Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/3de94a-1e60-4eb8-9a5e-a142087ce890/1/crDjLxmHdcT6e7WUgga10c_NWik.roa
File: crDjLxmHdcT6e7WUgga10c_NWik.roa (raw, json)
Hash identifier: 1lxS7SYauMom80FADoSQnixC1wX1TWhmXujQ5ZWWnRE=
Subject key identifier: 72:B0:E3:2F:19:87:75:C4:FA:7B:B5:94:82:06:B5:D1:CF:CD:5A:29
Certificate issuer: /CN=d654436ed3242bddb96fdf139a1253deb986dfd0
Certificate serial: 0198CCA5A42B90A1B34E8F36360973796EF9
Authority key identifier: D6:54:43:6E:D3:24:2B:DD:B9:6F:DF:13:9A:12:53:DE:B9:86:DF:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1lRDbtMkK925b98TmhJT3rmG39A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/3de94a-1e60-4eb8-9a5e-a142087ce890/1/crDjLxmHdcT6e7WUgga10c_NWik.roa
Signing time: Thu 21 Aug 2025 12:41:04 +0000
ROA not before: Thu 21 Aug 2025 12:41:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 28753
IP address blocks: 37.58.48.0/20 maxlen: 20
46.165.192.0/18 maxlen: 18
78.159.96.0/19 maxlen: 19
84.16.224.0/19 maxlen: 19
91.109.16.0/20 maxlen: 20
178.162.192.0/18 maxlen: 18
185.17.144.0/22 maxlen: 22
212.95.32.0/19 maxlen: 19
217.20.112.0/20 maxlen: 20
2a00:c98::/32 maxlen: 48
2a00:c98:2052::/48 maxlen: 48
2a00:c98:2222::/48 maxlen: 48
2a00:c98:4000::/36 maxlen: 48
2a00:c98:4005::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/3de94a-1e60-4eb8-9a5e-a142087ce890/1/1lRDbtMkK925b98TmhJT3rmG39A.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/3de94a-1e60-4eb8-9a5e-a142087ce890/1/1lRDbtMkK925b98TmhJT3rmG39A.mft
rsync://rpki.ripe.net/repository/DEFAULT/1lRDbtMkK925b98TmhJT3rmG39A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:cc:a5:a4:2b:90:a1:b3:4e:8f:36:36:09:73:79:6e:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d654436ed3242bddb96fdf139a1253deb986dfd0
Validity
Not Before: Aug 21 12:41:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=72b0e32f198775c4fa7bb5948206b5d1cfcd5a29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:4a:d1:f2:0a:02:d2:95:01:14:e4:bb:a5:02:
3d:d4:25:11:0e:56:68:0b:e1:19:06:30:08:a5:1a:
a4:5f:28:d9:d8:06:42:26:39:11:c9:a7:93:4c:97:
24:20:33:44:5a:de:6d:89:ba:20:a6:14:c8:ca:14:
c6:d8:8b:83:2c:ee:34:2d:54:a0:ab:dc:33:62:7e:
77:df:a3:55:ee:f1:0e:a3:c5:71:55:40:62:25:5e:
15:a8:0a:99:1c:07:72:de:a2:9e:e8:79:46:6e:08:
ba:03:56:92:0e:3d:b0:1f:8a:e6:09:ec:da:92:f6:
a9:ac:03:42:34:00:ab:4d:95:f4:38:6b:d1:f4:bc:
22:3d:5a:18:f2:9d:c3:25:7b:23:5f:40:63:ef:6b:
99:5b:5e:5a:02:06:55:b2:10:b1:30:8b:e8:f5:9f:
6e:33:00:ee:52:2f:52:56:33:c0:60:e5:14:b0:67:
e7:a9:b3:b2:28:fd:39:31:8b:c7:8f:37:f4:f8:27:
81:d9:d0:a0:4a:0c:63:ce:58:69:fb:dd:97:0d:eb:
41:0c:d4:94:4c:90:5f:a4:ca:dd:d0:0d:dc:83:c2:
9b:72:ce:21:7f:a7:a1:17:da:88:1f:3d:99:d6:4f:
58:9c:6b:52:04:d2:4f:29:eb:36:80:48:b1:cf:4b:
04:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:B0:E3:2F:19:87:75:C4:FA:7B:B5:94:82:06:B5:D1:CF:CD:5A:29
X509v3 Authority Key Identifier:
