Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/NQzxfbg6mUjToWYd761iH1Aj8M0.roa
File: NQzxfbg6mUjToWYd761iH1Aj8M0.roa (raw, json)
Hash identifier: gTeoWCaUXq7PaCcs+yvz12eVkeAA0ArL5OPG5CvIUNQ=
Subject key identifier: 35:0C:F1:7D:B8:3A:99:48:D3:A1:66:1D:EF:AD:62:1F:50:23:F0:CD
Certificate issuer: /CN=5336a106cecdeba92e0b80e5e9a5c789ba74c62b
Certificate serial: 0195F1143B88C8431A08A8316FB3F32C4887
Authority key identifier: 53:36:A1:06:CE:CD:EB:A9:2E:0B:80:E5:E9:A5:C7:89:BA:74:C6:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UzahBs7N66kuC4Dl6aXHibp0xis.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/NQzxfbg6mUjToWYd761iH1Aj8M0.roa
Signing time: Tue 01 Apr 2025 11:19:49 +0000
ROA not before: Tue 01 Apr 2025 11:19:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29244
IP address blocks: 85.118.192.0/21 maxlen: 21
85.118.192.0/24 maxlen: 24
85.118.194.0/24 maxlen: 24
85.118.196.0/24 maxlen: 24
85.118.197.0/24 maxlen: 24
87.120.79.0/24 maxlen: 24
91.92.8.0/24 maxlen: 24
91.92.9.0/24 maxlen: 24
91.92.10.0/24 maxlen: 24
91.92.11.0/24 maxlen: 24
91.92.12.0/24 maxlen: 24
91.92.13.0/24 maxlen: 24
91.92.14.0/24 maxlen: 24
91.92.15.0/24 maxlen: 24
93.123.88.0/21 maxlen: 24
94.156.136.0/21 maxlen: 24
149.62.192.0/18 maxlen: 18
149.62.204.0/24 maxlen: 24
149.62.205.0/24 maxlen: 24
149.62.206.0/24 maxlen: 24
149.62.207.0/24 maxlen: 24
149.62.208.0/24 maxlen: 24
149.62.209.0/24 maxlen: 24
193.193.171.0/24 maxlen: 24
193.193.182.0/24 maxlen: 24
193.194.147.0/24 maxlen: 24
193.194.155.0/24 maxlen: 24
2a12:4700::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/UzahBs7N66kuC4Dl6aXHibp0xis.crl
rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/UzahBs7N66kuC4Dl6aXHibp0xis.mft
rsync://rpki.ripe.net/repository/DEFAULT/UzahBs7N66kuC4Dl6aXHibp0xis.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 11:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f1:14:3b:88:c8:43:1a:08:a8:31:6f:b3:f3:2c:48:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5336a106cecdeba92e0b80e5e9a5c789ba74c62b
Validity
Not Before: Apr 1 11:19:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=350cf17db83a9948d3a1661defad621f5023f0cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:bf:4e:81:8a:6d:aa:73:34:a9:01:25:32:4c:
b0:2f:f6:6e:d3:9d:06:bb:91:ab:22:19:fb:e8:3f:
6e:c7:8a:f5:f8:5b:21:3c:42:b3:c7:31:c4:17:c8:
4c:d8:80:ed:28:3c:09:f7:bd:91:cc:9e:da:47:cd:
50:e1:12:13:9c:f5:d3:ef:50:6c:ed:58:f7:33:22:
e3:e8:4a:dc:f9:74:fe:8d:b3:ca:c5:28:59:ad:24:
c5:7c:c2:cd:cd:8b:97:71:df:bb:22:c1:ae:a1:65:
c3:64:1b:c8:81:0c:b8:21:d6:58:18:5f:1c:57:1f:
56:33:c8:03:df:60:f1:a3:25:4d:47:e8:94:66:ac:
8f:1d:e8:b7:63:84:22:98:ed:f1:16:a8:51:cd:f9:
2f:75:1a:ed:71:cd:58:16:47:fa:b1:ea:e7:b2:7b:
eb:9d:90:78:58:3e:99:e1:a2:d5:88:a3:cc:e0:79:
ee:3d:08:cd:66:7a:c2:26:90:d0:31:9f:f6:24:75:
5d:93:be:d2:96:82:82:d6:e5:37:b9:75:69:7b:ae:
4a:be:15:bf:e1:a7:97:74:48:7e:ad:85:77:a0:19:
ca:c2:c8:68:85:fb:31:4b:4d:8d:79:5a:cf:7f:37:
5b:c8:64:8b:84:67:77:5e:e4:12:09:e7:96:5b:21:
80:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:0C:F1:7D:B8:3A:99:48:D3:A1:66:1D:EF:AD:62:1F:50:23:F0:CD
X509v3 Authority Key Identifier:
