Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/G9iD8U4QCioeA79cHr2xVSAWeEI.roa
File: G9iD8U4QCioeA79cHr2xVSAWeEI.roa (raw, json)
Hash identifier: isof3/aO68rNSeHuTbxaBE/zI2rUwZRzXlA4N/t2RR8=
Subject key identifier: 1B:D8:83:F1:4E:10:0A:2A:1E:03:BF:5C:1E:BD:B1:55:20:16:78:42
Certificate issuer: /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial: 0198091D431C6C970F7E2FE2D082894DC0DF
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/G9iD8U4QCioeA79cHr2xVSAWeEI.roa
Signing time: Mon 14 Jul 2025 13:26:09 +0000
ROA not before: Mon 14 Jul 2025 13:26:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199527
IP address blocks: 86.38.109.0/24 maxlen: 24
86.38.110.0/24 maxlen: 24
86.38.116.0/24 maxlen: 24
86.38.163.0/24 maxlen: 24
185.189.152.0/24 maxlen: 24
213.252.208.0/24 maxlen: 24
213.252.209.0/24 maxlen: 24
213.252.242.0/24 maxlen: 24
213.252.250.0/24 maxlen: 24
213.252.251.0/24 maxlen: 24
213.252.253.0/24 maxlen: 24
2a00:f501:a001::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 13:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:09:1d:43:1c:6c:97:0f:7e:2f:e2:d0:82:89:4d:c0:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Validity
Not Before: Jul 14 13:26:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1bd883f14e100a2a1e03bf5c1ebdb15520167842
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:65:09:39:9b:ee:04:44:7f:88:20:7a:1c:47:
1b:84:f2:59:1f:16:93:10:b8:17:73:0e:b9:59:01:
ef:d3:14:4e:5d:74:96:3e:aa:bb:59:08:15:e0:21:
00:1b:90:43:40:74:7a:37:ef:05:d4:e0:a3:88:00:
19:80:01:fd:64:9c:e6:71:8b:2d:86:23:e6:7a:5d:
86:ec:6c:04:f2:f2:ab:79:b4:f4:3f:22:b6:3e:8a:
0a:c6:ab:27:bf:dd:d2:9e:bc:3e:9b:48:02:b3:8c:
8a:01:44:27:d0:b5:b6:12:90:e6:ca:7b:20:4c:d1:
4c:f0:0d:e7:a6:51:2c:7b:11:0e:72:d4:08:4d:81:
79:0e:0f:af:21:1c:97:e2:30:95:40:c9:cf:52:60:
51:ea:48:ec:55:75:ee:49:bc:8b:87:ca:b0:32:a8:
39:c7:8c:a1:8d:2d:09:0d:65:5c:b4:77:07:34:dd:
c3:07:9a:e6:c5:06:08:96:6a:f0:a0:aa:0b:c5:e9:
c6:98:ce:b8:05:6b:04:52:2f:fa:6d:c6:b7:c0:9e:
00:7a:19:f2:2a:26:3b:5a:76:65:b8:38:48:75:c3:
68:06:f8:73:dc:f1:72:81:9b:77:38:4d:d6:df:7a:
68:10:2b:23:cb:81:82:e0:83:a0:04:18:d3:a1:b8:
90:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:D8:83:F1:4E:10:0A:2A:1E:03:BF:5C:1E:BD:B1:55:20:16:78:42
X509v3 Authority Key Identifier:
keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/G9iD8U4QCioeA79cHr2xVSAWeEI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.38.109.0-86.38.110.255
