Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lZQ_UunH8FUsaiOpMORD47tadLM.roa
File: lZQ_UunH8FUsaiOpMORD47tadLM.roa (raw, json)
Hash identifier: zFOVjBzErZ1zNH4oRJORxhvvjtFBv+NwLCWMjsxxLQg=
Subject key identifier: 95:94:3F:52:E9:C7:F0:55:2C:6A:23:A9:30:E4:43:E3:BB:5A:74:B3
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0196A9A9ABE96D30E6FAC5FD3888AF6C97F0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lZQ_UunH8FUsaiOpMORD47tadLM.roa
Signing time: Wed 07 May 2025 07:33:11 +0000
ROA not before: Wed 07 May 2025 07:33:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16276
IP address blocks: 37.139.130.0/24 maxlen: 24
45.149.243.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
85.217.144.0/23 maxlen: 24
185.225.74.0/23 maxlen: 24
193.149.28.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 13 May 2025 10:50:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:a9:a9:ab:e9:6d:30:e6:fa:c5:fd:38:88:af:6c:97:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 7 07:33:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=95943f52e9c7f0552c6a23a930e443e3bb5a74b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:6b:60:ab:76:4a:63:53:12:b8:dc:9d:2e:9c:
40:3a:ea:0a:eb:a9:9b:1a:6f:37:2b:dc:2c:2d:75:
a3:57:c6:63:c4:d7:cf:53:81:86:5b:79:e5:01:60:
c9:54:3a:9e:15:9e:1e:29:ac:8e:75:a2:89:cc:01:
f6:28:3e:a4:ae:23:3a:cd:fb:0e:fd:d5:88:85:eb:
34:58:cd:b8:e4:21:5e:b4:e2:5f:11:fa:79:80:65:
10:4a:0a:9c:87:06:5a:cb:29:3a:ce:57:2d:f7:1a:
9c:58:65:e9:b2:f1:9b:67:1a:e4:5b:cf:1e:f9:7d:
d2:4c:3a:19:f3:f4:f5:c0:85:c3:54:34:52:47:7d:
b3:a6:4c:94:1a:b2:36:28:dc:18:12:45:65:f8:66:
d7:ad:d9:15:85:5a:29:f1:e6:30:2f:6b:5a:98:35:
2b:db:98:47:57:e0:62:d7:9f:3a:4b:a3:ef:0e:23:
e3:99:87:d6:23:1f:bb:9b:5e:01:39:5c:e0:41:3a:
49:34:21:85:fb:6b:2f:5e:4a:f5:d0:47:fd:23:a0:
78:d1:fd:28:81:66:e3:4a:18:de:20:ff:03:97:91:
1b:79:36:00:8e:23:0a:27:56:54:8e:fc:45:93:1d:
a1:6a:9e:07:ed:1d:64:3c:ff:a0:b3:73:9f:05:a8:
ad:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:94:3F:52:E9:C7:F0:55:2C:6A:23:A9:30:E4:43:E3:BB:5A:74:B3
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lZQ_UunH8FUsaiOpMORD47tadLM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.149.243.0/24
79.110.61.0/24
85.217.144.0/23
185.225.74.0/23
193.149.28.0/22
Signature Algorithm: sha256WithRSAEncryption
27:34:bc:ca:aa:66:dd:5b:b3:00:42:7f:0f:9d:8e:ab:b3:49:
25:17:31:db:2b:25:9e:15:f5:72:79:b4:5f:21:eb:50:5a:c3:
41:03:e2:36:db:0c:34:43:23:db:c8:e1:31:b8:f9:53:02:fe:
9f:92:25:85:d9:80:3d:d7:86:ad:da:13:b3:21:5f:5a:b9:be:
8d:50:79:73:50:18:7b:72:3a:29:32:2a:9e:9c:53:25:77:73:
ab:a9:1c:94:dc:51:b1:9e:08:80:49:f0:5b:8a:9f:8f:46:79:
ea:68:d9:26:da:23:68:09:c7:a1:1c:16:12:60:44:63:be:93:
75:88:d6:d9:9b:42:02:ff:46:89:2b:47:2d:80:38:dd:10:e8:
6b:1a:a9:75:ca:25:4c:73:47:d7:d3:ee:de:f0:97:20:f9:66:
f7:f8:1b:04:2d:6b:97:6a:07:84:e2:99:48:6e:79:30:be:ad:
3a:6d:01:b3:08:ba:9a:6e:4a:4e:80:55:27:7f:90:e9:a3:63:
2c:d3:44:af:ea:1e:c8:5b:e9:49:29:4c:54:21:4f:14:ff:ca:
28:b2:88:a9:ff:4b:9a:1b:2a:6d:43:a0:53:a8:8a:83:53:86:
8a:cf:c8:60:70:a1:c6:4e:77:60:ef:02:01:94:45:86:62:d9:
e5:e3:8c:87
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZapqavpbTDm+sX9OIivbJfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNTA3MDczMzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTk0M2Y1MmU5YzdmMDU1MmM2YTIzYTkzMGU0NDNlM2JiNWE3NGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Gtgq3ZKY1MSuNydLpxAOuoK66mb
Gm83K9wsLXWjV8ZjxNfPU4GGW3nlAWDJVDqeFZ4eKayOdaKJzAH2KD6kriM6zfsO
/dWIhes0WM245CFetOJfEfp5gGUQSgqchwZayyk6zlct9xqcWGXpsvGbZxrkW88e
+X3STDoZ8/T1wIXDVDRSR32zpkyUGrI2KNwYEkVl+GbXrdkVhVop8eYwL2tamDUr
25hHV+Bi1586S6PvDiPjmYfWIx+7m14BOVzgQTpJNCGF+2svXkr10Ef9I6B40f0o
gWbjShjeIP8Dl5EbeTYAjiMKJ1ZUjvxFkx2hap4H7R1kPP+gs3OfBaitFwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJWUP1Lpx/BVLGojqTDkQ+O7WnSzMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbFpRX1V1bkg4RlVzYWlPcE1PUkQ0N3RhZExNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAJYuCAwQA
LZXzAwQAT249AwQBVdmQAwQBueFKAwQCwZUcMA0GCSqGSIb3DQEBCwUAA4IBAQAn
NLzKqmbdW7MAQn8PnY6rs0klFzHbKyWeFfVyebRfIetQWsNBA+I22ww0QyPbyOEx
uPlTAv6fkiWF2YA914at2hOzIV9aub6NUHlzUBh7cjopMiqenFMld3OrqRyU3FGx
ngiASfBbip+PRnnqaNkm2iNoCcehHBYSYERjvpN1iNbZm0IC/0aJK0ctgDjdEOhr
Gql1yiVMc0fX0+7e8Jcg+Wb3+BsELWuXageE4plIbnkwvq06bQGzCLqabkpOgFUn
f5Dpo2Ms00Sv6h7IW+lJKUxUIU8U/8oosoip/0uaGyptQ6BTqIqDU4aKz8hgcKHG
Tndg7wIBlEWGYtnl44yH
-----END CERTIFICATE-----
Generated at Mon May 12 20:23:59 2025 by rpki-client