Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/BM2MLmg12ECYh12xAXCE-2_sk5g.roa
File: BM2MLmg12ECYh12xAXCE-2_sk5g.roa (raw, json)
Hash identifier: AIVPFmTWhLv1hlKTHEvB6w0YxBGjYbVFMUzTy8dPUmI=
Subject key identifier: 04:CD:8C:2E:68:35:D8:40:98:87:5D:B1:01:70:84:FB:6F:EC:93:98
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 01981489D09BB33FA9D5E4BE01BD3FF5A2A6
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/BM2MLmg12ECYh12xAXCE-2_sk5g.roa
Signing time: Wed 16 Jul 2025 18:40:32 +0000
ROA not before: Wed 16 Jul 2025 18:40:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2914
IP address blocks: 5.182.28.0/22 maxlen: 22
91.242.70.0/24 maxlen: 24
91.242.73.0/24 maxlen: 24
91.242.74.0/24 maxlen: 24
91.242.105.0/24 maxlen: 24
91.242.126.0/24 maxlen: 24
176.126.223.0/24 maxlen: 24
185.180.145.0/24 maxlen: 24
194.50.201.0/24 maxlen: 24
194.180.238.0/24 maxlen: 24
195.138.103.0/24 maxlen: 24
195.138.114.0/24 maxlen: 24
195.138.118.0/24 maxlen: 24
195.138.120.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Jul 2025 14:17:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:14:89:d0:9b:b3:3f:a9:d5:e4:be:01:bd:3f:f5:a2:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jul 16 18:40:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04cd8c2e6835d84098875db1017084fb6fec9398
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:a1:df:d4:ba:77:e5:e2:79:ac:b6:a9:21:ec:
fb:d0:e5:98:14:ee:30:d7:5e:15:83:3e:20:f9:26:
1f:00:36:2b:59:5a:f4:0d:46:f6:f2:6f:c3:4d:ee:
b7:f5:a4:ec:e0:bb:8c:c9:fb:9e:50:96:02:2a:61:
55:d4:57:58:b2:6d:60:2c:29:26:7a:a6:0f:60:59:
b2:dc:b3:fa:cc:97:22:26:cd:15:c0:33:d3:0a:ee:
cf:17:04:7f:d9:f9:88:70:34:cc:b7:57:42:ac:9a:
94:09:9a:94:77:57:00:4e:10:34:80:99:db:84:1f:
03:a5:2e:18:4a:e7:ff:3e:c9:b7:af:19:ff:ba:c9:
0d:3e:51:51:fe:fb:84:bd:8f:e1:ba:f9:b8:8e:ba:
e9:25:01:58:79:d4:18:aa:59:c9:dc:c2:ff:46:52:
bf:41:62:89:a5:fa:74:88:ef:fb:d0:c4:dc:72:29:
0d:f9:78:0e:29:ff:a3:1c:c7:ad:73:e5:cd:d3:7c:
65:c0:f4:dc:89:23:9f:c5:43:36:23:e3:cf:a1:8e:
38:53:01:55:60:31:5e:d6:87:19:e4:80:cd:36:9c:
82:c1:cd:78:e1:54:01:c3:8e:cf:ed:0a:a6:0f:ce:
5a:41:13:ae:69:3e:dd:3b:35:b4:6d:7b:78:45:c5:
9d:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:CD:8C:2E:68:35:D8:40:98:87:5D:B1:01:70:84:FB:6F:EC:93:98
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/BM2MLmg12ECYh12xAXCE-2_sk5g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.28.0/22
91.242.70.0/24
91.242.73.0-91.242.74.255