86.38.116.0/24
86.38.163.0/24
185.189.152.0/24
213.252.208.0/23
213.252.242.0/24
213.252.250.0/23
213.252.253.0/24
IPv6:
2a00:f501:a001::/48
Signature Algorithm: sha256WithRSAEncryption
63:47:ad:85:b5:01:ef:66:36:db:d0:17:e8:b7:09:0f:0e:20:
f6:90:3b:69:f6:97:af:ce:2f:b3:80:8c:8e:30:ec:69:21:39:
15:28:6f:8a:72:7c:57:b2:f0:1a:3a:1f:ec:a2:f4:7b:26:3d:
5f:9b:30:c0:3c:bd:0c:31:bc:d9:b1:55:64:02:79:78:69:1b:
36:e2:b0:77:f9:79:38:f7:56:fd:d5:76:09:54:1b:ff:cd:37:
ef:0f:a6:71:24:ce:dd:e8:c5:78:2f:86:1f:4a:a6:a1:6c:47:
0f:c6:10:52:e5:f8:92:91:b6:80:c6:16:46:10:27:3e:94:08:
ff:a4:48:c2:67:c8:d8:1a:82:fa:67:4c:ee:07:58:da:78:90:
e6:04:14:3b:d9:1a:24:d6:f8:30:9d:82:3a:4d:f0:58:93:3e:
c8:77:13:4c:d6:a0:bb:aa:bb:e5:43:ce:03:5c:bd:d4:b3:ff:
b5:aa:5f:82:10:a6:d8:33:e9:11:71:1d:e8:ad:a5:96:04:7c:
2f:d9:bd:b3:bc:17:28:31:dc:e0:c4:50:c1:df:ef:bc:90:40:
3d:6a:24:92:0f:c7:09:15:73:1e:d8:96:7e:88:ab:62:40:e0:
e0:f1:c3:1b:42:d1:79:25:22:81:06:b7:77:d7:86:86:94:29:
14:5f:f4:a2
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAZgJHUMcbJcPfi/i0IKJTcDfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUwNzE0MTMyNjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmQ4ODNmMTRlMTAwYTJhMWUwM2JmNWMxZWJkYjE1NTIwMTY3ODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWUJOZvuBER/iCB6HEcbhPJZHxaT
ELgXcw65WQHv0xROXXSWPqq7WQgV4CEAG5BDQHR6N+8F1OCjiAAZgAH9ZJzmcYst
hiPmel2G7GwE8vKrebT0PyK2PooKxqsnv93Snrw+m0gCs4yKAUQn0LW2EpDmynsg
TNFM8A3nplEsexEOctQITYF5Dg+vIRyX4jCVQMnPUmBR6kjsVXXuSbyLh8qwMqg5
x4yhjS0JDWVctHcHNN3DB5rmxQYIlmrwoKoLxenGmM64BWsEUi/6bca3wJ4Aehny
KiY7WnZluDhIdcNoBvhz3PFygZt3OE3W33poECsjy4GC4IOgBBjTobiQHwIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFBvYg/FOEAoqHgO/XB69sVUgFnhCMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvRzlpRDhVNFFDaW9lQTc5Y0hyMnhWU0FXZUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTA+BAIAATA4MAwDBABWJm0D
BABWJm4DBABWJnQDBABWJqMDBAC5vZgDBAHV/NADBADV/PIDBAHV/PoDBADV/P0w
DwQCAAIwCQMHACoA9QGgATANBgkqhkiG9w0BAQsFAAOCAQEAY0ethbUB72Y229AX
6LcJDw4g9pA7afaXr84vs4CMjjDsaSE5FShvinJ8V7LwGjof7KL0eyY9X5swwDy9
DDG82bFVZAJ5eGkbNuKwd/l5OPdW/dV2CVQb/8037w+mcSTO3ejFeC+GH0qmoWxH
D8YQUuX4kpG2gMYWRhAnPpQI/6RIwmfI2BqC+mdM7gdY2niQ5gQUO9kaJNb4MJ2C
Ok3wWJM+yHcTTNagu6q75UPOA1y91LP/tapfghCm2DPpEXEd6K2llgR8L9m9s7wX
KDHc4MRQwd/vvJBAPWokkg/HCRVzHtiWfoirYkDg4PHDG0LReSUigQa3d9eGhpQp
FF/0og==
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:01:21 2025 by rpki-client