Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NTnXwAS11vBx9uODrJfyaGNN5Ss.roa
File: NTnXwAS11vBx9uODrJfyaGNN5Ss.roa (raw, json)
Hash identifier: EijgEOABE80sHOINEi/ubxbkq378nPTJzNYE2/kKYDI=
Subject key identifier: 35:39:D7:C0:04:B5:D6:F0:71:F6:E3:83:AC:97:F2:68:63:4D:E5:2B
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019875335915B269A8734E32A9ACA6899136
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NTnXwAS11vBx9uODrJfyaGNN5Ss.roa
Signing time: Mon 04 Aug 2025 13:09:16 +0000
ROA not before: Mon 04 Aug 2025 13:09:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215540
IP address blocks: 5.253.59.0/24 maxlen: 24
85.208.139.0/24 maxlen: 24
87.120.219.0/24 maxlen: 24
87.120.219.0/32 maxlen: 32
87.120.222.0/24 maxlen: 24
87.121.47.0/24 maxlen: 24
171.22.16.0/24 maxlen: 24
212.87.222.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 07 Aug 2025 08:00:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:75:33:59:15:b2:69:a8:73:4e:32:a9:ac:a6:89:91:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 4 13:09:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3539d7c004b5d6f071f6e383ac97f268634de52b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:83:8e:bf:8e:6a:b0:dd:ae:5f:6d:5a:ab:ee:
4c:f3:28:1a:2b:e1:85:47:d2:73:45:10:b2:6c:f8:
2c:70:ec:22:9d:5d:11:16:89:ba:34:41:e4:f5:44:
e2:2e:79:9c:2c:3d:5d:5a:1b:fb:f7:71:e7:7d:ad:
6b:5d:9a:3b:b0:8b:ac:57:cb:68:14:5d:d1:04:79:
da:26:11:df:6f:b5:05:10:d1:07:09:cd:63:31:9a:
ad:be:60:c1:91:3c:53:4b:2c:44:02:6c:e0:72:1d:
0f:32:bf:eb:9d:aa:0b:14:5e:0c:00:b8:39:f9:ea:
3c:02:c5:64:47:db:ca:92:c6:62:bc:6f:ec:99:71:
2b:03:ef:12:1a:07:21:91:50:2a:35:f5:c1:11:bf:
56:60:fd:11:76:c1:d8:f3:84:b2:b3:15:6b:b2:dd:
27:df:5b:60:d1:fe:82:d8:d9:6f:01:aa:f1:79:d7:
e3:05:ad:bb:70:fa:e1:1e:3d:b4:cc:cb:69:d2:5d:
0f:de:8c:c7:44:0c:aa:e7:6f:eb:ff:88:7a:a8:6d:
43:46:27:58:93:a7:de:7b:5c:8c:72:e9:f3:ae:8d:
a2:93:df:aa:88:4a:80:3d:04:be:04:7e:7f:86:5d:
31:37:e9:b4:e3:3d:ef:d7:c8:c7:86:3e:e3:6d:d7:
36:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:39:D7:C0:04:B5:D6:F0:71:F6:E3:83:AC:97:F2:68:63:4D:E5:2B
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NTnXwAS11vBx9uODrJfyaGNN5Ss.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.59.0/24
85.208.139.0/24
87.120.219.0/24
87.120.222.0/24
87.121.47.0/24
171.22.16.0/24
212.87.222.0/24
Signature Algorithm: sha256WithRSAEncryption
53:83:d1:c8:48:4a:62:c7:db:e8:3a:1c:0a:61:2c:33:94:b1:
74:c4:8e:cb:f0:fe:0d:f0:e6:f1:1d:2d:57:b3:27:14:e3:0b:
41:79:a1:88:fe:3e:b2:1b:e8:35:07:57:cf:ad:68:85:9e:76:
33:cf:ba:29:fa:fd:98:1e:b4:3e:e0:ef:7e:85:75:65:da:f3:
3c:c3:e3:75:f7:b9:58:5c:66:9b:78:0b:58:ec:4c:f7:3d:55:
16:32:a0:32:63:b5:3c:0c:7c:b5:66:70:74:9c:bd:60:b9:06:
2e:02:12:8c:36:8e:ad:aa:7a:f6:1a:13:41:3c:35:a2:b4:c4:
9e:64:80:75:a5:45:35:f9:61:0d:5b:c1:ab:7e:54:97:85:75:
19:fc:fa:6d:9c:5f:76:a9:ff:b2:47:f1:81:ff:30:8b:01:68:
46:bc:02:55:9b:6c:e5:dd:cb:b4:e3:b6:8e:18:d8:7e:57:50:
6b:2a:e1:c4:a0:bd:dd:98:03:46:22:37:cf:35:60:b9:8d:ae:
06:56:95:a7:9b:f4:4d:63:98:b8:7f:b2:bd:4f:4a:cd:19:90:
fa:26:bf:44:74:67:3a:d2:fe:ae:dc:01:7b:40:e2:5d:45:d8:
82:ed:9e:66:ef:29:7a:9a:ff:3a:9c:f0:a4:e9:71:79:5a:c0:
15:38:fc:7e
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZh1M1kVsmmoc04yqaymiZE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwODA0MTMwOTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTM5ZDdjMDA0YjVkNmYwNzFmNmUzODNhYzk3ZjI2ODYzNGRlNTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYOOv45qsN2uX21aq+5M8ygaK+GF
R9JzRRCybPgscOwinV0RFom6NEHk9UTiLnmcLD1dWhv793Hnfa1rXZo7sIusV8to
FF3RBHnaJhHfb7UFENEHCc1jMZqtvmDBkTxTSyxEAmzgch0PMr/rnaoLFF4MALg5
+eo8AsVkR9vKksZivG/smXErA+8SGgchkVAqNfXBEb9WYP0RdsHY84SysxVrst0n
31tg0f6C2NlvAarxedfjBa27cPrhHj20zMtp0l0P3ozHRAyq52/r/4h6qG1DRidY
k6fee1yMcunzro2ik9+qiEqAPQS+BH5/hl0xN+m04z3v18jHhj7jbdc2MwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDU518AEtdbwcfbjg6yX8mhjTeUrMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTlRuWHdBUzExdkJ4OXVPRHJKZnlhR05ONVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQABf07AwQA
VdCLAwQAV3jbAwQAV3jeAwQAV3kvAwQAqxYQAwQA1FfeMA0GCSqGSIb3DQEBCwUA
A4IBAQBTg9HISEpix9voOhwKYSwzlLF0xI7L8P4N8ObxHS1XsycU4wtBeaGI/j6y
G+g1B1fPrWiFnnYzz7op+v2YHrQ+4O9+hXVl2vM8w+N197lYXGabeAtY7Ez3PVUW
MqAyY7U8DHy1ZnB0nL1guQYuAhKMNo6tqnr2GhNBPDWitMSeZIB1pUU1+WENW8Gr
flSXhXUZ/PptnF92qf+yR/GB/zCLAWhGvAJVm2zl3cu047aOGNh+V1BrKuHEoL3d
mANGIjfPNWC5ja4GVpWnm/RNY5i4f7K9T0rNGZD6Jr9EdGc60v6u3AF7QOJdRdiC
7Z5m7yl6mv86nPCk6XF5WsAVOPx+
-----END CERTIFICATE-----
Generated at Wed Aug 6 12:39:05 2025 by rpki-client