Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/u2jjT9a7gurHsCBuG6MLd36hk6U.roa
File: u2jjT9a7gurHsCBuG6MLd36hk6U.roa (raw, json)
Hash identifier: 5ifFXhTaQ0rt9DDM8OyMYLPCzUHaKXbmifUQMc2oMtc=
Subject key identifier: BB:68:E3:4F:D6:BB:82:EA:C7:B0:20:6E:1B:A3:0B:77:7E:A1:93:A5
Certificate issuer: /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial: 019730AE97669DA2439210ADAC84CC5201A8
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/u2jjT9a7gurHsCBuG6MLd36hk6U.roa
Signing time: Mon 02 Jun 2025 12:47:17 +0000
ROA not before: Mon 02 Jun 2025 12:47:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204666
IP address blocks: 37.221.240.0/20 maxlen: 24
45.153.192.0/22 maxlen: 24
45.153.194.0/24 maxlen: 24
45.153.195.0/24 maxlen: 24
85.255.88.0/22 maxlen: 24
185.19.0.0/22 maxlen: 24
185.52.172.0/23 maxlen: 24
185.64.220.0/22 maxlen: 24
185.74.60.0/23 maxlen: 24
185.97.24.0/22 maxlen: 24
185.97.24.0/24 maxlen: 24
185.97.25.0/24 maxlen: 24
185.97.26.0/24 maxlen: 24
185.188.100.0/22 maxlen: 24
185.188.101.0/24 maxlen: 24
185.188.103.0/24 maxlen: 24
195.12.39.0/24 maxlen: 24
213.108.162.0/23 maxlen: 24
213.108.162.0/24 maxlen: 24
2a03:d840::/32 maxlen: 32
2a04:c740::/29 maxlen: 29
2a04:f940::/29 maxlen: 29
2a0a:10c0::/29 maxlen: 29
2a0d:3140::/29 maxlen: 29
2a0f:9300::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 18:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:30:ae:97:66:9d:a2:43:92:10:ad:ac:84:cc:52:01:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Validity
Not Before: Jun 2 12:47:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bb68e34fd6bb82eac7b0206e1ba30b777ea193a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:8b:c1:47:81:97:f9:ac:87:19:2a:a1:13:e6:
cf:df:b1:01:24:9b:d8:d9:6a:0b:6d:c6:f3:0e:5c:
01:3d:6a:a8:15:7b:15:8e:5c:ba:6c:6f:5c:69:2e:
5f:33:3d:f3:a3:1a:ed:3e:30:11:fa:25:6d:6c:df:
ba:7b:e7:58:14:ef:07:d9:da:c9:f3:b0:77:32:da:
e9:29:59:e3:a5:81:49:42:6c:47:79:42:26:5d:1a:
7f:d0:1e:46:42:a8:d6:29:39:9e:21:15:a7:02:81:
2f:0f:6e:d3:05:43:bb:40:db:3a:40:58:a5:9b:33:
ae:ce:8e:5f:02:66:d1:bf:b7:f2:c0:9d:49:6d:56:
22:7b:9e:28:4d:0a:3a:07:3c:bc:dc:10:aa:78:64:
7e:0d:e1:d6:38:b4:c3:d2:18:30:b3:dd:73:0a:8d:
5a:4c:bc:ee:d6:77:48:12:6c:4f:66:b6:8f:c1:81:
87:64:b8:f1:8b:c9:28:45:12:0b:fd:5f:46:0b:c4:
c5:c4:d2:29:c7:f6:35:e5:81:44:dd:fa:d3:11:90:
62:95:8b:54:3b:14:5a:21:b9:33:f3:58:2f:1b:18:
ea:f0:ac:f6:96:5f:46:f4:72:1d:e7:ec:ab:e6:59:
5c:78:44:74:b7:b5:44:17:86:68:bc:9c:d0:40:b3:
80:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:68:E3:4F:D6:BB:82:EA:C7:B0:20:6E:1B:A3:0B:77:7E:A1:93:A5
X509v3 Authority Key Identifier:
keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/u2jjT9a7gurHsCBuG6MLd36hk6U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.240.0/20
45.153.192.0/22
85.255.88.0/22
185.19.0.0/22
185.52.172.0/23
185.64.220.0/22
185.74.60.0/23
185.97.24.0/22
185.188.100.0/22
195.12.39.0/24
213.108.162.0/23
IPv6:
2a03:d840::/32
2a04:c740::/29
2a04:f940::/29
2a0a:10c0::/29
2a0d:3140::/29
2a0f:9300::/29
Signature Algorithm: sha256WithRSAEncryption
af:72:f3:ed:5e:c5:23:e0:a8:a3:e9:23:a5:b8:3f:dc:99:43:
1a:10:e2:91:f9:68:53:54:b2:1c:ef:8f:68:a8:64:8e:52:36:
d6:bd:d6:ce:e2:4f:1a:29:94:e7:f3:73:2b:a1:4d:bc:bd:bf:
6f:4c:c4:1b:9c:45:ac:c7:5a:36:f0:a9:17:18:fc:6c:01:e9:
08:79:6c:ea:cd:39:2c:91:01:e4:4d:14:58:44:b7:93:91:aa:
30:3e:a5:b2:d1:62:22:51:2e:96:ce:75:2e:61:31:35:7c:df:
20:94:bc:e8:62:96:79:93:f7:ee:6e:a1:44:f5:49:c5:be:8a:
50:f1:54:2c:0f:ae:10:27:e4:c8:de:55:51:ea:01:a2:c1:97:
2c:ab:fc:e6:9c:ac:76:f8:42:b6:78:88:65:76:5e:04:ff:c4:
df:bc:ef:97:69:0e:92:3a:65:34:55:33:4d:da:f1:48:eb:ad:
c1:16:cf:f3:d6:c5:32:8b:92:8e:b0:38:dc:62:b0:58:da:6a:
e2:10:fa:53:07:76:5e:45:ed:d3:a9:ee:62:43:df:c0:ef:4d:
4c:00:ae:f9:3c:39:d9:a2:ee:8b:25:64:5d:2e:d7:61:f6:5f:
2c:1f:0c:69:e3:ef:8a:cf:29:70:e2:2e:8e:5e:2f:67:d0:96:
ee:e2:0a:76
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAZcwrpdmnaJDkhCtrITMUgGoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjUwNjAyMTI0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjY4ZTM0ZmQ2YmI4MmVhYzdiMDIwNmUxYmEzMGI3NzdlYTE5M2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4vBR4GX+ayHGSqhE+bP37EBJJvY
2WoLbcbzDlwBPWqoFXsVjly6bG9caS5fMz3zoxrtPjAR+iVtbN+6e+dYFO8H2drJ
87B3MtrpKVnjpYFJQmxHeUImXRp/0B5GQqjWKTmeIRWnAoEvD27TBUO7QNs6QFil
mzOuzo5fAmbRv7fywJ1JbVYie54oTQo6Bzy83BCqeGR+DeHWOLTD0hgws91zCo1a
TLzu1ndIEmxPZraPwYGHZLjxi8koRRIL/V9GC8TFxNIpx/Y15YFE3frTEZBilYtU
OxRaIbkz81gvGxjq8Kz2ll9G9HId5+yr5llceER0t7VEF4ZovJzQQLOAywIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFLto40/Wu4Lqx7AgbhujC3d+oZOlMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvdTJqalQ5YTdndXJIc0NCdUc2TUxkMzZoazZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwSAQCAAEwQgMEBCXd8AME
Ai2ZwAMEAlX/WAMEArkTAAMEAbk0rAMEArlA3AMEAblKPAMEArlhGAMEArm8ZAME
AMMMJwMEAdVsojAwBAIAAjAqAwUAKgPYQAMFAyoEx0ADBQMqBPlAAwUDKgoQwAMF
AyoNMUADBQMqD5MAMA0GCSqGSIb3DQEBCwUAA4IBAQCvcvPtXsUj4Kij6SOluD/c
mUMaEOKR+WhTVLIc749oqGSOUjbWvdbO4k8aKZTn83MroU28vb9vTMQbnEWsx1o2
8KkXGPxsAekIeWzqzTkskQHkTRRYRLeTkaowPqWy0WIiUS6WznUuYTE1fN8glLzo
YpZ5k/fubqFE9UnFvopQ8VQsD64QJ+TI3lVR6gGiwZcsq/zmnKx2+EK2eIhldl4E
/8TfvO+XaQ6SOmU0VTNN2vFI663BFs/z1sUyi5KOsDjcYrBY2mriEPpTB3ZeRe3T
qe5iQ9/A701MAK75PDnZou6LJWRdLtdh9l8sHwxp4++Kzylw4i6OXi9n0Jbu4gp2
-----END CERTIFICATE-----
Generated at Sun Jun 8 04:18:08 2025 by rpki-client