Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/NzknDmn-TkBLhhCh3FNFS-0Flmg.roa
File: NzknDmn-TkBLhhCh3FNFS-0Flmg.roa (raw, json)
Hash identifier: s7se3/xdnMDjGZBCBbuaiotf7JHLKV6q0JTbfM402gw=
Subject key identifier: 37:39:27:0E:69:FE:4E:40:4B:86:10:A1:DC:53:45:4B:ED:05:96:68
Certificate issuer: /CN=b307c87e7b6e294f2700790eef19e82939d85cd6
Certificate serial: 0197356282F499E43FC06F08408A1A980E4E
Authority key identifier: B3:07:C8:7E:7B:6E:29:4F:27:00:79:0E:EF:19:E8:29:39:D8:5C:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/NzknDmn-TkBLhhCh3FNFS-0Flmg.roa
Signing time: Tue 03 Jun 2025 10:42:17 +0000
ROA not before: Tue 03 Jun 2025 10:42:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212330
IP address blocks: 31.223.185.0/24 maxlen: 24
45.113.239.0/24 maxlen: 24
86.105.220.0/24 maxlen: 24
86.111.150.0/24 maxlen: 24
86.111.151.0/24 maxlen: 24
93.115.252.0/24 maxlen: 24
94.176.40.0/24 maxlen: 24
103.229.80.0/24 maxlen: 24
185.16.25.0/24 maxlen: 24
185.96.160.0/24 maxlen: 24
185.113.104.0/24 maxlen: 24
185.113.106.0/24 maxlen: 24
193.3.137.0/24 maxlen: 24
2a10:fa42::/32 maxlen: 32
2a10:fa43::/32 maxlen: 32
2a10:fa44:a00::/40 maxlen: 40
2a10:fa45::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.mft
rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 11:44:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:35:62:82:f4:99:e4:3f:c0:6f:08:40:8a:1a:98:0e:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b307c87e7b6e294f2700790eef19e82939d85cd6
Validity
Not Before: Jun 3 10:42:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3739270e69fe4e404b8610a1dc53454bed059668
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:f6:56:2f:68:56:a1:03:15:af:91:ab:46:e9:
71:2c:e5:09:9a:a6:cd:23:b7:4c:3c:0a:de:9a:a2:
23:27:d1:6e:73:29:6c:59:9a:28:89:a2:66:2b:a0:
e7:bf:b7:86:c1:a5:4a:5b:d5:56:33:d6:bb:9a:12:
21:d1:9c:ff:92:71:59:74:e6:52:82:e6:56:9e:55:
9a:17:71:d1:fb:fc:63:46:65:b6:85:0f:fa:7d:81:
fb:43:6a:33:c5:b3:d5:90:c7:c4:57:be:a8:f4:f1:
14:e1:ee:4e:fd:6c:95:ea:ba:9c:f2:54:54:62:46:
88:0f:05:3f:db:ea:f4:83:09:7e:2b:0f:fa:68:bf:
14:85:92:8a:89:19:9f:a3:85:f1:56:01:28:a0:fb:
20:a0:52:a9:6d:1d:94:e2:69:bf:a8:36:74:b6:7e:
10:c2:7f:5f:18:7b:26:1a:0a:25:ea:56:d0:fc:74:
67:74:2f:a2:3b:69:ee:69:32:59:1c:16:ab:7d:47:
1e:51:3c:8c:2b:79:97:04:b4:36:35:85:dd:cc:3f:
f9:bc:f0:f9:ed:52:fd:a6:71:69:d4:0f:58:0f:20:
c3:69:b4:94:39:c0:3f:5b:1b:0e:30:f3:13:d4:3b:
96:93:05:12:06:02:e2:3e:36:b0:08:83:4d:96:2d:
33:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:39:27:0E:69:FE:4E:40:4B:86:10:A1:DC:53:45:4B:ED:05:96:68
X509v3 Authority Key Identifier:
keyid:B3:07:C8:7E:7B:6E:29:4F:27:00:79:0E:EF:19:E8:29:39:D8:5C:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/NzknDmn-TkBLhhCh3FNFS-0Flmg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.223.185.0/24
45.113.239.0/24
86.105.220.0/24
86.111.150.0/23
