Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/mq2NxcwMUGbKqpSJLEjhdlVNidw.roa
File: mq2NxcwMUGbKqpSJLEjhdlVNidw.roa (raw, json)
Hash identifier: vE05RIMpgESTy8av4PcX8xn6jeiXKLqRql6sXAZ5+aE=
Subject key identifier: 9A:AD:8D:C5:CC:0C:50:66:CA:AA:94:89:2C:48:E1:76:55:4D:89:DC
Certificate issuer: /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial: 019633D4B3BDC153E202F2D3637D3DE03453
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/mq2NxcwMUGbKqpSJLEjhdlVNidw.roa
Signing time: Mon 14 Apr 2025 10:24:59 +0000
ROA not before: Mon 14 Apr 2025 10:24:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198668
IP address blocks: 37.221.240.0/20 maxlen: 32
45.153.192.0/22 maxlen: 24
85.255.88.0/22 maxlen: 22
185.19.0.0/22 maxlen: 32
185.64.222.0/24 maxlen: 32
185.74.60.0/23 maxlen: 32
185.97.24.0/22 maxlen: 24
185.188.100.0/22 maxlen: 24
185.188.100.0/24 maxlen: 24
213.108.162.0/23 maxlen: 24
2a03:d840::/32 maxlen: 48
2a03:d840:ffff::/48 maxlen: 48
2a04:c740::/29 maxlen: 48
2a0d:3140::/29 maxlen: 29
2a0f:9300::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 30 Apr 2025 00:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:33:d4:b3:bd:c1:53:e2:02:f2:d3:63:7d:3d:e0:34:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Validity
Not Before: Apr 14 10:24:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9aad8dc5cc0c5066caaa94892c48e176554d89dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:a9:d0:0a:74:70:5b:34:62:ac:2e:4b:21:cc:
2f:c5:9d:41:9d:79:3d:5c:db:89:73:1c:eb:97:b0:
fe:08:a6:21:72:11:a7:be:b7:0f:61:ad:6b:db:b3:
6f:b9:38:cb:a0:8a:5d:fd:38:52:96:ff:9a:60:34:
41:dc:97:50:5a:1a:84:01:e0:ea:ef:04:0b:66:e9:
2c:24:d4:1a:95:72:3c:81:e8:2d:71:b2:a2:2f:c5:
f9:4d:20:83:04:25:61:36:23:a8:1a:5d:eb:12:60:
3a:9d:45:47:96:fc:4e:70:14:ce:bb:53:57:16:2e:
0c:66:43:8b:7f:b5:ff:b1:e5:ac:33:b1:68:5c:f7:
42:af:38:ae:cb:79:24:1a:57:eb:f3:e9:03:c6:ab:
74:bd:26:a4:84:50:06:ff:4d:53:f3:fa:af:71:94:
1e:f3:ac:68:4b:eb:4e:b9:63:d5:16:ce:e0:70:6b:
bc:1d:b0:fe:0d:1f:26:98:c9:dd:1d:c9:44:52:13:
10:1e:91:8b:29:ec:cb:49:f9:4a:dc:bc:19:0b:76:
95:fa:3f:ec:2b:e6:27:61:2d:be:d6:23:b5:10:af:
b0:c9:4b:82:92:b1:7f:48:63:e0:02:b7:32:cc:59:
ec:0a:86:87:2d:ef:93:90:5b:10:3b:0f:85:d0:dc:
fb:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:AD:8D:C5:CC:0C:50:66:CA:AA:94:89:2C:48:E1:76:55:4D:89:DC
X509v3 Authority Key Identifier:
keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/mq2NxcwMUGbKqpSJLEjhdlVNidw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.240.0/20
