Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/2T-Kvt1bpdN0_YBGdtCgkYbtIFU.roa
File: 2T-Kvt1bpdN0_YBGdtCgkYbtIFU.roa (raw, json)
Hash identifier: Mf9Gi5BZzMGQWvLtTffTsiys4iB2LC9omw3gsN9Ua/M=
Subject key identifier: D9:3F:8A:BE:DD:5B:A5:D3:74:FD:80:46:76:D0:A0:91:86:ED:20:55
Certificate issuer: /CN=a316c7659af1d56bc718faf614f092758f5edc7f
Certificate serial: 0198340343CDF4822729C87CA7E844E1E529
Authority key identifier: A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/2T-Kvt1bpdN0_YBGdtCgkYbtIFU.roa
Signing time: Tue 22 Jul 2025 21:21:25 +0000
ROA not before: Tue 22 Jul 2025 21:21:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206998
IP address blocks: 185.221.85.0/24 maxlen: 24
185.221.86.0/24 maxlen: 24
212.32.4.0/24 maxlen: 24
212.32.5.0/24 maxlen: 24
2a0d:8000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.mft
rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 26 Jul 2025 03:00:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:34:03:43:cd:f4:82:27:29:c8:7c:a7:e8:44:e1:e5:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a316c7659af1d56bc718faf614f092758f5edc7f
Validity
Not Before: Jul 22 21:21:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d93f8abedd5ba5d374fd804676d0a09186ed2055
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:04:5f:5b:c3:95:93:80:46:c6:b0:70:04:48:
99:3c:75:63:78:c3:e9:8d:07:3a:1d:e2:88:b5:ef:
d5:5b:3a:63:2c:d1:13:13:53:41:e4:5c:31:84:96:
c2:ca:4a:43:9f:12:2c:a4:8f:e1:b3:d3:09:5b:79:
9a:8c:3c:31:7c:a2:6e:e4:3c:0e:ed:61:c1:f3:2e:
d3:e4:4e:a1:a9:2b:62:0b:84:64:ff:a3:25:d7:2e:
a1:d0:ac:34:c4:8a:48:ca:c1:76:79:50:e3:90:3c:
ff:cb:4d:d2:bf:ad:b6:6e:3f:cb:e8:6c:2e:38:40:
41:59:20:c1:9b:b6:00:d5:73:c3:d5:9e:f8:1d:89:
59:6b:90:c3:38:0b:1d:17:d9:6f:81:af:ff:a8:a4:
61:5a:31:8d:84:fb:be:66:36:0b:d4:83:bd:f4:b7:
39:02:f5:c6:6b:93:98:af:23:d4:36:d5:17:24:fe:
13:d5:b2:1b:98:43:22:ab:7f:be:05:f6:1d:ae:a0:
d4:23:76:71:e1:d1:be:92:58:d3:1b:c4:6d:e2:3b:
eb:ea:2b:44:bb:5f:4b:0e:ed:62:53:44:97:43:e6:
e8:06:22:1d:24:8a:44:fc:20:0e:82:e0:48:f6:37:
ef:f0:4a:3e:e3:04:11:b7:fd:8a:18:f5:eb:d3:ca:
6d:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:3F:8A:BE:DD:5B:A5:D3:74:FD:80:46:76:D0:A0:91:86:ED:20:55
X509v3 Authority Key Identifier:
keyid:A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/2T-Kvt1bpdN0_YBGdtCgkYbtIFU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.221.85.0-185.221.86.255
212.32.4.0/23
IPv6:
