Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/93a843-d9e6-445e-b2a0-3ca409b5311f/1/kHiX8WHdFwuPFdrPXqiFRGBzUrk.roa
File: kHiX8WHdFwuPFdrPXqiFRGBzUrk.roa (raw, json)
Hash identifier: otjzQBnh+aIeRc4Qh5LotaBSTmBU7xZUCsHLwTppJLQ=
Subject key identifier: 90:78:97:F1:61:DD:17:0B:8F:15:DA:CF:5E:A8:85:44:60:73:52:B9
Certificate issuer: /CN=c6bc59f8f7544f1ea5ba5c18b38e2573517c9132
Certificate serial: 01982CFE14D47AF497BE601443D5ABDD05F6
Authority key identifier: C6:BC:59:F8:F7:54:4F:1E:A5:BA:5C:18:B3:8E:25:73:51:7C:91:32
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xrxZ-PdUTx6lulwYs44lc1F8kTI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/93a843-d9e6-445e-b2a0-3ca409b5311f/1/kHiX8WHdFwuPFdrPXqiFRGBzUrk.roa
Signing time: Mon 21 Jul 2025 12:38:25 +0000
ROA not before: Mon 21 Jul 2025 12:38:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202933
IP address blocks: 91.217.213.0/24 maxlen: 24
185.167.128.0/22 maxlen: 24
185.175.120.0/22 maxlen: 22
185.197.156.0/22 maxlen: 22
2a05:5480::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3e/93a843-d9e6-445e-b2a0-3ca409b5311f/1/xrxZ-PdUTx6lulwYs44lc1F8kTI.crl
rsync://rpki.ripe.net/repository/DEFAULT/3e/93a843-d9e6-445e-b2a0-3ca409b5311f/1/xrxZ-PdUTx6lulwYs44lc1F8kTI.mft
rsync://rpki.ripe.net/repository/DEFAULT/xrxZ-PdUTx6lulwYs44lc1F8kTI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 15:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:2c:fe:14:d4:7a:f4:97:be:60:14:43:d5:ab:dd:05:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c6bc59f8f7544f1ea5ba5c18b38e2573517c9132
Validity
Not Before: Jul 21 12:38:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=907897f161dd170b8f15dacf5ea88544607352b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:ec:7e:3e:ea:0c:01:ad:40:70:ce:8f:2a:6c:
36:b0:91:59:cf:54:e6:86:25:bc:b2:c5:42:f1:21:
82:d8:a3:ce:35:d4:49:df:93:47:e2:2e:00:5c:21:
8f:03:2e:ee:ec:ab:ff:f0:7a:48:b3:14:ae:be:87:
f5:39:09:13:a4:6c:bc:c7:03:af:b3:7b:f8:83:df:
67:15:b8:05:60:66:63:79:ac:bf:a2:e7:04:0f:0c:
63:04:0d:96:26:05:56:05:4e:18:71:34:7a:79:0b:
d3:64:8f:89:f9:f0:8b:04:ef:c7:2c:53:7f:04:e9:
d1:3d:c5:bc:fb:31:dd:c9:61:80:f5:97:e8:3e:0d:
d2:17:7b:3a:8a:57:33:2b:61:eb:57:14:3a:70:5d:
f5:7f:b7:27:85:4b:7f:4f:36:2d:d4:79:09:ea:a2:
97:3f:9c:ab:65:d0:c9:26:c8:79:ee:57:ff:23:f9:
69:8d:15:d4:18:b0:7f:5c:3f:c9:ca:b7:82:ea:8e:
e6:47:c9:6d:cc:2f:d0:5d:3b:7d:8c:0a:2a:cd:19:
d6:2b:50:d6:55:4f:0b:9b:6e:27:d4:0d:43:c1:9c:
65:f8:bd:a7:8e:2f:83:fe:67:45:15:5d:41:bc:6d:
a1:64:5a:c9:d8:59:55:39:fe:46:dc:b1:f3:31:e6:
a2:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:78:97:F1:61:DD:17:0B:8F:15:DA:CF:5E:A8:85:44:60:73:52:B9
X509v3 Authority Key Identifier:
keyid:C6:BC:59:F8:F7:54:4F:1E:A5:BA:5C:18:B3:8E:25:73:51:7C:91:32
