Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fZmovonOogw3zddQCz8KyFC-G60.roa
File: fZmovonOogw3zddQCz8KyFC-G60.roa (raw, json)
Hash identifier: e0BNZ6Qmv8ZfQ7mnrTNdrJuvduOOObGgl7tOa7kWppM=
Subject key identifier: 7D:99:A8:BE:89:CE:A2:0C:37:CD:D7:50:0B:3F:0A:C8:50:BE:1B:AD
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019865AD421085A0130EF9B83286E9BA753F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fZmovonOogw3zddQCz8KyFC-G60.roa
Signing time: Fri 01 Aug 2025 12:48:30 +0000
ROA not before: Fri 01 Aug 2025 12:48:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215730
IP address blocks: 2.59.253.0/24 maxlen: 24
81.31.192.0/24 maxlen: 24
87.120.89.0/24 maxlen: 24
87.120.93.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 09 Aug 2025 11:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:65:ad:42:10:85:a0:13:0e:f9:b8:32:86:e9:ba:75:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 1 12:48:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7d99a8be89cea20c37cdd7500b3f0ac850be1bad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:75:55:97:66:8c:83:36:05:44:a6:78:28:02:
e7:9c:ed:b7:f6:5d:89:93:b6:17:d5:f9:3d:6e:bd:
72:9d:97:a6:9d:33:bd:cb:0c:62:e0:66:2f:dc:3e:
8d:0c:0a:df:fd:0e:98:e6:ba:9e:bf:49:b0:19:ac:
1a:38:3d:e7:68:ec:e3:9b:f7:d4:dd:51:fd:af:0a:
e3:09:3b:d0:48:fd:64:67:12:1b:ed:52:32:b3:47:
1c:76:97:f4:be:f8:d2:82:54:7d:a5:41:52:a9:b6:
e6:eb:ee:4c:30:e6:5c:11:f3:e4:56:2e:4f:73:7e:
81:1d:10:f4:1e:2b:b3:3c:49:cb:aa:63:41:00:48:
4e:10:ca:a0:d2:d8:19:9b:15:9f:87:2f:83:67:7a:
8f:86:35:e1:16:01:2d:8a:e3:9a:0b:04:0c:04:31:
77:7c:66:aa:7a:c2:28:db:66:6f:f1:91:5a:b0:e5:
13:47:24:c1:82:4e:f1:f7:24:de:c3:f0:ec:8d:cb:
48:9c:e6:6b:d5:39:83:74:74:c9:e4:77:a3:d2:6d:
14:cc:4a:c3:92:46:29:10:50:71:f3:6c:7b:08:0e:
01:4a:fd:79:db:31:c6:a1:53:7b:9b:c6:64:03:cc:
ef:27:04:2a:75:5e:ae:85:58:3e:49:41:16:8f:8d:
44:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:99:A8:BE:89:CE:A2:0C:37:CD:D7:50:0B:3F:0A:C8:50:BE:1B:AD
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fZmovonOogw3zddQCz8KyFC-G60.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
81.31.192.0/24
87.120.89.0/24
87.120.93.0/24
87.120.126.0/24
93.123.85.0/24
94.156.232.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:c6:85:12:32:bb:3a:18:f1:b9:a8:24:41:33:a7:3a:f2:15:
d1:56:ac:b5:51:8b:16:f3:1e:d7:02:07:f3:06:fc:c6:1f:1c:
26:01:59:74:6e:de:44:4c:98:02:da:61:f1:83:f9:78:d2:8f:
62:59:ff:f3:e7:31:b2:4a:29:9a:cd:b8:6d:0b:17:df:52:cf:
0b:62:33:71:09:87:7f:a9:da:46:b3:46:e5:c3:e0:40:74:bc:
25:10:fb:35:3d:bd:85:fe:03:c1:96:7a:2c:5a:67:58:29:49:
a6:16:ee:f6:f5:6d:d9:c3:0e:18:17:c9:83:2b:76:ce:4c:bf:
95:6a:76:c7:14:61:4f:82:8f:05:05:54:cf:a2:c4:78:5e:07:
24:96:4f:c3:11:34:7d:2a:9f:14:cc:8a:f5:4e:b9:90:0a:db:
78:ff:da:6b:c3:1e:43:1e:49:37:23:1b:9f:dc:ab:44:4a:d2:
1e:53:77:44:e6:c4:51:9d:65:23:fd:af:4b:1e:3d:e3:2e:2f:
b5:be:af:30:5e:07:b8:2b:46:6d:44:e6:22:4c:71:47:94:f8:
c1:83:fc:2a:48:5f:74:b7:85:03:a8:0d:ba:8e:f9:fd:3c:03:
17:1f:6a:81:a9:45:bc:ce:bb:19:b9:f4:9a:0f:56:9d:47:78:
1e:6d:1f:5a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZhlrUIQhaATDvm4MobpunU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwODAxMTI0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDk5YThiZTg5Y2VhMjBjMzdjZGQ3NTAwYjNmMGFjODUwYmUxYmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXVVl2aMgzYFRKZ4KALnnO239l2J
k7YX1fk9br1ynZemnTO9ywxi4GYv3D6NDArf/Q6Y5rqev0mwGawaOD3naOzjm/fU
3VH9rwrjCTvQSP1kZxIb7VIys0ccdpf0vvjSglR9pUFSqbbm6+5MMOZcEfPkVi5P
c36BHRD0HiuzPEnLqmNBAEhOEMqg0tgZmxWfhy+DZ3qPhjXhFgEtiuOaCwQMBDF3
fGaqesIo22Zv8ZFasOUTRyTBgk7x9yTew/DsjctInOZr1TmDdHTJ5Hej0m0UzErD
kkYpEFBx82x7CA4BSv152zHGoVN7m8ZkA8zvJwQqdV6uhVg+SUEWj41EWwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFH2ZqL6JzqIMN83XUAs/CshQvhutMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZlptb3Zvbk9vZ3czemRkUUN6OEt5RkMtRzYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAAjv9AwQA
UR/AAwQAV3hZAwQAV3hdAwQAV3h+AwQAXXtVAwQAXpzoMA0GCSqGSIb3DQEBCwUA
A4IBAQCrxoUSMrs6GPG5qCRBM6c68hXRVqy1UYsW8x7XAgfzBvzGHxwmAVl0bt5E
TJgC2mHxg/l40o9iWf/z5zGySimazbhtCxffUs8LYjNxCYd/qdpGs0blw+BAdLwl
EPs1Pb2F/gPBlnosWmdYKUmmFu729W3Zww4YF8mDK3bOTL+VanbHFGFPgo8FBVTP
osR4Xgcklk/DETR9Kp8UzIr1TrmQCtt4/9prwx5DHkk3Ixuf3KtEStIeU3dE5sRR
nWUj/a9LHj3jLi+1vq8wXge4K0ZtROYiTHFHlPjBg/wqSF90t4UDqA26jvn9PAMX
H2qBqUW8zrsZufSaD1adR3gebR9a
-----END CERTIFICATE-----
Generated at Fri Aug 8 19:25:19 2025 by rpki-client