Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/_MIEsEskJWyOsemr-nZCjzfQhng.roa
File: _MIEsEskJWyOsemr-nZCjzfQhng.roa (raw, json)
Hash identifier: nfgEUoSee4eYzUBPIO804ao8bh3WTDatCOghknKQdp0=
Subject key identifier: FC:C2:04:B0:4B:24:25:6C:8E:B1:E9:AB:FA:76:42:8F:37:D0:86:78
Certificate issuer: /CN=07a32999c47eb31d5fbf16ecc3872eaefd43bad7
Certificate serial: 01973F54992E8AB5A8AE152736BBF6E220D3
Authority key identifier: 07:A3:29:99:C4:7E:B3:1D:5F:BF:16:EC:C3:87:2E:AE:FD:43:BA:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/_MIEsEskJWyOsemr-nZCjzfQhng.roa
Signing time: Thu 05 Jun 2025 09:03:18 +0000
ROA not before: Thu 05 Jun 2025 09:03:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34914
IP address blocks: 89.222.0.0/18 maxlen: 24
89.222.0.0/20 maxlen: 24
89.222.2.0/23 maxlen: 23
89.222.16.0/20 maxlen: 24
89.222.32.0/20 maxlen: 24
89.222.32.0/23 maxlen: 23
89.222.34.0/23 maxlen: 23
89.222.48.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.mft
rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 14:25:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3f:54:99:2e:8a:b5:a8:ae:15:27:36:bb:f6:e2:20:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=07a32999c47eb31d5fbf16ecc3872eaefd43bad7
Validity
Not Before: Jun 5 09:03:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fcc204b04b24256c8eb1e9abfa76428f37d08678
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:a3:55:38:a4:de:f0:e5:52:d3:0f:82:ea:59:
98:46:38:2a:04:b5:26:f3:2a:da:a4:12:a0:2f:bd:
5e:39:85:f9:77:de:45:a8:86:2f:ef:55:a1:6e:fe:
c3:3a:b1:5c:25:5b:91:47:ec:80:e5:68:58:e8:1a:
b7:57:44:8b:8a:9c:4a:61:79:1d:33:ef:2c:94:68:
d1:ef:95:60:35:a5:08:e4:c9:c1:1e:00:1d:50:1f:
6f:82:c2:82:a3:97:d6:85:b4:72:50:80:d0:ab:cb:
ac:cd:1f:ea:a4:42:af:80:09:8d:2f:21:93:86:17:
aa:9a:78:d8:cf:37:17:8f:5f:eb:38:38:bf:63:c8:
b9:78:e0:ca:22:90:66:2d:c0:87:be:c1:49:e5:fb:
26:d6:81:8a:98:9e:29:22:90:0c:fd:1d:4f:68:de:
0f:be:a0:d1:45:b0:8d:be:86:69:df:b1:ea:77:37:
5c:52:f0:56:95:38:dd:7e:82:ac:b2:c2:b8:e6:2f:
65:3d:61:d2:97:14:07:26:53:8f:2b:1d:01:74:43:
eb:17:68:6a:ef:68:c6:bf:35:bb:1a:59:c6:3f:7e:
51:29:c9:3e:0e:53:7a:ae:fc:35:70:49:38:a9:3e:
85:80:61:f4:91:f8:9f:84:1f:e8:d6:fb:fa:30:3f:
08:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:C2:04:B0:4B:24:25:6C:8E:B1:E9:AB:FA:76:42:8F:37:D0:86:78
X509v3 Authority Key Identifier:
keyid:07:A3:29:99:C4:7E:B3:1D:5F:BF:16:EC:C3:87:2E:AE:FD:43:BA:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/_MIEsEskJWyOsemr-nZCjzfQhng.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.222.0.0/18
