Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/TMTNqH9YEtXYXIfhInIhI6hLsNI.roa
File: TMTNqH9YEtXYXIfhInIhI6hLsNI.roa (raw, json)
Hash identifier: 80xDs/QZygHMiOYAgo0ZAMCzMR0y3N9KVQ76eTovdII=
Subject key identifier: 4C:C4:CD:A8:7F:58:12:D5:D8:5C:87:E1:22:72:21:23:A8:4B:B0:D2
Certificate issuer: /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial: 01973E7D71AD08216B962194C8B1776BB145
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/TMTNqH9YEtXYXIfhInIhI6hLsNI.roa
Signing time: Thu 05 Jun 2025 05:08:17 +0000
ROA not before: Thu 05 Jun 2025 05:08:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209372
IP address blocks: 45.80.228.0/22 maxlen: 24
185.221.196.0/23 maxlen: 24
185.232.18.0/23 maxlen: 24
185.238.88.0/22 maxlen: 24
185.246.216.0/24 maxlen: 24
185.246.217.0/24 maxlen: 24
185.253.24.0/24 maxlen: 24
194.113.238.0/24 maxlen: 24
194.113.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 16:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3e:7d:71:ad:08:21:6b:96:21:94:c8:b1:77:6b:b1:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Validity
Not Before: Jun 5 05:08:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4cc4cda87f5812d5d85c87e122722123a84bb0d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:fb:3c:62:af:2b:41:55:77:aa:2f:5c:cb:90:
ee:9f:89:54:70:6e:7b:27:4a:9c:04:b3:02:3a:a7:
87:2a:66:08:e7:07:3f:4c:08:ad:1b:1e:f6:2f:c8:
6f:8d:ef:ed:61:51:b1:e2:ff:11:d9:8b:6a:51:d6:
10:1f:00:73:c9:b7:c2:22:27:37:19:96:f1:ae:6d:
d4:45:63:bb:6a:2b:d4:59:bf:de:8f:fe:48:6c:8e:
35:67:b5:2e:f0:0b:94:e5:81:fa:53:d9:b6:f0:45:
dc:ec:a2:f3:0d:32:67:bf:e5:95:7b:14:df:5c:e8:
b5:e3:af:d2:2a:37:8a:5f:f0:da:5b:81:1c:85:c2:
41:d3:79:f1:0f:0d:42:b3:67:13:48:36:28:e2:6e:
71:b8:99:33:12:dc:39:65:93:fb:10:c7:17:9b:c9:
4c:46:e0:0d:c0:a6:1c:45:1a:a8:15:29:06:47:b6:
15:e9:27:66:dd:8e:32:cf:8d:a5:a8:66:4a:a7:b7:
37:77:51:1d:0d:45:c1:a3:79:ce:d1:5d:c5:67:f2:
ea:cd:e9:62:f8:bf:98:18:66:68:ca:7b:d4:4c:bf:
da:89:ae:07:f2:db:e3:3d:04:39:ae:c4:78:e7:8e:
5a:78:9e:67:28:a5:54:5e:5a:80:ea:86:07:75:50:
c0:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:C4:CD:A8:7F:58:12:D5:D8:5C:87:E1:22:72:21:23:A8:4B:B0:D2
X509v3 Authority Key Identifier:
keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/TMTNqH9YEtXYXIfhInIhI6hLsNI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.80.228.0/22
185.221.196.0/23
185.232.18.0/23
185.238.88.0/22
185.246.216.0/23
185.253.24.0/24
194.113.238.0/23
Signature Algorithm: sha256WithRSAEncryption
91:ce:77:14:5b:5d:57:00:07:0e:1d:ce:94:ed:4e:8b:bd:49:
84:f0:e7:1b:ab:26:f3:4e:69:5b:f5:c2:e5:50:8f:eb:af:86:
1c:78:62:04:50:03:62:15:ef:be:60:5c:b8:04:89:29:56:81:
e7:94:54:5c:93:51:50:ec:6d:5b:de:05:c4:ff:38:8d:e8:e3:
bd:fd:7b:35:15:ce:c4:ca:c6:d9:97:8a:9f:86:1f:ae:75:89:
2a:67:10:18:b9:ac:b5:63:1e:69:61:27:11:72:ad:a7:55:62:
b2:c7:78:3e:7d:7e:05:15:5b:f9:3c:24:56:e9:7f:62:1d:9a:
03:3d:0d:6c:5e:b7:1d:77:94:cd:dd:b6:93:9d:e8:23:0c:cc:
db:f9:ae:54:3f:48:12:ad:51:e2:fb:be:fc:62:fd:e8:2f:53:
10:9b:52:9e:64:0b:f4:1d:3c:7a:1e:5a:11:ef:bc:e3:b2:22:
34:40:8f:27:b2:9f:a6:ae:04:09:6d:15:53:4b:7a:50:5a:c9:
8d:f2:6f:b2:36:2f:f7:9a:4e:ac:e1:4b:42:13:f5:3f:9c:12:
a5:82:be:3b:a1:9e:0d:49:33:7f:27:e2:8a:b8:26:aa:10:08:
a2:6b:ef:86:7d:73:c4:8f:84:24:0e:58:6c:17:00:d0:b3:74:
9d:f8:df:c7
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZc+fXGtCCFrliGUyLF3a7FFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjUwNjA1MDUwODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2M0Y2RhODdmNTgxMmQ1ZDg1Yzg3ZTEyMjcyMjEyM2E4NGJiMGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPs8Yq8rQVV3qi9cy5Dun4lUcG57
J0qcBLMCOqeHKmYI5wc/TAitGx72L8hvje/tYVGx4v8R2YtqUdYQHwBzybfCIic3
GZbxrm3URWO7aivUWb/ej/5IbI41Z7Uu8AuU5YH6U9m28EXc7KLzDTJnv+WVexTf
XOi146/SKjeKX/DaW4EchcJB03nxDw1Cs2cTSDYo4m5xuJkzEtw5ZZP7EMcXm8lM
RuANwKYcRRqoFSkGR7YV6Sdm3Y4yz42lqGZKp7c3d1EdDUXBo3nO0V3FZ/Lqzeli
+L+YGGZoynvUTL/aia4H8tvjPQQ5rsR4545aeJ5nKKVUXlqA6oYHdVDAFwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEzEzah/WBLV2FyH4SJyISOoS7DSMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvVE1UTnFIOVlFdFhZWElmaEluSWhJNmhMc05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCLVDkAwQB
ud3EAwQBuegSAwQCue5YAwQBufbYAwQAuf0YAwQBwnHuMA0GCSqGSIb3DQEBCwUA
A4IBAQCRzncUW11XAAcOHc6U7U6LvUmE8OcbqybzTmlb9cLlUI/rr4YceGIEUANi
Fe++YFy4BIkpVoHnlFRck1FQ7G1b3gXE/ziN6OO9/Xs1Fc7EysbZl4qfhh+udYkq
ZxAYuay1Yx5pYScRcq2nVWKyx3g+fX4FFVv5PCRW6X9iHZoDPQ1sXrcdd5TN3baT
negjDMzb+a5UP0gSrVHi+778Yv3oL1MQm1KeZAv0HTx6HloR77zjsiI0QI8nsp+m
rgQJbRVTS3pQWsmN8m+yNi/3mk6s4UtCE/U/nBKlgr47oZ4NSTN/J+KKuCaqEAii
a++GfXPEj4QkDlhsFwDQs3Sd+N/H
-----END CERTIFICATE-----
Generated at Mon Jun 9 00:58:05 2025 by rpki-client