Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/o7DFQSNSbtxlgxW6FLch62D8QIA.roa
File: o7DFQSNSbtxlgxW6FLch62D8QIA.roa (raw, json)
Hash identifier: OW5TPqzlu/5OlPd3vdKxLAlylVm0d636/VsxyEnIicU=
Subject key identifier: A3:B0:C5:41:23:52:6E:DC:65:83:15:BA:14:B7:21:EB:60:FC:40:80
Certificate issuer: /CN=1808bf7fe48b057f9f2f3d5d1a6310fd9e14c571
Certificate serial: 0197C0B7D5BE97D52A788EBD857569531BFA
Authority key identifier: 18:08:BF:7F:E4:8B:05:7F:9F:2F:3D:5D:1A:63:10:FD:9E:14:C5:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/o7DFQSNSbtxlgxW6FLch62D8QIA.roa
Signing time: Mon 30 Jun 2025 12:02:42 +0000
ROA not before: Mon 30 Jun 2025 12:02:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14061
IP address blocks: 5.42.203.0/24 maxlen: 24
5.101.96.0/20 maxlen: 24
37.139.0.0/19 maxlen: 22
46.101.0.0/16 maxlen: 22
80.240.128.0/20 maxlen: 22
82.196.0.0/20 maxlen: 22
95.85.0.0/18 maxlen: 22
146.185.128.0/19 maxlen: 22
146.185.160.0/19 maxlen: 22
167.172.0.0/16 maxlen: 22
178.62.0.0/16 maxlen: 22
178.128.0.0/17 maxlen: 22
178.128.128.0/17 maxlen: 22
185.14.184.0/22 maxlen: 22
188.166.0.0/16 maxlen: 22
188.226.128.0/17 maxlen: 22
2a03:b0c0::/32 maxlen: 48
2a12:1840::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.mft
rsync://rpki.ripe.net/repository/DEFAULT/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 06:21:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c0:b7:d5:be:97:d5:2a:78:8e:bd:85:75:69:53:1b:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1808bf7fe48b057f9f2f3d5d1a6310fd9e14c571
Validity
Not Before: Jun 30 12:02:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a3b0c54123526edc658315ba14b721eb60fc4080
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:b6:29:5e:37:ee:6e:7d:00:e5:05:ee:58:a3:
16:11:46:34:70:d2:93:0a:f9:99:14:64:b5:20:da:
82:e3:3f:60:f6:40:51:07:e0:96:37:f0:a7:03:e5:
36:67:b9:5f:21:26:b8:0a:73:3c:96:14:95:41:88:
ae:16:e8:45:ee:cd:cc:30:17:be:be:b3:09:7a:17:
a3:01:e3:62:14:6b:c8:52:a1:3e:b2:0e:17:09:7a:
dc:6a:96:fa:23:2b:11:f9:6f:b3:bb:0f:15:79:ab:
29:3f:46:f4:ac:2d:b6:6e:69:c5:59:77:3c:f8:ab:
9c:63:e1:2d:79:9d:2c:03:57:11:d5:1a:7f:4e:dd:
6f:37:fe:37:51:e9:c4:d7:7c:81:34:cd:b2:df:71:
c4:13:35:15:24:33:76:2b:fc:73:5f:88:9b:25:65:
2d:d1:d5:c3:00:6f:2a:c0:12:23:e4:0d:c7:02:38:
ca:52:ba:1c:bd:41:6f:7c:0a:51:9d:04:45:c1:46:
ce:1d:41:dc:2d:b9:27:00:ae:57:fa:06:1f:48:66:
a6:45:13:2b:47:c2:44:41:1f:5d:9a:81:dc:b5:27:
2b:44:79:f0:92:1e:10:c1:a9:bc:81:17:3c:90:53:
13:b7:94:1e:7a:66:48:84:81:f0:dc:66:43:b5:d1:
05:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:B0:C5:41:23:52:6E:DC:65:83:15:BA:14:B7:21:EB:60:FC:40:80
X509v3 Authority Key Identifier:
keyid:18:08:BF:7F:E4:8B:05:7F:9F:2F:3D:5D:1A:63:10:FD:9E:14:C5:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/o7DFQSNSbtxlgxW6FLch62D8QIA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.203.0/24
5.101.96.0/20
37.139.0.0/19
