Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/NL0IJjm7jrfozZ5bICucRbGVYr8.roa
File: NL0IJjm7jrfozZ5bICucRbGVYr8.roa (raw, json)
Hash identifier: DDP4brvIuTXLrA8+Uvh9Tcq7O9ulXJw+0WUACyChp5o=
Subject key identifier: 34:BD:08:26:39:BB:8E:B7:E8:CD:9E:5B:20:2B:9C:45:B1:95:62:BF
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 0197C18055C84E56B7CEC4C39946DE26F10F
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/NL0IJjm7jrfozZ5bICucRbGVYr8.roa
Signing time: Mon 30 Jun 2025 15:41:42 +0000
ROA not before: Mon 30 Jun 2025 15:41:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202
IP address blocks: 5.39.176.0/21 maxlen: 24
5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
80.87.16.0/20 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
87.236.128.0/21 maxlen: 24
88.151.152.0/21 maxlen: 24
89.38.120.0/21 maxlen: 24
91.143.64.0/20 maxlen: 24
92.42.120.0/21 maxlen: 24
93.115.176.0/20 maxlen: 24
94.142.168.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.52.144.0/22 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.0.0/21 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
2a0d:7680::/29 maxlen: 29
2a0e:a1c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 04 Jul 2025 05:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c1:80:55:c8:4e:56:b7:ce:c4:c3:99:46:de:26:f1:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Jun 30 15:41:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=34bd082639bb8eb7e8cd9e5b202b9c45b19562bf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:36:ba:1e:b9:83:40:01:b4:fa:17:b5:f5:7b:
9b:11:82:4d:1f:c0:4c:83:ab:25:f7:ea:e3:25:d3:
5b:c2:55:c8:d2:6a:5c:f7:14:f3:7f:b0:1f:51:08:
01:7e:59:ee:16:47:aa:27:b9:01:d6:2f:fb:08:0e:
1e:a9:4a:c1:10:d8:f0:cc:a2:50:c1:59:24:71:b2:
3e:ea:c6:26:59:5f:ac:6f:e2:6f:38:b6:7e:0c:94:
69:a8:96:cd:db:92:da:c6:d6:52:37:d3:ff:fe:0a:
7c:8b:38:ac:16:cf:e2:15:19:41:11:8f:11:4a:81:
f5:57:c8:84:cf:71:88:32:78:0c:ad:f2:ad:fc:c2:
bf:49:08:ab:58:f3:eb:d8:d4:1f:4e:3e:99:06:b9:
ea:d8:37:a2:f6:0a:e7:74:71:c4:87:3f:e1:b0:be:
06:f5:10:06:a9:8e:18:69:1f:5c:86:a3:77:eb:16:
77:9a:39:62:c2:c5:ae:9b:09:98:80:fd:57:3a:57:
1c:b7:fa:83:94:8b:b5:ac:3f:19:fb:c0:bb:ca:9c:
70:8e:8b:bd:88:ce:a4:2c:09:f0:03:81:5c:0f:ee:
95:48:c2:d4:2f:d9:87:da:2d:58:85:94:db:34:2c:
17:cc:55:c1:83:36:26:17:05:f2:82:c9:12:83:a8:
e8:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:BD:08:26:39:BB:8E:B7:E8:CD:9E:5B:20:2B:9C:45:B1:95:62:BF
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/NL0IJjm7jrfozZ5bICucRbGVYr8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.176.0/21
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
80.87.16.0/20
83.150.252.0/22
85.95.96.0/19
87.236.128.0/21
