Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/R3B7cvcZfT1UgiKlMGRmSCqelSI.roa
File: R3B7cvcZfT1UgiKlMGRmSCqelSI.roa (raw, json)
Hash identifier: hK53ZwTRULQ2RrBmMhyQ9z9h0bWz1bk+KzcfZK6F3vk=
Subject key identifier: 47:70:7B:72:F7:19:7D:3D:54:82:22:A5:30:64:66:48:2A:9E:95:22
Certificate issuer: /CN=baaa64cd29c94ccde14448f61a172c763b1e4050
Certificate serial: 019830AB3E151D25D0F879EBE2A699F7B844
Authority key identifier: BA:AA:64:CD:29:C9:4C:CD:E1:44:48:F6:1A:17:2C:76:3B:1E:40:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/R3B7cvcZfT1UgiKlMGRmSCqelSI.roa
Signing time: Tue 22 Jul 2025 05:46:25 +0000
ROA not before: Tue 22 Jul 2025 05:46:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30815
IP address blocks: 88.209.128.0/22 maxlen: 22
88.209.128.0/24 maxlen: 24
88.209.129.0/24 maxlen: 24
88.209.130.0/24 maxlen: 24
88.209.132.0/22 maxlen: 22
88.209.132.0/24 maxlen: 24
88.209.133.0/24 maxlen: 24
88.209.135.0/24 maxlen: 24
88.209.136.0/24 maxlen: 24
88.209.137.0/24 maxlen: 24
88.209.138.0/24 maxlen: 24
88.209.139.0/24 maxlen: 24
88.209.160.0/21 maxlen: 21
88.209.160.0/22 maxlen: 22
88.209.160.0/24 maxlen: 24
88.209.161.0/24 maxlen: 24
88.209.162.0/24 maxlen: 24
88.209.163.0/24 maxlen: 24
88.209.164.0/22 maxlen: 22
88.209.164.0/23 maxlen: 23
88.209.164.0/24 maxlen: 24
88.209.165.0/24 maxlen: 24
88.209.166.0/24 maxlen: 24
88.209.167.0/24 maxlen: 24
88.209.190.0/24 maxlen: 24
88.209.191.0/24 maxlen: 24
93.189.96.0/21 maxlen: 21
93.189.96.0/23 maxlen: 23
93.189.96.0/24 maxlen: 24
93.189.97.0/24 maxlen: 24
93.189.98.0/23 maxlen: 23
93.189.98.0/24 maxlen: 24
93.189.99.0/24 maxlen: 24
93.189.100.0/23 maxlen: 23
93.189.100.0/24 maxlen: 24
93.189.101.0/24 maxlen: 24
93.189.102.0/23 maxlen: 23
93.189.102.0/24 maxlen: 24
93.189.103.0/24 maxlen: 24
185.63.232.0/22 maxlen: 22
185.63.232.0/23 maxlen: 23
185.63.232.0/24 maxlen: 24
185.63.233.0/24 maxlen: 24
185.63.234.0/24 maxlen: 24
185.63.235.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.crl
rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.mft
rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Jul 2025 14:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:30:ab:3e:15:1d:25:d0:f8:79:eb:e2:a6:99:f7:b8:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=baaa64cd29c94ccde14448f61a172c763b1e4050
Validity
Not Before: Jul 22 05:46:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=47707b72f7197d3d548222a5306466482a9e9522
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:ff:7d:1b:13:6b:70:84:06:8e:28:81:f8:49:
b0:8e:e3:6e:84:4e:87:ac:84:1d:8b:91:d5:55:73:
ad:ca:7c:d0:65:48:07:c2:bb:64:22:7c:64:2e:b1:
6f:c1:b4:b4:e2:2c:cb:bb:c5:51:fc:0f:5b:e7:a1:
0d:df:e8:ef:17:b8:be:84:de:24:03:08:c7:71:1d:
6e:c7:64:4b:4e:02:37:1c:d9:80:6c:ce:df:3c:57:
8d:d3:c9:13:ab:d7:f5:9c:65:6e:54:ae:1f:3e:d9:
96:3c:d7:32:f4:76:94:c3:b3:6e:cc:ae:74:99:eb:
67:39:69:26:e7:c5:95:a2:fb:cb:31:15:f7:be:09:
22:67:cb:1c:81:11:3f:80:9a:d2:02:15:9d:1f:07:
65:ea:70:7f:37:11:6f:b9:94:fc:f1:dd:d6:97:b1:
1d:a8:4e:7c:58:f1:e2:50:48:0c:9c:2a:26:b8:74:
21:ce:28:e6:58:6b:f1:2e:af:c8:cc:09:4a:dc:83:
ce:2f:cf:6e:2b:e1:4a:dd:7e:cf:56:fa:a1:e2:4d:
b3:07:33:a1:01:7f:dd:4e:51:71:d6:d0:2c:1d:4f:
76:ed:90:9f:54:70:b3:ec:24:55:0e:7a:c2:98:b4:
c0:48:ce:db:ab:76:85:42:7e:52:b9:f6:6a:d3:84:
29:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:70:7B:72:F7:19:7D:3D:54:82:22:A5:30:64:66:48:2A:9E:95:22
X509v3 Authority Key Identifier:
keyid:BA:AA:64:CD:29:C9:4C:CD:E1:44:48:F6:1A:17:2C:76:3B:1E:40:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/R3B7cvcZfT1UgiKlMGRmSCqelSI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.128.0-88.209.139.255
88.209.160.0/21
88.209.190.0/23
93.189.96.0/21
185.63.232.0/22
Signature Algorithm: sha256WithRSAEncryption
84:71:1d:29:ba:ad:16:a7:29:3d:1f:dd:71:0d:dc:b4:bf:29:
83:58:80:3f:b5:01:ce:cb:e3:18:17:93:aa:9c:59:63:72:41:
3a:c3:eb:4c:67:35:e8:a0:7f:b0:26:14:22:e4:f7:f7:9d:ab:
96:7d:ec:79:40:05:52:13:b4:56:50:f4:e8:74:11:0c:7a:b9:
c2:ee:f4:4c:41:44:bc:05:f0:e3:5f:72:53:d6:e7:2c:53:ba:
13:82:44:0a:65:d8:9e:66:f0:05:ee:12:56:d9:9a:96:ac:28:
cf:a8:73:6b:c5:e1:9e:7d:f6:a0:0a:70:5f:a3:83:cc:dc:60:
86:cd:a7:3c:6d:9f:26:0b:c7:cf:2b:70:97:7a:d9:6f:64:94:
c6:97:ac:47:ae:2e:aa:96:b3:1b:ba:fb:3a:5d:25:f0:59:c0:
25:e4:80:41:33:bd:f7:fd:4c:a3:3c:49:bc:e7:53:17:7b:87:
df:ec:65:96:51:f0:29:d5:64:b3:6e:87:d7:20:f6:81:b0:fa:
cf:72:80:c6:f6:1c:1d:c6:01:aa:0b:2b:96:3e:e5:64:a3:93:
58:75:dc:a2:31:30:90:a7:aa:66:b2:f0:95:05:2c:24:68:73:
02:0d:bb:67:ca:c3:df:12:44:01:8c:c5:29:14:00:ba:68:54:
f5:62:7f:53
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZgwqz4VHSXQ+Hnr4qaZ97hEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYWE2NGNkMjljOTRjY2RlMTQ0NDhmNjFhMTcyYzc2M2Ix
ZTQwNTAwHhcNMjUwNzIyMDU0NjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzcwN2I3MmY3MTk3ZDNkNTQ4MjIyYTUzMDY0NjY0ODJhOWU5NTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP99GxNrcIQGjiiB+EmwjuNuhE6H
rIQdi5HVVXOtynzQZUgHwrtkInxkLrFvwbS04izLu8VR/A9b56EN3+jvF7i+hN4k
AwjHcR1ux2RLTgI3HNmAbM7fPFeN08kTq9f1nGVuVK4fPtmWPNcy9HaUw7NuzK50
metnOWkm58WVovvLMRX3vgkiZ8scgRE/gJrSAhWdHwdl6nB/NxFvuZT88d3Wl7Ed
qE58WPHiUEgMnComuHQhzijmWGvxLq/IzAlK3IPOL89uK+FK3X7PVvqh4k2zBzOh
AX/dTlFx1tAsHU927ZCfVHCz7CRVDnrCmLTASM7bq3aFQn5SufZq04QpYQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFEdwe3L3GX09VIIipTBkZkgqnpUiMB8GA1UdIwQY
MBaAFLqqZM0pyUzN4URI9hoXLHY7HkBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFwa3pTbkpUTTNoUkVqMkdoY3NkanNlUUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83MWY0MzktMmIxYi00ZWYwLWI2YTUt
OGZjYWE2OTM2YzZjLzEvUjNCN2N2Y1pmVDFVZ2lLbE1HUm1TQ3FlbFNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83MWY0MzktMmIxYi00ZWYwLWI2YTUtOGZjYWE2OTM2YzZj
LzEvdXFwa3pTbkpUTTNoUkVqMkdoY3NkanNlUUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBAdY0YAD
BAJY0YgDBANY0aADBAFY0b4DBANdvWADBAK5P+gwDQYJKoZIhvcNAQELBQADggEB
AIRxHSm6rRanKT0f3XEN3LS/KYNYgD+1Ac7L4xgXk6qcWWNyQTrD60xnNeigf7Am
FCLk9/edq5Z97HlABVITtFZQ9Oh0EQx6ucLu9ExBRLwF8ONfclPW5yxTuhOCRApl
2J5m8AXuElbZmpasKM+oc2vF4Z599qAKcF+jg8zcYIbNpzxtnyYLx88rcJd62W9k
lMaXrEeuLqqWsxu6+zpdJfBZwCXkgEEzvff9TKM8SbznUxd7h9/sZZZR8CnVZLNu
h9cg9oGw+s9ygMb2HB3GAaoLK5Y+5WSjk1h13KIxMJCnqmay8JUFLCRocwINu2fK
w98SRAGMxSkUALpoVPVif1M=
-----END CERTIFICATE-----
Generated at Mon Jul 28 16:01:13 2025 by rpki-client