Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/zIQ6nGm76Kka-AG436LAD2hf3g0.roa
File: zIQ6nGm76Kka-AG436LAD2hf3g0.roa (raw, json)
Hash identifier: Bt2sBxgvY7fqKFYg2OO9oBO0vDI7yuuXQgOLBGofp+8=
Subject key identifier: CC:84:3A:9C:69:BB:E8:A9:1A:F8:01:B8:DF:A2:C0:0F:68:5F:DE:0D
Certificate issuer: /CN=07a32999c47eb31d5fbf16ecc3872eaefd43bad7
Certificate serial: 01973F54987525E8CEA7DF3A0FF556FAF9AE
Authority key identifier: 07:A3:29:99:C4:7E:B3:1D:5F:BF:16:EC:C3:87:2E:AE:FD:43:BA:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/zIQ6nGm76Kka-AG436LAD2hf3g0.roa
Signing time: Thu 05 Jun 2025 09:03:18 +0000
ROA not before: Thu 05 Jun 2025 09:03:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29033
IP address blocks: 89.222.0.0/18 maxlen: 24
89.222.0.0/20 maxlen: 24
89.222.16.0/20 maxlen: 24
89.222.32.0/20 maxlen: 24
89.222.34.0/23 maxlen: 23
89.222.48.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.mft
rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 01 Jul 2025 21:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3f:54:98:75:25:e8:ce:a7:df:3a:0f:f5:56:fa:f9:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=07a32999c47eb31d5fbf16ecc3872eaefd43bad7
Validity
Not Before: Jun 5 09:03:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cc843a9c69bbe8a91af801b8dfa2c00f685fde0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:52:13:2d:74:b0:82:ac:97:4d:9e:ec:21:3c:
c6:03:30:ca:c3:2d:9e:fc:b2:f1:64:d2:b0:51:8e:
4c:a5:18:ff:ab:6d:a0:9e:59:c9:2c:bd:32:e4:99:
d6:f7:9d:2a:bc:58:7b:1b:00:26:88:32:e4:e2:3c:
08:e2:d6:e2:3a:d9:21:c9:c2:f9:f1:2d:6e:d2:33:
39:a5:dc:7c:9e:64:28:1b:97:8d:ca:a3:a3:4f:91:
ab:c5:24:7c:46:d6:20:3c:8d:31:c2:82:94:09:c0:
4a:51:01:f9:22:13:cc:b1:49:b8:04:e9:42:76:13:
fb:01:cb:5e:5b:2e:bd:aa:15:2a:a4:20:c6:fc:58:
cc:70:13:e0:58:39:20:d0:91:81:09:5f:4c:66:b3:
b2:54:47:f3:e5:73:2c:f0:b0:2d:80:95:29:e3:77:
3a:7b:49:6e:90:cc:88:2f:d1:a9:79:5e:20:34:e5:
57:9d:4b:d5:74:7c:77:39:7e:cb:dd:8c:3d:b7:bd:
0f:ab:2e:a1:1f:0c:cf:8b:c7:e2:68:ad:3e:06:99:
63:d6:7d:b2:49:2c:00:d3:85:84:07:21:a7:84:54:
ed:04:00:c4:03:02:f0:44:20:ec:e9:bb:cd:e9:70:
0a:b5:20:e6:5f:40:07:3f:a7:d3:ae:40:43:ee:cd:
70:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:84:3A:9C:69:BB:E8:A9:1A:F8:01:B8:DF:A2:C0:0F:68:5F:DE:0D
X509v3 Authority Key Identifier:
keyid:07:A3:29:99:C4:7E:B3:1D:5F:BF:16:EC:C3:87:2E:AE:FD:43:BA:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6MpmcR-sx1fvxbsw4curv1Dutc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/zIQ6nGm76Kka-AG436LAD2hf3g0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/738179-cf67-4199-b532-2fb2958ab8bb/1/B6MpmcR-sx1fvxbsw4curv1Dutc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.222.0.0/18