45.153.192.0/22
85.255.88.0/22
185.19.0.0/22
185.64.222.0/24
185.74.60.0/23
185.97.24.0/22
185.188.100.0/22
213.108.162.0/23
IPv6:
2a03:d840::/32
2a04:c740::/29
2a0d:3140::/29
2a0f:9300::/29
Signature Algorithm: sha256WithRSAEncryption
11:1a:02:f0:0f:27:8d:dd:3f:9c:d4:62:7d:8d:b3:b4:93:4a:
2c:ec:8a:de:de:23:78:81:62:48:12:a0:6d:54:96:b0:97:6e:
71:80:bd:9c:24:2e:62:71:8e:99:db:d2:10:fd:0b:39:1c:29:
41:80:bc:cd:28:3e:bc:8e:6c:a2:8c:58:bd:c6:c0:6e:d6:a7:
a5:0f:8c:39:f1:8b:f2:c1:d7:66:ca:cc:e6:5b:3b:f9:1a:b4:
38:f9:bc:36:de:45:b4:8d:49:89:c6:4a:71:0f:7d:cc:a8:da:
eb:01:17:12:c4:0e:97:74:3e:8c:da:57:4c:b8:c6:f5:6c:35:
26:91:53:02:93:b5:8f:6e:32:61:63:67:7a:f1:b8:de:8d:69:
02:4f:40:ba:f5:ad:a9:e3:5b:a8:87:9a:f8:30:0f:6d:d7:ac:
5d:ea:02:cf:0e:9f:ac:ac:35:f8:ef:4a:75:96:cf:bf:1d:e1:
90:1e:6a:47:74:f9:74:0b:18:4c:a3:9b:3e:4c:3d:de:51:45:
fc:90:e2:8f:40:86:26:b6:61:07:32:30:47:5b:9d:11:14:85:
c1:43:77:8e:7a:d8:1b:ab:b2:80:82:2f:53:63:21:a7:25:10:
01:92:1c:a7:37:08:f1:af:15:1d:7c:cb:2e:7b:19:76:47:26:
a0:35:da:4b
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZYz1LO9wVPiAvLTY3094DRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjUwNDE0MTAyNDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWFkOGRjNWNjMGM1MDY2Y2FhYTk0ODkyYzQ4ZTE3NjU1NGQ4OWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qnQCnRwWzRirC5LIcwvxZ1BnXk9
XNuJcxzrl7D+CKYhchGnvrcPYa1r27NvuTjLoIpd/ThSlv+aYDRB3JdQWhqEAeDq
7wQLZuksJNQalXI8gegtcbKiL8X5TSCDBCVhNiOoGl3rEmA6nUVHlvxOcBTOu1NX
Fi4MZkOLf7X/seWsM7FoXPdCrziuy3kkGlfr8+kDxqt0vSakhFAG/01T8/qvcZQe
86xoS+tOuWPVFs7gcGu8HbD+DR8mmMndHclEUhMQHpGLKezLSflK3LwZC3aV+j/s
K+YnYS2+1iO1EK+wyUuCkrF/SGPgArcyzFnsCoaHLe+TkFsQOw+F0Nz7VQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFJqtjcXMDFBmyqqUiSxI4XZVTYncMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvbXEyTnhjd01VR2JLcXBTSkxFamhkbFZOaWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjA8BAIAATA2AwQEJd3wAwQC
LZnAAwQCVf9YAwQCuRMAAwQAuUDeAwQBuUo8AwQCuWEYAwQCubxkAwQB1WyiMCIE
AgACMBwDBQAqA9hAAwUDKgTHQAMFAyoNMUADBQMqD5MAMA0GCSqGSIb3DQEBCwUA
A4IBAQARGgLwDyeN3T+c1GJ9jbO0k0os7Ire3iN4gWJIEqBtVJawl25xgL2cJC5i
cY6Z29IQ/Qs5HClBgLzNKD68jmyijFi9xsBu1qelD4w58YvywddmyszmWzv5GrQ4
+bw23kW0jUmJxkpxD33MqNrrARcSxA6XdD6M2ldMuMb1bDUmkVMCk7WPbjJhY2d6
8bjejWkCT0C69a2p41uoh5r4MA9t16xd6gLPDp+srDX470p1ls+/HeGQHmpHdPl0
CxhMo5s+TD3eUUX8kOKPQIYmtmEHMjBHW50RFIXBQ3eOetgbq7KAgi9TYyGnJRAB
khynNwjxrxUdfMsuexl2RyagNdpL
-----END CERTIFICATE-----
Generated at Tue Apr 29 09:19:35 2025 by rpki-client