Signature Algorithm: sha256WithRSAEncryption
2f:8a:9d:1c:50:14:c1:00:cb:09:a0:04:e3:74:97:d0:9e:c7:
c5:b0:62:81:0d:4f:39:51:5d:47:57:35:85:e1:45:01:f4:1c:
98:96:79:10:3a:d2:33:17:a0:97:0c:73:93:ef:6a:52:79:06:
57:cd:d8:9d:24:d6:84:e3:d7:6f:5e:47:45:73:06:da:3b:41:
2e:54:e3:7b:76:59:a7:c4:54:43:72:46:1e:a6:0e:65:6b:b2:
fa:7f:ef:67:3e:ca:29:a3:b7:03:0a:0e:d4:05:37:b0:22:79:
85:a7:31:f3:6d:da:76:2c:5d:0f:7f:f7:ea:b6:03:0e:17:ff:
19:a9:72:f5:a2:24:50:ba:1b:db:9d:aa:e4:2c:07:71:90:a0:
99:41:9d:62:1c:53:f5:0e:62:d1:67:84:f0:1f:3a:e4:78:34:
a2:4d:6f:d0:17:58:fe:82:c0:f6:57:61:6c:58:f6:56:2b:47:
48:2a:d5:b8:eb:fa:f6:81:78:5d:70:79:f9:07:87:f6:de:75:
ff:d4:c7:01:1c:d6:c8:44:18:84:37:89:27:68:ee:a5:7a:bf:
61:6a:e9:4d:4f:ed:b0:bb:05:72:83:1c:8c:bf:ae:6d:27:0f:
65:4a:04:7d:d4:5d:cc:18:6f:d9:6e:31:52:ff:a2:d6:14:8e:
fe:87:36:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc/VJkuirWorhUnNrv24iDTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YTMyOTk5YzQ3ZWIzMWQ1ZmJmMTZlY2MzODcyZWFlZmQ0
M2JhZDcwHhcNMjUwNjA1MDkwMzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2MyMDRiMDRiMjQyNTZjOGViMWU5YWJmYTc2NDI4ZjM3ZDA4Njc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKNVOKTe8OVS0w+C6lmYRjgqBLUm
8yrapBKgL71eOYX5d95FqIYv71Whbv7DOrFcJVuRR+yA5WhY6Bq3V0SLipxKYXkd
M+8slGjR75VgNaUI5MnBHgAdUB9vgsKCo5fWhbRyUIDQq8uszR/qpEKvgAmNLyGT
hheqmnjYzzcXj1/rODi/Y8i5eODKIpBmLcCHvsFJ5fsm1oGKmJ4pIpAM/R1PaN4P
vqDRRbCNvoZp37HqdzdcUvBWlTjdfoKsssK45i9lPWHSlxQHJlOPKx0BdEPrF2hq
72jGvzW7GlnGP35RKck+DlN6rvw1cEk4qT6FgGH0kfifhB/o1vv6MD8IdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzCBLBLJCVsjrHpq/p2Qo830IZ4MB8GA1UdIwQY
MBaAFAejKZnEfrMdX78W7MOHLq79Q7rXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZNcG1jUi1zeDFmdnhic3c0Y3VydjFEdXRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83MzgxNzktY2Y2Ny00MTk5LWI1MzIt
MmZiMjk1OGFiOGJiLzEvX01JRXNFc2tKV3lPc2Vtci1uWkNqemZRaG5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83MzgxNzktY2Y2Ny00MTk5LWI1MzItMmZiMjk1OGFiOGJi
LzEvQjZNcG1jUi1zeDFmdnhic3c0Y3VydjFEdXRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGWd4AMA0G
CSqGSIb3DQEBCwUAA4IBAQAvip0cUBTBAMsJoATjdJfQnsfFsGKBDU85UV1HVzWF
4UUB9ByYlnkQOtIzF6CXDHOT72pSeQZXzdidJNaE49dvXkdFcwbaO0EuVON7dlmn
xFRDckYepg5la7L6f+9nPsopo7cDCg7UBTewInmFpzHzbdp2LF0Pf/fqtgMOF/8Z
qXL1oiRQuhvbnarkLAdxkKCZQZ1iHFP1DmLRZ4TwHzrkeDSiTW/QF1j+gsD2V2Fs
WPZWK0dIKtW46/r2gXhdcHn5B4f23nX/1McBHNbIRBiEN4knaO6ler9haulNT+2w
uwVygxyMv65tJw9lSgR91F3MGG/ZbjFS/6LWFI7+hzbO
-----END CERTIFICATE-----
Generated at Mon Jun 16 20:16:01 2025 by rpki-client