Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DzTtXPnHozv32XFpmo1o1UPq50s.roa
File: DzTtXPnHozv32XFpmo1o1UPq50s.roa (raw, json)
Hash identifier: hnVthb2XM9TLEX0UaqVRQU+UM3fNuFIOE9WWxoEjMIc=
Subject key identifier: 0F:34:ED:5C:F9:C7:A3:3B:F7:D9:71:69:9A:8D:68:D5:43:EA:E7:4B
Certificate issuer: /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial: 019786C68F9199BB58CA81103F810D1F9F7D
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DzTtXPnHozv32XFpmo1o1UPq50s.roa
Signing time: Thu 19 Jun 2025 06:00:49 +0000
ROA not before: Thu 19 Jun 2025 06:00:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48314
IP address blocks: 5.175.233.0/24 maxlen: 24
77.90.0.0/24 maxlen: 24
77.90.2.0/24 maxlen: 24
77.90.8.0/24 maxlen: 24
77.90.13.0/24 maxlen: 24
77.90.18.0/24 maxlen: 24
77.90.51.0/24 maxlen: 24
94.249.193.0/24 maxlen: 24
94.249.214.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 13:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:86:c6:8f:91:99:bb:58:ca:81:10:3f:81:0d:1f:9f:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
Validity
Not Before: Jun 19 06:00:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0f34ed5cf9c7a33bf7d971699a8d68d543eae74b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:53:e1:71:cf:a7:b6:50:ba:70:d7:be:2b:f3:
a9:31:dc:a1:de:9c:8c:cb:cf:cd:1d:27:89:5f:cd:
fa:c1:75:c7:02:82:a1:6f:c7:95:09:0d:cf:5a:59:
50:5c:2b:49:e2:22:37:26:7b:97:a7:8d:d9:d2:ff:
a1:3d:af:2c:40:89:31:68:f0:60:28:1a:bf:c3:4a:
ff:cc:ff:ad:e5:df:e3:18:bd:8f:e9:4c:f8:c0:88:
e2:a8:8d:73:77:22:2c:ce:9b:5d:c7:7e:54:17:97:
36:a8:76:a9:2d:ed:87:16:d0:b3:93:25:64:41:b2:
8c:3f:5f:71:1f:7e:93:5f:f1:bd:a2:fc:62:95:0a:
28:8f:ee:e9:7f:90:4e:69:e2:9c:8a:6a:6b:74:34:
ab:e7:0e:1d:e3:b9:53:34:59:55:97:bb:d4:0e:ab:
4c:74:bd:74:8f:73:a9:82:13:64:2f:e7:ab:c5:83:
cd:ae:31:eb:0f:2b:76:b2:51:4b:34:fb:9a:f1:6b:
21:e1:04:1e:ee:ee:4f:07:00:75:23:75:82:97:6c:
4a:52:7b:58:cb:20:4a:55:b4:d8:7e:e5:3a:ac:0a:
c3:ef:9a:0f:03:20:f8:d0:81:d5:fe:f3:f8:1c:9c:
4c:20:19:82:95:5b:f4:ec:74:52:e2:3a:43:f4:36:
3c:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:34:ED:5C:F9:C7:A3:3B:F7:D9:71:69:9A:8D:68:D5:43:EA:E7:4B
X509v3 Authority Key Identifier:
keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DzTtXPnHozv32XFpmo1o1UPq50s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.175.233.0/24
77.90.0.0/24
77.90.2.0/24
77.90.8.0/24
77.90.13.0/24
77.90.18.0/24
77.90.51.0/24
94.249.193.0/24
94.249.214.0/24
Signature Algorithm: sha256WithRSAEncryption
54:15:15:b0:ab:a9:03:13:a7:a9:e5:0e:e1:c3:df:00:e3:29:
88:52:f2:ba:f7:90:f2:e4:10:b8:d6:cc:83:df:f4:2e:69:a4:
a9:38:c6:39:eb:2a:53:cc:04:53:5d:71:09:e7:74:a5:74:97:
70:f7:84:97:98:59:3a:36:9c:5b:23:b6:7d:0e:cf:ed:26:77:
70:60:12:c4:1a:de:93:39:cd:e0:db:8f:a8:67:9b:7b:1a:bd:
1a:b0:31:9e:36:b3:32:72:60:ac:92:e0:cd:5b:c7:f9:e6:47:
b0:78:79:08:15:56:7e:e3:30:bd:42:dd:9f:01:36:63:fe:bc:
93:a4:cb:59:5d:f7:a1:79:74:dc:82:c2:e9:c4:7d:a6:09:ba:
37:6a:94:0d:56:e3:6f:36:97:ab:f1:bd:a1:92:f8:e9:b3:f7:
aa:7f:44:12:7b:35:20:a8:5e:54:ed:a6:d3:47:de:5e:e7:8d:
50:14:fa:18:58:82:39:b7:35:4f:e9:38:e6:51:16:96:c9:db:
dd:17:ed:1c:e0:d8:e1:e9:80:d3:00:c4:8b:59:4e:54:83:b7:
ce:c1:b9:36:33:85:25:e4:91:4b:ee:98:0d:59:f9:89:c7:7c:
39:62:46:15:88:38:fe:66:37:78:a6:15:08:a4:61:18:ab:1a:
fa:98:21:68
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZeGxo+RmbtYyoEQP4ENH599MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNjE5MDYwMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjM0ZWQ1Y2Y5YzdhMzNiZjdkOTcxNjk5YThkNjhkNTQzZWFlNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllPhcc+ntlC6cNe+K/OpMdyh3pyM
y8/NHSeJX836wXXHAoKhb8eVCQ3PWllQXCtJ4iI3JnuXp43Z0v+hPa8sQIkxaPBg
KBq/w0r/zP+t5d/jGL2P6Uz4wIjiqI1zdyIszptdx35UF5c2qHapLe2HFtCzkyVk
QbKMP19xH36TX/G9ovxilQooj+7pf5BOaeKcimprdDSr5w4d47lTNFlVl7vUDqtM
dL10j3OpghNkL+erxYPNrjHrDyt2slFLNPua8Wsh4QQe7u5PBwB1I3WCl2xKUntY
yyBKVbTYfuU6rArD75oPAyD40IHV/vP4HJxMIBmClVv07HRS4jpD9DY8ywIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFA807Vz5x6M799lxaZqNaNVD6udLMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvRHpUdFhQbkhvenYzMlhGcG1vMW8xVVBxNTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQABa/pAwQA
TVoAAwQATVoCAwQATVoIAwQATVoNAwQATVoSAwQATVozAwQAXvnBAwQAXvnWMA0G
CSqGSIb3DQEBCwUAA4IBAQBUFRWwq6kDE6ep5Q7hw98A4ymIUvK695Dy5BC41syD
3/QuaaSpOMY56ypTzARTXXEJ53SldJdw94SXmFk6NpxbI7Z9Ds/tJndwYBLEGt6T
Oc3g24+oZ5t7Gr0asDGeNrMycmCskuDNW8f55keweHkIFVZ+4zC9Qt2fATZj/ryT
pMtZXfeheXTcgsLpxH2mCbo3apQNVuNvNper8b2hkvjps/eqf0QSezUgqF5U7abT
R95e541QFPoYWII5tzVP6TjmURaWydvdF+0c4Njh6YDTAMSLWU5Ug7fOwbk2M4Ul
5JFL7pgNWfmJx3w5YkYViDj+Zjd4phUIpGEYqxr6mCFo
-----END CERTIFICATE-----
Generated at Sun Jun 29 21:01:47 2025 by rpki-client