Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/FjuRIK3h9lh6HkAspJmkOzVbQDE.roa
File: FjuRIK3h9lh6HkAspJmkOzVbQDE.roa (raw, json)
Hash identifier: TTF4MAeCvYim4usL7sF8/NIvGP7nwIqhnWS/3NZv/5g=
Subject key identifier: 16:3B:91:20:AD:E1:F6:58:7A:1E:40:2C:A4:99:A4:3B:35:5B:40:31
Certificate issuer: /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial: 01980CCE1721B76C4CB4A3C23DE70D2F87F8
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/FjuRIK3h9lh6HkAspJmkOzVbQDE.roa
Signing time: Tue 15 Jul 2025 06:38:09 +0000
ROA not before: Tue 15 Jul 2025 06:38:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2287
IP address blocks: 90.84.138.0/24 maxlen: 24
90.84.139.0/24 maxlen: 24
90.84.157.0/24 maxlen: 24
90.84.158.0/24 maxlen: 24
90.84.166.0/24 maxlen: 24
90.84.167.0/24 maxlen: 24
2a01:ceff::/48 maxlen: 48
2a01:ceff:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Jul 2025 20:26:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:0c:ce:17:21:b7:6c:4c:b4:a3:c2:3d:e7:0d:2f:87:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
Validity
Not Before: Jul 15 06:38:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=163b9120ade1f6587a1e402ca499a43b355b4031
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:00:bc:95:01:05:93:5c:62:9e:c7:e3:f3:c7:
67:aa:79:fb:9e:3c:d0:2c:b7:0a:e3:85:03:18:7b:
2b:58:9f:6f:c8:5a:c1:83:66:99:97:a5:b5:01:ab:
3c:34:68:4f:76:6f:eb:d0:df:a4:1f:d8:9f:ee:38:
bc:19:5b:db:9e:69:4f:68:20:07:9c:e0:59:1c:35:
1e:a1:36:a1:66:62:dd:7a:76:e5:ab:5e:1e:ca:01:
30:77:3c:54:d1:8a:9a:37:9a:f9:c4:76:c8:89:1a:
c8:13:27:17:15:3e:54:b5:21:bc:b5:7c:69:60:37:
b1:49:37:30:f8:3c:42:27:e8:e3:08:1f:22:39:e8:
96:f3:fd:84:2b:51:d7:39:51:8a:2d:5b:32:f5:e8:
9f:8b:3f:f8:8f:45:3f:a9:4f:66:5a:4a:03:d5:77:
c0:b1:32:22:24:77:a3:b2:d6:30:cf:55:94:ac:30:
e2:c2:79:2d:a1:f1:b9:26:45:ba:4e:f2:48:77:7c:
cc:2c:73:98:7f:94:1a:a9:fe:09:c2:05:b5:7c:68:
4d:80:52:ee:b8:7b:2d:20:fe:61:c0:70:0e:56:ee:
29:7a:a7:9a:6e:e7:45:43:c4:96:a8:d7:50:f4:a1:
88:45:2e:d6:47:dc:e5:d0:10:69:81:c9:48:d8:d4:
60:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:3B:91:20:AD:E1:F6:58:7A:1E:40:2C:A4:99:A4:3B:35:5B:40:31
X509v3 Authority Key Identifier:
keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/FjuRIK3h9lh6HkAspJmkOzVbQDE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
90.84.138.0/23
90.84.157.0-90.84.158.255
90.84.166.0/23
IPv6:
2a01:ceff::/47
Signature Algorithm: sha256WithRSAEncryption
82:54:69:77:f7:2c:43:c2:36:eb:88:1d:27:ee:fd:59:4a:33:
3b:e2:33:00:63:53:3d:c0:10:3b:54:9a:c2:d8:52:ec:5c:85:
a4:f7:c3:d4:20:2a:7a:c3:70:91:d5:73:b6:ee:e5:46:59:67:
82:44:54:ff:7a:83:66:9c:ec:f4:4b:21:08:14:b1:ed:f0:6b:
31:03:79:9d:52:0d:98:80:07:d3:bc:6f:da:56:b2:9a:2f:16:
44:34:43:71:38:f3:6d:81:bb:fc:40:2f:a9:fc:08:68:74:4c:
55:65:c1:cc:da:a7:d7:39:79:1a:b1:52:a6:7c:d5:5a:45:1b:
c9:5e:c8:d3:90:ae:b0:03:4d:ac:bc:06:31:b5:c5:3f:df:aa:
d0:aa:fa:cc:d9:18:c4:f2:54:46:3d:e4:1d:c4:ca:46:2f:e4:
8b:69:ff:c3:b8:1a:6a:5e:47:4a:33:f5:b8:db:af:5a:a6:3f:
cd:b8:d1:95:36:d7:2f:6c:a8:07:d4:5d:cf:b8:bb:4f:f4:cf:
8f:93:f1:cb:fd:d1:aa:7d:b9:4d:f3:3f:f6:b3:3d:bf:68:e1:
53:f3:cb:56:8c:7a:9e:c4:9f:76:93:98:3c:05:78:e3:7a:76:
b8:8e:ae:8a:72:c5:18:09:40:e5:73:d4:a8:88:e5:26:c1:50:
07:13:25:b3
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZgMzhcht2xMtKPCPecNL4f4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwNzE1MDYzODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjNiOTEyMGFkZTFmNjU4N2ExZTQwMmNhNDk5YTQzYjM1NWI0MDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6gC8lQEFk1xinsfj88dnqnn7njzQ
LLcK44UDGHsrWJ9vyFrBg2aZl6W1Aas8NGhPdm/r0N+kH9if7ji8GVvbnmlPaCAH
nOBZHDUeoTahZmLdenblq14eygEwdzxU0YqaN5r5xHbIiRrIEycXFT5UtSG8tXxp
YDexSTcw+DxCJ+jjCB8iOeiW8/2EK1HXOVGKLVsy9eifiz/4j0U/qU9mWkoD1XfA
sTIiJHejstYwz1WUrDDiwnktofG5JkW6TvJId3zMLHOYf5Qaqf4JwgW1fGhNgFLu
uHstIP5hwHAOVu4peqeabudFQ8SWqNdQ9KGIRS7WR9zl0BBpgclI2NRgLQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFBY7kSCt4fZYeh5ALKSZpDs1W0AxMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvRmp1UklLM2g5bGg2SGtBc3BKbWtPelZiUURFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaAwQBWlSKMAwD
BABaVJ0DBABaVJ4DBAFaVKYwDwQCAAIwCQMHASoBzv8AADANBgkqhkiG9w0BAQsF
AAOCAQEAglRpd/csQ8I264gdJ+79WUozO+IzAGNTPcAQO1SawthS7FyFpPfD1CAq
esNwkdVztu7lRllngkRU/3qDZpzs9EshCBSx7fBrMQN5nVINmIAH07xv2laymi8W
RDRDcTjzbYG7/EAvqfwIaHRMVWXBzNqn1zl5GrFSpnzVWkUbyV7I05CusANNrLwG
MbXFP9+q0Kr6zNkYxPJURj3kHcTKRi/ki2n/w7gaal5HSjP1uNuvWqY/zbjRlTbX
L2yoB9Rdz7i7T/TPj5Pxy/3Rqn25TfM/9rM9v2jhU/PLVox6nsSfdpOYPAV443p2
uI6uinLFGAlA5XPUqIjlJsFQBxMlsw==
-----END CERTIFICATE-----
Generated at Tue Jul 22 05:02:20 2025 by rpki-client