Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/c8f647-ed79-42d9-8df6-05877604a01d/1/9SHpbhL3XuwxiKnoCroL_5tpXVo.roa
File: 9SHpbhL3XuwxiKnoCroL_5tpXVo.roa (raw, json)
Hash identifier: xPrIpxk+JNMXsVLk++89joWnIkf6ad6w3ouFrsF8d/w=
Subject key identifier: F5:21:E9:6E:12:F7:5E:EC:31:88:A9:E8:0A:BA:0B:FF:9B:69:5D:5A
Certificate issuer: /CN=ae7f187c12782fc4d844762235993329c4563a0d
Certificate serial: 0197F8C6356B92A047F06F2399A536454E74
Authority key identifier: AE:7F:18:7C:12:78:2F:C4:D8:44:76:22:35:99:33:29:C4:56:3A:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rn8YfBJ4L8TYRHYiNZkzKcRWOg0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/c8f647-ed79-42d9-8df6-05877604a01d/1/9SHpbhL3XuwxiKnoCroL_5tpXVo.roa
Signing time: Fri 11 Jul 2025 09:17:08 +0000
ROA not before: Fri 11 Jul 2025 09:17:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202877
IP address blocks: 185.151.252.0/22 maxlen: 22
185.151.252.0/24 maxlen: 24
185.151.253.0/24 maxlen: 24
185.151.254.0/24 maxlen: 24
185.151.255.0/24 maxlen: 24
185.251.14.0/24 maxlen: 24
2a07:7300::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/c8f647-ed79-42d9-8df6-05877604a01d/1/rn8YfBJ4L8TYRHYiNZkzKcRWOg0.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/c8f647-ed79-42d9-8df6-05877604a01d/1/rn8YfBJ4L8TYRHYiNZkzKcRWOg0.mft
rsync://rpki.ripe.net/repository/DEFAULT/rn8YfBJ4L8TYRHYiNZkzKcRWOg0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 11:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f8:c6:35:6b:92:a0:47:f0:6f:23:99:a5:36:45:4e:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ae7f187c12782fc4d844762235993329c4563a0d
Validity
Not Before: Jul 11 09:17:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f521e96e12f75eec3188a9e80aba0bff9b695d5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:e8:1d:25:f1:6f:34:0f:e5:d9:54:ff:13:87:
93:67:e4:8b:eb:3d:39:8a:c6:16:c1:de:29:90:d1:
b8:e8:d3:ed:5a:a6:52:03:fb:c6:9d:82:ae:87:9a:
0f:e4:b2:bc:1c:82:db:0d:45:a0:f8:bd:a1:e6:79:
35:ae:a5:91:45:b2:c5:1f:3c:df:4b:a5:16:28:a1:
bc:61:b2:40:d1:83:2d:d7:7c:d3:6a:31:b5:2e:a5:
6e:47:9e:91:55:76:10:99:1b:14:c6:98:5c:2e:85:
58:ab:1f:08:24:8d:42:3f:69:61:a5:70:3e:49:0d:
07:b0:f2:31:af:2f:82:61:00:d9:d7:23:39:55:fc:
15:99:37:f3:12:77:c9:8b:b3:aa:71:94:d1:cf:b7:
98:77:2d:3c:70:ee:1e:c5:99:08:b9:cd:12:dd:c6:
54:fe:80:2a:09:0a:c8:19:9a:07:97:0b:22:9c:b8:
5a:58:8e:1e:4b:3e:33:6a:df:39:a4:ab:8c:f0:7c:
8c:6a:58:40:e6:5a:20:20:09:6c:40:a9:42:3c:4a:
34:b3:60:f5:63:58:56:a8:2d:7c:0e:83:95:58:c5:
38:31:29:09:f5:2b:dc:ca:64:0e:b8:52:fa:7a:c9:
f3:86:32:ad:71:4d:e6:54:f3:69:2b:e3:f0:2b:3c:
a1:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:21:E9:6E:12:F7:5E:EC:31:88:A9:E8:0A:BA:0B:FF:9B:69:5D:5A
X509v3 Authority Key Identifier:
keyid:AE:7F:18:7C:12:78:2F:C4:D8:44:76:22:35:99:33:29:C4:56:3A:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rn8YfBJ4L8TYRHYiNZkzKcRWOg0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/c8f647-ed79-42d9-8df6-05877604a01d/1/9SHpbhL3XuwxiKnoCroL_5tpXVo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/c8f647-ed79-42d9-8df6-05877604a01d/1/rn8YfBJ4L8TYRHYiNZkzKcRWOg0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.151.252.0/22
185.251.14.0/24
IPv6:
2a07:7300::/29
Signature Algorithm: sha256WithRSAEncryption
97:53:c7:41:f8:58:e6:f2:50:a9:4b:bd:e9:55:da:72:f2:ac:
ea:44:f4:7b:0c:f2:e8:46:cd:05:be:29:38:ee:67:4f:b1:b4:
75:8b:7e:50:74:04:e7:45:6f:db:00:ca:b4:c8:78:9c:fd:69:
17:bf:81:83:a5:94:05:ac:c1:e6:c6:87:54:f7:c7:94:2d:1a:
7b:e7:55:fc:80:e8:02:a6:5e:ee:23:d0:0f:75:5a:29:fd:52:
22:f0:a5:37:71:d6:ca:c0:ba:4a:a8:3a:fe:2f:32:7c:2b:2f:
b7:3e:ad:cb:45:79:69:81:d1:24:90:7e:ff:3b:c5:96:cf:84:
b4:de:1f:39:5b:cb:22:bd:b3:82:4e:9e:d3:0c:64:b9:54:40:
62:d5:32:51:0a:03:0d:48:74:77:8b:3f:1d:45:02:26:68:67:
f3:e4:35:a1:8b:43:26:61:3f:fa:8f:df:8d:12:34:0b:51:39:
6d:73:37:ec:a4:75:fe:ec:80:42:15:97:7c:56:4e:fd:09:79:
51:99:cc:35:74:5d:f7:2a:53:40:d5:c1:74:3b:42:14:25:78:
87:08:29:1f:3f:c9:f9:40:13:29:36:37:fb:12:a9:64:f3:4f:
bf:71:a0:0b:1e:12:b8:fd:f5:5f:b2:2e:8a:be:9a:84:01:f7:
00:9a:49:ce
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZf4xjVrkqBH8G8jmaU2RU50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2YxODdjMTI3ODJmYzRkODQ0NzYyMjM1OTkzMzI5YzQ1
NjNhMGQwHhcNMjUwNzExMDkxNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTIxZTk2ZTEyZjc1ZWVjMzE4OGE5ZTgwYWJhMGJmZjliNjk1ZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAougdJfFvNA/l2VT/E4eTZ+SL6z05
isYWwd4pkNG46NPtWqZSA/vGnYKuh5oP5LK8HILbDUWg+L2h5nk1rqWRRbLFHzzf
S6UWKKG8YbJA0YMt13zTajG1LqVuR56RVXYQmRsUxphcLoVYqx8IJI1CP2lhpXA+
SQ0HsPIxry+CYQDZ1yM5VfwVmTfzEnfJi7OqcZTRz7eYdy08cO4exZkIuc0S3cZU
/oAqCQrIGZoHlwsinLhaWI4eSz4zat85pKuM8HyMalhA5logIAlsQKlCPEo0s2D1
Y1hWqC18DoOVWMU4MSkJ9SvcymQOuFL6esnzhjKtcU3mVPNpK+PwKzyhEwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPUh6W4S917sMYip6Aq6C/+baV1aMB8GA1UdIwQY
MBaAFK5/GHwSeC/E2ER2IjWZMynEVjoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm44WWZCSjRMOFRZUkhZaU5aa3pLY1JXT2cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jOGY2NDctZWQ3OS00MmQ5LThkZjYt
MDU4Nzc2MDRhMDFkLzEvOVNIcGJoTDNYdXd4aUtub0Nyb0xfNXRwWFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jOGY2NDctZWQ3OS00MmQ5LThkZjYtMDU4Nzc2MDRhMDFk
LzEvcm44WWZCSjRMOFRZUkhZaU5aa3pLY1JXT2cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuZf8AwQA
ufsOMA0EAgACMAcDBQMqB3MAMA0GCSqGSIb3DQEBCwUAA4IBAQCXU8dB+Fjm8lCp
S73pVdpy8qzqRPR7DPLoRs0Fvik47mdPsbR1i35QdATnRW/bAMq0yHic/WkXv4GD
pZQFrMHmxodU98eULRp751X8gOgCpl7uI9APdVop/VIi8KU3cdbKwLpKqDr+LzJ8
Ky+3Pq3LRXlpgdEkkH7/O8WWz4S03h85W8sivbOCTp7TDGS5VEBi1TJRCgMNSHR3
iz8dRQImaGfz5DWhi0MmYT/6j9+NEjQLUTltczfspHX+7IBCFZd8Vk79CXlRmcw1
dF33KlNA1cF0O0IUJXiHCCkfP8n5QBMpNjf7Eqlk80+/caALHhK4/fVfsi6KvpqE
AfcAmknO
-----END CERTIFICATE-----
Generated at Sat Jul 26 20:32:44 2025 by rpki-client