Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xrpOvCGfC12GMAtnnGHJXhkwR7Y.roa
File: xrpOvCGfC12GMAtnnGHJXhkwR7Y.roa (raw, json)
Hash identifier: aEEfiRXz4HGa7UJO9eyM2i0rPqbuYD7dAcy2y2OVnYM=
Subject key identifier: C6:BA:4E:BC:21:9F:0B:5D:86:30:0B:67:9C:61:C9:5E:19:30:47:B6
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 01982DDAB8EC9FB973323EF98B45E4257EC3
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xrpOvCGfC12GMAtnnGHJXhkwR7Y.roa
Signing time: Mon 21 Jul 2025 16:39:25 +0000
ROA not before: Mon 21 Jul 2025 16:39:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48678
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
185.254.31.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.153.0/24 maxlen: 24
194.62.52.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 04:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:2d:da:b8:ec:9f:b9:73:32:3e:f9:8b:45:e4:25:7e:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jul 21 16:39:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c6ba4ebc219f0b5d86300b679c61c95e193047b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:f4:bf:8a:48:c5:00:eb:9b:01:b2:4b:d6:95:
93:8d:90:85:83:ec:f0:a2:95:de:7e:ea:21:85:af:
26:af:85:10:1d:99:a8:45:47:7f:bb:4c:e6:68:07:
52:5d:a4:e6:67:58:64:5a:3c:c2:b1:b3:07:36:da:
f4:ca:e6:a6:c6:07:77:a8:fc:24:de:e1:26:8d:33:
71:06:74:b2:19:0e:33:0d:bf:a0:c7:0b:87:84:3b:
d9:df:b2:cc:ca:13:09:3c:c4:9e:0a:31:41:b1:a3:
a3:55:ce:8d:38:0a:1d:c5:df:ca:44:0c:a7:26:ad:
e6:66:ed:88:43:cf:07:ce:95:18:a2:3e:80:d1:cf:
d1:a1:85:38:ef:ac:3c:ea:92:95:ef:18:7f:6d:f8:
db:1e:da:34:ab:30:11:28:7e:8b:fb:83:94:9f:96:
39:15:44:d9:68:28:42:ea:93:6e:84:4c:0f:d6:2c:
58:ca:b3:2c:32:46:d1:91:09:63:95:7e:4a:4b:c4:
e9:e7:7c:e7:a9:f4:8a:22:42:45:56:ce:d6:69:6a:
b4:94:10:d4:bc:0c:af:4f:96:98:47:9b:0c:77:cc:
9f:bf:f1:5a:fb:f9:82:7e:00:92:a5:98:e0:eb:1d:
61:8f:41:ac:dc:97:4a:c4:81:ef:f5:21:43:aa:a9:
e8:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:BA:4E:BC:21:9F:0B:5D:86:30:0B:67:9C:61:C9:5E:19:30:47:B6
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xrpOvCGfC12GMAtnnGHJXhkwR7Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.254.28.0/23
185.254.31.0/24
193.35.152.0/23
194.62.52.0/24
Signature Algorithm: sha256WithRSAEncryption
69:22:55:c0:d9:d2:e5:e2:d7:a7:34:07:f2:2e:0c:80:fc:b0:
8b:a5:44:ec:a9:3e:de:ac:a4:b6:45:69:cd:3c:51:ab:cf:c7:
1d:6e:dd:cf:38:b6:eb:a4:e1:d9:47:24:9a:3b:0c:6f:1b:67:
83:76:72:b8:58:bf:a3:1e:a6:c5:6f:aa:8f:d2:b5:46:92:72:
b8:a7:cc:73:06:a8:52:30:ce:44:d5:31:e0:73:63:71:a7:c1:
2f:66:4a:46:e6:0a:89:e3:8a:79:a7:05:56:62:55:a1:53:72:
b7:c2:c7:63:cf:e9:e3:65:6e:a1:41:4f:0a:32:93:05:db:d1:
64:1e:c4:61:3c:74:83:86:83:3c:6e:8f:93:54:9e:fa:83:20:
5c:c4:b7:80:a4:e1:94:8c:15:a8:18:98:88:d6:9e:c3:95:ed:
0e:66:bf:68:bf:87:1f:fc:1f:42:fe:cc:e2:5a:77:b8:0a:f2:
ee:bb:82:97:dc:fd:db:6d:d9:65:46:e0:11:e1:4c:e1:bb:1b:
b6:06:06:c8:8b:45:9c:e0:0c:4e:00:39:23:cf:6a:fe:07:88:
d3:2c:a3:0e:6b:c4:95:97:8b:31:71:4e:7f:0e:6b:72:13:3b:
c1:9c:1a:e9:04:7d:75:db:66:0c:d0:0a:04:62:fb:46:1b:89:
65:b5:ac:90
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZgt2rjsn7lzMj75i0XkJX7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNzIxMTYzOTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmJhNGViYzIxOWYwYjVkODYzMDBiNjc5YzYxYzk1ZTE5MzA0N2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/S/ikjFAOubAbJL1pWTjZCFg+zw
opXefuohha8mr4UQHZmoRUd/u0zmaAdSXaTmZ1hkWjzCsbMHNtr0yuamxgd3qPwk
3uEmjTNxBnSyGQ4zDb+gxwuHhDvZ37LMyhMJPMSeCjFBsaOjVc6NOAodxd/KRAyn
Jq3mZu2IQ88HzpUYoj6A0c/RoYU476w86pKV7xh/bfjbHto0qzARKH6L+4OUn5Y5
FUTZaChC6pNuhEwP1ixYyrMsMkbRkQljlX5KS8Tp53znqfSKIkJFVs7WaWq0lBDU
vAyvT5aYR5sMd8yfv/Fa+/mCfgCSpZjg6x1hj0Gs3JdKxIHv9SFDqqnoOwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFMa6TrwhnwtdhjALZ5xhyV4ZMEe2MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEveHJwT3ZDR2ZDMTJHTUF0bm5HSEpYaGt3UjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBABt7DED
BAJt7DADBAG5/hwDBAC5/h8DBAHBI5gDBADCPjQwDQYJKoZIhvcNAQELBQADggEB
AGkiVcDZ0uXi16c0B/IuDID8sIulROypPt6spLZFac08UavPxx1u3c84tuuk4dlH
JJo7DG8bZ4N2crhYv6MepsVvqo/StUaScrinzHMGqFIwzkTVMeBzY3GnwS9mSkbm
ConjinmnBVZiVaFTcrfCx2PP6eNlbqFBTwoykwXb0WQexGE8dIOGgzxuj5NUnvqD
IFzEt4Ck4ZSMFagYmIjWnsOV7Q5mv2i/hx/8H0L+zOJad7gK8u67gpfc/dtt2WVG
4BHhTOG7G7YGBsiLRZzgDE4AOSPPav4HiNMsow5rxJWXizFxTn8Oa3ITO8GcGukE
fXXbZgzQCgRi+0YbiWW1rJA=
-----END CERTIFICATE-----
Generated at Wed Jul 23 12:06:17 2025 by rpki-client