keyid:D6:54:43:6E:D3:24:2B:DD:B9:6F:DF:13:9A:12:53:DE:B9:86:DF:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1lRDbtMkK925b98TmhJT3rmG39A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/3de94a-1e60-4eb8-9a5e-a142087ce890/1/crDjLxmHdcT6e7WUgga10c_NWik.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/3de94a-1e60-4eb8-9a5e-a142087ce890/1/1lRDbtMkK925b98TmhJT3rmG39A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.58.48.0/20
46.165.192.0/18
78.159.96.0/19
84.16.224.0/19
91.109.16.0/20
178.162.192.0/18
185.17.144.0/22
212.95.32.0/19
217.20.112.0/20
IPv6:
2a00:c98::/32
Signature Algorithm: sha256WithRSAEncryption
2e:24:01:98:6e:e5:4d:d2:33:7f:0e:a0:ff:0b:31:0e:c8:a4:
65:eb:d1:30:c8:aa:e2:c7:68:8f:cd:b7:39:4f:2e:0b:3f:3f:
dd:47:89:84:f6:bf:2b:8b:ba:24:e3:64:e9:9c:9d:ec:f5:0c:
6a:35:cc:de:27:4f:b2:91:de:b4:a9:0b:31:85:c6:b0:ef:36:
1b:97:a6:e5:12:35:be:6c:78:7e:6a:da:e0:d5:72:93:a4:f6:
55:64:54:33:84:cf:a7:31:67:42:b9:ec:f7:74:a7:f8:08:f6:
d1:2c:f5:e2:e2:fc:63:a5:0c:9a:4f:e6:63:4a:3a:bd:e9:98:
b2:cd:5b:2b:91:53:6c:57:e9:f8:30:4d:88:84:89:81:25:03:
20:73:b1:27:79:2e:38:1e:b2:d1:a5:37:35:ca:36:7a:38:f9:
65:a5:76:31:01:35:a6:7d:92:1b:c5:03:d1:a9:47:4b:fd:dc:
f3:4e:e5:97:8b:aa:a8:79:08:2b:fe:ad:e6:e2:22:7d:05:5b:
c8:8c:78:00:ca:8b:bf:97:c0:fe:ff:7e:7f:f3:43:04:08:d1:
4a:05:df:1b:b9:de:76:03:9a:c0:26:8c:17:f6:79:f9:9b:af:
1d:51:da:d4:85:7f:7f:03:4b:7f:51:b1:d3:94:78:82:1c:59:
34:58:dc:9f
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZjMpaQrkKGzTo82NglzeW75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NTQ0MzZlZDMyNDJiZGRiOTZmZGYxMzlhMTI1M2RlYjk4
NmRmZDAwHhcNMjUwODIxMTI0MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmIwZTMyZjE5ODc3NWM0ZmE3YmI1OTQ4MjA2YjVkMWNmY2Q1YTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9UrR8goC0pUBFOS7pQI91CURDlZo
C+EZBjAIpRqkXyjZ2AZCJjkRyaeTTJckIDNEWt5tibogphTIyhTG2IuDLO40LVSg
q9wzYn5336NV7vEOo8VxVUBiJV4VqAqZHAdy3qKe6HlGbgi6A1aSDj2wH4rmCeza
kvaprANCNACrTZX0OGvR9LwiPVoY8p3DJXsjX0Bj72uZW15aAgZVshCxMIvo9Z9u
MwDuUi9SVjPAYOUUsGfnqbOyKP05MYvHjzf0+CeB2dCgSgxjzlhp+92XDetBDNSU
TJBfpMrd0A3cg8Kbcs4hf6ehF9qIHz2Z1k9YnGtSBNJPKes2gEixz0sE0wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFHKw4y8Zh3XE+nu1lIIGtdHPzVopMB8GA1UdIwQY
MBaAFNZUQ27TJCvduW/fE5oSU965ht/QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWxSRGJ0TWtLOTI1Yjk4VG1oSlQzcm1HMzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8zZGU5NGEtMWU2MC00ZWI4LTlhNWUt
YTE0MjA4N2NlODkwLzEvY3JEakx4bUhkY1Q2ZTdXVWdnYTEwY19OV2lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8zZGU5NGEtMWU2MC00ZWI4LTlhNWUtYTE0MjA4N2NlODkw
LzEvMWxSRGJ0TWtLOTI1Yjk4VG1oSlQzcm1HMzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQEJTowAwQG
LqXAAwQFTp9gAwQFVBDgAwQEW20QAwQGsqLAAwQCuRGQAwQF1F8gAwQE2RRwMA0E
AgACMAcDBQAqAAyYMA0GCSqGSIb3DQEBCwUAA4IBAQAuJAGYbuVN0jN/DqD/CzEO
yKRl69EwyKrix2iPzbc5Ty4LPz/dR4mE9r8ri7ok42TpnJ3s9QxqNczeJ0+ykd60
qQsxhcaw7zYbl6blEjW+bHh+atrg1XKTpPZVZFQzhM+nMWdCuez3dKf4CPbRLPXi
4vxjpQyaT+ZjSjq96ZiyzVsrkVNsV+n4ME2IhImBJQMgc7EneS44HrLRpTc1yjZ6
OPllpXYxATWmfZIbxQPRqUdL/dzzTuWXi6qoeQgr/q3m4iJ9BVvIjHgAyou/l8D+
/35/80MECNFKBd8bud52A5rAJowX9nn5m68dUdrUhX9/A0t/UbHTlHiCHFk0WNyf
-----END CERTIFICATE-----
Generated at Thu Aug 21 16:56:20 2025 by rpki-client