Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/DNQ27-wMGyHRJznmj_NiTRlshdw.roa
File: DNQ27-wMGyHRJznmj_NiTRlshdw.roa (raw, json)
Hash identifier: 7eRIlCQXKapS5hASd5HYvFv5nYUj1J9UY9kquzW77gc=
Subject key identifier: 0C:D4:36:EF:EC:0C:1B:21:D1:27:39:E6:8F:F3:62:4D:19:6C:85:DC
Certificate issuer: /CN=90b8a15466c3ff1e915d780a10b0baa9ad694860
Certificate serial: 01990EA0B174EAD11FFC51C20BA33FED46B6
Authority key identifier: 90:B8:A1:54:66:C3:FF:1E:91:5D:78:0A:10:B0:BA:A9:AD:69:48:60
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kLihVGbD_x6RXXgKELC6qa1pSGA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/DNQ27-wMGyHRJznmj_NiTRlshdw.roa
Signing time: Wed 03 Sep 2025 08:10:36 +0000
ROA not before: Wed 03 Sep 2025 08:10:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15874
IP address blocks: 37.130.0.0/18 maxlen: 24
37.130.49.0/24 maxlen: 24
37.130.55.0/24 maxlen: 24
46.174.232.0/21 maxlen: 24
46.174.232.0/22 maxlen: 22
46.174.236.0/23 maxlen: 23
46.174.238.0/24 maxlen: 24
185.237.56.0/22 maxlen: 24
2a0c:1680::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/kLihVGbD_x6RXXgKELC6qa1pSGA.crl
rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/kLihVGbD_x6RXXgKELC6qa1pSGA.mft
rsync://rpki.ripe.net/repository/DEFAULT/kLihVGbD_x6RXXgKELC6qa1pSGA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 20:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0e:a0:b1:74:ea:d1:1f:fc:51:c2:0b:a3:3f:ed:46:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=90b8a15466c3ff1e915d780a10b0baa9ad694860
Validity
Not Before: Sep 3 08:10:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0cd436efec0c1b21d12739e68ff3624d196c85dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:c8:41:04:97:b8:50:e7:00:a0:b2:f8:03:7a:
1c:f7:bf:4a:ec:6c:ef:29:88:ba:eb:02:29:5a:b2:
ca:96:3f:18:bf:f9:6c:77:99:21:70:a0:d1:18:a3:
df:79:0c:e0:f8:8e:e9:d2:3f:1a:0c:35:cd:16:cb:
18:9e:d5:69:3a:e9:ac:b5:26:ae:84:95:df:cd:be:
d5:37:bd:17:65:89:da:aa:8e:cb:03:da:00:24:6b:
82:2d:51:c7:cc:d3:7f:49:d2:6c:c1:41:c4:d4:1d:
ff:ef:6e:d1:9c:fc:c0:72:e0:d4:45:db:ec:b8:39:
da:d7:c4:4e:30:42:90:7f:bc:d3:01:27:da:3f:47:
24:2d:5e:6e:8b:2f:c7:9d:ce:d9:cd:cd:bd:cf:ed:
e6:1b:25:81:cd:ad:af:66:fa:6f:0d:73:6d:7f:06:
0c:b8:f3:d9:03:a1:0c:37:be:a5:b1:91:2e:34:0d:
3e:f8:bd:ca:a9:53:b8:c2:02:7e:80:db:52:c7:ca:
fa:74:5d:9f:8f:55:b2:e1:b9:e6:03:f0:af:cf:2c:
6e:ad:89:f7:b9:ea:b9:ea:90:e8:25:69:22:62:43:
c7:08:75:f6:d4:b1:79:3d:13:fe:62:99:51:2d:be:
27:63:74:e4:c3:3d:5c:93:e9:26:3c:99:36:5d:f9:
30:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:D4:36:EF:EC:0C:1B:21:D1:27:39:E6:8F:F3:62:4D:19:6C:85:DC
X509v3 Authority Key Identifier:
keyid:90:B8:A1:54:66:C3:FF:1E:91:5D:78:0A:10:B0:BA:A9:AD:69:48:60
