Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/nBqkJ21E89xpdJHsjMjUY6q0t8s.roa
File: nBqkJ21E89xpdJHsjMjUY6q0t8s.roa (raw, json)
Hash identifier: cYjf2nhrD03sJ2C+YxabZIv8XeqfYPE9uhBxiZGoO6A=
Subject key identifier: 9C:1A:A4:27:6D:44:F3:DC:69:74:91:EC:8C:C8:D4:63:AA:B4:B7:CB
Certificate issuer: /CN=4987941e74c1c03e7aba3b878530095eb6fa874e
Certificate serial: 0198A7E7D28940667BE34F94AA20399123B8
Authority key identifier: 49:87:94:1E:74:C1:C0:3E:7A:BA:3B:87:85:30:09:5E:B6:FA:87:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SYeUHnTBwD56ujuHhTAJXrb6h04.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/nBqkJ21E89xpdJHsjMjUY6q0t8s.roa
Signing time: Thu 14 Aug 2025 09:27:24 +0000
ROA not before: Thu 14 Aug 2025 09:27:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200736
IP address blocks: 45.66.40.0/22 maxlen: 24
45.66.40.0/24 maxlen: 24
45.66.41.0/24 maxlen: 24
45.66.42.0/24 maxlen: 24
45.66.43.0/24 maxlen: 24
195.20.114.0/24 maxlen: 24
195.214.208.0/22 maxlen: 24
195.214.211.0/24 maxlen: 24
2a10:9300::/29 maxlen: 42
2a10:9300::/36 maxlen: 42
2a10:9300:100::/42 maxlen: 42
2a10:9300:400::/42 maxlen: 42
2a10:9300:500::/42 maxlen: 42
2a10:9300:900::/42 maxlen: 42
2a10:9300:b00::/42 maxlen: 42
2a10:9300:c00::/42 maxlen: 42
2a10:9301::/36 maxlen: 42
2a10:9301:100::/42 maxlen: 42
2a10:9301:140::/42 maxlen: 42
2a10:9301:300::/42 maxlen: 42
2a10:9301:340::/42 maxlen: 42
2a10:9301:700::/42 maxlen: 42
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/SYeUHnTBwD56ujuHhTAJXrb6h04.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/SYeUHnTBwD56ujuHhTAJXrb6h04.mft
rsync://rpki.ripe.net/repository/DEFAULT/SYeUHnTBwD56ujuHhTAJXrb6h04.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a7:e7:d2:89:40:66:7b:e3:4f:94:aa:20:39:91:23:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4987941e74c1c03e7aba3b878530095eb6fa874e
Validity
Not Before: Aug 14 09:27:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9c1aa4276d44f3dc697491ec8cc8d463aab4b7cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:42:98:42:27:d6:f9:ac:8c:e3:e1:06:e3:21:
66:dc:db:d4:bd:fa:c7:d9:6b:2c:6c:c7:89:0b:0a:
30:b6:b0:29:8e:0a:60:85:94:2d:5e:c6:51:e4:f3:
da:02:7e:ba:c3:37:85:fd:b3:0c:80:21:e9:1c:11:
0e:6e:1a:26:1f:d0:7c:ab:61:67:41:4e:b8:65:56:
f3:7f:3f:64:95:e1:c9:5a:fd:f1:32:2f:4a:5a:01:
9e:f4:44:19:f2:33:b2:07:ac:c8:a0:15:e9:f2:45:
a4:71:9e:f9:06:22:dd:e4:91:ad:cf:f1:0d:aa:0f:
c5:f2:80:31:2a:11:e0:b5:be:40:b4:0c:f1:ff:1c:
9a:9d:d8:0f:3d:49:87:c9:4b:eb:89:81:05:12:9c:
03:14:39:c5:dc:aa:39:bc:3e:18:b7:1c:ae:ce:52:
6b:eb:eb:d3:fc:fd:49:66:36:eb:14:91:ef:da:3b:
99:d6:e1:1d:39:1b:37:1b:41:2f:68:b1:8c:6e:30:
d9:54:59:2e:1a:ae:09:e6:34:fd:29:7c:81:4b:5f:
58:1c:5e:fd:e1:a9:f5:f9:21:ed:fa:92:8d:48:c2:
6d:66:2f:90:fa:e4:40:4a:67:14:9b:46:82:15:35:
15:80:75:a5:b6:f1:99:80:a9:16:cd:62:08:c0:ae:
5c:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:1A:A4:27:6D:44:F3:DC:69:74:91:EC:8C:C8:D4:63:AA:B4:B7:CB
X509v3 Authority Key Identifier:
keyid:49:87:94:1E:74:C1:C0:3E:7A:BA:3B:87:85:30:09:5E:B6:FA:87:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYeUHnTBwD56ujuHhTAJXrb6h04.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/nBqkJ21E89xpdJHsjMjUY6q0t8s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/70777b-68b0-42a8-9e9d-e8ada51ee8ff/1/SYeUHnTBwD56ujuHhTAJXrb6h04.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.40.0/22
195.20.114.0/24
195.214.208.0/22
IPv6:
2a10:9300::/29
Signature Algorithm: sha256WithRSAEncryption
8b:c0:89:30:50:44:b2:52:ff:5f:bb:63:b8:fe:f6:a5:5c:6e:
96:75:0f:35:d8:c2:06:c1:62:3a:f5:37:94:3e:5d:43:5f:90:
aa:4e:14:93:01:bd:f5:51:9b:a6:f6:c1:ca:02:91:ad:8b:fd:
34:c8:91:60:6d:d7:af:00:9b:59:1a:bb:5c:e2:42:25:a0:ce:
61:d8:c6:11:33:53:fd:53:86:04:e9:98:92:19:3d:10:12:10:
ce:ed:5a:e7:f0:18:1a:d6:4e:91:27:ff:05:47:60:52:1f:0c:
35:72:02:1d:c9:dc:c7:ab:4e:e4:d8:a1:a2:fc:c9:f7:f0:74:
c0:74:61:86:e4:3d:35:7b:ad:6d:21:4c:fc:5d:82:21:fd:a3:
de:f3:88:3d:c7:2e:55:9e:af:0c:8c:88:7a:d3:f5:cd:f2:71:
95:ea:56:5c:40:2d:7b:46:63:70:53:9a:e3:49:1c:c8:ea:4e:
95:1e:1a:bf:10:8d:88:66:a6:b4:46:f8:2f:6a:d4:dd:66:0a:
e7:a6:9f:bf:f9:a0:72:35:72:09:26:cb:fa:f8:9f:23:62:fa:
0b:f2:d2:b1:ab:74:a5:23:13:7c:1b:37:29:cc:83:bd:1d:ce:
d8:5d:c2:36:f9:72:61:df:68:4c:7e:fb:a9:cb:74:d1:b0:a6:
66:af:e4:a1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZin59KJQGZ740+UqiA5kSO4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODc5NDFlNzRjMWMwM2U3YWJhM2I4Nzg1MzAwOTVlYjZm
YTg3NGUwHhcNMjUwODE0MDkyNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzFhYTQyNzZkNDRmM2RjNjk3NDkxZWM4Y2M4ZDQ2M2FhYjRiN2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEKYQifW+ayM4+EG4yFm3NvUvfrH
2WssbMeJCwowtrApjgpghZQtXsZR5PPaAn66wzeF/bMMgCHpHBEObhomH9B8q2Fn
QU64ZVbzfz9kleHJWv3xMi9KWgGe9EQZ8jOyB6zIoBXp8kWkcZ75BiLd5JGtz/EN
qg/F8oAxKhHgtb5AtAzx/xyandgPPUmHyUvriYEFEpwDFDnF3Ko5vD4YtxyuzlJr
6+vT/P1JZjbrFJHv2juZ1uEdORs3G0EvaLGMbjDZVFkuGq4J5jT9KXyBS19YHF79
4an1+SHt+pKNSMJtZi+Q+uRASmcUm0aCFTUVgHWltvGZgKkWzWIIwK5cHQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJwapCdtRPPcaXSR7IzI1GOqtLfLMB8GA1UdIwQY
MBaAFEmHlB50wcA+ero7h4UwCV62+odOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1llVUhuVEJ3RDU2dWp1SGhUQUpYcmI2aDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83MDc3N2ItNjhiMC00MmE4LTllOWQt
ZThhZGE1MWVlOGZmLzEvbkJxa0oyMUU4OXhwZEpIc2pNalVZNnEwdDhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83MDc3N2ItNjhiMC00MmE4LTllOWQtZThhZGE1MWVlOGZm
LzEvU1llVUhuVEJ3RDU2dWp1SGhUQUpYcmI2aDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLUIoAwQA
wxRyAwQCw9bQMA0EAgACMAcDBQMqEJMAMA0GCSqGSIb3DQEBCwUAA4IBAQCLwIkw
UESyUv9fu2O4/valXG6WdQ812MIGwWI69TeUPl1DX5CqThSTAb31UZum9sHKApGt
i/00yJFgbdevAJtZGrtc4kIloM5h2MYRM1P9U4YE6ZiSGT0QEhDO7Vrn8Bga1k6R
J/8FR2BSHww1cgIdydzHq07k2KGi/Mn38HTAdGGG5D01e61tIUz8XYIh/aPe84g9
xy5Vnq8MjIh60/XN8nGV6lZcQC17RmNwU5rjSRzI6k6VHhq/EI2IZqa0RvgvatTd
Zgrnpp+/+aByNXIJJsv6+J8jYvoL8tKxq3SlIxN8GzcpzIO9Hc7YXcI2+XJh32hM
fvupy3TRsKZmr+Sh
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:24:37 2025 by rpki-client