Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/ZHD5dava3w2N4kCoC2nNmHFgkaE.roa
File: ZHD5dava3w2N4kCoC2nNmHFgkaE.roa (raw, json)
Hash identifier: gwDwlr/q6X598Hy0yc+sN6UItT1+TQ/iMV+TYJ9WvQ8=
Subject key identifier: 64:70:F9:75:AB:DA:DF:0D:8D:E2:40:A8:0B:69:CD:98:71:60:91:A1
Certificate issuer: /CN=29f6a300bf7d40b7f8d6181c5b8a7dbc71b7d123
Certificate serial: 01971B6071E37497BF396E24D73F0B9DCAFA
Authority key identifier: 29:F6:A3:00:BF:7D:40:B7:F8:D6:18:1C:5B:8A:7D:BC:71:B7:D1:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/ZHD5dava3w2N4kCoC2nNmHFgkaE.roa
Signing time: Thu 29 May 2025 09:29:54 +0000
ROA not before: Thu 29 May 2025 09:29:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24753
IP address blocks: 62.32.32.0/19 maxlen: 24
62.32.32.0/24 maxlen: 24
81.85.52.0/22 maxlen: 22
81.85.96.0/22 maxlen: 22
81.85.100.0/24 maxlen: 24
81.85.160.0/20 maxlen: 20
89.21.160.0/19 maxlen: 19
213.187.128.0/19 maxlen: 19
213.187.146.0/24 maxlen: 24
2a00:df8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.mft
rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 11:44:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:1b:60:71:e3:74:97:bf:39:6e:24:d7:3f:0b:9d:ca:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29f6a300bf7d40b7f8d6181c5b8a7dbc71b7d123
Validity
Not Before: May 29 09:29:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6470f975abdadf0d8de240a80b69cd98716091a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:69:45:a4:61:33:72:2f:dd:61:cc:18:f4:68:
f3:13:13:00:6d:48:fe:ba:9d:f5:d1:20:23:fa:48:
55:43:83:62:6c:99:23:58:09:f0:6b:60:c8:99:ad:
af:ae:90:cc:f3:76:f1:47:f5:65:d7:73:e7:28:e3:
42:3e:45:9c:e2:ea:43:c9:be:0e:c6:90:22:f0:4a:
da:14:1a:c3:ab:8f:c9:1d:02:cb:b8:02:8a:77:66:
60:18:2f:76:ce:9d:80:8a:5f:31:82:fa:ef:4c:bc:
a7:5f:6f:87:44:0f:1c:8b:d5:dd:8d:7f:8f:f2:e1:
a0:bf:4f:20:53:23:4a:1c:1e:b6:e9:38:3c:26:de:
fd:66:e2:05:b6:63:46:0d:a2:06:03:eb:cd:a0:f2:
55:58:a5:5d:6d:7e:e3:6f:48:7c:0f:e7:30:83:25:
4a:7f:7b:38:b3:60:3c:52:3b:6d:b0:44:de:73:f4:
2f:5f:3b:a7:61:c9:e3:0b:54:9c:f7:bc:84:5d:32:
08:26:0b:a2:46:90:76:63:67:4e:dc:05:81:92:0c:
b0:29:dd:5a:ef:4e:bc:6c:28:39:94:ab:6f:cb:15:
73:ea:83:2a:8b:91:c2:3e:fe:6e:be:9a:d4:6e:e0:
15:6c:8e:92:2c:65:b4:34:3f:7e:53:51:7c:66:51:
f7:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:70:F9:75:AB:DA:DF:0D:8D:E2:40:A8:0B:69:CD:98:71:60:91:A1
X509v3 Authority Key Identifier:
keyid:29:F6:A3:00:BF:7D:40:B7:F8:D6:18:1C:5B:8A:7D:BC:71:B7:D1:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/ZHD5dava3w2N4kCoC2nNmHFgkaE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.32.32.0/19
81.85.52.0/22
81.85.96.0-81.85.100.255
81.85.160.0/20
