Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/FEemRqWNX5xhq2yBrzr1C3dcawc.roa
File: FEemRqWNX5xhq2yBrzr1C3dcawc.roa (raw, json)
Hash identifier: zrzqLUFgS0O6VfPSR/q7YlCpjaLeDHcdItec7nZ4p/I=
Subject key identifier: 14:47:A6:46:A5:8D:5F:9C:61:AB:6C:81:AF:3A:F5:0B:77:5C:6B:07
Certificate issuer: /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial: 01991352989F755DA29839A42DE62F29C6A9
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/FEemRqWNX5xhq2yBrzr1C3dcawc.roa
Signing time: Thu 04 Sep 2025 06:03:23 +0000
ROA not before: Thu 04 Sep 2025 06:03:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204666
IP address blocks: 37.221.240.0/20 maxlen: 24
45.153.192.0/22 maxlen: 24
45.153.194.0/24 maxlen: 24
45.153.195.0/24 maxlen: 24
85.255.88.0/22 maxlen: 24
185.19.0.0/22 maxlen: 24
185.52.172.0/23 maxlen: 24
185.64.220.0/22 maxlen: 24
185.74.60.0/23 maxlen: 24
185.97.24.0/22 maxlen: 24
185.97.24.0/24 maxlen: 24
185.97.25.0/24 maxlen: 24
185.97.26.0/24 maxlen: 24
185.188.100.0/22 maxlen: 24
185.188.101.0/24 maxlen: 24
185.188.103.0/24 maxlen: 24
195.12.39.0/24 maxlen: 24
213.108.162.0/23 maxlen: 24
213.108.162.0/24 maxlen: 24
2a03:d840::/32 maxlen: 32
2a03:d840:fe02::/48 maxlen: 48
2a04:c740::/29 maxlen: 29
2a04:f940::/29 maxlen: 29
2a0a:10c0::/29 maxlen: 29
2a0d:3140::/29 maxlen: 29
2a0f:9300::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 06:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:13:52:98:9f:75:5d:a2:98:39:a4:2d:e6:2f:29:c6:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Validity
Not Before: Sep 4 06:03:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1447a646a58d5f9c61ab6c81af3af50b775c6b07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:32:de:9d:c0:da:c3:8d:b7:61:99:e1:0b:f4:
1e:0e:eb:67:d7:f9:8a:de:c7:75:ee:df:dc:05:84:
0c:ba:a7:bb:9d:ff:9c:ac:0c:74:a3:f9:0a:6c:47:
09:46:7f:48:e6:be:f7:84:ab:5e:cc:b7:1f:d2:62:
30:d3:71:f4:e8:fa:9f:74:5b:7a:79:a0:1b:fc:2f:
ac:e0:b8:72:40:95:ff:71:76:9b:1d:72:2c:7f:ed:
18:eb:ba:7f:ad:20:75:c6:17:d7:fa:fa:76:66:f3:
25:0c:ec:1f:8d:0f:a6:60:b7:1d:f7:02:7b:ea:2f:
0d:7e:fb:45:83:86:76:44:eb:13:eb:61:d6:2d:13:
c5:42:0a:6a:9d:90:eb:98:c4:1f:b5:b9:37:0a:3f:
f5:1b:33:21:4f:b7:a1:99:6b:f6:6f:56:6c:69:b9:
e1:c1:ac:88:12:28:d6:82:c2:d0:0c:3d:e8:21:03:
d2:85:aa:13:b8:62:09:94:a6:7d:ba:05:f3:3a:76:
ca:9e:0e:9d:77:71:44:8a:80:be:03:94:93:12:7e:
1b:6d:22:f4:33:d9:6d:d5:7e:e3:d3:72:26:09:81:
8b:9b:af:00:53:9e:ff:1c:73:9c:7a:7a:b7:6f:ee:
86:9c:0a:05:94:18:d7:fb:4b:36:32:bd:10:de:44:
d4:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:47:A6:46:A5:8D:5F:9C:61:AB:6C:81:AF:3A:F5:0B:77:5C:6B:07
X509v3 Authority Key Identifier:
keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/FEemRqWNX5xhq2yBrzr1C3dcawc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.240.0/20
45.153.192.0/22
85.255.88.0/22
185.19.0.0/22
185.52.172.0/23
185.64.220.0/22
185.74.60.0/23
185.97.24.0/22
185.188.100.0/22
195.12.39.0/24
213.108.162.0/23
IPv6:
2a03:d840::/32
2a04:c740::/29
2a04:f940::/29
2a0a:10c0::/29
2a0d:3140::/29
2a0f:9300::/29
Signature Algorithm: sha256WithRSAEncryption
1c:12:87:4b:91:a1:a2:70:43:cd:8c:7a:fb:e3:58:69:fb:78:
ff:34:64:54:95:9d:0b:49:01:d4:fd:c5:ef:93:68:d4:75:11:
82:d7:27:dd:3a:ea:80:ee:04:68:1e:28:20:bc:04:f1:99:12:
12:e8:a1:dc:0b:63:d8:49:34:27:51:59:7a:cb:ed:32:8c:1b:
1b:b2:45:41:2a:e4:3a:6c:48:f8:5a:b2:e7:4d:16:a8:ae:e1:
77:3a:5e:43:d7:dc:9a:36:6f:da:12:bc:e4:64:0e:2c:62:d8:
9d:16:6f:0c:48:42:28:98:65:66:0c:e4:6c:2b:99:be:30:8c:
c6:f7:eb:74:0a:ec:88:a2:49:c8:f5:55:2d:ec:9e:24:9d:60:
1a:e3:30:59:13:6d:10:3e:a6:0c:9b:6b:0b:62:a7:7a:61:0a:
2a:74:9d:fe:c8:f0:40:7e:93:6c:c7:84:77:b9:83:f2:bd:86:
90:d7:9b:fb:c6:73:ae:4d:b2:b3:79:bd:8d:00:0e:14:d0:14:
c2:1c:e8:93:36:bd:35:c2:e2:62:97:23:ad:30:04:a0:5d:62:
a6:0f:00:df:d5:e1:ed:00:fe:e7:b2:17:ba:f1:cf:f5:f0:90:
51:c8:90:37:f8:1a:a5:af:e5:e3:de:c1:eb:a5:06:ec:4a:6e:
4c:5c:10:07
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAZkTUpifdV2imDmkLeYvKcapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjUwOTA0MDYwMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDQ3YTY0NmE1OGQ1ZjljNjFhYjZjODFhZjNhZjUwYjc3NWM2YjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljLencDaw423YZnhC/QeDutn1/mK
3sd17t/cBYQMuqe7nf+crAx0o/kKbEcJRn9I5r73hKtezLcf0mIw03H06PqfdFt6
eaAb/C+s4LhyQJX/cXabHXIsf+0Y67p/rSB1xhfX+vp2ZvMlDOwfjQ+mYLcd9wJ7
6i8NfvtFg4Z2ROsT62HWLRPFQgpqnZDrmMQftbk3Cj/1GzMhT7ehmWv2b1Zsabnh
wayIEijWgsLQDD3oIQPShaoTuGIJlKZ9ugXzOnbKng6dd3FEioC+A5STEn4bbSL0
M9lt1X7j03ImCYGLm68AU57/HHOcenq3b+6GnAoFlBjX+0s2Mr0Q3kTU8QIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFBRHpkaljV+cYatsga869Qt3XGsHMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvRkVlbVJxV05YNXhocTJ5QnJ6cjFDM2RjYXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwSAQCAAEwQgMEBCXd8AME
Ai2ZwAMEAlX/WAMEArkTAAMEAbk0rAMEArlA3AMEAblKPAMEArlhGAMEArm8ZAME
AMMMJwMEAdVsojAwBAIAAjAqAwUAKgPYQAMFAyoEx0ADBQMqBPlAAwUDKgoQwAMF
AyoNMUADBQMqD5MAMA0GCSqGSIb3DQEBCwUAA4IBAQAcEodLkaGicEPNjHr741hp
+3j/NGRUlZ0LSQHU/cXvk2jUdRGC1yfdOuqA7gRoHiggvATxmRIS6KHcC2PYSTQn
UVl6y+0yjBsbskVBKuQ6bEj4WrLnTRaoruF3Ol5D19yaNm/aErzkZA4sYtidFm8M
SEIomGVmDORsK5m+MIzG9+t0CuyIoknI9VUt7J4knWAa4zBZE20QPqYMm2sLYqd6
YQoqdJ3+yPBAfpNsx4R3uYPyvYaQ15v7xnOuTbKzeb2NAA4U0BTCHOiTNr01wuJi
lyOtMASgXWKmDwDf1eHtAP7nshe68c/18JBRyJA3+Bqlr+Xj3sHrpQbsSm5MXBAH
-----END CERTIFICATE-----
Generated at Wed Sep 10 14:20:44 2025 by rpki-client