Signature Algorithm: sha256WithRSAEncryption
60:b7:62:3f:10:a3:07:ae:2a:25:39:de:d3:16:26:dc:15:85:
ee:d9:25:1c:ea:62:e0:8c:b0:3b:82:0f:c1:1a:0f:a4:a7:16:
06:3f:db:87:9d:83:f6:89:2f:b8:7c:db:a8:3b:4a:ca:05:1d:
3d:4d:88:fa:61:d2:9a:43:07:a9:24:51:e3:32:db:df:16:e5:
dd:a3:c8:c3:d2:68:a0:69:76:ea:98:d4:49:a3:de:7a:21:a7:
42:fc:78:8c:a4:8f:dc:06:c6:95:4f:13:41:c2:aa:db:67:d2:
fe:50:69:1e:bd:bc:b9:c4:57:7f:2d:b0:ac:ad:5b:23:ac:1e:
b1:33:0f:74:47:b7:16:ab:ed:a4:48:91:f4:24:b7:24:ad:76:
1f:a1:76:66:33:34:b8:85:24:56:a5:2c:d4:ad:a2:2d:93:63:
66:a0:53:d2:ed:eb:85:c2:8e:31:44:93:5b:1d:b0:a4:c2:08:
a5:3b:5e:35:52:91:e7:75:80:02:41:27:6e:a5:3a:da:88:97:
23:87:c2:9d:23:da:44:b9:dd:56:de:11:8f:22:47:bb:7c:8d:
5c:88:cd:dd:2d:c9:46:10:38:aa:12:38:d9:4c:fe:e0:b2:d0:
93:46:db:22:0f:d3:97:fb:9b:01:17:18:95:ee:6a:5a:b7:21:
38:f9:ad:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc/VJh1JejOp986D/VW+vmuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YTMyOTk5YzQ3ZWIzMWQ1ZmJmMTZlY2MzODcyZWFlZmQ0
M2JhZDcwHhcNMjUwNjA1MDkwMzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzg0M2E5YzY5YmJlOGE5MWFmODAxYjhkZmEyYzAwZjY4NWZkZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVITLXSwgqyXTZ7sITzGAzDKwy2e
/LLxZNKwUY5MpRj/q22gnlnJLL0y5JnW950qvFh7GwAmiDLk4jwI4tbiOtkhycL5
8S1u0jM5pdx8nmQoG5eNyqOjT5GrxSR8RtYgPI0xwoKUCcBKUQH5IhPMsUm4BOlC
dhP7ActeWy69qhUqpCDG/FjMcBPgWDkg0JGBCV9MZrOyVEfz5XMs8LAtgJUp43c6
e0lukMyIL9GpeV4gNOVXnUvVdHx3OX7L3Yw9t70Pqy6hHwzPi8fiaK0+Bplj1n2y
SSwA04WEByGnhFTtBADEAwLwRCDs6bvN6XAKtSDmX0AHP6fTrkBD7s1wjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyEOpxpu+ipGvgBuN+iwA9oX94NMB8GA1UdIwQY
MBaAFAejKZnEfrMdX78W7MOHLq79Q7rXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZNcG1jUi1zeDFmdnhic3c0Y3VydjFEdXRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83MzgxNzktY2Y2Ny00MTk5LWI1MzIt
MmZiMjk1OGFiOGJiLzEveklRNm5HbTc2S2thLUFHNDM2TEFEMmhmM2cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83MzgxNzktY2Y2Ny00MTk5LWI1MzItMmZiMjk1OGFiOGJi
LzEvQjZNcG1jUi1zeDFmdnhic3c0Y3VydjFEdXRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGWd4AMA0G
CSqGSIb3DQEBCwUAA4IBAQBgt2I/EKMHriolOd7TFibcFYXu2SUc6mLgjLA7gg/B
Gg+kpxYGP9uHnYP2iS+4fNuoO0rKBR09TYj6YdKaQwepJFHjMtvfFuXdo8jD0mig
aXbqmNRJo956IadC/HiMpI/cBsaVTxNBwqrbZ9L+UGkevby5xFd/LbCsrVsjrB6x
Mw90R7cWq+2kSJH0JLckrXYfoXZmMzS4hSRWpSzUraItk2NmoFPS7euFwo4xRJNb
HbCkwgilO141UpHndYACQSdupTraiJcjh8KdI9pEud1W3hGPIke7fI1ciM3dLclG
EDiqEjjZTP7gstCTRtsiD9OX+5sBFxiV7mpatyE4+a0P
-----END CERTIFICATE-----
Generated at Tue Jul 1 01:15:40 2025 by rpki-client