91.242.105.0/24
91.242.126.0/24
176.126.223.0/24
185.180.145.0/24
194.50.201.0/24
194.180.238.0/24
195.138.103.0/24
195.138.114.0/24
195.138.118.0/24
195.138.120.0/24
Signature Algorithm: sha256WithRSAEncryption
6a:da:45:fe:fd:92:4e:fb:91:2c:79:9d:5b:2b:2c:7d:b2:cb:
67:85:16:73:1c:b6:1a:05:81:06:13:ff:61:cd:e0:eb:b3:41:
94:05:84:c9:03:e6:71:25:15:42:dd:6a:22:93:22:2b:62:84:
ac:0f:40:e5:17:e1:8d:04:d3:be:5c:0a:75:62:c6:00:59:73:
71:03:4d:e1:c9:62:b4:70:44:63:7e:e4:a9:03:40:19:01:78:
12:d9:b2:e2:83:24:5e:a6:02:00:34:2c:e2:7d:c7:fd:52:d8:
1c:bc:67:93:39:3c:29:3b:42:d6:af:00:d5:55:ec:1d:14:ab:
61:93:43:31:93:bf:20:0d:e8:81:ed:a4:dd:c3:a4:52:63:e8:
4c:1e:51:00:9e:d1:a2:37:51:dd:fd:eb:8f:63:e7:3c:7c:1e:
3a:bd:98:a4:9f:f7:00:db:72:81:14:f4:57:55:df:91:ba:6b:
10:7f:bb:b4:f9:0b:77:77:cd:c2:62:8c:80:1b:17:d9:e6:39:
f2:d3:3a:d5:f6:b0:25:fc:20:d7:8c:54:61:94:da:d4:9b:bd:
2f:42:66:3a:4f:ab:89:27:57:b5:ef:dc:17:4c:4f:1c:de:bb:
f4:50:b0:5e:d3:c8:4e:fa:89:8d:ec:97:af:00:05:a1:20:e0:
a6:eb:cd:33
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZgUidCbsz+p1eS+Ab0/9aKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwNzE2MTg0MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGNkOGMyZTY4MzVkODQwOTg4NzVkYjEwMTcwODRmYjZmZWM5Mzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaHf1Lp35eJ5rLapIez70OWYFO4w
114Vgz4g+SYfADYrWVr0DUb28m/DTe639aTs4LuMyfueUJYCKmFV1FdYsm1gLCkm
eqYPYFmy3LP6zJciJs0VwDPTCu7PFwR/2fmIcDTMt1dCrJqUCZqUd1cAThA0gJnb
hB8DpS4YSuf/Psm3rxn/uskNPlFR/vuEvY/huvm4jrrpJQFYedQYqlnJ3ML/RlK/
QWKJpfp0iO/70MTccikN+XgOKf+jHMetc+XN03xlwPTciSOfxUM2I+PPoY44UwFV
YDFe1ocZ5IDNNpyCwc144VQBw47P7QqmD85aQROuaT7dOzW0bXt4RcWdUQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFATNjC5oNdhAmIddsQFwhPtv7JOYMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvQk0yTUxtZzEyRUNZaDEyeEFYQ0UtMl9zazVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQCBbYcAwQA
W/JGMAwDBABb8kkDBABb8koDBABb8mkDBABb8n4DBACwft8DBAC5tJEDBADCMskD
BADCtO4DBADDimcDBADDinIDBADDinYDBADDingwDQYJKoZIhvcNAQELBQADggEB
AGraRf79kk77kSx5nVsrLH2yy2eFFnMcthoFgQYT/2HN4OuzQZQFhMkD5nElFULd
aiKTIitihKwPQOUX4Y0E075cCnVixgBZc3EDTeHJYrRwRGN+5KkDQBkBeBLZsuKD
JF6mAgA0LOJ9x/1S2By8Z5M5PCk7QtavANVV7B0Uq2GTQzGTvyAN6IHtpN3DpFJj
6EweUQCe0aI3Ud39649j5zx8Hjq9mKSf9wDbcoEU9FdV35G6axB/u7T5C3d3zcJi
jIAbF9nmOfLTOtX2sCX8INeMVGGU2tSbvS9CZjpPq4knV7Xv3BdMTxzeu/RQsF7T
yE76iY3sl68ABaEg4KbrzTM=
-----END CERTIFICATE-----
Generated at Mon Jul 21 22:47:24 2025 by rpki-client