Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/bNZ4Q9wcD7yZAP2RwlbB4JNFkjQ.roa
File: bNZ4Q9wcD7yZAP2RwlbB4JNFkjQ.roa (raw, json)
Hash identifier: JZzkHPxKw9rE1eeiiSJfGm5FFzPkvIECAGzsNfZT2+0=
Subject key identifier: 6C:D6:78:43:DC:1C:0F:BC:99:00:FD:91:C2:56:C1:E0:93:45:92:34
Certificate issuer: /CN=c87474ceb85af31122ede586d4d65b0f5b4d97f0
Certificate serial: 01983BF493FEC14BF2C56DE1338A0DB067B0
Authority key identifier: C8:74:74:CE:B8:5A:F3:11:22:ED:E5:86:D4:D6:5B:0F:5B:4D:97:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yHR0zrha8xEi7eWG1NZbD1tNl_A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/bNZ4Q9wcD7yZAP2RwlbB4JNFkjQ.roa
Signing time: Thu 24 Jul 2025 10:22:21 +0000
ROA not before: Thu 24 Jul 2025 10:22:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51661
IP address blocks: 185.160.20.0/24 maxlen: 24
185.160.20.0/25 maxlen: 25
185.160.21.0/24 maxlen: 24
185.160.22.0/24 maxlen: 24
185.160.23.0/24 maxlen: 24
2a02:1d0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/yHR0zrha8xEi7eWG1NZbD1tNl_A.crl
rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/yHR0zrha8xEi7eWG1NZbD1tNl_A.mft
rsync://rpki.ripe.net/repository/DEFAULT/yHR0zrha8xEi7eWG1NZbD1tNl_A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 05:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:3b:f4:93:fe:c1:4b:f2:c5:6d:e1:33:8a:0d:b0:67:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c87474ceb85af31122ede586d4d65b0f5b4d97f0
Validity
Not Before: Jul 24 10:22:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6cd67843dc1c0fbc9900fd91c256c1e093459234
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:24:65:9f:65:b5:6f:ca:33:4a:17:bb:5f:77:
a1:8b:cb:55:13:d6:06:b8:9e:ae:08:3c:db:1e:fe:
64:c7:fb:e9:5c:48:54:85:4b:5a:70:68:ba:17:57:
f9:be:dd:c7:7e:ce:d1:43:05:f4:c5:6e:13:d4:a7:
65:20:97:48:ea:0a:c1:d3:41:79:3d:d5:93:86:15:
4d:22:36:a4:d7:bc:23:98:f7:9d:fe:c2:6b:a3:19:
44:eb:b8:e6:59:bb:8b:7b:4e:32:2d:25:36:1d:92:
72:1b:f6:57:1f:2b:26:f6:87:4f:a0:88:30:5b:af:
3e:4d:78:d9:e9:9b:1f:11:c1:3b:43:a6:d1:3a:09:
e4:f4:14:b1:00:98:d9:5a:a6:1a:05:83:95:9e:e7:
8b:8f:ba:da:37:dd:fb:9b:66:2d:30:d6:29:0d:fc:
31:52:a5:21:c6:03:0a:29:51:11:c8:6a:9d:2b:28:
73:04:ae:9f:5a:68:02:e3:4e:ea:a9:7d:97:e9:56:
1d:a6:b8:f4:dc:b2:f9:4a:0f:89:73:8b:e1:ba:1f:
bb:33:b5:a5:40:a0:e6:f5:19:3e:97:62:34:38:56:
12:e7:3e:c9:68:cb:23:f7:57:8a:18:a9:43:7d:a1:
7c:4b:36:ac:d0:d1:37:34:7f:44:55:54:fa:4c:fe:
f6:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:D6:78:43:DC:1C:0F:BC:99:00:FD:91:C2:56:C1:E0:93:45:92:34
X509v3 Authority Key Identifier:
keyid:C8:74:74:CE:B8:5A:F3:11:22:ED:E5:86:D4:D6:5B:0F:5B:4D:97:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yHR0zrha8xEi7eWG1NZbD1tNl_A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/bNZ4Q9wcD7yZAP2RwlbB4JNFkjQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/yHR0zrha8xEi7eWG1NZbD1tNl_A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.160.20.0/22