2a0d:8000::/48
Signature Algorithm: sha256WithRSAEncryption
ae:b5:c6:d5:06:dd:d9:08:59:93:d8:ac:50:5f:d1:f1:f9:19:
26:b3:7c:c2:50:e2:38:2a:4b:12:05:7b:ec:43:1c:37:b4:29:
71:5f:c2:3c:c6:ce:38:36:6e:92:86:bc:ea:c9:14:9e:ca:fb:
6b:d8:73:47:58:53:7b:c5:22:ce:51:08:65:47:6f:12:7c:ee:
fc:15:13:7d:80:41:03:5f:7f:1e:ba:81:7e:b9:0a:7e:1b:48:
f0:65:e7:af:4b:e3:0c:b8:8b:2b:10:c4:44:e2:7d:03:f4:89:
7d:20:ed:52:9a:25:cf:60:df:3c:73:c4:f7:5b:1f:88:6e:1b:
72:f4:98:e5:82:1a:42:08:51:a5:9c:ff:89:be:d3:8a:17:e8:
48:5a:26:14:6b:a3:72:08:2f:cc:59:4f:ca:4d:59:85:ab:c6:
56:4e:b8:75:8a:af:73:eb:c3:fe:87:97:67:c8:2b:1f:13:db:
fe:d6:e4:25:f2:22:11:8f:e1:27:8f:01:d4:49:4a:a0:3a:88:
57:28:1c:bb:c4:6c:03:f7:6c:4c:bf:18:f1:1f:34:42:d8:e7:
1c:5a:71:4a:2c:b0:57:42:86:3f:87:15:8c:c2:d5:23:d9:e6:
ba:11:4f:e4:b3:e5:3d:78:40:c9:e2:12:27:e4:90:8b:9b:15:
5f:54:73:5c
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZg0A0PN9IInKch8p+hE4eUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMTZjNzY1OWFmMWQ1NmJjNzE4ZmFmNjE0ZjA5Mjc1OGY1
ZWRjN2YwHhcNMjUwNzIyMjEyMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTNmOGFiZWRkNWJhNWQzNzRmZDgwNDY3NmQwYTA5MTg2ZWQyMDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwRfW8OVk4BGxrBwBEiZPHVjeMPp
jQc6HeKIte/VWzpjLNETE1NB5FwxhJbCykpDnxIspI/hs9MJW3majDwxfKJu5DwO
7WHB8y7T5E6hqStiC4Rk/6Ml1y6h0Kw0xIpIysF2eVDjkDz/y03Sv622bj/L6Gwu
OEBBWSDBm7YA1XPD1Z74HYlZa5DDOAsdF9lvga//qKRhWjGNhPu+ZjYL1IO99Lc5
AvXGa5OYryPUNtUXJP4T1bIbmEMiq3++BfYdrqDUI3Zx4dG+kljTG8Rt4jvr6itE
u19LDu1iU0SXQ+boBiIdJIpE/CAOguBI9jfv8Eo+4wQRt/2KGPXr08ptpwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFNk/ir7dW6XTdP2ARnbQoJGG7SBVMB8GA1UdIwQY
MBaAFKMWx2Wa8dVrxxj69hTwknWPXtx/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUt
MzY4N2M4MThlZGU1LzEvMlQtS3Z0MWJwZE4wX1lCR2R0Q2drWWJ0SUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUtMzY4N2M4MThlZGU1
LzEvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUMAwDBAC53VUD
BAC53VYDBAHUIAQwDwQCAAIwCQMHACoNgAAAADANBgkqhkiG9w0BAQsFAAOCAQEA
rrXG1Qbd2QhZk9isUF/R8fkZJrN8wlDiOCpLEgV77EMcN7QpcV/CPMbOODZukoa8
6skUnsr7a9hzR1hTe8UizlEIZUdvEnzu/BUTfYBBA19/HrqBfrkKfhtI8GXnr0vj
DLiLKxDEROJ9A/SJfSDtUpolz2DfPHPE91sfiG4bcvSY5YIaQghRpZz/ib7Tihfo
SFomFGujcggvzFlPyk1ZhavGVk64dYqvc+vD/oeXZ8grHxPb/tbkJfIiEY/hJ48B
1ElKoDqIVygcu8RsA/dsTL8Y8R80QtjnHFpxSiywV0KGP4cVjMLVI9nmuhFP5LPl
PXhAyeISJ+SQi5sVX1RzXA==
-----END CERTIFICATE-----
Generated at Fri Jul 25 12:54:39 2025 by rpki-client