Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/cSeNkAadXsE6IImSqkdqc3ZC6VA.roa
File: cSeNkAadXsE6IImSqkdqc3ZC6VA.roa (raw, json)
Hash identifier: tYyl96XjKTlVSNpRI5StDuloRbirGgK5L75RjQRM3Eg=
Subject key identifier: 71:27:8D:90:06:9D:5E:C1:3A:20:89:92:AA:47:6A:73:76:42:E9:50
Certificate issuer: /CN=7ec65a1dcf8225e7f10be20ddde1e216e800b67c
Certificate serial: 0197D59C57D1D7C22B15B946BD8557B69ACA
Authority key identifier: 7E:C6:5A:1D:CF:82:25:E7:F1:0B:E2:0D:DD:E1:E2:16:E8:00:B6:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fsZaHc-CJefxC-IN3eHiFugAtnw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/cSeNkAadXsE6IImSqkdqc3ZC6VA.roa
Signing time: Fri 04 Jul 2025 13:24:42 +0000
ROA not before: Fri 04 Jul 2025 13:24:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6453
IP address blocks: 5.11.128.0/17 maxlen: 24
5.24.0.0/14 maxlen: 24
31.140.0.0/14 maxlen: 24
77.67.128.0/17 maxlen: 24
86.108.128.0/17 maxlen: 24
141.196.0.0/16 maxlen: 24
176.89.0.0/16 maxlen: 24
176.90.0.0/15 maxlen: 24
176.227.0.0/17 maxlen: 24
176.237.0.0/16 maxlen: 24
176.238.0.0/16 maxlen: 24
176.239.0.0/16 maxlen: 24
178.240.0.0/13 maxlen: 24
188.56.0.0/14 maxlen: 24
213.43.0.0/16 maxlen: 24
2a02:4e0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/fsZaHc-CJefxC-IN3eHiFugAtnw.crl
rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/fsZaHc-CJefxC-IN3eHiFugAtnw.mft
rsync://rpki.ripe.net/repository/DEFAULT/fsZaHc-CJefxC-IN3eHiFugAtnw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 04:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:d5:9c:57:d1:d7:c2:2b:15:b9:46:bd:85:57:b6:9a:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7ec65a1dcf8225e7f10be20ddde1e216e800b67c
Validity
Not Before: Jul 4 13:24:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=71278d90069d5ec13a208992aa476a737642e950
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:be:8c:e3:79:84:59:17:13:27:98:e6:a4:61:
63:70:ad:1f:7d:a8:c5:8c:e0:7f:48:e1:f8:ed:25:
03:8c:cd:24:1c:07:19:88:80:fe:f3:21:d9:c8:a4:
02:de:85:bc:62:b8:e4:32:df:43:65:57:95:9b:ac:
ca:40:54:81:a1:a2:77:18:17:1b:04:13:8a:40:38:
5d:f3:e5:2f:4d:61:e8:8e:3f:ce:a9:ec:bc:6a:72:
13:12:49:95:18:cd:15:67:8c:c5:b8:4e:ad:a8:a7:
60:bb:99:f9:c3:c4:71:47:75:f7:cd:a4:9a:92:99:
b6:f8:d4:21:8a:4c:e6:5c:9e:91:e6:b1:bd:43:02:
fc:1f:41:a2:78:f1:0a:db:13:6d:32:28:ce:da:a6:
43:6d:10:b6:db:c7:1b:8a:5a:14:a8:2e:bc:c6:6d:
17:bb:4e:af:7e:dc:a6:d3:39:98:ed:0e:ab:f3:41:
d2:8c:78:7c:f6:6f:86:cb:bd:ae:ea:94:0e:02:48:
27:dc:c8:67:b7:16:60:1d:af:ce:60:cf:1d:35:4b:
9c:2d:75:cb:84:d4:6e:ce:4a:16:9e:1f:98:28:16:
fb:a7:46:44:2f:43:e2:f1:76:16:36:e3:3f:52:4f:
4c:22:41:b4:13:32:e5:6b:a1:84:64:ba:24:18:2d:
06:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:27:8D:90:06:9D:5E:C1:3A:20:89:92:AA:47:6A:73:76:42:E9:50
X509v3 Authority Key Identifier:
keyid:7E:C6:5A:1D:CF:82:25:E7:F1:0B:E2:0D:DD:E1:E2:16:E8:00:B6:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fsZaHc-CJefxC-IN3eHiFugAtnw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/cSeNkAadXsE6IImSqkdqc3ZC6VA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/fsZaHc-CJefxC-IN3eHiFugAtnw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.11.128.0/17