88.151.152.0/21
89.38.120.0/21
91.143.64.0/20
92.42.120.0/21
93.115.176.0/20
94.142.168.0/21
95.129.64.0/21
176.58.0.0/21
185.52.144.0/22
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.0.0/21
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
2a0d:7680::/29
2a0e:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
71:5d:dc:fa:c9:b1:98:57:8b:01:03:62:fd:22:36:83:b6:c5:
89:fc:a5:c0:14:d1:97:4e:ff:50:bd:fc:32:c7:77:09:74:33:
65:b3:62:6c:9f:42:04:2d:d5:8d:c9:cb:ed:a0:14:bc:85:e3:
d2:a2:bc:51:ea:05:4f:73:ed:2f:10:61:51:66:b2:04:9d:fa:
ae:31:77:bd:8d:02:89:04:9b:e1:cc:66:4b:6e:76:d8:18:c3:
f3:cc:62:5f:5e:32:3c:12:f7:94:9f:02:1b:5a:2a:66:9d:55:
d1:0c:d2:fe:af:01:20:ff:63:79:73:4f:71:96:44:7a:d8:29:
6b:78:c0:f9:cd:9a:d9:da:20:e7:8b:c0:b8:a9:92:19:f6:8a:
56:6d:cf:d8:01:58:f8:9e:d1:45:c3:40:ab:e4:96:54:7d:d2:
59:44:5f:9c:e0:9c:09:9a:28:05:1c:ff:a7:79:0f:d5:be:b8:
d5:8c:91:8d:3b:fa:03:fd:e7:a8:e2:ce:e8:36:15:a2:0f:4e:
18:a9:30:48:54:1a:29:ac:10:85:ad:fe:a0:98:0f:af:2f:49:
29:a3:e4:c6:40:95:1e:b3:63:dd:ff:eb:58:cf:ed:67:23:6e:
f2:af:45:43:01:41:32:69:e5:3e:28:6c:93:c0:c9:28:7a:88:
ec:4d:b3:ee
-----BEGIN CERTIFICATE-----
MIIGKDCCBRCgAwIBAgISAZfBgFXITla3zsTDmUbeJvEPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwNjMwMTU0MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGJkMDgyNjM5YmI4ZWI3ZThjZDllNWIyMDJiOWM0NWIxOTU2MmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoza6HrmDQAG0+he19XubEYJNH8BM
g6sl9+rjJdNbwlXI0mpc9xTzf7AfUQgBflnuFkeqJ7kB1i/7CA4eqUrBENjwzKJQ
wVkkcbI+6sYmWV+sb+JvOLZ+DJRpqJbN25LaxtZSN9P//gp8izisFs/iFRlBEY8R
SoH1V8iEz3GIMngMrfKt/MK/SQirWPPr2NQfTj6ZBrnq2Dei9grndHHEhz/hsL4G
9RAGqY4YaR9chqN36xZ3mjliwsWumwmYgP1XOlcct/qDlIu1rD8Z+8C7ypxwjou9
iM6kLAnwA4FcD+6VSMLUL9mH2i1YhZTbNCwXzFXBgzYmFwXygskSg6jo4wIDAQAB
o4IDNDCCAzAwHQYDVR0OBBYEFDS9CCY5u4636M2eWyArnEWxlWK/MB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvTkwwSUpqbTdqcmZvelo1YklDdWNSYkdWWXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBSAYIKwYBBQUHAQcBAf8EggE3MIIBMzCCARIEAgABMIIB
CgMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEA7m2AAMEAbm2yAMEArnM1AMEArnlBAMEArn2
hAMEArn3yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMa
IAMEAcNYCDAMAwQC1AtEAwQC1AtIAwQE2ZGAMBsEAgACMBUDBQAqAPHAAwUDKg12
gAMFAyoOocAwDQYJKoZIhvcNAQELBQADggEBAHFd3PrJsZhXiwEDYv0iNoO2xYn8
pcAU0ZdO/1C9/DLHdwl0M2WzYmyfQgQt1Y3Jy+2gFLyF49KivFHqBU9z7S8QYVFm
sgSd+q4xd72NAokEm+HMZktudtgYw/PMYl9eMjwS95SfAhtaKmadVdEM0v6vASD/
Y3lzT3GWRHrYKWt4wPnNmtnaIOeLwLipkhn2ilZtz9gBWPie0UXDQKvkllR90llE
X5zgnAmaKAUc/6d5D9W+uNWMkY07+gP956jizug2FaIPThipMEhUGimsEIWt/qCY
D68vSSmj5MZAlR6zY93/61jP7WcjbvKvRUMBQTJp5T4obJPAySh6iOxNs+4=
-----END CERTIFICATE-----
Generated at Thu Jul 3 08:58:28 2025 by rpki-client