Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/t4rkzqg5UT0OMi6WCldDkMgj1hs.roa
File: t4rkzqg5UT0OMi6WCldDkMgj1hs.roa (raw, json)
Hash identifier: xcRmLqo3j2wiDp8nBGiqG57D8mrRI/rgqKQBAn5LHRg=
Subject key identifier: B7:8A:E4:CE:A8:39:51:3D:0E:32:2E:96:0A:57:43:90:C8:23:D6:1B
Certificate issuer: /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial: 01982C9C1F4490B13710F479BC27867E8F5B
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/t4rkzqg5UT0OMi6WCldDkMgj1hs.roa
Signing time: Mon 21 Jul 2025 10:51:25 +0000
ROA not before: Mon 21 Jul 2025 10:51:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 28964
IP address blocks: 5.172.32.0/24 maxlen: 24
89.23.64.0/24 maxlen: 24
89.23.73.0/24 maxlen: 24
89.23.91.0/24 maxlen: 24
89.23.95.0/24 maxlen: 24
109.111.241.0/24 maxlen: 24
109.111.242.0/24 maxlen: 24
109.111.251.0/24 maxlen: 24
178.254.160.0/23 maxlen: 23
178.254.162.0/24 maxlen: 24
178.254.164.0/24 maxlen: 24
178.254.166.0/24 maxlen: 24
178.254.167.0/24 maxlen: 24
178.254.173.0/24 maxlen: 24
178.254.174.0/24 maxlen: 24
178.254.178.0/24 maxlen: 24
178.254.185.0/24 maxlen: 24
185.157.45.0/24 maxlen: 24
185.157.46.0/24 maxlen: 24
185.157.47.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 07:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:2c:9c:1f:44:90:b1:37:10:f4:79:bc:27:86:7e:8f:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Validity
Not Before: Jul 21 10:51:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b78ae4cea839513d0e322e960a574390c823d61b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:b1:fc:5d:68:8d:0c:ea:37:f7:75:b0:b6:c8:
da:1f:44:da:f2:80:ed:9d:66:82:ac:c8:91:06:9a:
8d:6b:70:aa:c5:4b:ca:46:21:f7:2c:97:16:2b:30:
9f:b4:9e:86:ff:42:fa:f7:a0:53:1d:01:70:0c:7e:
50:fd:84:6a:a7:e2:48:dd:16:cb:2b:6c:6d:75:89:
cb:7a:8e:00:7b:68:e9:6f:e3:39:a2:6c:9d:19:6a:
ed:93:55:f9:d2:12:a2:6c:d9:57:83:69:6e:f5:be:
e4:a0:d3:3c:c0:cf:23:39:92:df:dc:f6:db:e4:4d:
52:e9:b3:10:29:b3:42:b5:0a:97:b8:25:c3:71:74:
df:fb:a0:a4:a6:f2:d6:ed:36:0f:8e:de:27:31:24:
2c:8c:b3:53:bb:7a:ee:20:8a:59:34:71:e6:1a:fb:
ca:ae:18:00:d3:7f:49:41:86:f7:e7:49:14:d1:06:
8f:ad:12:be:c7:b7:73:87:6f:6b:6e:a5:3b:fb:5f:
e3:53:37:18:0f:b5:7b:e7:d3:bf:ba:13:df:35:35:
5a:09:62:61:dd:b9:e3:7f:b3:2f:c5:c7:fb:7a:ca:
61:f4:42:2a:32:ce:28:42:6a:d1:a4:b7:e4:cb:60:
1d:7e:b7:b8:51:fa:66:38:77:13:bc:f6:0b:9a:26:
09:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:8A:E4:CE:A8:39:51:3D:0E:32:2E:96:0A:57:43:90:C8:23:D6:1B
X509v3 Authority Key Identifier:
keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/t4rkzqg5UT0OMi6WCldDkMgj1hs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.32.0/24
