Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/ZgG20-53jQJwsyA9Uj-HDlUNiyA.roa
File: ZgG20-53jQJwsyA9Uj-HDlUNiyA.roa (raw, json)
Hash identifier: r4Yw7FV6MragLYSnWbxNhJIL4Bz5tpt7zooYhdKRX2U=
Subject key identifier: 66:01:B6:D3:EE:77:8D:02:70:B3:20:3D:52:3F:87:0E:55:0D:8B:20
Certificate issuer: /CN=923a2b3dd7667275f09886df7da079f755ceed59
Certificate serial: 019720363CD5EAA78EF47771B7C540E8C9A4
Authority key identifier: 92:3A:2B:3D:D7:66:72:75:F0:98:86:DF:7D:A0:79:F7:55:CE:ED:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/ZgG20-53jQJwsyA9Uj-HDlUNiyA.roa
Signing time: Fri 30 May 2025 08:01:54 +0000
ROA not before: Fri 30 May 2025 08:01:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207143
IP address blocks: 185.101.156.0/22 maxlen: 22
185.101.156.0/24 maxlen: 24
185.101.157.0/24 maxlen: 24
185.101.158.0/24 maxlen: 24
185.101.159.0/24 maxlen: 24
185.229.88.0/24 maxlen: 24
185.229.89.0/24 maxlen: 24
185.229.90.0/24 maxlen: 24
185.229.91.0/24 maxlen: 24
193.203.253.0/24 maxlen: 24
204.174.100.0/24 maxlen: 24
213.254.165.0/24 maxlen: 24
2a11:8b81::/32 maxlen: 32
2a11:8b82::/32 maxlen: 32
2a11:8b83:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.mft
rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 10 Jun 2025 11:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:20:36:3c:d5:ea:a7:8e:f4:77:71:b7:c5:40:e8:c9:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=923a2b3dd7667275f09886df7da079f755ceed59
Validity
Not Before: May 30 08:01:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6601b6d3ee778d0270b3203d523f870e550d8b20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:12:89:fa:a1:3f:a6:70:e7:a0:9f:a0:55:f6:
2c:71:78:b4:74:a2:68:1c:c2:c9:f3:2a:e7:35:d9:
8f:ff:d7:d0:5e:54:fa:50:3d:18:47:15:b1:f4:27:
a8:7b:50:0d:58:68:f0:a5:6b:b9:6a:25:34:28:7a:
1b:ef:f4:02:af:ed:02:b8:83:72:54:4d:d0:9a:8b:
a3:4b:01:07:8d:78:93:e4:b5:7a:98:04:eb:0c:03:
33:fb:a7:87:3c:f1:ad:30:f2:28:90:16:e7:f0:f3:
8f:32:44:e4:89:7c:5a:5d:fa:7c:26:93:12:5d:d7:
b3:e3:8a:5c:37:78:d0:40:b1:bf:b3:d1:fc:f9:8a:
50:3f:42:08:0a:9f:b4:0d:e5:51:85:bc:e9:fc:21:
50:41:98:56:fc:4d:6e:fe:42:9f:35:4f:7b:fb:0c:
e1:5c:4d:c9:f6:72:2f:b4:3f:1f:71:32:30:28:59:
6f:05:0b:55:cb:e9:6a:8a:fa:54:c2:42:fb:a5:64:
e7:70:5c:0e:92:f3:5b:e1:d7:62:8e:94:7f:c3:40:
de:18:eb:39:6a:39:93:b9:35:9f:c3:47:cd:a1:50:
f9:23:f2:a3:30:1f:8c:3d:84:ac:bf:5d:eb:33:0c:
5e:35:58:56:c2:ad:0d:10:1f:3c:20:81:9d:ef:0c:
53:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:01:B6:D3:EE:77:8D:02:70:B3:20:3D:52:3F:87:0E:55:0D:8B:20
X509v3 Authority Key Identifier:
keyid:92:3A:2B:3D:D7:66:72:75:F0:98:86:DF:7D:A0:79:F7:55:CE:ED:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/ZgG20-53jQJwsyA9Uj-HDlUNiyA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.101.156.0/22
