Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/cVTxJTSeVUmK7pjAVpvnpKuV91M.roa
File: cVTxJTSeVUmK7pjAVpvnpKuV91M.roa (raw, json)
Hash identifier: vq2s7bgsT4XNUVmFsaLuYuUSK79St21lLAq5yACC0dY=
Subject key identifier: 71:54:F1:25:34:9E:55:49:8A:EE:98:C0:56:9B:E7:A4:AB:95:F7:53
Certificate issuer: /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial: 01975E9E8A5599669BD4324CF9A52033DE3D
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/cVTxJTSeVUmK7pjAVpvnpKuV91M.roa
Signing time: Wed 11 Jun 2025 10:52:17 +0000
ROA not before: Wed 11 Jun 2025 10:52:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47637
IP address blocks: 37.114.37.0/24 maxlen: 24
37.114.41.0/24 maxlen: 24
94.154.49.0/24 maxlen: 24
176.100.32.0/21 maxlen: 32
176.100.33.0/24 maxlen: 24
176.100.36.0/24 maxlen: 24
176.100.37.0/24 maxlen: 24
2a00:ccc4::/32 maxlen: 32
2a00:ccc6::/32 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 07:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5e:9e:8a:55:99:66:9b:d4:32:4c:f9:a5:20:33:de:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Validity
Not Before: Jun 11 10:52:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7154f125349e55498aee98c0569be7a4ab95f753
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:04:61:49:6f:ec:3f:fc:41:3d:85:2f:8c:83:
16:f4:be:21:7e:ca:bc:ea:8b:b3:5a:ba:76:12:23:
63:18:ec:0b:61:fa:d6:1e:1f:87:47:65:00:6a:64:
ee:7b:4e:7b:eb:a7:32:99:8e:98:75:82:e1:e5:c5:
97:ca:c3:92:cc:dd:e3:db:57:15:5d:a0:0d:03:1a:
95:4a:5f:b4:31:78:3a:65:02:5c:32:bd:c0:62:fe:
06:c1:e4:4c:1d:b4:d3:7d:59:06:67:64:ec:be:37:
ef:bc:77:39:eb:38:f8:da:a7:35:51:3f:6f:dc:b0:
6a:f2:9f:49:dd:c6:45:48:d1:c4:36:dd:2f:a4:05:
37:30:b8:f9:60:1c:aa:b8:da:df:95:ba:38:72:6d:
e7:5b:96:ed:6c:79:81:b9:55:86:fd:9d:fa:55:ce:
48:af:bb:d9:e8:39:28:8c:19:b4:ec:7d:c2:e9:43:
07:47:a3:8c:49:29:af:80:92:1e:37:65:04:53:4a:
19:a3:25:b2:de:e8:59:54:21:c7:e2:9c:ba:95:2c:
ec:3d:ee:d0:62:14:dd:34:a0:aa:ab:bb:56:67:eb:
d0:35:83:12:6c:8f:79:26:6d:fe:3a:65:8c:87:e7:
04:98:ef:94:5c:89:d2:de:ae:49:9c:c2:bb:79:41:
4c:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:54:F1:25:34:9E:55:49:8A:EE:98:C0:56:9B:E7:A4:AB:95:F7:53
X509v3 Authority Key Identifier:
keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/cVTxJTSeVUmK7pjAVpvnpKuV91M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.114.37.0/24
37.114.41.0/24
94.154.49.0/24
176.100.32.0/21
IPv6:
2a00:ccc4::/32
2a00:ccc6::/32
Signature Algorithm: sha256WithRSAEncryption
3b:b8:ef:a0:f7:6b:be:da:4d:14:fb:c9:de:38:7e:96:89:a7:
56:f1:80:52:c5:0e:f3:7b:86:90:89:54:ef:3e:80:35:b8:4c:
03:bb:6f:cd:be:05:3e:96:02:77:89:fb:a5:4c:a9:fd:4e:5d:
2e:64:b6:69:6d:13:99:49:4f:c5:49:33:eb:8f:ea:64:1d:f4:
7d:27:a5:4d:a3:76:c4:2c:89:81:8b:57:5a:8d:08:6e:17:f7:
a4:01:6c:34:c8:e6:a3:02:8e:e3:27:b6:51:f1:84:1e:cf:42:
dd:14:c7:1b:c4:7f:a9:ae:cb:77:42:a9:cd:3f:a1:8f:0c:22:
1b:3a:20:83:02:9c:8c:d7:9f:69:51:4c:f7:0f:fd:4a:35:bb:
b0:92:6f:ad:e8:80:dd:23:0f:1f:84:6a:70:2e:3d:3d:a8:84:
bc:79:17:b9:48:be:87:5e:46:9a:d9:80:54:6f:d2:3d:0f:22:
01:a1:3b:29:3e:5a:d1:8d:17:cd:53:8a:c3:5e:39:c4:31:8e:
65:33:79:76:6c:a6:d8:aa:d8:f2:d8:c8:33:55:cc:5a:53:ed:
fe:fa:a8:de:2c:e3:11:2e:f8:91:b0:dd:67:d6:4b:9b:b0:f3:
12:f4:85:d5:74:d3:63:44:03:90:1f:3f:6f:91:58:21:9f:8e:
e0:58:65:33
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZdenopVmWab1DJM+aUgM949MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjUwNjExMTA1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTU0ZjEyNTM0OWU1NTQ5OGFlZTk4YzA1NjliZTdhNGFiOTVmNzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQRhSW/sP/xBPYUvjIMW9L4hfsq8
6ouzWrp2EiNjGOwLYfrWHh+HR2UAamTue05766cymY6YdYLh5cWXysOSzN3j21cV
XaANAxqVSl+0MXg6ZQJcMr3AYv4GweRMHbTTfVkGZ2TsvjfvvHc56zj42qc1UT9v
3LBq8p9J3cZFSNHENt0vpAU3MLj5YByquNrflbo4cm3nW5btbHmBuVWG/Z36Vc5I
r7vZ6DkojBm07H3C6UMHR6OMSSmvgJIeN2UEU0oZoyWy3uhZVCHH4py6lSzsPe7Q
YhTdNKCqq7tWZ+vQNYMSbI95Jm3+OmWMh+cEmO+UXInS3q5JnMK7eUFMvQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFHFU8SU0nlVJiu6YwFab56SrlfdTMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvY1ZUeEpUU2VWVW1LN3BqQVZwdm5wS3VWOTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQAJXIlAwQA
JXIpAwQAXpoxAwQDsGQgMBQEAgACMA4DBQAqAMzEAwUAKgDMxjANBgkqhkiG9w0B
AQsFAAOCAQEAO7jvoPdrvtpNFPvJ3jh+lomnVvGAUsUO83uGkIlU7z6ANbhMA7tv
zb4FPpYCd4n7pUyp/U5dLmS2aW0TmUlPxUkz64/qZB30fSelTaN2xCyJgYtXWo0I
bhf3pAFsNMjmowKO4ye2UfGEHs9C3RTHG8R/qa7Ld0KpzT+hjwwiGzoggwKcjNef
aVFM9w/9SjW7sJJvreiA3SMPH4RqcC49PaiEvHkXuUi+h15GmtmAVG/SPQ8iAaE7
KT5a0Y0XzVOKw145xDGOZTN5dmym2KrY8tjIM1XMWlPt/vqo3izjES74kbDdZ9ZL
m7DzEvSF1XTTY0QDkB8/b5FYIZ+O4FhlMw==
-----END CERTIFICATE-----
Generated at Mon Jun 16 10:40:52 2025 by rpki-client