Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/825DCz2mq2E7wDXWvy31QeArHF0.roa
File: 825DCz2mq2E7wDXWvy31QeArHF0.roa (raw, json)
Hash identifier: 2q6ZWLJGlnxrEUOtEqL4YovBrmWrQ8+kLMFOARJlQI4=
Subject key identifier: F3:6E:43:0B:3D:A6:AB:61:3B:C0:35:D6:BF:2D:F5:41:E0:2B:1C:5D
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 0197E916B68AEFBB801FD3305AA04783676D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/825DCz2mq2E7wDXWvy31QeArHF0.roa
Signing time: Tue 08 Jul 2025 08:11:09 +0000
ROA not before: Tue 08 Jul 2025 08:11:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 399486
IP address blocks: 163.5.32.0/24 maxlen: 24
163.5.64.0/24 maxlen: 24
163.5.112.0/24 maxlen: 24
163.5.160.0/24 maxlen: 24
163.5.169.0/24 maxlen: 24
163.5.210.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Jul 2025 20:26:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:e9:16:b6:8a:ef:bb:80:1f:d3:30:5a:a0:47:83:67:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Jul 8 08:11:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f36e430b3da6ab613bc035d6bf2df541e02b1c5d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:0a:d3:c1:b2:d1:ec:98:ce:5d:92:c7:74:de:
78:2a:4a:b2:db:ae:5d:14:af:c1:6c:a1:04:9a:82:
fe:23:a8:ad:d6:26:70:77:78:31:7a:82:67:d0:02:
22:15:17:17:33:b8:5c:c8:50:42:20:7b:d8:b9:89:
cd:dc:7b:c4:12:f7:6f:ba:a0:f5:ef:87:73:d2:1d:
08:56:73:04:57:ce:be:33:34:a1:9e:c1:bf:53:81:
94:69:62:5c:78:c1:9d:f2:fe:ed:e8:31:b4:37:35:
97:d6:09:a6:1e:34:87:fe:ff:69:50:29:a7:62:8a:
92:14:ec:f9:7d:95:fe:18:93:d2:c6:7c:d5:44:98:
f7:45:95:a7:9b:87:39:44:65:44:0a:f4:bf:5b:2d:
e0:45:e2:02:3f:7c:c0:70:4e:75:d2:76:f8:c7:36:
d6:63:24:88:1c:ba:7f:40:d2:4e:a1:fb:f0:11:f6:
87:2e:bb:88:01:2a:b1:0d:93:59:78:b6:0f:71:16:
8f:a3:8c:43:d8:fa:ef:2a:14:54:57:83:b6:c6:fb:
70:22:d0:dc:d3:f3:e3:4a:96:f2:7b:3a:c8:1c:e2:
90:86:e4:9e:76:23:6c:80:f7:5f:74:c2:7e:ef:97:
0f:35:b4:3a:7e:dc:ce:91:6d:eb:85:3f:3e:77:25:
b0:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:6E:43:0B:3D:A6:AB:61:3B:C0:35:D6:BF:2D:F5:41:E0:2B:1C:5D
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/825DCz2mq2E7wDXWvy31QeArHF0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.32.0/24
163.5.64.0/24
163.5.112.0/24
163.5.160.0/24
163.5.169.0/24
163.5.210.0/24
Signature Algorithm: sha256WithRSAEncryption
7c:98:5f:73:99:a6:31:d4:30:27:70:77:e4:b9:73:18:08:30:
03:fd:3b:6a:66:da:90:fb:ee:58:1b:26:0f:36:8a:5d:26:5c:
32:12:30:bc:d8:0f:f8:0d:90:7e:39:54:4f:ab:d2:12:58:be:
e5:c1:55:a1:d1:e4:1a:6c:09:8d:e2:b0:72:36:1f:0d:17:a1:
3a:a5:52:b9:78:8b:81:a3:cb:a9:40:c1:f5:77:29:79:42:20:
b3:f6:bc:20:72:65:05:32:da:c8:2f:79:b7:79:34:60:8a:02:
ea:7d:93:e8:bb:55:f6:45:60:6c:7a:9f:45:dd:46:64:d8:6f:
5a:bc:b0:ed:7a:b5:7f:26:30:97:a1:d8:11:d6:18:39:a7:dc:
a9:e1:94:da:3e:d3:02:09:7e:b8:bf:2b:7c:9b:37:d5:39:4c:
c4:a7:97:3c:f8:65:7a:23:fe:98:11:16:fa:cb:7d:54:09:88:
ef:f4:99:d9:38:aa:54:66:23:c4:1e:2f:fd:e5:2b:f6:e8:2a:
e0:c9:01:9f:af:a2:1c:4a:f2:7f:92:ce:6d:7c:43:4f:db:66:
84:b9:17:96:2b:53:9c:96:75:79:86:2c:21:b8:97:d2:fd:58:
3a:13:e7:9a:db:95:a7:d2:ad:95:d2:4f:ce:8f:06:65:c0:fd:
09:15:97:93
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZfpFraK77uAH9MwWqBHg2dtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNzA4MDgxMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzZlNDMwYjNkYTZhYjYxM2JjMDM1ZDZiZjJkZjU0MWUwMmIxYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwrTwbLR7JjOXZLHdN54Kkqy265d
FK/BbKEEmoL+I6it1iZwd3gxeoJn0AIiFRcXM7hcyFBCIHvYuYnN3HvEEvdvuqD1
74dz0h0IVnMEV86+MzShnsG/U4GUaWJceMGd8v7t6DG0NzWX1gmmHjSH/v9pUCmn
YoqSFOz5fZX+GJPSxnzVRJj3RZWnm4c5RGVECvS/Wy3gReICP3zAcE510nb4xzbW
YySIHLp/QNJOofvwEfaHLruIASqxDZNZeLYPcRaPo4xD2PrvKhRUV4O2xvtwItDc
0/PjSpbyezrIHOKQhuSediNsgPdfdMJ+75cPNbQ6ftzOkW3rhT8+dyWwRQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPNuQws9pqthO8A11r8t9UHgKxxdMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvODI1REN6Mm1xMkU3d0RYV3Z5MzFRZUFySEYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAowUgAwQA
owVAAwQAowVwAwQAowWgAwQAowWpAwQAowXSMA0GCSqGSIb3DQEBCwUAA4IBAQB8
mF9zmaYx1DAncHfkuXMYCDAD/TtqZtqQ++5YGyYPNopdJlwyEjC82A/4DZB+OVRP
q9ISWL7lwVWh0eQabAmN4rByNh8NF6E6pVK5eIuBo8upQMH1dyl5QiCz9rwgcmUF
MtrIL3m3eTRgigLqfZPou1X2RWBsep9F3UZk2G9avLDterV/JjCXodgR1hg5p9yp
4ZTaPtMCCX64vyt8mzfVOUzEp5c8+GV6I/6YERb6y31UCYjv9JnZOKpUZiPEHi/9
5Sv26CrgyQGfr6IcSvJ/ks5tfENP22aEuReWK1OclnV5hiwhuJfS/Vg6E+ea25Wn
0q2V0k/OjwZlwP0JFZeT
-----END CERTIFICATE-----
Generated at Tue Jul 22 04:18:51 2025 by rpki-client