89.21.160.0/19
213.187.128.0/19
IPv6:
2a00:df8::/32
Signature Algorithm: sha256WithRSAEncryption
ad:38:a4:69:c5:70:1e:0b:a1:6c:93:ce:8f:c9:79:9e:a3:ed:
f1:de:8a:24:d2:30:bd:97:c1:43:e7:76:e8:64:c6:ee:00:3c:
1c:73:0e:5e:9d:64:fd:28:a2:cd:53:87:b5:51:6d:4f:66:16:
90:8d:84:a9:0a:2d:da:69:20:2a:29:58:31:ec:bb:8b:37:aa:
96:14:ff:d1:b3:db:c7:ed:92:dc:fb:f8:83:b1:2c:33:8a:2d:
8d:3b:2f:8e:14:6b:98:eb:d5:ce:46:b1:46:50:e6:03:ab:04:
06:cb:68:3a:cb:46:ac:0b:9b:e5:e4:61:3e:92:13:2b:d4:9b:
cd:0d:ac:bd:f5:b0:7c:d6:63:7c:a8:f5:bb:cc:ae:72:29:4e:
53:cb:6a:b0:fa:15:01:79:c1:45:ba:d7:35:9e:39:d7:76:ce:
bd:e1:2f:f6:ba:78:e1:e7:eb:5f:a7:f4:16:73:b1:71:75:89:
15:a2:f4:77:60:15:55:8d:19:aa:4e:bf:6e:03:54:ee:d3:fa:
0c:21:01:d5:4d:e6:26:d6:9d:a7:f0:31:cc:ad:0c:63:56:cb:
f7:b3:74:30:39:7e:97:a2:8e:4b:d1:1d:4e:eb:38:50:c6:a6:
7c:f5:c5:cc:fb:e5:8f:c7:ce:40:fa:7e:40:42:5b:df:72:f5:
2f:a5:bc:15
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZcbYHHjdJe/OW4k1z8Lncr6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZjZhMzAwYmY3ZDQwYjdmOGQ2MTgxYzViOGE3ZGJjNzFi
N2QxMjMwHhcNMjUwNTI5MDkyOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDcwZjk3NWFiZGFkZjBkOGRlMjQwYTgwYjY5Y2Q5ODcxNjA5MWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2lFpGEzci/dYcwY9GjzExMAbUj+
up310SAj+khVQ4NibJkjWAnwa2DIma2vrpDM83bxR/Vl13PnKONCPkWc4upDyb4O
xpAi8EraFBrDq4/JHQLLuAKKd2ZgGC92zp2Ail8xgvrvTLynX2+HRA8ci9XdjX+P
8uGgv08gUyNKHB626Tg8Jt79ZuIFtmNGDaIGA+vNoPJVWKVdbX7jb0h8D+cwgyVK
f3s4s2A8UjttsETec/QvXzunYcnjC1Sc97yEXTIIJguiRpB2Y2dO3AWBkgywKd1a
7068bCg5lKtvyxVz6oMqi5HCPv5uvprUbuAVbI6SLGW0ND9+U1F8ZlH3YwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFGRw+XWr2t8NjeJAqAtpzZhxYJGhMB8GA1UdIwQY
MBaAFCn2owC/fUC3+NYYHFuKfbxxt9EjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZhakFMOTlRTGY0MWhnY1c0cDl2SEczMFNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hYWY0OWMtODNkZC00NmFhLThjZTct
Yjg0YzQxM2RmYWE0LzEvWkhENWRhdmEzdzJONGtDb0Mybk5tSEZna2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hYWY0OWMtODNkZC00NmFhLThjZTctYjg0YzQxM2RmYWE0
LzEvS2ZhakFMOTlRTGY0MWhnY1c0cDl2SEczMFNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQFPiAgAwQC
UVU0MAwDBAVRVWADBABRVWQDBARRVaADBAVZFaADBAXVu4AwDQQCAAIwBwMFACoA
DfgwDQYJKoZIhvcNAQELBQADggEBAK04pGnFcB4LoWyTzo/JeZ6j7fHeiiTSML2X
wUPnduhkxu4APBxzDl6dZP0oos1Th7VRbU9mFpCNhKkKLdppICopWDHsu4s3qpYU
/9Gz28ftktz7+IOxLDOKLY07L44Ua5jr1c5GsUZQ5gOrBAbLaDrLRqwLm+XkYT6S
EyvUm80NrL31sHzWY3yo9bvMrnIpTlPLarD6FQF5wUW61zWeOdd2zr3hL/a6eOHn
61+n9BZzsXF1iRWi9HdgFVWNGapOv24DVO7T+gwhAdVN5ibWnafwMcytDGNWy/ez
dDA5fpeijkvRHU7rOFDGpnz1xcz75Y/HzkD6fkBCW99y9S+lvBU=
-----END CERTIFICATE-----
Generated at Sun Jun 8 14:50:30 2025 by rpki-client