IPv6:
2a02:1d0::/32
Signature Algorithm: sha256WithRSAEncryption
40:0e:29:10:87:db:65:33:c5:44:0e:86:5d:6b:ae:8f:1d:62:
1f:91:f6:15:48:f0:dd:89:40:10:4a:d9:31:f2:d3:4e:ea:18:
c9:41:e7:19:23:15:70:60:1c:32:92:65:51:bc:4f:f8:6f:5c:
5f:07:8e:1a:ec:f8:4c:79:a9:46:71:29:a1:30:e2:c5:74:bf:
33:23:ea:f0:18:5d:3f:b6:03:17:98:90:df:c3:81:d9:39:2d:
d3:ea:a3:d7:e5:b6:fb:98:32:88:61:ee:74:5e:2b:39:f3:49:
15:58:e0:3f:44:22:40:1a:dd:a2:82:2f:2a:86:60:6a:2c:6b:
8d:2f:ac:88:82:5b:c8:50:cc:84:4c:80:a2:06:20:4c:b9:ec:
bc:b2:be:d3:20:5d:2e:b2:7f:03:f1:97:8b:1f:f3:f9:9d:ed:
33:f2:9d:4d:8e:d0:a9:cc:95:6f:47:83:96:27:0c:37:5f:90:
5b:13:14:fc:df:7f:42:0f:d3:61:34:3d:b3:07:e5:ce:86:73:
f8:a4:56:e7:76:c4:01:8c:4f:86:f2:b1:d0:c0:e9:48:39:b7:
c7:3f:7a:eb:d4:4b:d1:a9:e5:fd:32:0b:2e:42:55:17:a5:fc:
bd:cb:a0:43:7b:e5:58:f1:1a:4d:59:64:52:2f:4f:31:b4:ec:
f5:ec:9d:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZg79JP+wUvyxW3hM4oNsGewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NzQ3NGNlYjg1YWYzMTEyMmVkZTU4NmQ0ZDY1YjBmNWI0
ZDk3ZjAwHhcNMjUwNzI0MTAyMjIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Q2Nzg0M2RjMWMwZmJjOTkwMGZkOTFjMjU2YzFlMDkzNDU5MjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCRln2W1b8ozShe7X3ehi8tVE9YG
uJ6uCDzbHv5kx/vpXEhUhUtacGi6F1f5vt3Hfs7RQwX0xW4T1KdlIJdI6grB00F5
PdWThhVNIjak17wjmPed/sJroxlE67jmWbuLe04yLSU2HZJyG/ZXHysm9odPoIgw
W68+TXjZ6ZsfEcE7Q6bROgnk9BSxAJjZWqYaBYOVnueLj7raN937m2YtMNYpDfwx
UqUhxgMKKVERyGqdKyhzBK6fWmgC407qqX2X6VYdprj03LL5Sg+Jc4vhuh+7M7Wl
QKDm9Rk+l2I0OFYS5z7JaMsj91eKGKlDfaF8Szas0NE3NH9EVVT6TP72JwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGzWeEPcHA+8mQD9kcJWweCTRZI0MB8GA1UdIwQY
MBaAFMh0dM64WvMRIu3lhtTWWw9bTZfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUhSMHpyaGE4eEVpN2VXRzFOWmJEMXRObF9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi81MmQ3NWMtZThhMC00ZWM4LWIwMGYt
MDM1ODY1MjNiMTMzLzEvYk5aNFE5d2NEN3laQVAyUndsYkI0Sk5Ga2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi81MmQ3NWMtZThhMC00ZWM4LWIwMGYtMDM1ODY1MjNiMTMz
LzEveUhSMHpyaGE4eEVpN2VXRzFOWmJEMXRObF9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaAUMA0E
AgACMAcDBQAqAgHQMA0GCSqGSIb3DQEBCwUAA4IBAQBADikQh9tlM8VEDoZda66P
HWIfkfYVSPDdiUAQStkx8tNO6hjJQecZIxVwYBwykmVRvE/4b1xfB44a7PhMealG
cSmhMOLFdL8zI+rwGF0/tgMXmJDfw4HZOS3T6qPX5bb7mDKIYe50Xis580kVWOA/
RCJAGt2igi8qhmBqLGuNL6yIglvIUMyETICiBiBMuey8sr7TIF0usn8D8ZeLH/P5
ne0z8p1NjtCpzJVvR4OWJww3X5BbExT8339CD9NhND2zB+XOhnP4pFbndsQBjE+G
8rHQwOlIObfHP3rr1EvRqeX9MgsuQlUXpfy9y6BDe+VY8RpNWWRSL08xtOz17J16
-----END CERTIFICATE-----
Generated at Sun Jul 27 13:09:07 2025 by rpki-client