Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/0mnSL4P1Mb9qsD-XMEq-yyZjaoE.roa
File: 0mnSL4P1Mb9qsD-XMEq-yyZjaoE.roa (raw, json)
Hash identifier: TztJkngsor+bYH8BNBvFcrCq8QN/N29xad2ATDFfZg4=
Subject key identifier: D2:69:D2:2F:83:F5:31:BF:6A:B0:3F:97:30:4A:BE:CB:26:63:6A:81
Certificate issuer: /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial: 01977AC93C30A1AA75A6E4047A3CC5FA9830
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/0mnSL4P1Mb9qsD-XMEq-yyZjaoE.roa
Signing time: Mon 16 Jun 2025 22:08:17 +0000
ROA not before: Mon 16 Jun 2025 22:08:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201106
IP address blocks: 37.72.132.0/24 maxlen: 32
45.142.156.0/24 maxlen: 32
45.142.157.0/24 maxlen: 32
45.142.158.0/23 maxlen: 32
45.145.72.0/23 maxlen: 32
45.145.74.0/23 maxlen: 32
45.150.164.0/22 maxlen: 32
45.150.226.0/23 maxlen: 32
45.151.132.0/22 maxlen: 32
45.154.212.0/22 maxlen: 32
62.204.54.0/24 maxlen: 24
94.154.114.0/24 maxlen: 32
146.19.114.0/24 maxlen: 32
146.19.223.0/24 maxlen: 32
178.22.30.0/24 maxlen: 32
188.93.139.0/24 maxlen: 32
193.218.200.0/23 maxlen: 32
193.221.94.0/23 maxlen: 32
194.124.218.0/23 maxlen: 32
194.124.224.0/23 maxlen: 32
194.147.98.0/23 maxlen: 32
194.147.100.0/23 maxlen: 32
212.18.111.0/24 maxlen: 32
217.114.47.0/24 maxlen: 32
2a0e:da40:4000::/34 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 01 Jul 2025 23:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:7a:c9:3c:30:a1:aa:75:a6:e4:04:7a:3c:c5:fa:98:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Validity
Not Before: Jun 16 22:08:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d269d22f83f531bf6ab03f97304abecb26636a81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:eb:c3:51:12:87:89:6e:93:07:82:b8:27:8d:
8f:40:31:2a:71:a6:3d:93:9b:95:0a:af:37:2e:0b:
e4:4b:b7:fe:5b:b7:67:bd:31:f7:60:fc:cc:27:17:
ad:6d:cc:d8:8b:5b:b4:b5:d8:38:6d:13:4c:76:de:
ed:c9:7f:7b:3b:74:75:a2:b5:cf:1f:78:4d:49:a8:
48:b8:a4:2d:ac:00:b2:15:c9:bd:6c:3f:71:eb:6c:
f7:9d:17:e3:42:55:7f:da:ec:1a:fb:58:48:51:41:
b2:ca:e8:1c:26:e0:4d:ca:08:08:de:48:fe:63:cb:
03:ee:fd:82:fb:ed:57:cf:fe:25:ba:09:09:26:cc:
ae:bb:82:f2:4b:90:75:36:b3:8a:5f:66:26:cc:87:
03:74:00:f6:c8:1c:72:0e:3d:78:76:1e:04:c9:ec:
3a:d8:a1:94:3e:84:bb:7c:79:ca:13:22:dc:3d:48:
03:68:80:f6:3c:5e:d2:ce:72:12:89:ed:3f:1b:84:
9a:3f:e5:f2:0a:cb:76:95:80:43:51:1b:e6:9d:14:
6c:53:ca:de:21:70:8a:a8:6b:29:01:12:69:d1:89:
23:99:06:16:fa:16:30:c4:54:97:22:b8:a2:9c:14:
52:4f:1d:5a:1a:c9:2e:57:33:4a:a0:42:c7:48:45:
0a:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:69:D2:2F:83:F5:31:BF:6A:B0:3F:97:30:4A:BE:CB:26:63:6A:81
X509v3 Authority Key Identifier:
keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/0mnSL4P1Mb9qsD-XMEq-yyZjaoE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.72.132.0/24
