Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/naypdgUswOoY0VbvP0ct5rrGsM8.roa
File: naypdgUswOoY0VbvP0ct5rrGsM8.roa (raw, json)
Hash identifier: 1hUDocDdbIGzUD8snNPVppdFRKe/ALQTrWEQDb35JSw=
Subject key identifier: 9D:AC:A9:76:05:2C:C0:EA:18:D1:56:EF:3F:47:2D:E6:BA:C6:B0:CF
Certificate issuer: /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial: 01972FCC1BF70E8C377469B959B6F1AD43E4
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/naypdgUswOoY0VbvP0ct5rrGsM8.roa
Signing time: Mon 02 Jun 2025 08:39:54 +0000
ROA not before: Mon 02 Jun 2025 08:39:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 28708
IP address blocks: 80.10.4.0/23 maxlen: 24
80.10.43.0/24 maxlen: 24
80.10.46.0/24 maxlen: 24
80.10.159.0/24 maxlen: 24
80.10.161.0/24 maxlen: 24
80.12.66.0/23 maxlen: 24
80.12.68.0/23 maxlen: 24
80.12.70.0/24 maxlen: 24
80.12.100.0/23 maxlen: 24
80.12.102.0/24 maxlen: 24
80.12.209.0/24 maxlen: 24
80.12.210.0/24 maxlen: 24
81.253.0.0/18 maxlen: 24
81.253.64.0/19 maxlen: 24
90.84.144.0/23 maxlen: 23
90.84.146.0/24 maxlen: 24
90.84.147.0/24 maxlen: 24
90.96.0.0/16 maxlen: 24
193.251.116.0/24 maxlen: 24
193.253.10.0/24 maxlen: 24
193.253.78.0/23 maxlen: 24
193.253.141.0/24 maxlen: 24
193.253.142.0/23 maxlen: 24
193.253.168.0/24 maxlen: 24
193.253.169.0/24 maxlen: 24
193.253.170.0/24 maxlen: 24
194.250.131.0/24 maxlen: 24
2a01:cd00::/31 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 22:50:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:2f:cc:1b:f7:0e:8c:37:74:69:b9:59:b6:f1:ad:43:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
Validity
Not Before: Jun 2 08:39:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9daca976052cc0ea18d156ef3f472de6bac6b0cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:3e:1d:1e:41:07:1c:2d:ea:5d:91:e4:04:e3:
6f:4c:b0:20:a7:24:03:00:fd:0e:59:30:7c:39:16:
50:33:1b:16:d2:7a:97:37:d4:93:69:f3:9d:0e:8a:
13:c4:81:1d:70:b4:b5:f1:6f:53:3a:74:9a:dc:cc:
fe:a1:24:bf:ce:5d:ef:33:7b:40:07:30:0c:ec:b3:
be:19:02:65:26:7c:69:b4:1d:43:45:b5:2f:5c:ba:
8d:58:67:49:77:c8:bf:7e:e6:16:d3:3f:72:2a:10:
87:6e:76:76:f1:18:7d:f1:53:4f:74:35:65:54:0e:
c4:5c:55:68:c5:81:07:3e:ff:6d:e9:78:d4:83:0d:
66:e1:4a:5f:b8:a9:91:27:91:35:86:14:68:65:5e:
12:91:ca:cc:dc:52:3b:0b:e7:56:77:d6:1f:c3:01:
0a:09:8a:31:58:c5:21:79:6f:00:63:5e:c6:b2:52:
8c:dd:df:99:16:64:94:9f:57:ce:32:df:58:7e:d0:
32:02:a5:2a:18:3e:72:c2:56:3c:60:a2:c1:4a:c1:
be:3e:d7:97:e4:08:33:3c:46:f0:b3:c3:fa:b8:bc:
6d:04:b0:a1:7a:a7:86:9e:e7:11:4a:85:e0:cc:a3:
03:c2:ba:31:26:70:3e:28:f7:bd:d5:28:17:a2:9f:
7c:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:AC:A9:76:05:2C:C0:EA:18:D1:56:EF:3F:47:2D:E6:BA:C6:B0:CF
X509v3 Authority Key Identifier:
keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/naypdgUswOoY0VbvP0ct5rrGsM8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.10.4.0/23
