Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/IyhEJLFmNQPxm2gpkAgvGCTuwi4.roa
File: IyhEJLFmNQPxm2gpkAgvGCTuwi4.roa (raw, json)
Hash identifier: H8aNjsawyRJ3qfGLXUbKrOWvZMg41HXkBJpftI8uVjM=
Subject key identifier: 23:28:44:24:B1:66:35:03:F1:9B:68:29:90:08:2F:18:24:EE:C2:2E
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 0199DD1730BEB58F2E11ED8CD9401C32E9E6
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/IyhEJLFmNQPxm2gpkAgvGCTuwi4.roa
Signing time: Mon 13 Oct 2025 10:21:48 +0000
ROA not before: Mon 13 Oct 2025 10:21:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50835
IP address blocks: 37.97.120.0/24 maxlen: 24
37.97.121.0/24 maxlen: 24
46.173.248.0/22 maxlen: 24
46.173.254.0/23 maxlen: 23
77.36.58.0/24 maxlen: 24
77.36.66.0/23 maxlen: 23
81.161.8.0/22 maxlen: 22
81.161.48.0/22 maxlen: 22
91.193.30.0/23 maxlen: 23
91.233.200.0/24 maxlen: 24
91.236.76.0/24 maxlen: 24
91.239.226.0/24 maxlen: 24
91.246.203.0/24 maxlen: 24
93.120.34.0/23 maxlen: 23
93.120.40.0/23 maxlen: 23
109.207.128.0/24 maxlen: 24
109.207.130.0/24 maxlen: 24
109.207.132.0/24 maxlen: 24
176.96.94.0/24 maxlen: 24
176.115.236.0/22 maxlen: 24
176.116.236.0/24 maxlen: 24
176.121.108.0/23 maxlen: 24
194.33.66.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:dd:17:30:be:b5:8f:2e:11:ed:8c:d9:40:1c:32:e9:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Oct 13 10:21:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=23284424b1663503f19b682990082f1824eec22e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:18:3d:8e:95:8f:ed:1c:2b:77:aa:52:16:ee:
98:22:19:e6:f4:b7:8b:1e:8f:b8:86:97:1a:1f:87:
6c:ef:b8:89:32:f9:cb:f3:d0:b6:80:ae:f9:05:3a:
12:f4:c7:30:68:54:2f:34:46:a2:76:bb:57:e2:89:
0a:8f:a8:dc:3b:39:79:3b:7e:94:ce:8a:f4:22:8f:
fc:60:0d:73:de:06:52:a9:f4:c6:0c:de:d4:04:f5:
0a:69:25:4e:54:9d:b8:5c:25:1c:d6:ad:8f:e0:2c:
cd:43:81:7f:57:04:c0:e4:68:2b:1d:e1:14:18:8a:
f5:e6:4e:b1:69:1f:99:bf:0e:b5:55:ba:27:98:c1:
23:6c:2b:20:6e:ee:27:a1:b1:99:80:f1:88:40:76:
9d:4d:e2:37:fa:1a:a5:84:b3:bf:be:08:bf:ae:cc:
59:25:09:36:84:59:0c:7f:6d:7d:ff:fa:ef:84:3f:
e8:36:e4:39:58:c5:41:82:23:cd:47:4d:25:89:8c:
9d:a2:21:6b:57:b0:ce:35:29:67:11:0e:b7:14:2b:
ce:02:eb:7f:03:ce:98:f1:73:4b:92:77:63:cd:61:
f0:6f:8e:48:da:61:59:58:79:ba:94:2e:d8:95:12:
9c:70:44:06:ea:9f:cb:2a:aa:88:a8:e3:a7:0d:92:
3c:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:28:44:24:B1:66:35:03:F1:9B:68:29:90:08:2F:18:24:EE:C2:2E
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/IyhEJLFmNQPxm2gpkAgvGCTuwi4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.120.0/23
46.173.248.0/22
46.173.254.0/23
77.36.58.0/24
77.36.66.0/23
