d:1f:0a:d8:58:b1:73:51:e3:89:e8:
4e:78:a5:03:be:ef:8a:ed:2d:29:ed:a0:0f:76:03:c3:c4:aa:
be:5d:01:dc
-----BEGIN CERTIFICATE-----
MIIGCTCCBPGgAwIBAgISAZcvk1jASAE/Nm0Cj+4vDXURMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjUwNjAyMDczNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjQzZTAwMmMwNzAzY2Y4YjZkYjc4Nzg4OTRjMzZiN2U3MDRiZDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yYYpVNOWoQ/dixelkqLmCu48mWd
BTZmPSqRpC49GnSw4wNL/wCV7FQfDnyKXx1qL00TbPnUlRl6UAyx2edP9b306lKi
2cRLnQ15skH8WxvG5FhBCI1c1nmZvDOsdMyJr7w1oN/cWNbuq/53myE/a8wuF0+x
iKTpXEkDo/Ak58nKP0dZRpdrCX6eXv9u/fgIciAgMZIkMFSuXO8hYWvHfHikSws8
1KAaT+5LeSROZxoeq+AufIX4Tv2wktMGBn81rE6k0yIgX1cbBQe36u21o83Yqz15
mrF2hNbRn54+zMuEry38FiMUv55AkoYCy3p1NLgNOOgDiQXiW0lRALvAbQIDAQAB
o4IDFTCCAxEwHQYDVR0OBBYEFDZD4ALAcDz4ttt4eIlMNrfnBL1mMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvTmtQZ0FzQndQUGkyMjNoNGlVdzJ0LWNFdldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKQYIKwYBBQUHAQcBAf8EggEYMIIBFDCByQQCAAEwgcID
BAACOTkDBAMFnVADBAMfGWADBAMfuqgDBAM+3fgDBANPY4ADBANcP6gDBANdtEAD
BAJdu9wDBARtSFAwDAMEBW1qoAMEA21qsAMEArkbrAMEArklRAMEArk4kAMEArlC
+AMEArlXuAMEArle5AMEArlfHAMEArlnnAMEArln8AMEArlr1AMEAblr4AMEArlt
2AMEArmf8AMEArmvyAMEArm2OAMEArm7DAMEArnfIAMEArngWAMEArnpHAMEAcPu
SjBGBAIAAjBAAwUDKgAPEAMFAyoBuUADBQAqAkDBAwUDKgMwYAMGBCoEa8AAAwUD
KgUVAAMFAyoLcoADBQMqC4+AAwUDKgyEwDANBgkqhkiG9w0BAQsFAAOCAQEAA1n/
PLsCwrAqfLB5Vl6tUW2TMyau3fMcl5Zwtl+v6KjTo15uxp/fjnFeeVTFTv5VJFbv
TTlVJLCcuOV6JYVg8j9sORLsbes+lo/CS/UdeCwGDoHZqOcaoA/49V014QQ44IB/
4Pah6oeFP03j4Rryjm11odYPsxjkriJRoMUVxOJ2qseS0aFZ2AxNHj4BxhXtWeGv
dber6pdgGZ75NFHdkDU+uwXRFUP0GNPgwXo824eF1eTh51o9DM7AcyJUcOXnx/vl
lYJQMPg3krwqQh/7aT9Z3oUSyrR3ZfMjbngQlA0fCthYsXNR44noTnilA77viu0t
Ke2gD3YDw8Sqvl0B3A==
-----END CERTIFICATE-----
Generated at Mon Jun 9 11:54:23 2025 by rpki-client