46.101.0.0/16
80.240.128.0/20
82.196.0.0/20
95.85.0.0/18
146.185.128.0/18
167.172.0.0/16
178.62.0.0/16
178.128.0.0/16
185.14.184.0/22
188.166.0.0/16
188.226.128.0/17
IPv6:
2a03:b0c0::/32
2a12:1840::/29
Signature Algorithm: sha256WithRSAEncryption
27:da:dc:72:66:cf:1c:2f:59:3e:b7:3a:2e:da:e7:e5:4e:23:
b9:c3:d3:46:1d:14:0c:e0:2c:17:4e:50:86:0c:56:e0:0c:13:
75:77:af:43:df:cc:e8:89:ec:da:c1:b3:ae:22:f0:f3:33:b1:
e8:fc:aa:47:d1:f2:d2:b7:21:ea:68:96:5e:09:90:8b:74:14:
23:b5:65:78:53:29:97:c3:1c:6d:56:59:f2:4f:5d:42:f1:20:
91:a7:b8:07:b7:18:84:25:5c:21:00:62:fa:09:c0:25:01:9c:
38:25:8a:98:3c:5b:13:ab:ee:0f:f0:7d:fb:27:76:27:05:97:
67:ca:9d:7f:ad:85:33:b6:e5:06:51:ba:25:87:e4:ec:37:3c:
4a:05:2f:32:6d:14:05:d1:d9:a0:93:0d:5b:d4:ae:bf:a0:89:
dc:16:c8:59:12:e7:31:00:ae:a4:1f:b4:d1:63:20:01:86:4b:
88:19:c7:be:1e:55:28:9d:12:00:3c:7a:33:46:19:2a:c6:15:
69:f1:52:6e:8a:02:5c:77:fa:d8:07:17:fa:e0:bb:8f:85:c5:
11:19:f6:40:62:5e:a4:ed:d6:a2:fd:7f:f6:d3:96:9f:13:37:
0d:e5:93:19:13:38:d7:a4:54:cf:25:96:a3:79:a1:9d:70:bb:
c3:84:b6:94
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAZfAt9W+l9UqeI69hXVpUxv6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MDhiZjdmZTQ4YjA1N2Y5ZjJmM2Q1ZDFhNjMxMGZkOWUx
NGM1NzEwHhcNMjUwNjMwMTIwMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2IwYzU0MTIzNTI2ZWRjNjU4MzE1YmExNGI3MjFlYjYwZmM0MDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8bYpXjfubn0A5QXuWKMWEUY0cNKT
CvmZFGS1INqC4z9g9kBRB+CWN/CnA+U2Z7lfISa4CnM8lhSVQYiuFuhF7s3MMBe+
vrMJehejAeNiFGvIUqE+sg4XCXrcapb6IysR+W+zuw8VeaspP0b0rC22bmnFWXc8
+KucY+EteZ0sA1cR1Rp/Tt1vN/43UenE13yBNM2y33HEEzUVJDN2K/xzX4ibJWUt
0dXDAG8qwBIj5A3HAjjKUrocvUFvfApRnQRFwUbOHUHcLbknAK5X+gYfSGamRRMr
R8JEQR9dmoHctScrRHnwkh4Qwam8gRc8kFMTt5QeemZIhIHw3GZDtdEFNwIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFKOwxUEjUm7cZYMVuhS3Ietg/ECAMB8GA1UdIwQY
MBaAFBgIv3/kiwV/ny89XRpjEP2eFMVxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0FpX2YtU0xCWC1mTHoxZEdtTVFfWjRVeFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MTBjM2ItZjg3MC00NzZiLWExNjMt
OWQzOTJlZWUwZjY2LzEvbzdERlFTTlNidHhsZ3hXNkZMY2g2MkQ4UUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MTBjM2ItZjg3MC00NzZiLWExNjMtOWQzOTJlZWUwZjY2
LzEvR0FpX2YtU0xCWC1mTHoxZEdtTVFfWjRVeFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBVBAIAATBPAwQABSrLAwQE
BWVgAwQFJYsAAwMALmUDBARQ8IADBARSxAADBAZfVQADBAaSuYADAwCnrAMDALI+
AwMAsoADBAK5DrgDAwC8pgMEB7zigDAUBAIAAjAOAwUAKgOwwAMFAyoSGEAwDQYJ
KoZIhvcNAQELBQADggEBACfa3HJmzxwvWT63Oi7a5+VOI7nD00YdFAzgLBdOUIYM
VuAME3V3r0PfzOiJ7NrBs64i8PMzsej8qkfR8tK3Iepoll4JkIt0FCO1ZXhTKZfD
HG1WWfJPXULxIJGnuAe3GIQlXCEAYvoJwCUBnDglipg8WxOr7g/wffsndicFl2fK
nX+thTO25QZRuiWH5Ow3PEoFLzJtFAXR2aCTDVvUrr+gidwWyFkS5zEArqQftNFj
IAGGS4gZx74eVSidEgA8ejNGGSrGFWnxUm6KAlx3+tgHF/rgu4+FxREZ9kBiXqTt
1qL9f/bTlp8TNw3lkxkTONekVM8llqN5oZ1wu8OEtpQ=
-----END CERTIFICATE-----
Generated at Sun Jul 20 14:26:24 2025 by rpki-client