81.161.8.0/22
81.161.48.0/22
91.193.30.0/23
91.233.200.0/24
91.236.76.0/24
91.239.226.0/24
91.246.203.0/24
93.120.34.0/23
93.120.40.0/23
109.207.128.0/24
109.207.130.0/24
109.207.132.0/24
176.96.94.0/24
176.115.236.0/22
176.116.236.0/24
176.121.108.0/23
194.33.66.0/23
Signature Algorithm: sha256WithRSAEncryption
4c:27:dc:f7:a9:8a:37:f1:3b:61:12:95:8a:3c:64:2e:a9:0a:
8e:6f:de:4c:b0:08:c7:05:1a:4d:6b:d8:81:9f:81:b9:7a:94:
80:bc:65:f9:38:38:be:25:36:3c:62:53:60:ed:c2:84:7a:68:
cc:4c:a3:58:bf:35:b1:0b:5d:99:d2:9e:fc:e2:73:bb:b5:d7:
ea:c5:1d:ff:92:07:b9:33:c0:9d:d9:8f:ef:cc:ab:27:4b:34:
5e:95:ff:0b:fd:19:3f:73:e0:54:ac:c2:29:77:cf:8c:81:4b:
67:dc:c2:4b:05:03:cb:84:f5:ce:d8:9d:d8:9c:a0:1d:68:f1:
23:f0:53:0b:03:42:4a:38:bf:c7:98:6b:1c:91:15:b9:b6:b0:
85:69:72:96:26:74:cf:dd:54:3e:32:f5:c3:dc:a4:2c:fe:13:
78:2c:ab:ef:f1:89:b6:64:90:fd:dd:57:41:0f:11:40:9d:31:
c0:5b:2c:21:8d:2f:9f:0d:35:bb:28:dc:7e:77:5b:1c:e3:7c:
8d:22:26:52:ed:1b:94:e2:07:b5:4b:b1:c6:de:f9:f8:5d:af:
60:59:b1:e7:20:ce:6e:3b:2d:5b:06:ee:f0:04:16:53:9c:54:
b3:f0:9a:62:f9:61:bf:9d:4d:29:4c:6e:e1:ee:11:7a:ca:4e:
17:d8:a5:aa
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAZndFzC+tY8uEe2M2UAcMunmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUxMDEzMTAyMTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzI4NDQyNGIxNjYzNTAzZjE5YjY4Mjk5MDA4MmYxODI0ZWVjMjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxg9jpWP7Rwrd6pSFu6YIhnm9LeL
Ho+4hpcaH4ds77iJMvnL89C2gK75BToS9McwaFQvNEaidrtX4okKj6jcOzl5O36U
zor0Io/8YA1z3gZSqfTGDN7UBPUKaSVOVJ24XCUc1q2P4CzNQ4F/VwTA5GgrHeEU
GIr15k6xaR+Zvw61VbonmMEjbCsgbu4nobGZgPGIQHadTeI3+hqlhLO/vgi/rsxZ
JQk2hFkMf219//rvhD/oNuQ5WMVBgiPNR00liYydoiFrV7DONSlnEQ63FCvOAut/
A86Y8XNLkndjzWHwb45I2mFZWHm6lC7YlRKccEQG6p/LKqqIqOOnDZI8zQIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFCMoRCSxZjUD8ZtoKZAILxgk7sIuMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvSXloRUpMRm1OUVB4bTJncGtBZ3ZHQ1R1d2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjCBiwQCAAEwgYQDBAEl
YXgDBAIurfgDBAEurf4DBABNJDoDBAFNJEIDBAJRoQgDBAJRoTADBAFbwR4DBABb
6cgDBABb7EwDBABb7+IDBABb9ssDBAFdeCIDBAFdeCgDBABtz4ADBABtz4IDBABt
z4QDBACwYF4DBAKwc+wDBACwdOwDBAGweWwDBAHCIUIwDQYJKoZIhvcNAQELBQAD
ggEBAEwn3PepijfxO2ESlYo8ZC6pCo5v3kywCMcFGk1r2IGfgbl6lIC8Zfk4OL4l
NjxiU2DtwoR6aMxMo1i/NbELXZnSnvzic7u11+rFHf+SB7kzwJ3Zj+/MqydLNF6V
/wv9GT9z4FSswil3z4yBS2fcwksFA8uE9c7YndicoB1o8SPwUwsDQko4v8eYaxyR
Fbm2sIVpcpYmdM/dVD4y9cPcpCz+E3gsq+/xibZkkP3dV0EPEUCdMcBbLCGNL58N
Nbso3H53WxzjfI0iJlLtG5TiB7VLscbe+fhdr2BZsecgzm47LVsG7vAEFlOcVLPw
mmL5Yb+dTSlMbuHuEXrKThfYpao=
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:30:10 2025 by rpki-client