Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NmLjr4D1oVlMUObOTvLM1xAzd4w.roa
File: NmLjr4D1oVlMUObOTvLM1xAzd4w.roa (raw, json)
Hash identifier: 2JPcfWuMTpLj1ICDWdYsPKsfferPa3mavJOhWQcLuVU=
Subject key identifier: 36:62:E3:AF:80:F5:A1:59:4C:50:E6:CE:4E:F2:CC:D7:10:33:77:8C
Certificate issuer: /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial: 019971A85E938EE61697932FD7C2B5D9128D
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NmLjr4D1oVlMUObOTvLM1xAzd4w.roa
Signing time: Mon 22 Sep 2025 13:41:23 +0000
ROA not before: Mon 22 Sep 2025 13:41:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200373
IP address blocks: 45.3.32.0/20 maxlen: 24
45.3.48.0/21 maxlen: 24
45.3.62.0/24 maxlen: 24
65.111.0.0/19 maxlen: 24
95.141.242.0/24 maxlen: 24
104.167.19.0/24 maxlen: 24
104.167.25.0/24 maxlen: 24
104.207.32.0/19 maxlen: 24
209.50.160.0/19 maxlen: 24
216.26.224.0/19 maxlen: 24
2a0a:da40::/29 maxlen: 29
2a13:3f80::/32 maxlen: 32
2a13:3f83::/32 maxlen: 32
2a13:3f84::/32 maxlen: 32
2a13:3f85::/32 maxlen: 32
2a13:3f86::/32 maxlen: 32
2a13:3f87::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.mft
rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:71:a8:5e:93:8e:e6:16:97:93:2f:d7:c2:b5:d9:12:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Validity
Not Before: Sep 22 13:41:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3662e3af80f5a1594c50e6ce4ef2ccd71033778c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:cf:85:31:71:fd:1b:dc:12:38:bc:e5:a3:44:
ff:a9:3d:ab:07:63:80:e8:6c:f8:93:62:f5:7a:e5:
f6:0f:1f:c5:ff:cd:0c:a1:d0:29:2e:63:f5:fc:a0:
f4:cf:91:3b:5d:f3:6d:42:e6:88:47:fe:e4:93:8f:
22:a9:e2:bb:36:ec:41:55:a9:34:ff:cf:51:53:5d:
88:3f:8f:cc:d6:0b:6a:75:e8:07:bd:36:05:bc:bf:
6d:3f:76:22:ad:91:78:47:4e:3e:6f:10:d9:24:4f:
50:f3:9e:f6:06:93:95:38:5c:f3:e4:f1:52:e2:21:
60:81:0a:01:9c:02:0c:4d:99:66:11:76:f1:8a:28:
b9:dc:0d:02:33:dc:71:77:d3:a8:69:04:a7:0e:4b:
5b:e9:02:be:25:0c:27:d1:19:ca:81:5a:e7:f5:e3:
23:44:d0:97:fc:ae:c1:a3:62:63:f7:c5:e9:e7:65:
93:a5:1a:95:03:52:e2:0e:5a:43:1e:9a:32:a0:6e:
87:8d:64:52:9f:83:1d:e2:14:ca:c9:c8:a4:b3:3f:
ca:52:41:d0:ff:2e:fe:4e:48:ae:ae:31:db:2e:ae:
dc:55:ec:b1:0b:70:79:b9:99:79:8e:6a:a5:b5:a1:
9b:4b:8e:70:66:e8:b4:6a:02:bf:19:75:16:89:6b:
ba:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:62:E3:AF:80:F5:A1:59:4C:50:E6:CE:4E:F2:CC:D7:10:33:77:8C
X509v3 Authority Key Identifier:
keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NmLjr4D1oVlMUObOTvLM1xAzd4w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.3.32.0-45.3.55.255