89.23.64.0/24
89.23.73.0/24
89.23.91.0/24
89.23.95.0/24
109.111.241.0-109.111.242.255
109.111.251.0/24
178.254.160.0-178.254.162.255
178.254.164.0/24
178.254.166.0/23
178.254.173.0-178.254.174.255
178.254.178.0/24
178.254.185.0/24
185.157.45.0-185.157.47.255
Signature Algorithm: sha256WithRSAEncryption
6e:03:d0:80:25:54:25:48:af:ea:8b:3f:cd:25:68:18:ef:fb:
0d:35:ea:05:c2:66:28:31:e7:7e:49:70:08:dc:4e:bb:30:7c:
d8:b2:a1:9f:e0:ea:55:83:b2:c6:3c:8b:6f:79:e9:d6:79:66:
3b:c2:62:05:c4:0e:ce:92:c5:de:86:32:9b:42:29:54:87:0b:
ea:a8:2b:9b:bd:0a:65:a5:0b:ac:f1:80:b2:49:58:50:07:ae:
44:3c:78:39:66:a7:6e:19:f5:3f:74:20:d6:da:bc:ff:11:d9:
49:dd:a6:d5:56:fe:6a:d6:40:d7:15:ba:cc:2e:5d:13:ff:d5:
94:17:9a:59:4f:96:1a:1c:4b:16:52:9d:fc:57:43:40:86:bf:
40:2b:b5:c0:e5:85:12:05:4f:13:57:b5:87:1f:e0:5e:89:77:
e1:d0:4f:b1:46:0d:e1:8b:4b:b9:54:d9:8e:15:d7:00:32:75:
12:1b:45:8f:85:2e:ec:9e:b4:1a:18:c7:00:f8:40:4a:fa:f1:
c0:65:72:b2:28:a7:7a:e1:14:8e:40:11:71:b7:18:a5:5f:45:
4d:81:40:3d:47:21:ea:ce:c2:89:1a:f3:46:17:60:ed:34:7c:
5f:b9:a6:56:e6:e9:f0:e0:62:8b:cf:eb:17:64:de:b8:ba:f7:
04:7f:28:11
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAZgsnB9EkLE3EPR5vCeGfo9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwNzIxMTA1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzhhZTRjZWE4Mzk1MTNkMGUzMjJlOTYwYTU3NDM5MGM4MjNkNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbH8XWiNDOo393WwtsjaH0Ta8oDt
nWaCrMiRBpqNa3CqxUvKRiH3LJcWKzCftJ6G/0L696BTHQFwDH5Q/YRqp+JI3RbL
K2xtdYnLeo4Ae2jpb+M5omydGWrtk1X50hKibNlXg2lu9b7koNM8wM8jOZLf3Pbb
5E1S6bMQKbNCtQqXuCXDcXTf+6CkpvLW7TYPjt4nMSQsjLNTu3ruIIpZNHHmGvvK
rhgA039JQYb350kU0QaPrRK+x7dzh29rbqU7+1/jUzcYD7V759O/uhPfNTVaCWJh
3bnjf7Mvxcf7esph9EIqMs4oQmrRpLfky2Adfre4UfpmOHcTvPYLmiYJsQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFLeK5M6oOVE9DjIulgpXQ5DII9YbMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvdDRya3pxZzVVVDBPTWk2V0NsZERrTWdqMWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAAWsIAME
AFkXQAMEAFkXSQMEAFkXWwMEAFkXXzAMAwQAbW/xAwQAbW/yAwQAbW/7MAwDBAWy
/qADBACy/qIDBACy/qQDBAGy/qYwDAMEALL+rQMEALL+rgMEALL+sgMEALL+uTAM
AwQAuZ0tAwQEuZ0gMA0GCSqGSIb3DQEBCwUAA4IBAQBuA9CAJVQlSK/qiz/NJWgY
7/sNNeoFwmYoMed+SXAI3E67MHzYsqGf4OpVg7LGPItveenWeWY7wmIFxA7OksXe
hjKbQilUhwvqqCubvQplpQus8YCySVhQB65EPHg5ZqduGfU/dCDW2rz/EdlJ3abV
Vv5q1kDXFbrMLl0T/9WUF5pZT5YaHEsWUp38V0NAhr9AK7XA5YUSBU8TV7WHH+Be
iXfh0E+xRg3hi0u5VNmOFdcAMnUSG0WPhS7snrQaGMcA+EBK+vHAZXKyKKd64RSO
QBFxtxilX0VNgUA9RyHqzsKJGvNGF2DtNHxfuaZW5unw4GKLz+sXZN64uvcEfygR
-----END CERTIFICATE-----
Generated at Wed Jul 23 12:21:44 2025 by rpki-client