Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/FYgn-CSS_z6IHxQbKn_Ue4OYNc4.roa
File: FYgn-CSS_z6IHxQbKn_Ue4OYNc4.roa (raw, json)
Hash identifier: 4mrgQ1Bb4J4jzKXUIXeAmbwJyUV5Em8csnCCPFOCbLw=
Subject key identifier: 15:88:27:F8:24:92:FF:3E:88:1F:14:1B:2A:7F:D4:7B:83:98:35:CE
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01979BDE8FFB99C780370CFBEB2C202121F9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/FYgn-CSS_z6IHxQbKn_Ue4OYNc4.roa
Signing time: Mon 23 Jun 2025 08:19:03 +0000
ROA not before: Mon 23 Jun 2025 08:19:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.4.0/24 maxlen: 24
193.124.7.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.87.119.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.179.0/24 maxlen: 24
194.87.228.0/24 maxlen: 24
194.135.24.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.29.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.241.0/24 maxlen: 24
212.193.0.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:9b:de:8f:fb:99:c7:80:37:0c:fb:eb:2c:20:21:21:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jun 23 08:19:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=158827f82492ff3e881f141b2a7fd47b839835ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:10:52:3d:0b:1a:20:28:53:3c:08:e2:81:45:
c0:17:c8:05:8d:0b:5b:4e:8f:c9:f1:62:da:b3:4a:
95:64:65:9c:8a:05:6f:2e:f3:44:90:5c:e9:b2:0a:
1e:9f:0b:b4:57:16:34:f8:11:42:12:07:f7:f5:7a:
a8:2d:b0:b8:f5:62:0a:5d:b6:37:76:1f:f1:f8:5c:
97:f1:26:cd:b3:df:43:f4:1a:a1:06:42:03:10:29:
fc:07:1e:25:e4:2d:05:9b:d9:b5:d6:15:d4:71:7e:
f9:1e:10:13:51:ac:70:88:44:a8:cf:c1:d5:f6:4e:
4c:bd:eb:37:c2:5e:de:a3:b6:7d:a1:1c:70:5c:18:
7a:05:8c:1e:ea:c6:8b:a8:58:5b:d4:1a:54:bf:08:
ed:45:e6:50:f0:16:0c:70:5c:c7:49:9e:ee:fb:38:
92:e3:cf:34:7e:d0:f8:37:1f:83:34:69:2e:e5:f7:
02:1f:24:2a:90:6c:47:b8:c1:60:2d:5f:c4:62:4a:
08:a5:82:de:e9:e0:f9:39:e4:63:47:90:03:9b:c2:
54:fd:05:15:3a:9f:84:34:f6:a8:e9:2b:6b:73:fa:
5c:85:09:4c:17:68:b7:ed:70:36:8a:8b:a7:6b:11:
a5:00:88:f4:0a:fd:1a:57:a5:bb:57:a5:27:c9:70:
52:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:88:27:F8:24:92:FF:3E:88:1F:14:1B:2A:7F:D4:7B:83:98:35:CE
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/FYgn-CSS_z6IHxQbKn_Ue4OYNc4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.4.0/24
193.124.7.0/24
194.58.155.0/24
194.87.53.0/24
194.87.119.0/24
194.87.169.0/24
194.87.179.0/24
194.87.228.0/24
194.135.24.0/24
195.133.24.0/23
195.133.29.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.241.0/24
212.193.0.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
91:83:ae:46:17:03:14:e2:21:21:b1:7b:f7:2f:25:54:5e:0f:
0b:9b:27:36:60:7b:ef:0c:e7:1d:00:bf:fc:bf:98:f8:5d:6a:
a3:bf:ce:68:d2:07:d4:c1:4e:ee:68:bb:75:f8:0c:f1:c5:fe:
21:bd:69:5f:2d:6c:5c:de:69:e5:a2:9b:bb:fa:7e:b9:e5:0a:
32:5a:58:56:00:ab:f6:e4:43:6e:56:6d:e1:41:a9:6f:13:5c:
40:48:0f:de:8b:84:ae:fc:b5:49:64:c0:6b:92:59:0e:b6:0c:
a1:e3:2a:b5:4b:d0:bf:d7:5c:04:34:08:93:73:84:1d:ba:f1:
fd:ab:c2:73:24:86:0d:4d:22:fe:70:22:fa:f9:f7:45:41:10:
45:df:2e:6d:f9:21:f5:7c:62:22:2c:61:59:81:2d:6c:b1:88:
8d:00:a2:49:e0:32:2f:a8:10:5b:26:40:77:25:05:63:ce:ae:
9f:02:99:4b:3e:cd:0d:9b:12:42:10:4d:94:54:ed:66:e3:ab:
14:84:8a:4c:da:a6:7c:b9:c8:a2:34:b1:26:9d:b0:59:c7:12:
32:f9:80:b0:a1:d9:88:f1:4b:81:2b:24:b1:47:e1:95:97:72:
77:69:f2:96:c0:78:43:04:36:ae:1e:7e:c8:be:93:d9:2e:e3:
0b:12:8a:0a
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgISAZeb3o/7mceANwz76ywgISH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNjIzMDgxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTg4MjdmODI0OTJmZjNlODgxZjE0MWIyYTdmZDQ3YjgzOTgzNWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhBSPQsaIChTPAjigUXAF8gFjQtb
To/J8WLas0qVZGWcigVvLvNEkFzpsgoenwu0VxY0+BFCEgf39XqoLbC49WIKXbY3
dh/x+FyX8SbNs99D9BqhBkIDECn8Bx4l5C0Fm9m11hXUcX75HhATUaxwiESoz8HV
9k5Mves3wl7eo7Z9oRxwXBh6BYwe6saLqFhb1BpUvwjtReZQ8BYMcFzHSZ7u+ziS
4880ftD4Nx+DNGku5fcCHyQqkGxHuMFgLV/EYkoIpYLe6eD5OeRjR5ADm8JU/QUV
Op+ENPao6Strc/pchQlMF2i37XA2iounaxGlAIj0Cv0aV6W7V6UnyXBSZwIDAQAB
o4ICgjCCAn4wHQYDVR0OBBYEFBWIJ/gkkv8+iB8UGyp/1HuDmDXOMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRllnbi1DU1NfejZJSHhRYktuX1VlNE9ZTmM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGXBggrBgEFBQcBBwEB/wSBhzCBhDBsBAIAATBmAwQAwXwE
AwQAwXwHAwQAwjqbAwQAwlc1AwQAwld3AwQAwlepAwQAwlezAwQAwlfkAwQAwocY
AwQBw4UYAwQAw4UdAwQBw4UoAwQBw4UyAwQBw4VcAwQA1MDxAwQA1MEAAwQB1MEa
MBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAkYOuRhcD
FOIhIbF79y8lVF4PC5snNmB77wznHQC//L+Y+F1qo7/OaNIH1MFO7mi7dfgM8cX+
Ib1pXy1sXN5p5aKbu/p+ueUKMlpYVgCr9uRDblZt4UGpbxNcQEgP3ouErvy1SWTA
a5JZDrYMoeMqtUvQv9dcBDQIk3OEHbrx/avCcySGDU0i/nAi+vn3RUEQRd8ubfkh
9XxiIixhWYEtbLGIjQCiSeAyL6gQWyZAdyUFY86unwKZSz7NDZsSQhBNlFTtZuOr
FISKTNqmfLnIojSxJp2wWccSMvmAsKHZiPFLgSsksUfhlZdyd2nylsB4QwQ2rh5+
yL6T2S7jCxKKCg==
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:38:29 2025 by rpki-client