Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/c522b0-0718-4b77-b8d6-3a6a06e188c3/1/CDUsDykTOJjzj2PfEalP5NWfeaM.roa
File: CDUsDykTOJjzj2PfEalP5NWfeaM.roa (raw, json)
Hash identifier: MDsxP0rZPQ79FjaH/eHSpSKbqQZrO2HQf+/0HhGuzhE=
Subject key identifier: 08:35:2C:0F:29:13:38:98:F3:8F:63:DF:11:A9:4F:E4:D5:9F:79:A3
Certificate issuer: /CN=a857e3fab11e7d3395dd103d6a9f95d92255f64b
Certificate serial: 019763FBD4C3EB8C0ACBA9BAE6A82A0847B4
Authority key identifier: A8:57:E3:FA:B1:1E:7D:33:95:DD:10:3D:6A:9F:95:D9:22:55:F6:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qFfj-rEefTOV3RA9ap-V2SJV9ks.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/c522b0-0718-4b77-b8d6-3a6a06e188c3/1/CDUsDykTOJjzj2PfEalP5NWfeaM.roa
Signing time: Thu 12 Jun 2025 11:52:17 +0000
ROA not before: Thu 12 Jun 2025 11:52:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41653
IP address blocks: 45.141.172.0/22 maxlen: 22
91.199.0.0/24 maxlen: 24
95.128.40.0/21 maxlen: 24
185.66.232.0/22 maxlen: 24
194.105.152.0/23 maxlen: 23
195.14.22.0/24 maxlen: 24
2a02:ec0::/32 maxlen: 48
2a0e:cec0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/c522b0-0718-4b77-b8d6-3a6a06e188c3/1/qFfj-rEefTOV3RA9ap-V2SJV9ks.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/c522b0-0718-4b77-b8d6-3a6a06e188c3/1/qFfj-rEefTOV3RA9ap-V2SJV9ks.mft
rsync://rpki.ripe.net/repository/DEFAULT/qFfj-rEefTOV3RA9ap-V2SJV9ks.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 16 Jun 2025 11:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:63:fb:d4:c3:eb:8c:0a:cb:a9:ba:e6:a8:2a:08:47:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a857e3fab11e7d3395dd103d6a9f95d92255f64b
Validity
Not Before: Jun 12 11:52:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08352c0f29133898f38f63df11a94fe4d59f79a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:9a:88:27:e8:5d:00:d5:a1:68:66:72:92:07:
b8:2f:d5:b6:ac:3a:e9:6a:cd:6d:3c:37:49:a3:60:
87:b8:34:84:0c:36:e5:45:7a:db:52:e9:1a:e9:1b:
19:fe:96:82:59:ed:3f:57:76:49:22:30:0e:4c:5b:
6d:67:a2:b6:b4:e3:80:c2:79:21:bd:8e:46:f7:ab:
86:ce:ab:ec:cb:8d:45:25:e8:6d:bc:8d:2d:e6:93:
72:4b:f7:54:96:19:ee:44:63:7a:d1:ce:95:e9:20:
c6:07:40:2b:79:0e:9a:c7:61:1e:d5:9a:18:10:bd:
6b:00:e7:60:c5:9b:7c:bb:a2:6e:53:40:3c:6b:16:
d5:bc:eb:c8:a2:0b:cf:f8:26:12:80:78:af:ec:5a:
0a:92:fa:5e:1c:2a:e2:45:3d:88:a9:33:5a:66:60:
71:67:73:6a:a3:a9:ed:f2:9e:79:85:26:c4:61:e2:
3f:cd:0d:c3:a8:0a:b6:32:fe:74:b0:3e:6f:26:10:
01:e4:a4:c8:48:4c:91:8e:3c:17:43:41:2d:72:45:
dc:1c:cc:53:c7:87:47:89:75:95:5d:f5:18:a8:24:
0b:3f:f4:9d:96:32:16:1b:65:ff:fc:af:f2:cd:d4:
ae:2c:15:24:d9:a5:d1:26:79:ab:8b:d9:d4:82:49:
dd:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:35:2C:0F:29:13:38:98:F3:8F:63:DF:11:A9:4F:E4:D5:9F:79:A3
X509v3 Authority Key Identifier:
