Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/cXNS-jhbDVvMG8hSqbBOLCvMoSQ.roa
File: cXNS-jhbDVvMG8hSqbBOLCvMoSQ.roa (raw, json)
Hash identifier: ttyMv3492QrBBmeGVtvaGpTbwOtDA0bKvFjMI/PqMtk=
Subject key identifier: 71:73:52:FA:38:5B:0D:5B:CC:1B:C8:52:A9:B0:4E:2C:2B:CC:A1:24
Certificate issuer: /CN=74a59b7fb4e034f67775f2875efbfc9eff247e8e
Certificate serial: 0197F92BD4A371A24652955EB9C40F2DC34F
Authority key identifier: 74:A5:9B:7F:B4:E0:34:F6:77:75:F2:87:5E:FB:FC:9E:FF:24:7E:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/cXNS-jhbDVvMG8hSqbBOLCvMoSQ.roa
Signing time: Fri 11 Jul 2025 11:08:08 +0000
ROA not before: Fri 11 Jul 2025 11:08:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210318
IP address blocks: 94.156.75.0/24 maxlen: 24
185.37.232.0/24 maxlen: 24
185.37.232.16/32 maxlen: 32
185.37.232.26/32 maxlen: 32
185.37.232.29/32 maxlen: 32
185.37.232.109/32 maxlen: 32
185.37.232.252/32 maxlen: 32
185.37.233.0/24 maxlen: 24
185.37.234.0/24 maxlen: 24
185.37.235.0/24 maxlen: 24
185.37.235.2/32 maxlen: 32
194.55.187.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.mft
rsync://rpki.ripe.net/repository/DEFAULT/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 00:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f9:2b:d4:a3:71:a2:46:52:95:5e:b9:c4:0f:2d:c3:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=74a59b7fb4e034f67775f2875efbfc9eff247e8e
Validity
Not Before: Jul 11 11:08:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=717352fa385b0d5bcc1bc852a9b04e2c2bcca124
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:93:e4:1f:24:4d:eb:c1:42:c5:1c:8e:e3:bc:
76:02:90:79:af:41:cc:b0:6f:c2:80:61:22:77:3d:
0d:a9:f7:8a:0f:ce:be:4c:86:0a:3e:8c:78:68:8f:
88:b9:aa:2a:30:03:e2:b4:10:39:1e:6d:9f:04:8f:
8c:61:ed:5c:48:39:45:01:6a:3d:f4:57:af:fd:10:
0c:24:0c:70:ba:50:c0:af:27:fc:19:12:63:f8:36:
17:e3:24:0c:8a:ed:78:ae:19:21:11:0a:48:3f:52:
66:4f:4e:2c:a5:2c:f0:77:0a:25:56:98:82:b5:6a:
d1:45:7d:74:a6:89:82:db:ce:2f:7a:dc:0c:36:22:
6e:62:42:84:af:64:c0:17:ed:d1:46:99:53:55:83:
56:17:fa:a9:7f:9e:cb:59:88:7d:c0:c5:8b:42:7a:
33:86:a0:33:6b:11:a3:68:18:05:b0:5f:ed:46:b6:
0a:dd:30:1f:ff:69:c5:22:ff:f0:6d:9f:3d:37:7f:
0b:db:e0:ca:08:84:05:b6:9f:c2:02:dc:36:34:da:
c7:7d:fe:bc:0a:4d:eb:1f:9e:ff:dc:38:17:e9:9b:
c6:fa:16:7c:a2:0f:ee:65:02:67:59:2e:b2:23:cb:
20:ea:b7:81:89:cc:d4:0a:93:f3:42:3c:f9:79:ba:
6a:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:73:52:FA:38:5B:0D:5B:CC:1B:C8:52:A9:B0:4E:2C:2B:CC:A1:24
X509v3 Authority Key Identifier:
keyid:74:A5:9B:7F:B4:E0:34:F6:77:75:F2:87:5E:FB:FC:9E:FF:24:7E:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/cXNS-jhbDVvMG8hSqbBOLCvMoSQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.156.75.0/24
