Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/p1Y3hGxgl6YnLGKP1MYMXhZVhNY.roa
File: p1Y3hGxgl6YnLGKP1MYMXhZVhNY.roa (raw, json)
Hash identifier: RHgqxtscEJ40zDSo/g8YZNdUlK0fQ3jmxTycYZeXZso=
Subject key identifier: A7:56:37:84:6C:60:97:A6:27:2C:62:8F:D4:C6:0C:5E:16:55:84:D6
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 0197FA4C39F50A47AEE34B4205507AFD5B92
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/p1Y3hGxgl6YnLGKP1MYMXhZVhNY.roa
Signing time: Fri 11 Jul 2025 16:23:08 +0000
ROA not before: Fri 11 Jul 2025 16:23:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7922
IP address blocks: 45.150.168.0/22 maxlen: 22
45.151.196.0/22 maxlen: 22
193.31.104.0/22 maxlen: 22
194.180.238.0/24 maxlen: 24
195.138.109.0/24 maxlen: 24
195.138.110.0/24 maxlen: 24
195.138.113.0/24 maxlen: 24
195.138.115.0/24 maxlen: 24
195.138.124.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Jul 2025 14:17:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:fa:4c:39:f5:0a:47:ae:e3:4b:42:05:50:7a:fd:5b:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jul 11 16:23:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a75637846c6097a6272c628fd4c60c5e165584d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:d7:04:69:de:a7:99:1c:2f:fe:c4:fc:c7:38:
42:77:d5:ef:d1:02:33:50:92:b4:55:5c:2b:c4:22:
07:fd:d7:36:17:62:af:29:0b:ae:f4:b1:43:0e:0f:
e5:70:e1:e4:a9:27:05:95:a1:64:82:33:75:bb:b0:
81:bf:e9:d9:5e:85:42:8d:a3:d3:10:74:bb:7d:9e:
d6:0c:59:04:07:ea:a2:56:98:55:b9:65:97:20:b2:
32:37:f8:4a:73:b3:ac:c8:52:20:e4:c0:50:c6:31:
fe:c6:9b:63:cf:fb:fd:b8:eb:c7:d8:27:b5:3f:65:
c8:18:ba:12:48:27:7f:2b:71:25:45:92:7d:bd:bf:
08:71:fd:fd:01:0b:7a:1a:ca:0a:0e:41:82:f0:00:
e0:66:30:82:0e:bb:b8:f5:75:94:6e:49:92:30:d8:
fd:bc:0e:c8:c2:9f:5f:a8:7d:b1:96:91:f1:f3:5a:
86:c4:df:33:27:39:1c:ce:e5:d7:96:06:49:bc:04:
d5:16:42:2d:ce:54:05:65:9a:00:f5:2d:ca:14:0e:
dd:d5:ef:a8:a0:b8:1d:a0:0b:fa:61:f1:d4:b8:40:
af:80:87:2c:a0:f1:5d:c3:48:78:89:6c:cc:5a:f7:
b4:62:81:9e:ed:bd:36:b3:a8:7d:26:ab:6f:31:78:
17:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:56:37:84:6C:60:97:A6:27:2C:62:8F:D4:C6:0C:5E:16:55:84:D6
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/p1Y3hGxgl6YnLGKP1MYMXhZVhNY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.168.0/22
45.151.196.0/22
193.31.104.0/22
194.180.238.0/24
195.138.109.0-195.138.110.255
195.138.113.0/24
195.138.115.0/24
195.138.124.0/22
Signature Algorithm: sha256WithRSAEncryption
0c:49:49:bc:19:0b:3b:00:e7:89:03:df:ae:9c:a4:69:db:46:
07:11:59:36:75:53:ca:3f:1f:24:ad:a0:b2:f5:25:9e:25:16:
05:82:f1:f7:3e:c3:7b:24:82:9e:35:1c:f9:5b:2f:70:af:0b:
33:33:04:dd:56:0b:61:03:d3:04:9f:e2:3a:4e:2b:47:8f:15:
86:a4:fc:70:d8:9b:42:47:1d:35:c1:3d:f3:fe:b4:e5:57:7e:
79:b2:e5:ca:8e:6e:d9:aa:4c:b0:d3:0c:f1:77:20:80:92:d5:
e5:09:0b:ff:89:ab:c5:ce:a1:2f:d4:3b:c7:96:28:5a:98:e7:
e1:b0:5a:7d:ab:e1:e1:29:12:1c:e7:62:d7:8e:39:ec:18:1f:
83:30:c6:cf:fe:49:9f:66:b7:0e:5e:c7:1a:63:fc:c6:b3:a0:
40:b9:dd:c7:c2:27:d5:91:cf:79:59:39:09:22:c5:cd:32:5a:
29:82:3c:e5:16:51:1b:69:e4:b1:a4:2e:e9:16:d5:e2:4e:e0:
6d:b2:c3:be:79:e2:33:5a:06:21:cc:73:3c:af:cc:1c:01:45:
49:59:21:e4:57:5e:17:0c:46:68:4b:61:e8:c9:dc:da:58:9e:
f3:9d:f2:ac:37:c4:80:bd:7d:a8:f8:69:00:74:e4:c4:02:5e:
5c:a9:8b:df
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZf6TDn1Ckeu40tCBVB6/VuSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwNzExMTYyMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzU2Mzc4NDZjNjA5N2E2MjcyYzYyOGZkNGM2MGM1ZTE2NTU4NGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9cEad6nmRwv/sT8xzhCd9Xv0QIz
UJK0VVwrxCIH/dc2F2KvKQuu9LFDDg/lcOHkqScFlaFkgjN1u7CBv+nZXoVCjaPT
EHS7fZ7WDFkEB+qiVphVuWWXILIyN/hKc7OsyFIg5MBQxjH+xptjz/v9uOvH2Ce1
P2XIGLoSSCd/K3ElRZJ9vb8Icf39AQt6GsoKDkGC8ADgZjCCDru49XWUbkmSMNj9
vA7Iwp9fqH2xlpHx81qGxN8zJzkczuXXlgZJvATVFkItzlQFZZoA9S3KFA7d1e+o
oLgdoAv6YfHUuECvgIcsoPFdw0h4iWzMWve0YoGe7b02s6h9JqtvMXgXQQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKdWN4RsYJemJyxij9TGDF4WVYTWMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvcDFZM2hHeGdsNlluTEdLUDFNWU1YaFpWaE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCLZaoAwQC
LZfEAwQCwR9oAwQAwrTuMAwDBADDim0DBADDim4DBADDinEDBADDinMDBALDinww
DQYJKoZIhvcNAQELBQADggEBAAxJSbwZCzsA54kD366cpGnbRgcRWTZ1U8o/HySt
oLL1JZ4lFgWC8fc+w3skgp41HPlbL3CvCzMzBN1WC2ED0wSf4jpOK0ePFYak/HDY
m0JHHTXBPfP+tOVXfnmy5cqObtmqTLDTDPF3IICS1eUJC/+Jq8XOoS/UO8eWKFqY
5+GwWn2r4eEpEhznYteOOewYH4Mwxs/+SZ9mtw5exxpj/MazoEC53cfCJ9WRz3lZ
OQkixc0yWimCPOUWURtp5LGkLukW1eJO4G2yw7554jNaBiHMczyvzBwBRUlZIeRX
XhcMRmhLYejJ3NpYnvOd8qw3xIC9faj4aQB05MQCXlypi98=
-----END CERTIFICATE-----
Generated at Mon Jul 21 23:13:44 2025 by rpki-client