80.10.43.0/24
80.10.46.0/24
80.10.159.0/24
80.10.161.0/24
80.12.66.0-80.12.70.255
80.12.100.0-80.12.102.255
80.12.209.0-80.12.210.255
81.253.0.0-81.253.95.255
90.84.144.0/22
90.96.0.0/16
193.251.116.0/24
193.253.10.0/24
193.253.78.0/23
193.253.141.0-193.253.143.255
193.253.168.0-193.253.170.255
194.250.131.0/24
IPv6:
2a01:cd00::/31
Signature Algorithm: sha256WithRSAEncryption
6a:82:51:2c:c2:02:90:c9:d7:dc:4d:95:7f:72:5f:f0:dd:a1:
cb:da:70:fc:35:6c:d6:e1:70:69:72:f2:2f:aa:35:78:74:df:
20:88:1c:5d:2e:fc:38:b1:a5:a3:a7:62:e1:56:6e:a9:12:b3:
96:aa:63:96:23:c7:d5:65:1b:fe:9d:9b:b0:29:a1:22:56:2a:
68:7f:1a:33:76:9d:71:41:95:d1:53:70:15:c0:28:b2:69:3d:
bc:e2:59:61:95:fb:8d:2b:06:88:6c:1c:d9:5a:99:8c:d8:dc:
5b:16:c7:4b:42:99:b9:0e:70:e2:eb:d4:f8:42:a4:da:0d:05:
6c:9e:a2:4b:e1:94:ed:a8:2f:36:f8:25:82:d3:e9:23:c0:d3:
81:3b:4c:3a:79:13:55:42:5b:7d:65:39:03:b6:88:a9:6e:cc:
fb:da:7c:16:e8:ba:72:dd:d2:cf:eb:df:4f:d1:91:90:b0:69:
a7:85:93:53:d8:41:c4:2d:e5:b0:2f:dd:89:f8:f8:6b:73:3a:
ec:08:a4:89:0c:0d:05:97:cb:eb:ad:8f:10:89:bb:12:3a:47:
83:46:74:f7:84:13:ac:a0:2c:68:d7:b1:bd:f5:57:3d:33:3e:
86:9e:f3:90:fb:29:3d:0f:85:bd:c2:97:21:2b:e4:a5:da:4d:
7f:7c:f8:30
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgISAZcvzBv3Dow3dGm5WbbxrUPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwNjAyMDgzOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGFjYTk3NjA1MmNjMGVhMThkMTU2ZWYzZjQ3MmRlNmJhYzZiMGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoz4dHkEHHC3qXZHkBONvTLAgpyQD
AP0OWTB8ORZQMxsW0nqXN9STafOdDooTxIEdcLS18W9TOnSa3Mz+oSS/zl3vM3tA
BzAM7LO+GQJlJnxptB1DRbUvXLqNWGdJd8i/fuYW0z9yKhCHbnZ28Rh98VNPdDVl
VA7EXFVoxYEHPv9t6XjUgw1m4UpfuKmRJ5E1hhRoZV4SkcrM3FI7C+dWd9YfwwEK
CYoxWMUheW8AY17GslKM3d+ZFmSUn1fOMt9YftAyAqUqGD5ywlY8YKLBSsG+PteX
5AgzPEbws8P6uLxtBLCheqeGnucRSoXgzKMDwroxJnA+KPe91SgXop986wIDAQAB
o4ICqzCCAqcwHQYDVR0OBBYEFJ2sqXYFLMDqGNFW7z9HLea6xrDPMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvbmF5cGRnVXN3T29ZMFZidlAwY3Q1cnJHc004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHABggrBgEFBQcBBwEB/wSBsDCBrTCBmwQCAAEwgZQDBAFQ
CgQDBABQCisDBABQCi4DBABQCp8DBABQCqEwDAMEAVAMQgMEAFAMRjAMAwQCUAxk
AwQAUAxmMAwDBABQDNEDBABQDNIwCwMDAFH9AwQFUf1AAwQCWlSQAwMAWmADBADB
+3QDBADB/QoDBAHB/U4wDAMEAMH9jQMEBMH9gDAMAwQDwf2oAwQAwf2qAwQAwvqD
MA0EAgACMAcDBQEqAc0AMA0GCSqGSIb3DQEBCwUAA4IBAQBqglEswgKQydfcTZV/
cl/w3aHL2nD8NWzW4XBpcvIvqjV4dN8giBxdLvw4saWjp2LhVm6pErOWqmOWI8fV
ZRv+nZuwKaEiVipofxozdp1xQZXRU3AVwCiyaT284llhlfuNKwaIbBzZWpmM2Nxb
FsdLQpm5DnDi69T4QqTaDQVsnqJL4ZTtqC82+CWC0+kjwNOBO0w6eRNVQlt9ZTkD
toipbsz72nwW6Lpy3dLP699P0ZGQsGmnhZNT2EHELeWwL92J+PhrczrsCKSJDA0F
l8vrrY8QibsSOkeDRnT3hBOsoCxo17G99Vc9Mz6GnvOQ+yk9D4W9wpchK+Sl2k1/
fPgw
-----END CERTIFICATE-----
Generated at Sat Jun 7 06:36:20 2025 by rpki-client