Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/CNNo6sJtcsVyHQty59h4qZzMc2Y.roa
File: CNNo6sJtcsVyHQty59h4qZzMc2Y.roa (raw, json)
Hash identifier: xoDyTFUhZm+5tdI2D1IzKY3vd2lTLUJ1UzcZ28pMODY=
Subject key identifier: 08:D3:68:EA:C2:6D:72:C5:72:1D:0B:72:E7:D8:78:A9:9C:CC:73:66
Certificate issuer: /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial: 01989981E94387085C91ABDAC0B178594F51
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/CNNo6sJtcsVyHQty59h4qZzMc2Y.roa
Signing time: Mon 11 Aug 2025 14:21:24 +0000
ROA not before: Mon 11 Aug 2025 14:21:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48449
IP address blocks: 46.20.97.0/24 maxlen: 24
185.160.194.0/24 maxlen: 24
185.160.195.0/24 maxlen: 24
185.169.220.0/24 maxlen: 24
185.169.221.0/24 maxlen: 24
185.169.222.0/24 maxlen: 24
185.169.223.0/24 maxlen: 24
2a14:80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 23:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:99:81:e9:43:87:08:5c:91:ab:da:c0:b1:78:59:4f:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
Validity
Not Before: Aug 11 14:21:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08d368eac26d72c5721d0b72e7d878a99ccc7366
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:54:46:d3:0e:3e:75:55:b3:30:de:f2:3d:96:
d1:ec:30:c2:c1:b0:0e:d0:5a:2e:8f:28:0f:16:df:
a6:20:87:74:61:b2:e1:b0:c9:32:bf:92:f4:48:8c:
ed:82:e3:04:4f:5b:74:7b:56:dc:ea:b7:90:79:0f:
25:a3:38:78:b1:eb:56:b3:9e:81:48:c1:d4:7c:54:
18:e9:5c:e9:51:b3:35:da:fa:56:a8:50:ae:44:f4:
35:be:88:19:f2:89:80:58:95:ce:c7:4e:cd:8b:66:
8b:53:e0:5d:89:f5:d9:7b:fd:1a:c1:c7:73:cd:4a:
ef:a4:74:8d:77:63:19:20:fc:d8:38:e8:72:dd:4c:
85:f4:f0:a6:b3:94:fc:22:da:c1:ac:a8:44:4e:ff:
d5:a7:d2:76:67:9b:b5:6c:d3:23:88:28:72:3d:32:
b8:2e:e1:0e:48:1b:f5:38:0b:d0:b4:31:f4:5f:ff:
87:6f:f0:7f:29:0e:c3:39:0e:65:93:3c:f8:c9:44:
b3:8e:5b:b8:ec:b5:c9:1f:b6:de:60:08:31:58:b4:
08:6a:8c:fe:2f:8e:1a:16:de:80:3c:7f:8f:0b:5f:
43:75:37:63:03:f3:cc:cf:31:ff:9e:2a:64:22:da:
85:36:46:81:55:4a:82:7a:e8:e7:e9:2f:60:55:d4:
c8:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:D3:68:EA:C2:6D:72:C5:72:1D:0B:72:E7:D8:78:A9:9C:CC:73:66
X509v3 Authority Key Identifier:
keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/CNNo6sJtcsVyHQty59h4qZzMc2Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.97.0/24
185.160.194.0/23
185.169.220.0/22
IPv6:
2a14:80::/48
Signature Algorithm: sha256WithRSAEncryption
03:eb:86:b3:3a:f5:64:02:79:9f:3b:c5:cc:4d:ba:90:8f:6b:
61:2e:5f:d9:1d:1b:8b:46:c6:5b:ff:f4:fc:a5:d1:1d:1b:cf:
3d:2b:bb:d1:1a:72:d2:f6:6d:29:11:3a:01:2a:9c:83:ec:f5:
79:0d:b6:45:d3:c4:c1:c4:e7:be:c1:7b:70:97:3c:2e:9a:ed:
9e:4d:ae:9e:06:97:bf:89:69:a4:16:e0:ea:b1:f0:c9:1b:4f:
6d:10:bc:d8:5e:06:67:79:8f:4f:b4:ad:55:87:3c:ac:10:56:
7d:3f:30:0d:21:81:99:eb:5b:5c:b0:0a:64:0c:9c:ac:58:4e:
ff:fe:b5:0f:cd:5c:aa:a5:67:85:15:f7:48:55:db:ad:84:dd:
52:41:8e:5d:f6:ad:69:3d:d5:db:f1:d0:ec:0e:a0:df:5c:4f:
25:5c:32:56:9b:15:d6:4d:b1:ab:44:d5:ec:bc:48:a6:99:c7:
f3:3b:5c:ca:fc:45:d6:9d:7f:cb:72:e4:7b:3f:28:7d:39:2c:
60:97:4f:15:a8:c4:df:1d:34:95:8b:07:42:0c:c9:71:76:70:
82:e6:17:1f:39:41:e7:5d:63:82:2b:1c:df:a5:4e:90:54:b8:
a3:e0:ac:3a:33:42:d0:95:06:1d:b0:9b:97:5c:7e:a0:15:a0:
63:96:63:a1
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZiZgelDhwhckavawLF4WU9RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjUwODExMTQyMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQzNjhlYWMyNmQ3MmM1NzIxZDBiNzJlN2Q4NzhhOTljY2M3MzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlRG0w4+dVWzMN7yPZbR7DDCwbAO
0FoujygPFt+mIId0YbLhsMkyv5L0SIztguMET1t0e1bc6reQeQ8lozh4setWs56B
SMHUfFQY6VzpUbM12vpWqFCuRPQ1vogZ8omAWJXOx07Ni2aLU+BdifXZe/0awcdz
zUrvpHSNd2MZIPzYOOhy3UyF9PCms5T8ItrBrKhETv/Vp9J2Z5u1bNMjiChyPTK4
LuEOSBv1OAvQtDH0X/+Hb/B/KQ7DOQ5lkzz4yUSzjlu47LXJH7beYAgxWLQIaoz+
L44aFt6APH+PC19DdTdjA/PMzzH/nipkItqFNkaBVUqCeujn6S9gVdTIowIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFAjTaOrCbXLFch0LcufYeKmczHNmMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvQ05ObzZzSnRjc1Z5SFF0eTU5aDRxWnpNYzJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQALhRhAwQB
uaDCAwQCuancMA8EAgACMAkDBwAqFACAAAAwDQYJKoZIhvcNAQELBQADggEBAAPr
hrM69WQCeZ87xcxNupCPa2EuX9kdG4tGxlv/9Pyl0R0bzz0ru9EactL2bSkROgEq
nIPs9XkNtkXTxMHE577Be3CXPC6a7Z5Nrp4Gl7+JaaQW4Oqx8MkbT20QvNheBmd5
j0+0rVWHPKwQVn0/MA0hgZnrW1ywCmQMnKxYTv/+tQ/NXKqlZ4UV90hV262E3VJB
jl32rWk91dvx0OwOoN9cTyVcMlabFdZNsatE1ey8SKaZx/M7XMr8Rdadf8ty5Hs/
KH05LGCXTxWoxN8dNJWLB0IMyXF2cILmFx85QeddY4IrHN+lTpBUuKPgrDozQtCV
Bh2wm5dcfqAVoGOWY6E=
-----END CERTIFICATE-----
Generated at Sun Aug 24 05:01:59 2025 by rpki-client