Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/KmdLHLP3esDIZdzCArSrlmBbPp8.roa
File: KmdLHLP3esDIZdzCArSrlmBbPp8.roa (raw, json)
Hash identifier: WqUlEY2bpfF+zvYe5PFelqcso3fi4m7p8oWvpEdkGns=
Subject key identifier: 2A:67:4B:1C:B3:F7:7A:C0:C8:65:DC:C2:02:B4:AB:96:60:5B:3E:9F
Certificate issuer: /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial: 0197D0AA2BA933C1DC2FA4BC2B9F875B42A4
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/KmdLHLP3esDIZdzCArSrlmBbPp8.roa
Signing time: Thu 03 Jul 2025 14:21:42 +0000
ROA not before: Thu 03 Jul 2025 14:21:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 87.254.11.0/24 maxlen: 24
217.25.3.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 06:21:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:d0:aa:2b:a9:33:c1:dc:2f:a4:bc:2b:9f:87:5b:42:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Validity
Not Before: Jul 3 14:21:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a674b1cb3f77ac0c865dcc202b4ab96605b3e9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:6d:5f:6e:34:9a:6d:f3:b0:ae:31:f1:ba:fd:
a1:84:bf:28:c8:10:4e:46:95:ea:0e:c7:60:5c:01:
6e:0d:c9:5d:67:89:c2:09:9c:ab:1a:b7:a1:ce:9a:
aa:cd:b7:f4:0b:da:ac:f9:06:7b:40:00:49:e1:c4:
86:05:f4:d1:fe:84:70:7e:6c:50:3a:cd:bc:85:a3:
c2:d9:ba:f3:6c:cd:0e:9d:b7:39:46:0f:99:78:de:
2e:a0:8b:30:89:a9:4c:79:f3:8a:5f:8d:c9:b3:fb:
44:fe:07:aa:bd:b2:8e:b5:f9:d7:d0:54:79:ec:c1:
00:c1:75:2a:a6:77:fb:4b:c2:72:88:eb:d7:85:3e:
dc:4b:e5:ee:bc:1d:c6:d5:c1:eb:6e:03:f6:ec:8d:
b0:a0:05:31:0c:db:36:af:88:97:6c:c3:18:33:99:
87:28:49:0c:4a:c6:7a:fc:be:df:37:54:d4:4b:c8:
e0:c5:94:c3:fa:66:9b:15:e5:8a:ee:05:e4:76:47:
d1:5b:8e:e5:3c:ba:85:90:9a:af:89:f5:17:ef:9d:
21:28:26:47:d0:72:a2:9d:2b:f1:10:41:4a:23:67:
4b:d4:23:94:0d:25:70:6e:86:d5:46:0f:75:df:1a:
be:47:f0:e3:b0:26:4a:b9:22:4b:06:29:a2:a1:f2:
ed:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:67:4B:1C:B3:F7:7A:C0:C8:65:DC:C2:02:B4:AB:96:60:5B:3E:9F
X509v3 Authority Key Identifier:
keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/KmdLHLP3esDIZdzCArSrlmBbPp8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.11.0/24
217.25.3.0/24
Signature Algorithm: sha256WithRSAEncryption
ad:5d:9c:dd:21:4e:00:e8:ef:84:2f:72:bb:6f:b3:22:da:ad:
22:f1:02:b8:17:74:ea:ea:35:06:22:cc:d1:89:23:c0:cd:a7:
a7:14:39:31:0b:a2:2b:2a:81:9a:08:05:d5:d3:81:81:f2:10:
25:0f:27:99:b3:cd:3b:54:3f:47:bd:ae:7f:4e:59:1d:04:44:
70:32:ae:6b:44:36:d9:85:6a:a7:3f:0b:3b:e5:1f:ea:d9:2b:
3b:ba:41:82:d0:ec:a3:35:5e:8a:bb:3d:64:2f:c2:e0:77:94:
09:49:8f:1d:73:41:7a:85:65:82:23:3f:87:cc:90:c9:eb:07:
2f:b0:ac:5e:a9:c1:d8:ca:e5:45:c8:87:4e:71:0b:e0:14:28:
cd:70:2e:82:87:bd:3a:3f:ff:e2:dc:f7:aa:8c:11:2c:d8:5d:
4e:e0:0b:68:15:56:14:0c:a9:7c:92:22:6f:5b:95:97:1f:d3:
7e:4b:be:81:2c:ce:5d:b5:c6:6d:03:2e:f9:40:08:7e:26:61:
b8:93:07:b6:f6:2f:31:e8:64:0b:ea:c8:db:63:0a:5f:f8:3c:
ce:a7:af:90:ed:4b:f7:b0:dc:27:f1:66:5e:12:a0:04:87:e6:
11:c1:d4:8b:d4:98:04:59:bd:8b:23:4a:1f:7e:8d:2c:d0:aa:
7d:5e:6d:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfQqiupM8HcL6S8K5+HW0KkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwNzAzMTQyMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTY3NGIxY2IzZjc3YWMwYzg2NWRjYzIwMmI0YWI5NjYwNWIzZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm1fbjSabfOwrjHxuv2hhL8oyBBO
RpXqDsdgXAFuDcldZ4nCCZyrGrehzpqqzbf0C9qs+QZ7QABJ4cSGBfTR/oRwfmxQ
Os28haPC2brzbM0Onbc5Rg+ZeN4uoIswialMefOKX43Js/tE/geqvbKOtfnX0FR5
7MEAwXUqpnf7S8JyiOvXhT7cS+XuvB3G1cHrbgP27I2woAUxDNs2r4iXbMMYM5mH
KEkMSsZ6/L7fN1TUS8jgxZTD+mabFeWK7gXkdkfRW47lPLqFkJqvifUX750hKCZH
0HKinSvxEEFKI2dL1COUDSVwbobVRg913xq+R/DjsCZKuSJLBimiofLtHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCpnSxyz93rAyGXcwgK0q5ZgWz6fMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvS21kTEhMUDNlc0RJWmR6Q0FyU3JsbUJiUHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/4LAwQA
2RkDMA0GCSqGSIb3DQEBCwUAA4IBAQCtXZzdIU4A6O+EL3K7b7Mi2q0i8QK4F3Tq
6jUGIszRiSPAzaenFDkxC6IrKoGaCAXV04GB8hAlDyeZs807VD9Hva5/TlkdBERw
Mq5rRDbZhWqnPws75R/q2Ss7ukGC0OyjNV6Kuz1kL8Lgd5QJSY8dc0F6hWWCIz+H
zJDJ6wcvsKxeqcHYyuVFyIdOcQvgFCjNcC6Ch706P//i3PeqjBEs2F1O4AtoFVYU
DKl8kiJvW5WXH9N+S76BLM5dtcZtAy75QAh+JmG4kwe29i8x6GQL6sjbYwpf+DzO
p6+Q7Uv3sNwn8WZeEqAEh+YRwdSL1JgEWb2LI0offo0s0Kp9Xm1R
-----END CERTIFICATE-----
Generated at Sun Jul 20 14:09:56 2025 by rpki-client