Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/UtqUPWUlOC9y-HXt36lTb06KtcY.roa
File: UtqUPWUlOC9y-HXt36lTb06KtcY.roa (raw, json)
Hash identifier: uhM4F6abSAnJyS3h08hW4Lm0fNY+5+iX/polZ3equ5E=
Subject key identifier: 52:DA:94:3D:65:25:38:2F:72:F8:75:ED:DF:A9:53:6F:4E:8A:B5:C6
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 01982DDBA3A2688B2DB2FC40BDBEF1AB4347
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/UtqUPWUlOC9y-HXt36lTb06KtcY.roa
Signing time: Mon 21 Jul 2025 16:40:25 +0000
ROA not before: Mon 21 Jul 2025 16:40:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.86.6.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
185.254.31.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.153.0/24 maxlen: 24
194.62.52.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 04:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:2d:db:a3:a2:68:8b:2d:b2:fc:40:bd:be:f1:ab:43:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jul 21 16:40:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=52da943d6525382f72f875eddfa9536f4e8ab5c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:c1:82:de:47:0e:0a:ca:63:c3:51:31:21:2c:
bb:92:b1:e3:0f:b3:6e:04:30:ba:54:02:b3:65:71:
4b:44:59:dd:76:25:6a:0d:85:d5:4d:7d:b6:6b:09:
f3:4d:ae:8a:40:2b:0b:5c:9d:e0:97:27:90:26:1b:
83:fa:0e:6c:75:00:52:ec:29:37:59:1f:aa:37:89:
d6:b5:2f:73:60:cb:15:9d:a3:75:58:fa:fb:0a:e1:
c4:c9:77:d8:78:53:ae:86:ab:3f:38:6f:63:06:c2:
90:01:ce:a2:61:64:c4:4a:dc:22:9b:78:f7:e9:0d:
ec:9d:11:00:ff:ff:98:85:fa:fa:f7:c2:5b:d5:14:
3f:c2:36:22:a2:96:f8:4e:4a:e2:bc:94:2c:a1:11:
83:1e:bc:c7:c5:b9:19:f7:9a:fb:9f:9c:ae:d2:bc:
0b:34:f5:fb:09:6b:7c:54:48:92:5f:0f:c9:ce:8d:
3a:dc:cb:cb:01:a1:58:7f:1d:0d:af:64:26:51:fc:
0d:44:0a:98:8d:7e:f4:8d:fc:26:d6:de:28:97:49:
57:2a:a9:78:4e:14:f1:44:dc:1f:49:f5:6c:c7:e0:
5f:33:3e:f9:2b:fd:1b:c1:a5:3a:5d:fe:f3:29:4f:
f1:87:60:92:e8:f8:6f:d9:0a:73:16:04:24:b8:22:
5b:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:DA:94:3D:65:25:38:2F:72:F8:75:ED:DF:A9:53:6F:4E:8A:B5:C6
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/UtqUPWUlOC9y-HXt36lTb06KtcY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.86.6.0/24
185.254.28.0/23
185.254.31.0/24
193.35.152.0/23
194.62.52.0/24
Signature Algorithm: sha256WithRSAEncryption
55:af:36:e0:b8:58:f3:7f:e7:50:4a:c8:32:36:8a:7f:88:ff:
59:da:32:72:24:6e:78:82:4f:f1:58:a3:02:a0:e6:39:5f:c7:
0d:a2:3c:86:09:a4:99:28:73:98:59:f6:f1:45:25:2a:88:65:
fb:cf:d3:b7:74:09:a5:88:1d:09:30:3e:04:66:85:b1:85:3a:
3d:e4:2f:70:a6:69:5d:59:8f:05:e9:fa:0b:23:85:7e:01:3e:
af:1e:0c:5d:fb:b2:51:26:a9:33:09:f6:5a:43:0b:0e:43:fb:
dd:d2:60:46:1b:7e:95:7d:64:64:51:98:14:b1:04:68:2b:27:
13:76:ac:80:41:fe:73:ef:af:e6:6f:3c:68:93:12:bf:94:4b:
4f:c5:92:e1:f8:71:4f:ff:b1:c9:b4:83:ee:74:61:f8:5d:75:
57:7f:7f:52:57:15:a4:02:bc:74:50:76:71:7c:d5:2c:db:b8:
d8:78:a5:e3:ee:df:69:25:e3:67:92:79:d7:8b:19:c7:a2:67:
75:09:6c:be:a1:b5:a8:01:86:07:ca:46:a7:4e:99:70:c1:a0:
8e:49:fb:27:b9:0d:1e:2b:93:34:ce:a9:45:76:3a:28:67:7d:
48:9e:7f:65:82:70:96:8a:af:db:39:4b:80:7c:59:84:10:04:
bc:6a:58:3a
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZgt26OiaIstsvxAvb7xq0NHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNzIxMTY0MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmRhOTQzZDY1MjUzODJmNzJmODc1ZWRkZmE5NTM2ZjRlOGFiNWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMGC3kcOCspjw1ExISy7krHjD7Nu
BDC6VAKzZXFLRFnddiVqDYXVTX22awnzTa6KQCsLXJ3glyeQJhuD+g5sdQBS7Ck3
WR+qN4nWtS9zYMsVnaN1WPr7CuHEyXfYeFOuhqs/OG9jBsKQAc6iYWTEStwim3j3
6Q3snREA//+Yhfr698Jb1RQ/wjYiopb4TkrivJQsoRGDHrzHxbkZ95r7n5yu0rwL
NPX7CWt8VEiSXw/Jzo063MvLAaFYfx0Nr2QmUfwNRAqYjX70jfwm1t4ol0lXKql4
ThTxRNwfSfVsx+BfMz75K/0bwaU6Xf7zKU/xh2CS6Phv2QpzFgQkuCJbjQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFFLalD1lJTgvcvh17d+pU29OirXGMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvVXRxVVBXVWxPQzl5LUhYdDM2bFRiMDZLdGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBABt7DED
BAJt7DADBAC5VgYDBAG5/hwDBAC5/h8DBAHBI5gDBADCPjQwDQYJKoZIhvcNAQEL
BQADggEBAFWvNuC4WPN/51BKyDI2in+I/1naMnIkbniCT/FYowKg5jlfxw2iPIYJ
pJkoc5hZ9vFFJSqIZfvP07d0CaWIHQkwPgRmhbGFOj3kL3CmaV1ZjwXp+gsjhX4B
Pq8eDF37slEmqTMJ9lpDCw5D+93SYEYbfpV9ZGRRmBSxBGgrJxN2rIBB/nPvr+Zv
PGiTEr+US0/FkuH4cU//scm0g+50YfhddVd/f1JXFaQCvHRQdnF81SzbuNh4pePu
32kl42eSedeLGceiZ3UJbL6htagBhgfKRqdOmXDBoI5J+ye5DR4rkzTOqUV2Oihn
fUief2WCcJaKr9s5S4B8WYQQBLxqWDo=
-----END CERTIFICATE-----
Generated at Wed Jul 23 12:06:16 2025 by rpki-client