Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/UShzAf12IpfTGieZ1mCIrzrhJHg.roa
File: UShzAf12IpfTGieZ1mCIrzrhJHg.roa (raw, json)
Hash identifier: qL31JBNYAcgAOjoHZe+Zvz2ftY9LCEZFAxatlXu2rsY=
Subject key identifier: 51:28:73:01:FD:76:22:97:D3:1A:27:99:D6:60:88:AF:3A:E1:24:78
Certificate issuer: /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial: 01980E657C4487F4327D11CC0DCE948B8769
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/UShzAf12IpfTGieZ1mCIrzrhJHg.roa
Signing time: Tue 15 Jul 2025 14:03:08 +0000
ROA not before: Tue 15 Jul 2025 14:03:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208208
IP address blocks: 84.252.120.0/24 maxlen: 24
84.252.121.0/24 maxlen: 24
84.252.122.0/24 maxlen: 24
84.252.123.0/24 maxlen: 24
2a0c:2500::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 16:21:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:0e:65:7c:44:87:f4:32:7d:11:cc:0d:ce:94:8b:87:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Validity
Not Before: Jul 15 14:03:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=51287301fd762297d31a2799d66088af3ae12478
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:d2:9b:10:fb:a0:b5:a6:33:28:cc:9a:33:71:
06:b6:61:49:d0:c7:88:83:21:3e:d1:4c:af:96:7e:
b9:58:6f:ac:12:e0:89:cf:83:de:2d:fe:17:19:19:
f3:21:ac:4c:ad:f4:71:6c:a4:26:f5:c4:dd:2a:9f:
e9:56:90:e2:bd:63:5c:59:8a:e3:56:07:08:b2:8b:
cb:3a:aa:1c:55:aa:e7:dc:bc:72:6f:44:76:eb:92:
69:19:d6:88:d6:6a:ee:94:21:5b:47:a2:df:52:88:
83:31:f6:a9:ef:f6:ad:b8:1e:b4:c0:77:56:72:46:
30:14:3c:fc:3f:19:24:82:25:db:67:fc:e9:a2:44:
9b:3a:46:ed:e3:a3:f0:71:bb:c4:4d:f6:6f:71:da:
a4:45:0b:22:d8:15:23:16:36:f3:89:1f:c5:b7:be:
5a:14:36:08:b7:99:bd:ef:07:62:85:95:3d:41:28:
f3:fd:5e:88:13:4a:a6:3a:e5:8c:34:33:6e:63:3f:
60:2d:28:5f:82:16:74:68:aa:71:e3:75:09:23:4c:
65:78:5a:8c:97:f0:c0:4d:ab:5c:22:ff:73:ec:cd:
38:74:9f:03:90:24:99:eb:bc:8b:92:58:5e:f6:1b:
0b:19:2a:ce:cc:4e:ba:d7:28:e4:c2:b5:60:5d:4c:
31:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:28:73:01:FD:76:22:97:D3:1A:27:99:D6:60:88:AF:3A:E1:24:78
X509v3 Authority Key Identifier:
keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/UShzAf12IpfTGieZ1mCIrzrhJHg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.252.120.0/22
IPv6:
2a0c:2500::/32
Signature Algorithm: sha256WithRSAEncryption
5d:f4:53:f5:a3:a9:e3:85:6d:b2:df:02:ad:4e:2e:6c:83:d7:
44:4b:d8:44:62:7e:26:8a:44:1c:4b:f6:66:c7:84:48:a1:ba:
bc:57:48:23:93:b9:eb:90:58:17:8a:66:7b:eb:03:5b:75:7d:
6a:6d:a2:6a:c3:d1:36:0e:7e:d9:a2:a5:c2:78:6d:0e:48:c6:
37:66:91:18:8c:e0:bd:7c:9c:24:65:7b:f8:37:bb:82:fe:8c:
8b:8d:a8:0b:d5:7e:1c:fe:ce:84:fc:a3:7e:9b:a9:6f:7a:8d:
05:70:71:bd:8d:c1:e2:af:d8:57:25:b8:20:a8:f9:4f:dc:64:
83:e1:af:21:04:4e:4a:ad:c4:a2:8e:6e:ce:90:64:bb:d8:10:
0d:e4:21:ab:69:48:03:8b:3e:11:61:3b:ad:bf:ab:bf:f2:72:
00:18:21:85:b1:44:8b:e5:7f:97:8a:b0:78:04:4c:40:a9:95:
10:d6:55:1a:27:bc:bc:99:6c:82:8d:0e:de:b2:7a:8b:59:0a:
f4:6b:0f:8f:a7:23:f5:cd:a8:db:f9:37:1c:fa:b1:ce:74:26:
d3:b8:94:58:1d:05:0e:75:0a:5f:d9:13:7a:d0:ba:22:35:69:
5f:e2:b3:8b:02:9d:ac:a9:a3:62:29:83:e6:00:06:c7:24:51:
ab:7d:79:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZgOZXxEh/QyfRHMDc6Ui4dpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwNzE1MTQwMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTI4NzMwMWZkNzYyMjk3ZDMxYTI3OTlkNjYwODhhZjNhZTEyNDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tKbEPugtaYzKMyaM3EGtmFJ0MeI
gyE+0Uyvln65WG+sEuCJz4PeLf4XGRnzIaxMrfRxbKQm9cTdKp/pVpDivWNcWYrj
VgcIsovLOqocVarn3Lxyb0R265JpGdaI1mrulCFbR6LfUoiDMfap7/atuB60wHdW
ckYwFDz8PxkkgiXbZ/zpokSbOkbt46PwcbvETfZvcdqkRQsi2BUjFjbziR/Ft75a
FDYIt5m97wdihZU9QSjz/V6IE0qmOuWMNDNuYz9gLShfghZ0aKpx43UJI0xleFqM
l/DATatcIv9z7M04dJ8DkCSZ67yLklhe9hsLGSrOzE661yjkwrVgXUwxvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFEocwH9diKX0xonmdZgiK864SR4MB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvVVNoekFmMTJJcGZUR2llWjFtQ0lyenJoSkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVPx4MA0E
AgACMAcDBQAqDCUAMA0GCSqGSIb3DQEBCwUAA4IBAQBd9FP1o6njhW2y3wKtTi5s
g9dES9hEYn4mikQcS/Zmx4RIobq8V0gjk7nrkFgXimZ76wNbdX1qbaJqw9E2Dn7Z
oqXCeG0OSMY3ZpEYjOC9fJwkZXv4N7uC/oyLjagL1X4c/s6E/KN+m6lveo0FcHG9
jcHir9hXJbggqPlP3GSD4a8hBE5KrcSijm7OkGS72BAN5CGraUgDiz4RYTutv6u/
8nIAGCGFsUSL5X+XirB4BExAqZUQ1lUaJ7y8mWyCjQ7esnqLWQr0aw+PpyP1zajb
+Tcc+rHOdCbTuJRYHQUOdQpf2RN60LoiNWlf4rOLAp2sqaNiKYPmAAbHJFGrfXlQ
-----END CERTIFICATE-----
Generated at Mon Jul 21 01:44:49 2025 by rpki-client