45.3.62.0/24
65.111.0.0/19
95.141.242.0/24
104.167.19.0/24
104.167.25.0/24
104.207.32.0/19
209.50.160.0/19
216.26.224.0/19
IPv6:
2a0a:da40::/29
2a13:3f80::/32
2a13:3f83::-2a13:3f87:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
42:38:2c:29:94:e9:ef:82:88:60:39:c9:01:c5:a6:3a:f0:f4:
5f:bd:6f:de:95:a7:53:25:1c:e9:0b:0d:1d:c4:85:69:17:a0:
ad:3b:fc:bc:1f:d7:50:7d:7c:1a:4d:46:ef:10:a3:9e:7a:37:
f7:45:46:9a:1c:eb:e3:50:d4:55:91:c4:e7:2d:2a:e7:a0:38:
2d:09:3e:d5:c2:65:76:e1:1d:d3:c2:2b:1f:2f:23:d5:6c:55:
5d:bf:4f:11:53:88:48:77:da:d6:d1:e1:12:26:26:ea:eb:b0:
bb:48:0f:98:4f:98:29:d3:a9:70:05:8a:7d:7e:05:f8:8f:5f:
5d:97:b8:df:5e:8f:0a:39:85:f2:b8:b9:c7:56:ac:86:95:ac:
04:d1:2b:bc:42:42:10:c5:32:5f:44:62:f4:4d:c4:a1:1c:60:
6d:78:38:52:89:30:c2:4f:c4:96:9e:0f:f9:e4:a8:37:0a:e8:
56:cf:a7:b5:8a:20:66:49:5f:37:52:4b:08:99:d6:8c:63:0f:
13:43:dc:f4:73:ab:f3:fd:5a:90:ae:36:ea:1b:61:96:bd:82:
b5:72:3d:38:b5:9e:a0:e4:30:12:43:bc:c1:e3:4f:55:45:dc:
31:d3:f9:be:84:d1:66:67:cd:41:39:52:4e:55:58:fd:ac:b3:
d7:29:ce:9c
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZlxqF6TjuYWl5Mv18K12RKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjUwOTIyMTM0MTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjYyZTNhZjgwZjVhMTU5NGM1MGU2Y2U0ZWYyY2NkNzEwMzM3NzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApc+FMXH9G9wSOLzlo0T/qT2rB2OA
6Gz4k2L1euX2Dx/F/80ModApLmP1/KD0z5E7XfNtQuaIR/7kk48iqeK7NuxBVak0
/89RU12IP4/M1gtqdegHvTYFvL9tP3YirZF4R04+bxDZJE9Q8572BpOVOFzz5PFS
4iFggQoBnAIMTZlmEXbxiii53A0CM9xxd9OoaQSnDktb6QK+JQwn0RnKgVrn9eMj
RNCX/K7Bo2Jj98Xp52WTpRqVA1LiDlpDHpoyoG6HjWRSn4Md4hTKyciksz/KUkHQ
/y7+TkiurjHbLq7cVeyxC3B5uZl5jmqltaGbS45wZui0agK/GXUWiWu6AQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFDZi46+A9aFZTFDmzk7yzNcQM3eMMB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEvTm1ManI0RDFvVmxNVU9iT1R2TE0xeEF6ZDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBEBAIAATA+MAwDBAUtAyAD
BAMtAzADBAAtAz4DBAVBbwADBABfjfIDBABopxMDBABopxkDBAVozyADBAXRMqAD
BAXYGuAwJAQCAAIwHgMFAyoK2kADBQAqEz+AMA4DBQAqEz+DAwUDKhM/gDANBgkq
hkiG9w0BAQsFAAOCAQEAQjgsKZTp74KIYDnJAcWmOvD0X71v3pWnUyUc6QsNHcSF
aRegrTv8vB/XUH18Gk1G7xCjnno390VGmhzr41DUVZHE5y0q56A4LQk+1cJlduEd
08IrHy8j1WxVXb9PEVOISHfa1tHhEiYm6uuwu0gPmE+YKdOpcAWKfX4F+I9fXZe4
316PCjmF8ri5x1ashpWsBNErvEJCEMUyX0Ri9E3EoRxgbXg4Uokwwk/Elp4P+eSo
NwroVs+ntYogZklfN1JLCJnWjGMPE0Pc9HOr8/1akK426hthlr2CtXI9OLWeoOQw
EkO8weNPVUXcMdP5voTRZmfNQTlSTlVY/ayz1ynOnA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:43:16 2025 by rpki-client