Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/nAU_2VpM5SccaGQsl0YkIDwDC1w.roa
File: nAU_2VpM5SccaGQsl0YkIDwDC1w.roa (raw, json)
Hash identifier: LkSzGNi0v1t7wdhC/pLyKhtEY4pQXgh7tGdjsi4l0Ig=
Subject key identifier: 9C:05:3F:D9:5A:4C:E5:27:1C:68:64:2C:97:46:24:20:3C:03:0B:5C
Certificate issuer: /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial: 01977DAECF991FFE7E93BD1AA454943D220F
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/nAU_2VpM5SccaGQsl0YkIDwDC1w.roa
Signing time: Tue 17 Jun 2025 11:38:17 +0000
ROA not before: Tue 17 Jun 2025 11:38:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31034
IP address blocks: 5.249.128.0/19 maxlen: 24
31.11.32.0/21 maxlen: 24
31.14.128.0/20 maxlen: 24
46.37.0.0/19 maxlen: 24
62.149.128.0/17 maxlen: 24
66.71.128.0/18 maxlen: 24
66.71.128.0/19 maxlen: 24
66.71.176.0/20 maxlen: 24
77.81.224.0/20 maxlen: 24
80.73.224.0/21 maxlen: 24
80.211.0.0/16 maxlen: 24
82.192.128.0/19 maxlen: 24
89.36.208.0/22 maxlen: 24
89.46.64.0/20 maxlen: 24
89.46.104.0/21 maxlen: 24
89.46.192.0/21 maxlen: 24
94.177.160.0/19 maxlen: 24
94.177.192.0/18 maxlen: 24
95.110.128.0/17 maxlen: 24
109.70.240.0/22 maxlen: 24
109.70.244.0/22 maxlen: 24
176.107.144.0/21 maxlen: 24
185.56.8.0/22 maxlen: 24
185.58.116.0/22 maxlen: 24
185.58.192.0/22 maxlen: 24
188.213.160.0/20 maxlen: 24
194.182.110.0/23 maxlen: 24
195.231.0.0/17 maxlen: 24
195.231.64.0/20 maxlen: 24
195.231.80.0/21 maxlen: 24
195.231.88.0/21 maxlen: 24
209.227.224.0/20 maxlen: 24
217.61.0.0/18 maxlen: 24
217.61.56.0/21 maxlen: 24
2a00:6d40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.mft
rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 19 Jun 2025 14:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:7d:ae:cf:99:1f:fe:7e:93:bd:1a:a4:54:94:3d:22:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Validity
Not Before: Jun 17 11:38:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9c053fd95a4ce5271c68642c974624203c030b5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:8a:4d:02:15:a3:74:1b:03:2e:52:42:73:8c:
af:aa:c3:12:1c:0c:48:00:23:52:bd:eb:65:17:aa:
12:9e:5c:68:37:55:18:6f:a3:49:5d:0c:ec:e8:51:
4a:00:7d:f5:60:c2:10:58:21:05:ca:9c:aa:06:0e:
8f:4f:09:2a:d8:79:bd:22:af:1d:0e:de:0b:c4:30:
ad:c3:41:94:3d:3b:24:a1:19:a4:36:48:ae:71:fe:
4c:f8:5a:36:79:c5:eb:9a:c3:e5:f3:c5:4e:3e:06:
d0:1a:0b:b8:ac:ea:a6:2f:c6:47:30:f6:dd:20:b8:
f8:0d:85:7b:f1:3a:11:bd:1f:3a:6b:ef:a0:ca:b0:
74:6d:74:06:f6:bc:91:f0:34:fb:53:10:07:44:43:
3a:98:eb:97:74:01:7c:69:5a:eb:2e:3a:f0:f6:3a:
02:71:43:0c:14:20:e3:e2:69:2e:2c:e2:f4:0e:cb:
26:37:69:15:51:55:e4:44:88:74:8e:bf:e0:11:14:
9b:98:81:56:89:ac:cb:b9:d3:d9:c7:02:29:cb:96:
f8:a4:83:83:0e:eb:a2:ef:bb:14:bd:60:4c:74:1b:
a0:38:cf:ad:a3:70:49:15:60:45:c5:1f:c3:86:92:
ed:c2:f8:66:bb:32:2b:4c:2f:43:37:55:0d:7d:32:
bc:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:05:3F:D9:5A:4C:E5:27:1C:68:64:2C:97:46:24:20:3C:03:0B:5C
X509v3 Authority Key Identifier:
keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/nAU_2VpM5SccaGQsl0YkIDwDC1w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.249.128.0/19
31.11.32.0/21
31.14.128.0/20
46.37.0.0/19
62.149.128.0/17
66.71.128.0/18
77.81.224.0/20
80.73.224.0/21
80.211.0.0/16
82.192.128.0/19
89.36.208.0/22
89.46.64.0/20
89.46.104.0/21
89.46.192.0/21
94.177.160.0-94.177.255.255
95.110.128.0/17
109.70.240.0/21
176.107.144.0/21
185.56.8.0/22
185.58.116.0/22
185.58.192.0/22
188.213.160.0/20
194.182.110.0/23
195.231.0.0/17
209.227.224.0/20
217.61.0.0/18
IPv6:
2a00:6d40::/29
Signature Algorithm: sha256WithRSAEncryption
48:88:c2:87:fc:29:da:1c:b7:fb:91:4c:5d:b3:38:05:63:00:
05:89:54:ad:a7:b0:1b:f8:f4:f0:fd:be:93:e1:a2:c6:3b:46:
f7:c0:87:f8:3e:c9:90:cd:95:83:cf:2d:8a:44:b4:e8:d3:61:
83:9a:01:3a:93:52:96:c3:f0:f8:1a:9c:dd:34:61:03:e8:f2:
67:2f:9a:94:1d:95:94:5f:e3:e8:00:be:04:b1:ee:bb:f9:d8:
e8:a3:57:a8:14:5a:99:a8:4e:49:e2:63:db:08:58:3b:b3:d3:
83:17:94:21:b5:54:59:f0:61:e4:6e:b0:75:38:01:40:1e:4c:
23:d3:02:8b:19:4c:e8:52:65:c9:55:5a:a4:a0:75:16:61:64:
c6:50:c4:42:a5:ec:c0:49:25:80:42:e2:e8:cb:f6:41:96:35:
2d:25:c7:ef:f3:ec:ed:bc:2a:b8:83:91:ec:74:53:9c:03:a5:
b7:1e:e5:12:af:b2:21:c6:6b:09:b0:ea:00:ea:ca:c3:77:55:
4f:df:ca:93:01:4b:f8:87:79:b3:54:38:08:0e:cd:9a:1d:a5:
ad:7d:ec:79:05:21:f8:e3:1e:ab:d9:74:e8:21:34:5f:ee:56:
0b:20:92:75:a8:3f:3f:32:cd:a9:4c:64:18:38:e8:57:57:60:
84:61:a2:c4
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgISAZd9rs+ZH/5+k70apFSUPSIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjUwNjE3MTEzODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzA1M2ZkOTVhNGNlNTI3MWM2ODY0MmM5NzQ2MjQyMDNjMDMwYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4pNAhWjdBsDLlJCc4yvqsMSHAxI
ACNSvetlF6oSnlxoN1UYb6NJXQzs6FFKAH31YMIQWCEFypyqBg6PTwkq2Hm9Iq8d
Dt4LxDCtw0GUPTskoRmkNkiucf5M+Fo2ecXrmsPl88VOPgbQGgu4rOqmL8ZHMPbd
ILj4DYV78ToRvR86a++gyrB0bXQG9ryR8DT7UxAHREM6mOuXdAF8aVrrLjrw9joC
cUMMFCDj4mkuLOL0DssmN2kVUVXkRIh0jr/gERSbmIFWiazLudPZxwIpy5b4pIOD
Duui77sUvWBMdBugOM+to3BJFWBFxR/DhpLtwvhmuzIrTC9DN1UNfTK8AwIDAQAB
o4ICuTCCArUwHQYDVR0OBBYEFJwFP9laTOUnHGhkLJdGJCA8AwtcMB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvbkFVXzJWcE01U2NjYUdRc2wwWWtJRHdEQzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHOBggrBgEFBQcBBwEB/wSBvjCBuzCBqQQCAAEwgaIDBAUF
+YADBAMfCyADBAQfDoADBAUuJQADBAc+lYADBAZCR4ADBARNUeADBANQSeADAwBQ
0wMEBVLAgAMEAlkk0AMEBFkuQAMEA1kuaAMEA1kuwDALAwQFXrGgAwMBXrADBAdf
boADBANtRvADBAOwa5ADBAK5OAgDBAK5OnQDBAK5OsADBAS81aADBAHCtm4DBAfD
5wADBATR4+ADBAbZPQAwDQQCAAIwBwMFAyoAbUAwDQYJKoZIhvcNAQELBQADggEB
AEiIwof8Kdoct/uRTF2zOAVjAAWJVK2nsBv49PD9vpPhosY7RvfAh/g+yZDNlYPP
LYpEtOjTYYOaATqTUpbD8PganN00YQPo8mcvmpQdlZRf4+gAvgSx7rv52OijV6gU
WpmoTkniY9sIWDuz04MXlCG1VFnwYeRusHU4AUAeTCPTAosZTOhSZclVWqSgdRZh
ZMZQxEKl7MBJJYBC4ujL9kGWNS0lx+/z7O28KriDkex0U5wDpbce5RKvsiHGawmw
6gDqysN3VU/fypMBS/iHebNUOAgOzZodpa197HkFIfjjHqvZdOghNF/uVgsgknWo
Pz8yzalMZBg46FdXYIRhosQ=
-----END CERTIFICATE-----
Generated at Wed Jun 18 23:13:06 2025 by rpki-client