keyid:53:36:A1:06:CE:CD:EB:A9:2E:0B:80:E5:E9:A5:C7:89:BA:74:C6:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzahBs7N66kuC4Dl6aXHibp0xis.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/NQzxfbg6mUjToWYd761iH1Aj8M0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/UzahBs7N66kuC4Dl6aXHibp0xis.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.118.192.0/21
87.120.79.0/24
91.92.8.0/21
93.123.88.0/21
94.156.136.0/21
149.62.192.0/18
193.193.171.0/24
193.193.182.0/24
193.194.147.0/24
193.194.155.0/24
IPv6:
2a12:4700::/32
Signature Algorithm: sha256WithRSAEncryption
9c:5b:39:2f:8a:f3:4f:cd:2d:d7:43:f4:c4:9d:f6:ee:af:66:
a1:a0:66:4a:75:b3:02:a8:33:8b:cf:9e:67:53:e4:70:e1:59:
0a:b6:49:8b:74:b9:04:49:6d:13:e4:c7:85:7d:a9:8a:82:f2:
3d:c0:c6:6d:7d:22:1a:0d:ec:78:b9:43:c1:c4:cb:39:82:2f:
e9:41:a8:36:50:7c:72:82:bc:7c:c4:bf:df:5e:07:99:ef:ca:
12:62:a6:3d:12:57:0c:80:12:3c:db:85:57:de:d5:8e:ac:27:
e0:cd:f5:01:b4:01:bc:f6:67:eb:49:27:6f:76:33:e4:8e:f3:
5e:c1:6e:d0:9e:4e:64:cb:34:c0:c1:6c:1e:05:72:d8:b9:bb:
79:1a:f6:8a:87:08:84:a5:25:1b:75:1c:08:83:2e:1b:f4:76:
76:fe:83:71:93:12:be:00:0b:76:03:eb:8d:d1:8d:ae:1c:83:
c8:81:ca:44:de:03:5a:eb:81:ad:ee:9c:ba:78:fe:ca:8c:49:
57:df:19:c6:65:a7:09:47:1a:d0:9a:a4:a3:68:d0:ca:7a:f9:
f8:ed:14:f6:44:e9:93:c9:10:2d:40:72:96:e4:4c:61:c1:c2:
f6:72:ec:0c:81:31:b7:44:6f:6f:67:2b:e7:ec:f8:0d:ad:5f:
3d:b1:a2:bf
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZXxFDuIyEMaCKgxb7PzLEiHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzZhMTA2Y2VjZGViYTkyZTBiODBlNWU5YTVjNzg5YmE3
NGM2MmIwHhcNMjUwNDAxMTExOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTBjZjE3ZGI4M2E5OTQ4ZDNhMTY2MWRlZmFkNjIxZjUwMjNmMGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAur9OgYptqnM0qQElMkywL/Zu050G
u5GrIhn76D9ux4r1+FshPEKzxzHEF8hM2IDtKDwJ972RzJ7aR81Q4RITnPXT71Bs
7Vj3MyLj6Erc+XT+jbPKxShZrSTFfMLNzYuXcd+7IsGuoWXDZBvIgQy4IdZYGF8c
Vx9WM8gD32DxoyVNR+iUZqyPHei3Y4QimO3xFqhRzfkvdRrtcc1YFkf6sernsnvr
nZB4WD6Z4aLViKPM4HnuPQjNZnrCJpDQMZ/2JHVdk77SloKC1uU3uXVpe65KvhW/
4aeXdEh+rYV3oBnKwshohfsxS02NeVrPfzdbyGSLhGd3XuQSCeeWWyGAMQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFDUM8X24OplI06FmHe+tYh9QI/DNMB8GA1UdIwQY
MBaAFFM2oQbOzeupLguA5emlx4m6dMYrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXphaEJzN042Nmt1QzREbDZhWEhpYnAweGlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yNjY5ZWUtNGJhNy00MTEwLTgzNzAt
ZGQ4MDNjNWI4NWRiLzEvTlF6eGZiZzZtVWpUb1dZZDc2MWlIMUFqOE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yNjY5ZWUtNGJhNy00MTEwLTgzNzAtZGQ4MDNjNWI4NWRi
LzEvVXphaEJzN042Nmt1QzREbDZhWEhpYnAweGlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDVXbAAwQA
V3hPAwQDW1wIAwQDXXtYAwQDXpyIAwQGlT7AAwQAwcGrAwQAwcG2AwQAwcKTAwQA
wcKbMA0EAgACMAcDBQAqEkcAMA0GCSqGSIb3DQEBCwUAA4IBAQCcWzkvivNPzS3X
Q/TEnfbur2ahoGZKdbMCqDOLz55nU+Rw4VkKtkmLdLkESW0T5MeFfamKgvI9wMZt
fSIaDex4uUPBxMs5gi/pQag2UHxygrx8xL/fXgeZ78oSYqY9ElcMgBI824VX3tWO
rCfgzfUBtAG89mfrSSdvdjPkjvNewW7Qnk5kyzTAwWweBXLYubt5GvaKhwiEpSUb
dRwIgy4b9HZ2/oNxkxK+AAt2A+uN0Y2uHIPIgcpE3gNa64Gt7py6eP7KjElX3xnG
ZacJRxrQmqSjaNDKevn47RT2ROmTyRAtQHKW5ExhwcL2cuwMgTG3RG9vZyvn7PgN
rV89saK/
-----END CERTIFICATE-----
Generated at Mon Apr 7 20:12:30 2025 by rpki-client