45.142.156.0/22
45.145.72.0/22
45.150.164.0/22
45.150.226.0/23
45.151.132.0/22
45.154.212.0/22
62.204.54.0/24
94.154.114.0/24
146.19.114.0/24
146.19.223.0/24
178.22.30.0/24
188.93.139.0/24
193.218.200.0/23
193.221.94.0/23
194.124.218.0/23
194.124.224.0/23
194.147.98.0-194.147.101.255
212.18.111.0/24
217.114.47.0/24
IPv6:
2a0e:da40:4000::/34
Signature Algorithm: sha256WithRSAEncryption
68:da:3b:64:39:b6:67:1d:50:23:5e:34:b1:bf:98:68:47:a7:
6d:e8:6e:90:06:d4:c8:99:58:94:3a:1d:52:b0:7b:1c:03:5e:
26:57:cb:54:7a:88:34:8c:5f:2b:6b:0a:09:bd:f4:99:07:3e:
2b:9b:b7:a7:00:1e:77:24:05:f6:e9:81:fa:69:66:c1:31:8c:
6c:34:33:e4:c5:c5:57:5a:07:c4:ba:ad:ae:e8:b5:82:6d:29:
e1:8a:ca:84:e1:f2:63:15:6d:7f:0e:ad:3f:4e:22:1e:c3:68:
d2:4f:f7:78:49:cc:2f:23:36:7e:f2:f1:6a:98:23:cd:58:33:
98:7c:c5:ed:dc:2f:cc:1d:db:89:0f:5f:72:14:17:a6:11:2d:
db:ac:5a:d9:5f:62:b0:b3:67:94:af:d5:7d:40:0e:df:39:ee:
d3:c2:c1:ab:bb:15:8b:64:dc:9e:6c:78:ef:01:8d:fe:8e:9a:
9e:51:06:dd:f3:86:b2:ce:0a:43:52:06:3c:9b:be:e0:cc:8b:
54:10:da:02:35:ce:82:6b:50:4e:74:cc:d3:0e:a0:66:79:da:
f5:6e:af:0f:b5:01:e6:e3:4d:f1:2f:5c:b7:f1:8d:e5:8f:a6:
2f:24:8e:c7:ef:4d:4d:70:8b:78:2a:9c:11:8e:56:24:95:66:
23:4a:0b:96
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgISAZd6yTwwoap1puQEejzF+pgwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjUwNjE2MjIwODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjY5ZDIyZjgzZjUzMWJmNmFiMDNmOTczMDRhYmVjYjI2NjM2YTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOvDURKHiW6TB4K4J42PQDEqcaY9
k5uVCq83LgvkS7f+W7dnvTH3YPzMJxetbczYi1u0tdg4bRNMdt7tyX97O3R1orXP
H3hNSahIuKQtrACyFcm9bD9x62z3nRfjQlV/2uwa+1hIUUGyyugcJuBNyggI3kj+
Y8sD7v2C++1Xz/4lugkJJsyuu4LyS5B1NrOKX2YmzIcDdAD2yBxyDj14dh4Eyew6
2KGUPoS7fHnKEyLcPUgDaID2PF7SznISie0/G4SaP+XyCst2lYBDURvmnRRsU8re
IXCKqGspARJp0YkjmQYW+hYwxFSXIriinBRSTx1aGskuVzNKoELHSEUKWQIDAQAB
o4ICmDCCApQwHQYDVR0OBBYEFNJp0i+D9TG/arA/lzBKvssmY2qBMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvMG1uU0w0UDFNYjlxc0QtWE1FcS15eVpqYW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGtBggrBgEFBQcBBwEB/wSBnTCBmjCBhwQCAAEwgYADBAAl
SIQDBAItjpwDBAItkUgDBAItlqQDBAEtluIDBAItl4QDBAItmtQDBAA+zDYDBABe
mnIDBACSE3IDBACSE98DBACyFh4DBAC8XYsDBAHB2sgDBAHB3V4DBAHCfNoDBAHC
fOAwDAMEAcKTYgMEAcKTZAMEANQSbwMEANlyLzAOBAIAAjAIAwYGKg7aQEAwDQYJ
KoZIhvcNAQELBQADggEBAGjaO2Q5tmcdUCNeNLG/mGhHp23obpAG1MiZWJQ6HVKw
exwDXiZXy1R6iDSMXytrCgm99JkHPiubt6cAHnckBfbpgfppZsExjGw0M+TFxVda
B8S6ra7otYJtKeGKyoTh8mMVbX8OrT9OIh7DaNJP93hJzC8jNn7y8WqYI81YM5h8
xe3cL8wd24kPX3IUF6YRLdusWtlfYrCzZ5Sv1X1ADt857tPCwau7FYtk3J5seO8B
jf6Omp5RBt3zhrLOCkNSBjybvuDMi1QQ2gI1zoJrUE50zNMOoGZ52vVurw+1Aebj
TfEvXLfxjeWPpi8kjsfvTU1wi3gqnBGOViSVZiNKC5Y=
-----END CERTIFICATE-----
Generated at Tue Jul 1 06:23:18 2025 by rpki-client