93.115.252.0/24
94.176.40.0/24
103.229.80.0/24
185.16.25.0/24
185.96.160.0/24
185.113.104.0/24
185.113.106.0/24
193.3.137.0/24
IPv6:
2a10:fa42::/31
2a10:fa44:a00::/40
2a10:fa45::/32
Signature Algorithm: sha256WithRSAEncryption
b0:78:14:a2:b2:47:d4:c2:1e:c0:4e:5e:56:1b:93:8e:15:62:
70:8a:9e:4c:94:d3:d9:1c:83:ec:de:3d:42:8a:01:7c:27:07:
9f:5f:66:f6:e0:4d:b3:62:5f:06:13:29:93:0f:aa:3c:b7:d4:
40:48:c2:a7:0d:db:c7:15:3f:f6:04:94:7e:03:b5:e9:7f:bc:
32:ce:99:4a:6a:d1:8a:7b:44:e0:ed:f5:ca:b1:b9:ae:4c:d8:
dc:b1:12:c7:ae:c6:08:53:9c:35:ce:da:d7:ac:25:22:4c:76:
a1:97:54:fd:a4:c2:d6:29:34:8c:46:d0:a9:bd:b6:71:57:56:
6c:4e:93:3f:7f:ef:ee:09:01:5c:36:cf:e4:e2:bf:b6:6c:9a:
6f:8e:43:73:fc:74:61:0a:d1:20:2a:14:85:2b:6e:50:3c:86:
23:40:a2:7f:f8:bf:aa:b3:d4:77:39:85:a7:79:c5:2e:92:25:
2d:0e:7e:92:fe:f4:b0:88:a9:33:5a:9d:6b:a9:50:84:30:62:
a8:97:dc:9f:d7:70:f4:3f:37:a4:d4:21:12:95:dd:00:d5:3f:
5c:39:0a:11:f6:b3:9f:27:8d:b4:c5:f0:a4:40:60:99:3d:9e:
e5:8c:0d:14:5b:e5:79:bc:6f:26:e5:30:4e:f3:6b:b8:66:f7:
b8:18:fc:76
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZc1YoL0meQ/wG8IQIoamA5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMDdjODdlN2I2ZTI5NGYyNzAwNzkwZWVmMTllODI5Mzlk
ODVjZDYwHhcNMjUwNjAzMTA0MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzM5MjcwZTY5ZmU0ZTQwNGI4NjEwYTFkYzUzNDU0YmVkMDU5NjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vZWL2hWoQMVr5GrRulxLOUJmqbN
I7dMPAremqIjJ9FucylsWZooiaJmK6Dnv7eGwaVKW9VWM9a7mhIh0Zz/knFZdOZS
guZWnlWaF3HR+/xjRmW2hQ/6fYH7Q2ozxbPVkMfEV76o9PEU4e5O/WyV6rqc8lRU
YkaIDwU/2+r0gwl+Kw/6aL8UhZKKiRmfo4XxVgEooPsgoFKpbR2U4mm/qDZ0tn4Q
wn9fGHsmGgol6lbQ/HRndC+iO2nuaTJZHBarfUceUTyMK3mXBLQ2NYXdzD/5vPD5
7VL9pnFp1A9YDyDDabSUOcA/WxsOMPMT1DuWkwUSBgLiPjawCINNli0zuQIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFDc5Jw5p/k5AS4YQodxTRUvtBZZoMB8GA1UdIwQY
MBaAFLMHyH57bilPJwB5Du8Z6Ck52FzWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3dmSWZudHVLVThuQUhrTzd4bm9LVG5ZWE5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kYTY0MmEtYTZhYi00NzA1LTk1ODct
NjQ5NDVhNGY4ZTEyLzEvTnprbkRtbi1Ua0JMaGhDaDNGTkZTLTBGbG1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kYTY0MmEtYTZhYi00NzA1LTk1ODctNjQ5NDVhNGY4ZTEy
LzEvc3dmSWZudHVLVThuQUhrTzd4bm9LVG5ZWE5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBOBAIAATBIAwQAH9+5AwQA
LXHvAwQAVmncAwQBVm+WAwQAXXP8AwQAXrAoAwQAZ+VQAwQAuRAZAwQAuWCgAwQA
uXFoAwQAuXFqAwQAwQOJMBwEAgACMBYDBQEqEPpCAwYAKhD6RAoDBQAqEPpFMA0G
CSqGSIb3DQEBCwUAA4IBAQCweBSiskfUwh7ATl5WG5OOFWJwip5MlNPZHIPs3j1C
igF8JwefX2b24E2zYl8GEymTD6o8t9RASMKnDdvHFT/2BJR+A7Xpf7wyzplKatGK
e0Tg7fXKsbmuTNjcsRLHrsYIU5w1ztrXrCUiTHahl1T9pMLWKTSMRtCpvbZxV1Zs
TpM/f+/uCQFcNs/k4r+2bJpvjkNz/HRhCtEgKhSFK25QPIYjQKJ/+L+qs9R3OYWn
ecUukiUtDn6S/vSwiKkzWp1rqVCEMGKol9yf13D0Pzek1CESld0A1T9cOQoR9rOf
J420xfCkQGCZPZ7ljA0UW+V5vG8m5TBO82u4Zve4GPx2
-----END CERTIFICATE-----
Generated at Sun Jun 8 18:28:51 2025 by rpki-client