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kLihVGbD_x6RXXgKELC6qa1pSGA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/DNQ27-wMGyHRJznmj_NiTRlshdw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/kLihVGbD_x6RXXgKELC6qa1pSGA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.130.0.0/18
46.174.232.0/21
185.237.56.0/22
IPv6:
2a0c:1680::/29
Signature Algorithm: sha256WithRSAEncryption
2b:e7:e9:ad:02:b1:f6:18:5b:35:6b:e1:f0:ae:cf:30:4f:17:
a3:3b:a0:47:bb:8a:e1:03:38:2a:0f:f1:35:55:ae:e5:b5:0c:
95:c3:fd:36:09:36:59:c2:ca:04:1b:5f:e5:2b:fd:f7:cd:49:
c1:0b:45:f3:02:11:a1:94:bf:c0:ed:0a:40:92:f2:2c:b9:f9:
9b:42:88:88:01:40:f8:6f:14:05:7a:9d:7c:d5:9d:62:ba:20:
13:40:cb:93:c3:1c:8a:51:ec:e4:bb:16:7b:c0:b0:be:81:4b:
7e:a0:21:a4:8d:cc:2f:6e:35:86:4f:27:b8:52:74:c3:d1:74:
34:29:a2:e2:b3:02:2a:9e:8d:47:ef:6d:a7:0a:6c:8c:9a:36:
55:99:d5:33:cf:ed:18:9e:52:85:93:b0:01:a8:24:26:f3:a4:
48:71:82:61:0f:d4:c2:d0:41:b9:97:4d:2b:1c:6a:85:1e:95:
d4:f5:7d:99:5a:1e:6e:f6:37:50:87:9d:34:2c:f2:2f:69:42:
4e:73:89:5a:67:ad:90:bc:7e:83:b9:b4:99:b6:de:4b:85:4b:
e3:f0:18:f7:3a:f5:8a:18:50:21:67:83:11:b3:3f:51:b1:9d:
ce:d2:32:0c:87:fe:f7:3a:9a:b7:89:dd:5b:fd:d4:77:43:b3:
30:d2:71:22
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZkOoLF06tEf/FHCC6M/7Ua2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYjhhMTU0NjZjM2ZmMWU5MTVkNzgwYTEwYjBiYWE5YWQ2
OTQ4NjAwHhcNMjUwOTAzMDgxMDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2Q0MzZlZmVjMGMxYjIxZDEyNzM5ZTY4ZmYzNjI0ZDE5NmM4NWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1shBBJe4UOcAoLL4A3oc979K7Gzv
KYi66wIpWrLKlj8Yv/lsd5khcKDRGKPfeQzg+I7p0j8aDDXNFssYntVpOumstSau
hJXfzb7VN70XZYnaqo7LA9oAJGuCLVHHzNN/SdJswUHE1B3/727RnPzAcuDURdvs
uDna18ROMEKQf7zTASfaP0ckLV5uiy/Hnc7Zzc29z+3mGyWBza2vZvpvDXNtfwYM
uPPZA6EMN76lsZEuNA0++L3KqVO4wgJ+gNtSx8r6dF2fj1Wy4bnmA/CvzyxurYn3
ueq56pDoJWkiYkPHCHX21LF5PRP+YplRLb4nY3Tkwz1ck+kmPJk2XfkwQwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFAzUNu/sDBsh0Sc55o/zYk0ZbIXcMB8GA1UdIwQY
MBaAFJC4oVRmw/8ekV14ChCwuqmtaUhgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0xpaFZHYkRfeDZSWFhnS0VMQzZxYTFwU0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9hMmRmNDQtMzhiMi00ZDEyLTgzNDct
NzhlOTk3ODY5OTUyLzEvRE5RMjctd01HeUhSSnpubWpfTmlUUmxzaGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9hMmRmNDQtMzhiMi00ZDEyLTgzNDctNzhlOTk3ODY5OTUy
LzEva0xpaFZHYkRfeDZSWFhnS0VMQzZxYTFwU0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQGJYIAAwQD
Lq7oAwQCue04MA0EAgACMAcDBQMqDBaAMA0GCSqGSIb3DQEBCwUAA4IBAQAr5+mt
ArH2GFs1a+Hwrs8wTxejO6BHu4rhAzgqD/E1Va7ltQyVw/02CTZZwsoEG1/lK/33
zUnBC0XzAhGhlL/A7QpAkvIsufmbQoiIAUD4bxQFep181Z1iuiATQMuTwxyKUezk
uxZ7wLC+gUt+oCGkjcwvbjWGTye4UnTD0XQ0KaLiswIqno1H722nCmyMmjZVmdUz
z+0YnlKFk7ABqCQm86RIcYJhD9TC0EG5l00rHGqFHpXU9X2ZWh5u9jdQh500LPIv
aUJOc4laZ62QvH6DubSZtt5LhUvj8Bj3OvWKGFAhZ4MRsz9RsZ3O0jIMh/73Opq3
id1b/dR3Q7Mw0nEi
-----END CERTIFICATE-----
Generated at Mon Sep 8 05:06:08 2025 by rpki-client