Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/uI7nQm7QwCpIIISKRjYOgtmckNQ.roa
File: uI7nQm7QwCpIIISKRjYOgtmckNQ.roa (raw, json)
Hash identifier: JkQPhBUYAQcSmgIstgqbpyi9of+9Zf702RsWaJsrWhY=
Subject key identifier: B8:8E:E7:42:6E:D0:C0:2A:48:20:84:8A:46:36:0E:82:D9:9C:90:D4
Certificate issuer: /CN=567ac9bf0be91e0a48664ec8b6a6770957a21020
Certificate serial: 0197C7911157E6F914934400A2287DE8A942
Authority key identifier: 56:7A:C9:BF:0B:E9:1E:0A:48:66:4E:C8:B6:A6:77:09:57:A2:10:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/uI7nQm7QwCpIIISKRjYOgtmckNQ.roa
Signing time: Tue 01 Jul 2025 19:57:42 +0000
ROA not before: Tue 01 Jul 2025 19:57:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58208
IP address blocks: 5.42.152.0/22 maxlen: 24
5.42.153.0/24 maxlen: 24
5.42.156.0/23 maxlen: 24
5.42.159.0/24 maxlen: 24
91.216.120.0/24 maxlen: 24
185.118.68.0/24 maxlen: 24
2a01:45c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.crl
rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.mft
rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 26 Jul 2025 08:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c7:91:11:57:e6:f9:14:93:44:00:a2:28:7d:e8:a9:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=567ac9bf0be91e0a48664ec8b6a6770957a21020
Validity
Not Before: Jul 1 19:57:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b88ee7426ed0c02a4820848a46360e82d99c90d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:17:28:17:b0:26:4b:2b:a2:71:27:2e:98:3a:
a6:a1:2e:07:15:cb:d1:78:22:a8:c0:99:62:39:cc:
37:b5:1d:58:9d:20:96:28:64:e3:43:4d:88:19:41:
3e:b2:e5:3f:18:0e:79:5d:f2:0b:d5:42:49:f3:ec:
2d:a4:a1:c4:5e:86:99:93:07:50:69:be:f7:1e:43:
d8:4a:68:d9:3d:f9:b6:df:09:fb:f3:5f:ab:ca:5c:
3d:8d:8d:4f:61:46:13:e3:cc:9f:96:0b:ce:12:e8:
ba:25:20:04:40:f7:58:68:f8:67:0a:1d:15:c5:37:
09:c3:c4:84:57:0a:72:b3:33:84:29:02:9e:5e:45:
35:96:cd:30:0b:3c:bb:2f:20:3d:5a:e8:db:09:89:
b3:22:dd:22:b8:f0:54:f9:2f:f2:1b:57:1b:2a:f6:
ea:a1:69:f1:02:08:5e:36:4e:2b:2d:60:f0:c2:e1:
bf:8d:eb:a4:32:43:98:4e:6f:a4:84:68:a6:8b:63:
b9:dd:51:c1:da:45:82:4a:67:04:98:52:95:39:5c:
f9:52:19:f0:94:2e:4b:cc:0b:af:68:5c:cb:33:87:
c7:a1:be:18:8b:ba:f7:99:95:7c:b4:5a:ad:65:d5:
de:c2:ff:76:0f:1c:4a:39:c3:d2:98:64:89:e7:a6:
d2:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:8E:E7:42:6E:D0:C0:2A:48:20:84:8A:46:36:0E:82:D9:9C:90:D4
X509v3 Authority Key Identifier:
keyid:56:7A:C9:BF:0B:E9:1E:0A:48:66:4E:C8:B6:A6:77:09:57:A2:10:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/uI7nQm7QwCpIIISKRjYOgtmckNQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.152.0-5.42.157.255
5.42.159.0/24
91.216.120.0/24
