Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/xWbPdMVEmuZApYkV6k6Ner-NdoM.roa
File: xWbPdMVEmuZApYkV6k6Ner-NdoM.roa (raw, json)
Hash identifier: SYfabwgoXXnYkPob3pQZnw3i3utOCTQGZ5zR8DFtm3s=
Subject key identifier: C5:66:CF:74:C5:44:9A:E6:40:A5:89:15:EA:4E:8D:7A:BF:8D:76:83
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 01973F3578C34B81835035B7012C9F8AA106
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/xWbPdMVEmuZApYkV6k6Ner-NdoM.roa
Signing time: Thu 05 Jun 2025 08:29:18 +0000
ROA not before: Thu 05 Jun 2025 08:29:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 137409
IP address blocks: 31.135.4.0/23 maxlen: 23
31.135.4.0/24 maxlen: 24
31.135.5.0/24 maxlen: 24
46.173.240.0/24 maxlen: 24
46.173.241.0/24 maxlen: 24
46.173.242.0/24 maxlen: 24
46.173.243.0/24 maxlen: 24
46.173.252.0/24 maxlen: 24
46.173.253.0/24 maxlen: 24
77.36.112.0/24 maxlen: 24
77.36.113.0/24 maxlen: 24
77.36.114.0/24 maxlen: 24
77.36.115.0/24 maxlen: 24
91.193.28.0/24 maxlen: 24
91.193.29.0/24 maxlen: 24
91.200.133.0/24 maxlen: 24
91.232.226.0/24 maxlen: 24
91.232.227.0/24 maxlen: 24
91.233.0.0/24 maxlen: 24
91.233.1.0/24 maxlen: 24
91.238.39.0/24 maxlen: 24
91.246.176.0/24 maxlen: 24
91.246.177.0/24 maxlen: 24
91.246.178.0/24 maxlen: 24
91.246.179.0/24 maxlen: 24
109.207.136.0/24 maxlen: 24
109.207.137.0/24 maxlen: 24
109.207.138.0/24 maxlen: 24
109.207.139.0/24 maxlen: 24
176.96.95.0/24 maxlen: 24
176.110.216.0/24 maxlen: 24
176.110.217.0/24 maxlen: 24
176.110.218.0/24 maxlen: 24
176.110.219.0/24 maxlen: 24
176.110.220.0/24 maxlen: 24
176.110.221.0/24 maxlen: 24
176.110.222.0/24 maxlen: 24
176.110.223.0/24 maxlen: 24
176.112.80.0/22 maxlen: 24
193.36.220.0/24 maxlen: 24
193.36.221.0/24 maxlen: 24
193.36.222.0/24 maxlen: 24
193.36.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 22:19:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3f:35:78:c3:4b:81:83:50:35:b7:01:2c:9f:8a:a1:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Jun 5 08:29:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c566cf74c5449ae640a58915ea4e8d7abf8d7683
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:1a:d0:28:21:8c:5d:0b:4f:f4:98:95:41:e3:
c9:22:2b:71:dc:bb:50:92:52:56:9f:1c:1e:0c:1e:
a7:0d:73:49:97:ff:82:a1:df:f8:c8:ad:b8:19:5c:
aa:8c:ee:73:da:e0:52:69:06:d8:63:0d:28:e6:7a:
40:db:55:65:7e:a0:27:d7:ff:dc:1e:d4:8f:67:3e:
3c:05:ab:31:02:9a:d3:db:63:aa:8f:c8:1f:14:89:
a7:7c:bb:77:0b:a7:45:43:94:6b:c3:f8:bc:f0:b9:
85:51:b2:9c:39:50:04:ea:74:78:2f:2d:97:8b:89:
65:7f:32:94:87:25:79:47:5d:2c:1e:c5:c9:7f:3f:
06:e9:76:1c:0e:1d:aa:b4:57:9b:8f:8d:96:82:bc:
ab:fb:fa:6a:02:f8:2b:5a:bc:98:47:c3:34:86:cf:
8f:01:5a:b4:c2:3a:6a:1c:72:fc:99:b9:f8:d0:f0:
16:e7:02:cc:59:d6:ff:2a:92:4b:dd:24:a1:43:e8:
d9:81:65:e4:5a:08:f8:04:fa:25:c0:1b:bd:1b:32:
75:15:86:02:32:0c:fe:df:d5:ea:9f:09:71:f9:18:
09:f3:e6:1f:7e:c1:29:e9:09:f0:78:8f:e2:cb:b3:
68:a0:49:57:14:93:6e:69:72:07:d8:ba:f9:a3:ce:
ad:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:66:CF:74:C5:44:9A:E6:40:A5:89:15:EA:4E:8D:7A:BF:8D:76:83
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/xWbPdMVEmuZApYkV6k6Ner-NdoM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.135.4.0/23
46.173.240.0/22
46.173.252.0/23
77.36.112.0/22
91.193.28.0/23
91.200.133.0/24
91.232.226.0/23
91.233.0.0/23
91.238.39.0/24
91.246.176.0/22
109.207.136.0/22
176.96.95.0/24
176.110.216.0/21
176.112.80.0/22
193.36.220.0/22
Signature Algorithm: sha256WithRSAEncryption
0a:a2:f9:a1:fe:17:f3:bd:b3:6e:18:3c:56:1f:97:98:84:9c:
fd:d9:02:4f:56:67:3c:a5:b2:0b:1e:04:19:47:7c:0f:38:f5:
e4:76:36:a8:43:fa:e5:8a:1c:bb:12:e6:1b:e9:fa:ae:ce:76:
0a:9f:93:de:8a:83:68:41:24:50:93:62:2f:b4:d6:3e:73:4f:
e4:30:52:7d:5a:3e:d2:30:53:e5:38:43:54:e3:e8:df:e8:85:
6b:39:ab:36:5a:39:e9:4c:b0:42:88:9d:27:d6:e2:58:34:fb:
56:5d:73:ab:5d:5f:2a:04:1f:97:3a:e4:43:19:84:fa:d5:f8:
45:97:93:f2:87:42:81:36:89:b4:da:87:53:16:5e:87:37:05:
80:1e:53:e0:2a:2d:8f:1a:5c:d7:68:39:b4:db:39:60:c4:9a:
c1:2a:eb:c4:6a:5a:87:e3:68:f5:8b:f6:7a:de:7d:ab:64:ae:
95:15:7d:90:c1:67:51:d0:08:1a:bb:21:d8:32:ee:72:e8:17:
34:c1:80:a7:ec:24:63:35:a5:ef:7c:9f:39:bc:bd:66:62:ec:
94:22:30:44:f4:24:09:8b:2a:0e:27:3a:19:2e:96:b4:bd:00:
fd:bd:d8:96:c6:66:56:27:3b:a8:b9:0f:d3:d6:97:0f:77:85:
00:5b:8c:7a
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZc/NXjDS4GDUDW3ASyfiqEGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwNjA1MDgyOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTY2Y2Y3NGM1NDQ5YWU2NDBhNTg5MTVlYTRlOGQ3YWJmOGQ3NjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRrQKCGMXQtP9JiVQePJIitx3LtQ
klJWnxweDB6nDXNJl/+Cod/4yK24GVyqjO5z2uBSaQbYYw0o5npA21VlfqAn1//c
HtSPZz48BasxAprT22Oqj8gfFImnfLt3C6dFQ5Rrw/i88LmFUbKcOVAE6nR4Ly2X
i4llfzKUhyV5R10sHsXJfz8G6XYcDh2qtFebj42Wgryr+/pqAvgrWryYR8M0hs+P
AVq0wjpqHHL8mbn40PAW5wLMWdb/KpJL3SShQ+jZgWXkWgj4BPolwBu9GzJ1FYYC
Mgz+39Xqnwlx+RgJ8+YffsEp6QnweI/iy7NooElXFJNuaXIH2Lr5o86tDwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFMVmz3TFRJrmQKWJFepOjXq/jXaDMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEveFdiUGRNVkVtdVpBcFlrVjZrNk5lci1OZG9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQBH4cEAwQC
Lq3wAwQBLq38AwQCTSRwAwQBW8EcAwQAW8iFAwQBW+jiAwQBW+kAAwQAW+4nAwQC
W/awAwQCbc+IAwQAsGBfAwQDsG7YAwQCsHBQAwQCwSTcMA0GCSqGSIb3DQEBCwUA
A4IBAQAKovmh/hfzvbNuGDxWH5eYhJz92QJPVmc8pbILHgQZR3wPOPXkdjaoQ/rl
ihy7EuYb6fquznYKn5PeioNoQSRQk2IvtNY+c0/kMFJ9Wj7SMFPlOENU4+jf6IVr
Oas2WjnpTLBCiJ0n1uJYNPtWXXOrXV8qBB+XOuRDGYT61fhFl5Pyh0KBNom02odT
Fl6HNwWAHlPgKi2PGlzXaDm02zlgxJrBKuvEalqH42j1i/Z63n2rZK6VFX2QwWdR
0AgauyHYMu5y6Bc0wYCn7CRjNaXvfJ85vL1mYuyUIjBE9CQJiyoOJzoZLpa0vQD9
vdiWxmZWJzuouQ/T1pcPd4UAW4x6
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:03:14 2025 by rpki-client