185.229.88.0/22
193.203.253.0/24
204.174.100.0/24
213.254.165.0/24
IPv6:
2a11:8b81::-2a11:8b82:ffff:ffff:ffff:ffff:ffff:ffff
2a11:8b83:1::/48
Signature Algorithm: sha256WithRSAEncryption
0b:08:77:18:4a:a2:a9:a1:0f:31:9a:71:83:fc:6b:a8:4f:0a:
52:06:f1:89:1a:0d:ff:ed:9b:62:26:8e:eb:4d:0c:77:86:25:
5f:0f:e2:4c:0a:7d:c9:45:2d:aa:2f:2e:42:71:55:cc:a7:55:
3d:bc:1a:70:02:52:af:0a:76:75:32:d0:41:a3:42:c6:3c:ae:
53:b2:15:a0:4f:15:20:97:84:cf:d2:b1:b4:7b:ae:83:b2:52:
78:69:4d:dc:d9:52:9c:b3:03:78:be:a3:ba:cb:d4:09:59:b1:
fa:e3:30:2a:34:60:c9:36:a0:c6:a2:94:2f:1e:7b:38:8b:0d:
0e:9d:2d:69:d6:d3:47:55:61:68:e5:3c:2c:bf:22:e4:5e:00:
44:a4:8d:b2:22:76:b2:ba:2b:e7:eb:48:f4:4b:cd:8e:47:4f:
84:ae:10:53:09:d0:ee:aa:0c:39:f5:ba:30:4c:8b:b2:39:f3:
c5:41:45:7f:34:b3:12:11:e4:49:80:f9:56:44:50:db:d7:e6:
21:46:c6:41:4c:80:5d:1c:e5:e3:92:2e:4e:e4:de:4e:4b:a7:
94:ec:72:ec:a3:ef:3d:2a:1d:f6:b2:37:0f:c9:b2:41:16:a5:
0e:3b:d6:14:e7:35:96:03:61:7a:d7:b3:d5:82:0f:b8:82:c6:
ff:78:41:fa
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZcgNjzV6qeO9Hdxt8VA6MmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyM2EyYjNkZDc2NjcyNzVmMDk4ODZkZjdkYTA3OWY3NTVj
ZWVkNTkwHhcNMjUwNTMwMDgwMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjAxYjZkM2VlNzc4ZDAyNzBiMzIwM2Q1MjNmODcwZTU1MGQ4YjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BKJ+qE/pnDnoJ+gVfYscXi0dKJo
HMLJ8yrnNdmP/9fQXlT6UD0YRxWx9Ceoe1ANWGjwpWu5aiU0KHob7/QCr+0CuINy
VE3QmoujSwEHjXiT5LV6mATrDAMz+6eHPPGtMPIokBbn8POPMkTkiXxaXfp8JpMS
Xdez44pcN3jQQLG/s9H8+YpQP0IICp+0DeVRhbzp/CFQQZhW/E1u/kKfNU97+wzh
XE3J9nIvtD8fcTIwKFlvBQtVy+lqivpUwkL7pWTncFwOkvNb4ddijpR/w0DeGOs5
ajmTuTWfw0fNoVD5I/KjMB+MPYSsv13rMwxeNVhWwq0NEB88IIGd7wxTGQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFGYBttPud40CcLMgPVI/hw5VDYsgMB8GA1UdIwQY
MBaAFJI6Kz3XZnJ18JiG332gefdVzu1ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2pvclBkZG1jblh3bUliZmZhQjU5MVhPN1ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iNzk2ZjQtMmU4OC00ZWFhLWEyNjkt
MjczOGJjYjQzZDZkLzEvWmdHMjAtNTNqUUp3c3lBOVVqLUhEbFVOaXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iNzk2ZjQtMmU4OC00ZWFhLWEyNjktMjczOGJjYjQzZDZk
LzEva2pvclBkZG1jblh3bUliZmZhQjU5MVhPN1ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzAkBAIAATAeAwQCuWWcAwQC
ueVYAwQAwcv9AwQAzK5kAwQA1f6lMB8EAgACMBkwDgMFACoRi4EDBQAqEYuCAwcA
KhGLgwABMA0GCSqGSIb3DQEBCwUAA4IBAQALCHcYSqKpoQ8xmnGD/GuoTwpSBvGJ
Gg3/7ZtiJo7rTQx3hiVfD+JMCn3JRS2qLy5CcVXMp1U9vBpwAlKvCnZ1MtBBo0LG
PK5TshWgTxUgl4TP0rG0e66DslJ4aU3c2VKcswN4vqO6y9QJWbH64zAqNGDJNqDG
opQvHns4iw0OnS1p1tNHVWFo5TwsvyLkXgBEpI2yInayuivn60j0S82OR0+ErhBT
CdDuqgw59bowTIuyOfPFQUV/NLMSEeRJgPlWRFDb1+YhRsZBTIBdHOXjki5O5N5O
S6eU7HLso+89Kh32sjcPybJBFqUOO9YU5zWWA2F617PVgg+4gsb/eEH6
-----END CERTIFICATE-----
Generated at Mon Jun 9 21:29:10 2025 by rpki-client