5.24.0.0/14
31.140.0.0/14
77.67.128.0/17
86.108.128.0/17
141.196.0.0/16
176.89.0.0-176.91.255.255
176.227.0.0/17
176.237.0.0-176.239.255.255
178.240.0.0/13
188.56.0.0/14
213.43.0.0/16
IPv6:
2a02:4e0::/32
Signature Algorithm: sha256WithRSAEncryption
9d:b1:9b:37:b9:e8:71:0f:5f:50:0a:61:26:13:35:7f:04:cc:
64:b5:ea:34:1b:85:1b:e6:6a:e0:2c:74:97:3b:24:f0:0c:17:
8f:f2:57:58:f4:57:c3:6e:70:8e:3a:c8:9b:2c:3b:2f:7d:44:
f7:71:7d:18:13:25:e9:05:89:f5:62:d3:d4:81:36:09:ca:0a:
d1:ed:00:72:7c:e9:52:d3:da:f6:c4:7c:b5:db:e2:63:59:a4:
71:49:3e:56:0b:e6:0f:a4:c9:3c:23:d5:f3:ac:ec:00:af:77:
89:92:78:a6:71:0b:c4:f8:68:55:c9:10:71:3a:5d:5f:68:96:
a0:24:f5:65:3b:de:87:f9:43:1c:df:33:a3:c4:93:99:1e:ba:
6a:fa:48:84:20:bd:c3:ef:04:11:2a:3e:04:ce:41:ab:a4:a5:
43:37:73:ab:88:55:54:72:eb:fe:e4:80:28:8c:d0:91:c7:29:
25:24:f7:55:5b:e3:9f:ba:d2:45:a1:41:91:b4:54:01:19:95:
4f:56:a4:8e:d9:74:5c:20:40:bb:08:67:07:db:64:1e:09:31:
08:a0:52:7a:5b:37:f5:0f:e8:9d:0e:c8:7c:8b:37:e2:3b:f8:
9d:a8:fc:eb:32:ea:6e:22:e7:61:e9:2a:3a:cf:d3:89:f8:99:
ba:1d:af:ed
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAZfVnFfR18IrFblGvYVXtprKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYzY1YTFkY2Y4MjI1ZTdmMTBiZTIwZGRkZTFlMjE2ZTgw
MGI2N2MwHhcNMjUwNzA0MTMyNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI3OGQ5MDA2OWQ1ZWMxM2EyMDg5OTJhYTQ3NmE3Mzc2NDJlOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo76M43mEWRcTJ5jmpGFjcK0ffajF
jOB/SOH47SUDjM0kHAcZiID+8yHZyKQC3oW8YrjkMt9DZVeVm6zKQFSBoaJ3GBcb
BBOKQDhd8+UvTWHojj/Oqey8anITEkmVGM0VZ4zFuE6tqKdgu5n5w8RxR3X3zaSa
kpm2+NQhikzmXJ6R5rG9QwL8H0GiePEK2xNtMijO2qZDbRC228cbiloUqC68xm0X
u06vftym0zmY7Q6r80HSjHh89m+Gy72u6pQOAkgn3MhntxZgHa/OYM8dNUucLXXL
hNRuzkoWnh+YKBb7p0ZEL0Pi8XYWNuM/Uk9MIkG0EzLla6GEZLokGC0GawIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFHEnjZAGnV7BOiCJkqpHanN2QulQMB8GA1UdIwQY
MBaAFH7GWh3PgiXn8QviDd3h4hboALZ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnNaYUhjLUNKZWZ4Qy1JTjNlSGlGdWdBdG53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi84ZTc3ODUtOTQ1MS00NmZiLWIyNDQt
N2Q5YjgyMzA1MzdlLzEvY1NlTmtBYWRYc0U2SUltU3FrZHFjM1pDNlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi84ZTc3ODUtOTQ1MS00NmZiLWIyNDQtN2Q5YjgyMzA1Mzdl
LzEvZnNaYUhjLUNKZWZ4Qy1JTjNlSGlGdWdBdG53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQHBQuAAwMC
BRgDAwIfjAMEB01DgAMEB1ZsgAMDAI3EMAoDAwCwWQMDArBYAwQHsOMAMAoDAwCw
7QMDBLDgAwMDsvADAwK8OAMDANUrMA0EAgACMAcDBQAqAgTgMA0GCSqGSIb3DQEB
CwUAA4IBAQCdsZs3uehxD19QCmEmEzV/BMxkteo0G4Ub5mrgLHSXOyTwDBeP8ldY
9FfDbnCOOsibLDsvfUT3cX0YEyXpBYn1YtPUgTYJygrR7QByfOlS09r2xHy12+Jj
WaRxST5WC+YPpMk8I9XzrOwAr3eJknimcQvE+GhVyRBxOl1faJagJPVlO96H+UMc
3zOjxJOZHrpq+kiEIL3D7wQRKj4EzkGrpKVDN3OriFVUcuv+5IAojNCRxyklJPdV
W+OfutJFoUGRtFQBGZVPVqSO2XRcIEC7CGcH22QeCTEIoFJ6Wzf1D+idDsh8izfi
O/idqPzrMupuIudh6So6z9OJ+Jm6Ha/t
-----END CERTIFICATE-----
Generated at Sun Jul 20 11:27:45 2025 by rpki-client