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xrxZ-PdUTx6lulwYs44lc1F8kTI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/93a843-d9e6-445e-b2a0-3ca409b5311f/1/kHiX8WHdFwuPFdrPXqiFRGBzUrk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/93a843-d9e6-445e-b2a0-3ca409b5311f/1/xrxZ-PdUTx6lulwYs44lc1F8kTI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.217.213.0/24
185.167.128.0/22
185.175.120.0/22
185.197.156.0/22
IPv6:
2a05:5480::/29
Signature Algorithm: sha256WithRSAEncryption
44:03:f6:e8:b0:8b:03:e0:6c:2a:f3:29:4a:1a:a5:0b:10:cd:
09:d2:fd:9e:32:71:44:74:dd:75:d7:b0:b8:71:c3:a9:45:cb:
5d:20:92:66:b4:c0:5b:6a:92:d7:31:21:d8:6f:85:81:5c:26:
79:e1:ae:90:64:a1:46:ca:07:b3:4c:58:e5:00:d3:bf:5f:05:
d5:53:f7:36:ab:0b:7f:3b:b9:86:43:ff:05:3c:24:f7:86:95:
3a:1c:b9:9a:e8:8c:6d:13:cc:1c:2e:d1:34:dd:cc:13:21:72:
e8:98:9c:ed:09:3c:84:00:86:48:75:1b:f3:ff:52:7c:55:8a:
6b:f3:42:0f:1a:fa:6a:cd:d5:70:e3:4a:4f:72:01:2c:5a:68:
21:02:fd:b6:9f:6a:22:33:81:c9:89:38:0b:41:e9:bb:63:ed:
52:18:a6:c8:39:bd:b7:2e:8f:4d:40:b6:e4:be:ff:b3:7c:b2:
0a:d2:53:57:8e:7c:6f:9c:91:6f:59:d1:95:7d:6c:69:62:5f:
95:d1:82:6e:38:fd:2a:63:c9:9e:e0:7f:e5:b9:03:fc:88:88:
52:3a:ee:30:b2:c8:8b:3b:56:db:b9:be:78:09:11:f6:0d:aa:
0b:4d:1f:bd:4b:45:e3:5c:13:6f:fa:31:24:67:f5:df:ab:2a:
6a:93:61:fc
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZgs/hTUevSXvmAUQ9Wr3QX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YmM1OWY4Zjc1NDRmMWVhNWJhNWMxOGIzOGUyNTczNTE3
YzkxMzIwHhcNMjUwNzIxMTIzODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDc4OTdmMTYxZGQxNzBiOGYxNWRhY2Y1ZWE4ODU0NDYwNzM1MmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxex+PuoMAa1AcM6PKmw2sJFZz1Tm
hiW8ssVC8SGC2KPONdRJ35NH4i4AXCGPAy7u7Kv/8HpIsxSuvof1OQkTpGy8xwOv
s3v4g99nFbgFYGZjeay/oucEDwxjBA2WJgVWBU4YcTR6eQvTZI+J+fCLBO/HLFN/
BOnRPcW8+zHdyWGA9ZfoPg3SF3s6ilczK2HrVxQ6cF31f7cnhUt/TzYt1HkJ6qKX
P5yrZdDJJsh57lf/I/lpjRXUGLB/XD/JyreC6o7mR8ltzC/QXTt9jAoqzRnWK1DW
VU8Lm24n1A1DwZxl+L2nji+D/mdFFV1BvG2hZFrJ2FlVOf5G3LHzMeaiswIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJB4l/Fh3RcLjxXaz16ohURgc1K5MB8GA1UdIwQY
MBaAFMa8Wfj3VE8epbpcGLOOJXNRfJEyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHJ4Wi1QZFVUeDZsdWx3WXM0NGxjMUY4a1RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS85M2E4NDMtZDllNi00NDVlLWIyYTAt
M2NhNDA5YjUzMTFmLzEva0hpWDhXSGRGd3VQRmRyUFhxaUZSR0J6VXJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS85M2E4NDMtZDllNi00NDVlLWIyYTAtM2NhNDA5YjUzMTFm
LzEveHJ4Wi1QZFVUeDZsdWx3WXM0NGxjMUY4a1RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAW9nVAwQC
uaeAAwQCua94AwQCucWcMA0EAgACMAcDBQMqBVSAMA0GCSqGSIb3DQEBCwUAA4IB
AQBEA/bosIsD4Gwq8ylKGqULEM0J0v2eMnFEdN1117C4ccOpRctdIJJmtMBbapLX
MSHYb4WBXCZ54a6QZKFGygezTFjlANO/XwXVU/c2qwt/O7mGQ/8FPCT3hpU6HLma
6IxtE8wcLtE03cwTIXLomJztCTyEAIZIdRvz/1J8VYpr80IPGvpqzdVw40pPcgEs
WmghAv22n2oiM4HJiTgLQem7Y+1SGKbIOb23Lo9NQLbkvv+zfLIK0lNXjnxvnJFv
WdGVfWxpYl+V0YJuOP0qY8me4H/luQP8iIhSOu4wssiLO1bbub54CRH2DaoLTR+9
S0XjXBNv+jEkZ/Xfqypqk2H8
-----END CERTIFICATE-----
Generated at Sun Jul 27 00:39:45 2025 by rpki-client