185.37.232.0/22
194.55.187.0/24
Signature Algorithm: sha256WithRSAEncryption
6a:b1:40:ca:d2:35:68:be:b2:c3:d5:e4:11:13:88:18:32:83:
e8:59:1e:d8:33:4c:1f:0e:7c:7c:24:f5:bc:45:5a:ed:84:28:
62:77:43:30:09:0c:ee:b9:82:db:b1:04:85:d1:15:ce:30:5f:
10:0e:e9:4d:d4:0c:ca:06:c5:9e:80:72:ee:43:7e:1d:1e:0c:
43:bc:f8:3d:a4:98:a8:e0:b1:be:c5:fb:f3:f6:0d:e2:72:8a:
d6:82:6c:57:32:da:40:f4:4a:25:90:64:4b:f4:c6:4d:57:36:
88:f6:80:0d:10:54:08:a4:8a:81:2f:6a:9c:c5:56:7b:1a:0b:
b3:a2:07:1f:1c:d8:0b:93:a8:9e:17:67:aa:03:10:eb:dd:63:
3e:71:53:3a:35:4c:b5:8d:8b:85:7d:8d:35:60:fa:47:d0:21:
84:5b:e0:b2:57:ba:4a:09:94:b7:2e:f5:37:90:f3:4d:d4:ba:
2f:36:42:77:6a:c1:dc:0a:2d:51:cd:df:c7:73:cc:67:cd:89:
3d:cb:25:32:06:10:7d:1d:61:32:7c:9d:f3:3d:8d:9a:d3:5c:
f0:c7:36:a2:de:da:99:bc:c3:2d:c8:6e:10:e0:5d:d7:20:8a:
0e:4a:19:d1:50:6e:08:a3:14:3b:6d:9e:63:84:a8:36:b6:8d:
ce:8d:ef:5f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZf5K9SjcaJGUpVeucQPLcNPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YTU5YjdmYjRlMDM0ZjY3Nzc1ZjI4NzVlZmJmYzllZmYy
NDdlOGUwHhcNMjUwNzExMTEwODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTczNTJmYTM4NWIwZDViY2MxYmM4NTJhOWIwNGUyYzJiY2NhMTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5PkHyRN68FCxRyO47x2ApB5r0HM
sG/CgGEidz0NqfeKD86+TIYKPox4aI+IuaoqMAPitBA5Hm2fBI+MYe1cSDlFAWo9
9Fev/RAMJAxwulDAryf8GRJj+DYX4yQMiu14rhkhEQpIP1JmT04spSzwdwolVpiC
tWrRRX10pomC284vetwMNiJuYkKEr2TAF+3RRplTVYNWF/qpf57LWYh9wMWLQnoz
hqAzaxGjaBgFsF/tRrYK3TAf/2nFIv/wbZ89N38L2+DKCIQFtp/CAtw2NNrHff68
Ck3rH57/3DgX6ZvG+hZ8og/uZQJnWS6yI8sg6reBiczUCpPzQjz5ebpqUwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHFzUvo4Ww1bzBvIUqmwTiwrzKEkMB8GA1UdIwQY
MBaAFHSlm3+04DT2d3Xyh177/J7/JH6OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEtXYmY3VGdOUFozZGZLSFh2djhudjhrZm80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yYjE5NWUtMGFiYS00N2Q0LThlM2It
YWQzMmVmNDlkNDE5LzEvY1hOUy1qaGJEVnZNRzhoU3FiQk9MQ3ZNb1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yYjE5NWUtMGFiYS00N2Q0LThlM2ItYWQzMmVmNDlkNDE5
LzEvZEtXYmY3VGdOUFozZGZLSFh2djhudjhrZm80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXpxLAwQC
uSXoAwQAwje7MA0GCSqGSIb3DQEBCwUAA4IBAQBqsUDK0jVovrLD1eQRE4gYMoPo
WR7YM0wfDnx8JPW8RVrthChid0MwCQzuuYLbsQSF0RXOMF8QDulN1AzKBsWegHLu
Q34dHgxDvPg9pJio4LG+xfvz9g3icorWgmxXMtpA9EolkGRL9MZNVzaI9oANEFQI
pIqBL2qcxVZ7GguzogcfHNgLk6ieF2eqAxDr3WM+cVM6NUy1jYuFfY01YPpH0CGE
W+CyV7pKCZS3LvU3kPNN1LovNkJ3asHcCi1Rzd/Hc8xnzYk9yyUyBhB9HWEyfJ3z
PY2a01zwxzai3tqZvMMtyG4Q4F3XIIoOShnRUG4IoxQ7bZ5jhKg2to3Oje9f
-----END CERTIFICATE-----
Generated at Sun Jul 27 07:51:59 2025 by rpki-client