Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/ifStQJH6h61gXzd85oKxb1wYvIo.roa
File: ifStQJH6h61gXzd85oKxb1wYvIo.roa (raw, json)
Hash identifier: PYagtoYBUy4fLCAClzLwQB6c4RiUTsdHGxuWIrbYVfI=
Subject key identifier: 89:F4:AD:40:91:FA:87:AD:60:5F:37:7C:E6:82:B1:6F:5C:18:BC:8A
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 0197D6161B802BAA6CDC6E71EE6FDB16BC28
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/ifStQJH6h61gXzd85oKxb1wYvIo.roa
Signing time: Fri 04 Jul 2025 15:37:42 +0000
ROA not before: Fri 04 Jul 2025 15:37:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58061
IP address blocks: 170.168.4.0/24 maxlen: 24
170.168.5.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 07:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:d6:16:1b:80:2b:aa:6c:dc:6e:71:ee:6f:db:16:bc:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Jul 4 15:37:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=89f4ad4091fa87ad605f377ce682b16f5c18bc8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:55:7f:9c:ef:46:fc:ce:64:5e:60:69:7c:3e:
68:28:b9:c0:f8:d2:13:f7:28:a4:cf:ea:51:5c:45:
0c:35:66:fe:68:6c:18:2e:e3:cb:ac:90:07:16:2f:
19:83:ea:64:2f:24:e6:b6:3a:a4:a5:4c:e5:f3:7f:
6e:43:f3:7d:2e:41:c8:8b:a4:73:a7:6c:02:cc:3e:
e4:18:80:97:0f:7a:f9:d3:f2:9d:5c:bc:82:22:3d:
66:88:ee:ab:60:cd:4f:5a:fd:b7:ea:50:4a:3e:ae:
c9:30:3c:ee:79:7c:e7:e0:99:35:5c:91:65:6f:1d:
58:bd:0e:cb:e3:b9:70:19:84:d1:45:49:eb:fa:d0:
73:ec:aa:57:dd:8c:52:cf:71:f1:76:ec:15:1f:5b:
fd:fc:0e:dd:44:ff:cf:f4:af:c3:d1:30:21:6c:6d:
19:4c:a0:cc:67:ee:f7:8f:ff:87:69:95:f3:e5:b8:
be:5a:62:de:4b:2f:7c:5a:9a:be:53:04:1f:87:f4:
89:a8:a9:90:58:47:ed:97:3f:1e:12:8e:de:f8:70:
e2:52:4f:85:e7:15:d2:fe:2c:43:02:ff:2c:ef:2e:
ee:76:d1:37:fc:73:96:4b:f7:8a:7d:a7:8c:d1:76:
01:5f:da:78:6d:7e:c9:11:50:c1:9c:f2:4e:ae:2b:
fe:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:F4:AD:40:91:FA:87:AD:60:5F:37:7C:E6:82:B1:6F:5C:18:BC:8A
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/ifStQJH6h61gXzd85oKxb1wYvIo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
170.168.4.0/23
Signature Algorithm: sha256WithRSAEncryption
3e:60:e1:85:93:96:24:c7:dc:ff:f0:2e:63:8f:b3:cc:d0:c5:
cc:69:d2:38:05:45:b8:c3:26:af:77:39:12:4e:97:40:b5:99:
50:e2:66:83:20:79:dd:a7:d9:61:98:61:49:4c:8b:fb:34:d8:
7c:84:45:c5:54:65:14:d6:28:dc:75:18:fb:fb:39:ac:f8:81:
e9:0a:46:a0:02:f1:b1:65:60:1d:5f:e6:49:39:17:11:e8:52:
c7:95:06:93:a1:12:12:48:14:d8:cb:e3:0d:5c:02:8d:1a:f2:
93:2e:30:ca:8a:fd:3e:3c:5e:a9:65:eb:38:ce:9a:59:39:c9:
88:48:f5:4e:e3:52:c3:1f:b6:89:c2:9e:2a:35:03:fe:6d:aa:
9a:06:9f:a3:47:41:08:75:93:e9:ef:15:0c:e0:8e:c6:54:8e:
47:7d:03:44:3f:65:2c:5f:c0:df:45:e6:3d:fa:7d:7b:75:46:
31:78:9a:32:73:c0:8a:26:c5:3b:5f:65:f7:b2:8d:0d:15:3d:
16:a3:62:cf:d4:01:fd:a7:dd:f5:5e:ae:59:40:c6:b4:0c:28:
fe:47:c2:95:27:21:53:04:f8:40:48:1b:81:2b:86:46:e3:86:
fc:7e:6d:87:7e:ea:85:23:da:f3:10:5f:d5:72:aa:82:30:df:
8b:8b:8b:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfWFhuAK6ps3G5x7m/bFrwoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwNzA0MTUzNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWY0YWQ0MDkxZmE4N2FkNjA1ZjM3N2NlNjgyYjE2ZjVjMThiYzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1V/nO9G/M5kXmBpfD5oKLnA+NIT
9yikz+pRXEUMNWb+aGwYLuPLrJAHFi8Zg+pkLyTmtjqkpUzl839uQ/N9LkHIi6Rz
p2wCzD7kGICXD3r50/KdXLyCIj1miO6rYM1PWv236lBKPq7JMDzueXzn4Jk1XJFl
bx1YvQ7L47lwGYTRRUnr+tBz7KpX3YxSz3HxduwVH1v9/A7dRP/P9K/D0TAhbG0Z
TKDMZ+73j/+HaZXz5bi+WmLeSy98Wpq+UwQfh/SJqKmQWEftlz8eEo7e+HDiUk+F
5xXS/ixDAv8s7y7udtE3/HOWS/eKfaeM0XYBX9p4bX7JEVDBnPJOriv+MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIn0rUCR+oetYF83fOaCsW9cGLyKMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvaWZTdFFKSDZoNjFnWHpkODVvS3hiMXdZdklvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBqqgEMA0G
CSqGSIb3DQEBCwUAA4IBAQA+YOGFk5Ykx9z/8C5jj7PM0MXMadI4BUW4wyavdzkS
TpdAtZlQ4maDIHndp9lhmGFJTIv7NNh8hEXFVGUU1ijcdRj7+zms+IHpCkagAvGx
ZWAdX+ZJORcR6FLHlQaToRISSBTYy+MNXAKNGvKTLjDKiv0+PF6pZes4zppZOcmI
SPVO41LDH7aJwp4qNQP+baqaBp+jR0EIdZPp7xUM4I7GVI5HfQNEP2UsX8DfReY9
+n17dUYxeJoyc8CKJsU7X2X3so0NFT0Wo2LP1AH9p931Xq5ZQMa0DCj+R8KVJyFT
BPhASBuBK4ZG44b8fm2HfuqFI9rzEF/VcqqCMN+Li4s4
-----END CERTIFICATE-----
Generated at Wed Jul 23 12:17:46 2025 by rpki-client