keyid:A8:57:E3:FA:B1:1E:7D:33:95:DD:10:3D:6A:9F:95:D9:22:55:F6:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qFfj-rEefTOV3RA9ap-V2SJV9ks.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c522b0-0718-4b77-b8d6-3a6a06e188c3/1/CDUsDykTOJjzj2PfEalP5NWfeaM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c522b0-0718-4b77-b8d6-3a6a06e188c3/1/qFfj-rEefTOV3RA9ap-V2SJV9ks.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.172.0/22
91.199.0.0/24
95.128.40.0/21
185.66.232.0/22
194.105.152.0/23
195.14.22.0/24
IPv6:
2a02:ec0::/32
2a0e:cec0::/29
Signature Algorithm: sha256WithRSAEncryption
95:16:ff:25:e2:ca:b6:3e:1d:84:25:94:ae:a8:9d:27:45:c1:
15:5c:77:f8:b1:e3:1a:df:ef:7a:31:65:c8:e2:64:33:11:f3:
3a:66:9e:cf:4e:66:47:d2:bb:ff:aa:a0:0f:9c:17:fe:32:61:
74:ac:83:ea:ea:24:cd:50:9d:f9:af:fd:bd:0e:cd:6f:54:01:
5e:cd:12:ce:d3:84:0a:55:bd:cf:39:18:a6:57:71:1b:94:1c:
c8:90:df:16:1e:7d:0d:81:22:01:1f:b0:12:f1:df:94:a6:e6:
74:a5:ae:47:19:71:2e:d1:4f:a9:33:1e:28:d4:28:0c:1b:ca:
b8:50:f7:b2:af:d6:7e:bb:9f:41:db:40:95:3d:8f:5f:e3:49:
ec:c8:d7:1f:7d:e7:fe:72:9a:ae:20:91:1a:ee:ee:21:e9:fe:
4a:2c:05:93:d9:c4:65:94:af:ad:15:1b:53:be:2b:02:82:cf:
d2:3a:a4:cf:0a:c1:08:e1:5a:28:ae:b7:72:8d:d3:13:7e:0b:
12:ad:db:22:09:ef:cd:8e:cf:5c:f8:6c:93:7b:54:04:07:c2:
9f:48:33:a4:dd:03:0f:05:a8:aa:85:86:88:46:25:c8:21:a1:
f9:4c:39:83:79:4e:c6:87:06:22:17:23:25:d4:d2:3a:ac:cb:
48:48:b1:8c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZdj+9TD64wKy6m65qgqCEe0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NTdlM2ZhYjExZTdkMzM5NWRkMTAzZDZhOWY5NWQ5MjI1
NWY2NGIwHhcNMjUwNjEyMTE1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODM1MmMwZjI5MTMzODk4ZjM4ZjYzZGYxMWE5NGZlNGQ1OWY3OWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypqIJ+hdANWhaGZykge4L9W2rDrp
as1tPDdJo2CHuDSEDDblRXrbUuka6RsZ/paCWe0/V3ZJIjAOTFttZ6K2tOOAwnkh
vY5G96uGzqvsy41FJehtvI0t5pNyS/dUlhnuRGN60c6V6SDGB0AreQ6ax2Ee1ZoY
EL1rAOdgxZt8u6JuU0A8axbVvOvIogvP+CYSgHiv7FoKkvpeHCriRT2IqTNaZmBx
Z3Nqo6nt8p55hSbEYeI/zQ3DqAq2Mv50sD5vJhAB5KTISEyRjjwXQ0EtckXcHMxT
x4dHiXWVXfUYqCQLP/SdljIWG2X//K/yzdSuLBUk2aXRJnmri9nUgkndWQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFAg1LA8pEziY849j3xGpT+TVn3mjMB8GA1UdIwQY
MBaAFKhX4/qxHn0zld0QPWqfldkiVfZLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUZmai1yRWVmVE9WM1JBOWFwLVYyU0pWOWtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9jNTIyYjAtMDcxOC00Yjc3LWI4ZDYt
M2E2YTA2ZTE4OGMzLzEvQ0RVc0R5a1RPSmp6ajJQZkVhbFA1TldmZWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9jNTIyYjAtMDcxOC00Yjc3LWI4ZDYtM2E2YTA2ZTE4OGMz
LzEvcUZmai1yRWVmVE9WM1JBOWFwLVYyU0pWOWtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCLY2sAwQA
W8cAAwQDX4AoAwQCuULoAwQBwmmYAwQAww4WMBQEAgACMA4DBQAqAg7AAwUDKg7O
wDANBgkqhkiG9w0BAQsFAAOCAQEAlRb/JeLKtj4dhCWUrqidJ0XBFVx3+LHjGt/v
ejFlyOJkMxHzOmaez05mR9K7/6qgD5wX/jJhdKyD6uokzVCd+a/9vQ7Nb1QBXs0S
ztOEClW9zzkYpldxG5QcyJDfFh59DYEiAR+wEvHflKbmdKWuRxlxLtFPqTMeKNQo
DBvKuFD3sq/WfrufQdtAlT2PX+NJ7MjXH33n/nKariCRGu7uIen+SiwFk9nEZZSv
rRUbU74rAoLP0jqkzwrBCOFaKK63co3TE34LEq3bIgnvzY7PXPhsk3tUBAfCn0gz
pN0DDwWoqoWGiEYlyCGh+Uw5g3lOxocGIhcjJdTSOqzLSEixjA==
-----END CERTIFICATE-----
Generated at Sun Jun 15 16:51:11 2025 by rpki-client