185.118.68.0/24
IPv6:
2a01:45c0::/32
Signature Algorithm: sha256WithRSAEncryption
4d:a2:8b:99:dc:b5:11:1f:8b:1c:16:dd:68:55:a3:15:02:4e:
e4:04:a8:1f:86:e9:6e:24:c8:98:5d:81:75:4d:27:92:8d:2c:
93:71:df:14:63:17:dd:8a:08:a1:ba:69:8a:e1:29:2f:bf:8f:
d2:c9:a6:31:45:0c:e2:da:dd:22:f2:c5:bd:05:a7:2c:cd:ef:
3e:b3:0f:d2:fd:20:70:a9:62:a2:7f:0a:44:68:a8:61:e0:1c:
5a:75:df:2c:4f:71:e1:99:e6:ee:66:9f:4c:09:1a:0d:b7:ca:
23:5b:e0:6b:90:ad:54:e3:c6:8a:40:19:83:f8:59:a9:e2:59:
5e:19:df:60:4a:a0:46:33:e8:aa:7d:9a:73:4f:47:91:95:8d:
91:67:3c:7b:e3:8a:2e:37:88:90:73:c1:3e:8b:3d:4f:1c:68:
a1:74:2f:b3:b0:50:13:15:f4:38:b2:97:2d:3b:72:43:b5:70:
99:bd:db:da:64:38:cd:5a:3f:33:21:4d:e2:c0:92:f0:1f:29:
6e:b2:06:b3:83:c6:33:ba:d9:80:58:7e:2a:7f:2e:cb:37:6f:
70:12:0c:f5:c2:b5:ae:70:96:e5:37:5d:6c:b8:52:3c:17:b7:
70:2e:68:b3:12:97:2e:b4:19:de:ed:cd:b1:c6:cf:e1:6f:cd:
b5:96:bd:42
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZfHkRFX5vkUk0QAoih96KlCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2N2FjOWJmMGJlOTFlMGE0ODY2NGVjOGI2YTY3NzA5NTdh
MjEwMjAwHhcNMjUwNzAxMTk1NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODhlZTc0MjZlZDBjMDJhNDgyMDg0OGE0NjM2MGU4MmQ5OWM5MGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4RcoF7AmSyuicScumDqmoS4HFcvR
eCKowJliOcw3tR1YnSCWKGTjQ02IGUE+suU/GA55XfIL1UJJ8+wtpKHEXoaZkwdQ
ab73HkPYSmjZPfm23wn781+rylw9jY1PYUYT48yflgvOEui6JSAEQPdYaPhnCh0V
xTcJw8SEVwpyszOEKQKeXkU1ls0wCzy7LyA9WujbCYmzIt0iuPBU+S/yG1cbKvbq
oWnxAgheNk4rLWDwwuG/jeukMkOYTm+khGimi2O53VHB2kWCSmcEmFKVOVz5Uhnw
lC5LzAuvaFzLM4fHob4Yi7r3mZV8tFqtZdXewv92DxxKOcPSmGSJ56bSkQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFLiO50Ju0MAqSCCEikY2DoLZnJDUMB8GA1UdIwQY
MBaAFFZ6yb8L6R4KSGZOyLamdwlXohAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5ySnZ3dnBIZ3BJWms3SXRxWjNDVmVpRUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNTFkMDgtODU3NS00YmZiLWFmNmUt
MDE4ODljYzAzZWJhLzEvdUk3blFtN1F3Q3BJSUlTS1JqWU9ndG1ja05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNTFkMDgtODU3NS00YmZiLWFmNmUtMDE4ODljYzAzZWJh
LzEvVm5ySnZ3dnBIZ3BJWms3SXRxWjNDVmVpRUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBAMFKpgD
BAEFKpwDBAAFKp8DBABb2HgDBAC5dkQwDQQCAAIwBwMFACoBRcAwDQYJKoZIhvcN
AQELBQADggEBAE2ii5nctREfixwW3WhVoxUCTuQEqB+G6W4kyJhdgXVNJ5KNLJNx
3xRjF92KCKG6aYrhKS+/j9LJpjFFDOLa3SLyxb0FpyzN7z6zD9L9IHCpYqJ/CkRo
qGHgHFp13yxPceGZ5u5mn0wJGg23yiNb4GuQrVTjxopAGYP4WaniWV4Z32BKoEYz
6Kp9mnNPR5GVjZFnPHvjii43iJBzwT6LPU8caKF0L7OwUBMV9Diyly07ckO1cJm9
29pkOM1aPzMhTeLAkvAfKW6yBrODxjO62YBYfip/Lss3b3ASDPXCta5wluU3XWy4
UjwXt3AuaLMSly60Gd7tzbHGz+FvzbWWvUI=
-----END CERTIFICATE-----
Generated at Fri Jul 25 15:24:31 2025 by rpki-client