Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pzrmUjak08IJxFNaFVlRe6A3EWo.roa
File: pzrmUjak08IJxFNaFVlRe6A3EWo.roa (raw, json)
Hash identifier: kqpZ2TA0F+EbCva2l5BD+IfS1Ni0tqn9HXhk1N+jiHY=
Subject key identifier: A7:3A:E6:52:36:A4:D3:C2:09:C4:53:5A:15:59:51:7B:A0:37:11:6A
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 0198269A09F4BC60BB6B73AB32D2481F8E93
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pzrmUjak08IJxFNaFVlRe6A3EWo.roa
Signing time: Sun 20 Jul 2025 06:51:25 +0000
ROA not before: Sun 20 Jul 2025 06:51:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 398704
IP address blocks: 217.60.0.0/21 maxlen: 24
217.60.12.0/22 maxlen: 24
217.60.24.0/22 maxlen: 24
217.60.60.0/22 maxlen: 24
217.60.188.0/22 maxlen: 24
217.60.192.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Jul 2025 22:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:26:9a:09:f4:bc:60:bb:6b:73:ab:32:d2:48:1f:8e:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Jul 20 06:51:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a73ae65236a4d3c209c4535a1559517ba037116a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:52:fd:3c:55:ee:cb:ac:54:81:46:42:a9:73:
b3:39:9e:ef:2a:28:80:52:4a:d9:23:74:07:5b:95:
06:8f:9d:5f:aa:e7:7b:cc:bf:e7:78:1c:ec:e6:a0:
9e:bd:43:e0:00:61:a9:32:94:01:c5:e8:75:d3:32:
16:47:de:99:6f:52:ae:69:49:04:b4:1d:88:a1:fd:
a7:96:c0:20:14:a1:66:e0:b1:89:f2:2b:66:23:f4:
5b:0e:a1:4f:ad:df:36:46:99:ca:8b:62:f9:75:0e:
88:57:bb:3e:a5:9b:25:43:ac:c6:98:e5:87:67:37:
3f:9d:65:c0:9c:e2:12:41:34:8c:55:b3:b6:b1:f4:
88:f9:d4:be:85:0e:90:99:e4:28:e9:7f:0b:8e:5f:
8a:04:eb:c3:02:2a:c2:7a:9f:ef:b6:03:21:7c:72:
27:d1:bd:dd:ed:76:c7:5a:de:99:e9:b9:e4:9c:8e:
40:7c:0c:79:f9:10:b6:ba:1b:ec:39:c1:d3:8f:87:
fb:63:6c:a4:aa:47:fe:d1:7c:7a:f5:a4:d0:26:a1:
ee:71:e6:53:1a:4a:41:ed:01:05:cf:18:82:43:4e:
8b:0b:19:94:9f:1b:75:71:24:c9:64:01:94:ce:0d:
2a:0c:0b:b9:49:0a:fe:c7:16:22:c3:62:d2:2a:f0:
05:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:3A:E6:52:36:A4:D3:C2:09:C4:53:5A:15:59:51:7B:A0:37:11:6A
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pzrmUjak08IJxFNaFVlRe6A3EWo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.60.0.0/21
217.60.12.0/22
217.60.24.0/22
217.60.60.0/22
217.60.188.0-217.60.195.255
Signature Algorithm: sha256WithRSAEncryption
76:ae:58:35:09:3f:ff:58:45:8c:38:d6:a6:93:6e:c9:67:50:
60:25:17:fe:94:12:19:a0:3a:40:83:4b:77:e2:f2:a3:d0:d3:
cc:39:c8:4a:d1:de:d2:6a:90:b2:40:db:1a:df:db:fe:93:d7:
fe:9d:fd:61:6c:fd:43:58:8e:d1:e3:a2:0d:07:0a:78:ed:c6:
21:29:54:d2:94:85:73:4c:3d:68:91:7d:a2:2d:b6:3b:0f:4b:
cb:56:ff:e6:d5:72:d7:19:5f:9e:33:83:62:51:be:5f:ca:17:
05:d4:4a:f8:4b:0a:1b:5c:7a:45:b1:6b:e7:f9:89:36:9d:dc:
36:0c:05:d1:2d:08:66:62:2a:e9:ef:e0:63:66:dd:a4:09:6d:
d0:f4:5d:80:e8:34:da:68:26:72:89:7f:38:a0:44:83:f0:21:
e7:5e:16:d7:5d:4e:be:c4:27:81:03:22:c7:e2:55:97:de:33:
fb:c0:72:71:1c:ef:3e:a8:11:a2:1d:29:17:8b:e1:e8:bc:2e:
83:fe:11:ca:6e:c9:1e:39:64:b0:65:e1:39:0a:6b:a7:76:74:
fa:44:10:51:e8:03:c0:27:54:07:49:5d:c8:e8:ae:2b:b7:98:
f6:7a:aa:9e:49:f9:83:cb:64:9e:18:12:be:67:dc:c1:9f:d6:
ae:e5:2b:17
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZgmmgn0vGC7a3OrMtJIH46TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzIwMDY1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzNhZTY1MjM2YTRkM2MyMDljNDUzNWExNTU5NTE3YmEwMzcxMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFL9PFXuy6xUgUZCqXOzOZ7vKiiA
UkrZI3QHW5UGj51fqud7zL/neBzs5qCevUPgAGGpMpQBxeh10zIWR96Zb1KuaUkE
tB2Iof2nlsAgFKFm4LGJ8itmI/RbDqFPrd82RpnKi2L5dQ6IV7s+pZslQ6zGmOWH
Zzc/nWXAnOISQTSMVbO2sfSI+dS+hQ6QmeQo6X8Ljl+KBOvDAirCep/vtgMhfHIn
0b3d7XbHWt6Z6bnknI5AfAx5+RC2uhvsOcHTj4f7Y2ykqkf+0Xx69aTQJqHuceZT
GkpB7QEFzxiCQ06LCxmUnxt1cSTJZAGUzg0qDAu5SQr+xxYiw2LSKvAFhQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFKc65lI2pNPCCcRTWhVZUXugNxFqMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcHpybVVqYWswOElKeEZOYUZWbFJlNkEzRVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQD2TwAAwQC
2TwMAwQC2TwYAwQC2Tw8MAwDBALZPLwDBALZPMAwDQYJKoZIhvcNAQELBQADggEB
AHauWDUJP/9YRYw41qaTbslnUGAlF/6UEhmgOkCDS3fi8qPQ08w5yErR3tJqkLJA
2xrf2/6T1/6d/WFs/UNYjtHjog0HCnjtxiEpVNKUhXNMPWiRfaIttjsPS8tW/+bV
ctcZX54zg2JRvl/KFwXUSvhLChtcekWxa+f5iTad3DYMBdEtCGZiKunv4GNm3aQJ
bdD0XYDoNNpoJnKJfzigRIPwIedeFtddTr7EJ4EDIsfiVZfeM/vAcnEc7z6oEaId
KReL4ei8LoP+EcpuyR45ZLBl4TkKa6d2dPpEEFHoA8AnVAdJXcjoriu3mPZ6qp5J
+YPLZJ4YEr5n3MGf1q7lKxc=
-----END CERTIFICATE-----
Generated at Tue Jul 29 07:42:24 2025 by rpki-client