Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/db5654-3eb7-4835-af32-f1e4f21d8702/1/imHQYg5LjpecUXmRBf2wIK9f70s.roa
File: imHQYg5LjpecUXmRBf2wIK9f70s.roa (raw, json)
Hash identifier: fwrQLWCO0tBmX3/PkxZEuXo+JQaCjLY7jAbEzE71wJg=
Subject key identifier: 8A:61:D0:62:0E:4B:8E:97:9C:51:79:91:05:FD:B0:20:AF:5F:EF:4B
Certificate issuer: /CN=2fbf8c6fb7f547170b67962575cf2ba8ed15e548
Certificate serial: 01991D2F1AB53B1565B87DBD9DA5AF451519
Authority key identifier: 2F:BF:8C:6F:B7:F5:47:17:0B:67:96:25:75:CF:2B:A8:ED:15:E5:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L7-Mb7f1RxcLZ5Yldc8rqO0V5Ug.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/04/db5654-3eb7-4835-af32-f1e4f21d8702/1/imHQYg5LjpecUXmRBf2wIK9f70s.roa
Signing time: Sat 06 Sep 2025 04:00:50 +0000
ROA not before: Sat 06 Sep 2025 04:00:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62406
IP address blocks: 185.235.81.0/24 maxlen: 24
185.235.83.0/24 maxlen: 24
2a0a:5b40:1::/48 maxlen: 48
2a0a:5b40:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/04/db5654-3eb7-4835-af32-f1e4f21d8702/1/L7-Mb7f1RxcLZ5Yldc8rqO0V5Ug.crl
rsync://rpki.ripe.net/repository/DEFAULT/04/db5654-3eb7-4835-af32-f1e4f21d8702/1/L7-Mb7f1RxcLZ5Yldc8rqO0V5Ug.mft
rsync://rpki.ripe.net/repository/DEFAULT/L7-Mb7f1RxcLZ5Yldc8rqO0V5Ug.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 10 Sep 2025 17:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:1d:2f:1a:b5:3b:15:65:b8:7d:bd:9d:a5:af:45:15:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2fbf8c6fb7f547170b67962575cf2ba8ed15e548
Validity
Not Before: Sep 6 04:00:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8a61d0620e4b8e979c51799105fdb020af5fef4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:fb:86:09:7a:b7:0f:a1:6a:6a:46:e8:09:96:
54:9d:a2:61:6f:e5:7b:32:45:18:86:e2:8f:11:4a:
3f:b6:40:29:3e:77:f8:37:6f:95:71:f7:9e:78:46:
50:e9:62:4f:ee:56:b0:4a:6f:7b:04:6f:c1:03:c5:
e6:b4:91:b2:65:10:15:1b:d5:28:58:de:d7:a6:e2:
11:70:b4:ed:b2:91:b7:83:36:85:92:03:4c:a3:83:
11:50:eb:0d:02:91:d8:dc:19:9f:2d:3f:fa:be:75:
7f:24:bd:32:03:7d:e3:ab:55:d1:de:73:94:0e:5e:
42:c4:56:56:dc:cf:18:91:e8:1b:dc:e8:60:66:fc:
3a:cc:75:58:16:13:c3:02:87:30:eb:45:d2:f1:89:
ec:aa:ca:3d:b4:b5:06:fc:df:fe:50:d3:72:3a:58:
ee:c8:ea:f7:59:eb:cd:28:ec:10:aa:01:36:b0:ec:
45:29:61:74:5c:05:33:d6:e3:47:a9:18:79:e3:8e:
47:16:3d:2b:38:52:8a:ed:7c:ac:9d:7c:8e:25:c0:
6c:33:bb:80:9c:0f:04:72:68:8f:d3:1e:ed:96:73:
e8:9c:77:b9:de:e6:2f:f2:85:72:a2:59:2b:ee:1d:
a3:c5:bb:ac:5f:b6:5a:4b:94:2e:e5:c1:ae:cd:60:
76:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:61:D0:62:0E:4B:8E:97:9C:51:79:91:05:FD:B0:20:AF:5F:EF:4B
X509v3 Authority Key Identifier:
keyid:2F:BF:8C:6F:B7:F5:47:17:0B:67:96:25:75:CF:2B:A8:ED:15:E5:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L7-Mb7f1RxcLZ5Yldc8rqO0V5Ug.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/db5654-3eb7-4835-af32-f1e4f21d8702/1/imHQYg5LjpecUXmRBf2wIK9f70s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/04/db5654-3eb7-4835-af32-f1e4f21d8702/1/L7-Mb7f1RxcLZ5Yldc8rqO0V5Ug.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.235.81.0/24
185.235.83.0/24
IPv6:
2a0a:5b40:1::/48
2a0a:5b40:3::/48
Signature Algorithm: sha256WithRSAEncryption
34:18:48:13:e0:62:7c:04:67:30:c0:ed:49:db:15:f9:43:42:
a9:2c:92:58:16:80:d4:90:a4:ef:6a:05:84:e1:52:88:b7:3f:
88:a7:8c:8c:d4:5c:f7:cb:3c:46:07:5a:1d:54:cc:a3:27:27:
c2:9a:5d:c3:c4:66:35:0c:77:d1:79:64:19:3e:d2:5b:ff:a2:
e1:22:5d:19:36:b5:55:1c:6b:b7:da:43:f0:24:8a:71:b9:80:
fe:dc:c0:ff:90:65:b6:59:d8:0e:12:3e:8a:ae:18:72:c1:c6:
32:f1:34:ca:66:a7:4f:77:49:a9:fb:56:a8:42:4a:47:91:e9:
f5:3a:82:b6:b1:64:4a:f8:61:63:6a:14:eb:b6:46:de:de:b5:
97:09:e8:08:ee:3a:93:65:13:de:cc:f4:3f:c1:f0:8a:44:2c:
e2:f9:98:61:52:a4:3c:6a:84:c3:86:a8:aa:b1:be:2b:41:a1:
70:54:60:a3:6d:e3:ce:ab:d6:ba:73:17:13:ee:e9:ff:cf:e3:
38:ca:99:14:97:c6:af:2d:66:48:c3:13:79:4f:3c:03:ef:f3:
b2:88:77:9c:5c:8e:52:1b:40:75:3e:cd:79:79:86:f1:ef:9c:
ea:a0:ec:48:b5:7f:4b:cf:e1:1a:c6:89:57:ae:97:29:4e:af:
d4:07:5c:33
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZkdLxq1OxVluH29naWvRRUZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYmY4YzZmYjdmNTQ3MTcwYjY3OTYyNTc1Y2YyYmE4ZWQx
NWU1NDgwHhcNMjUwOTA2MDQwMDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTYxZDA2MjBlNGI4ZTk3OWM1MTc5OTEwNWZkYjAyMGFmNWZlZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvuGCXq3D6FqakboCZZUnaJhb+V7
MkUYhuKPEUo/tkApPnf4N2+VcfeeeEZQ6WJP7lawSm97BG/BA8XmtJGyZRAVG9Uo
WN7XpuIRcLTtspG3gzaFkgNMo4MRUOsNApHY3BmfLT/6vnV/JL0yA33jq1XR3nOU
Dl5CxFZW3M8Ykegb3OhgZvw6zHVYFhPDAocw60XS8Ynsqso9tLUG/N/+UNNyOlju
yOr3WevNKOwQqgE2sOxFKWF0XAUz1uNHqRh5445HFj0rOFKK7XysnXyOJcBsM7uA
nA8EcmiP0x7tlnPonHe53uYv8oVyolkr7h2jxbusX7ZaS5Qu5cGuzWB2UQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFIph0GIOS46XnFF5kQX9sCCvX+9LMB8GA1UdIwQY
MBaAFC+/jG+39UcXC2eWJXXPK6jtFeVIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDctTWI3ZjFSeGNMWjVZbGRjOHJxTzBWNVVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kYjU2NTQtM2ViNy00ODM1LWFmMzIt
ZjFlNGYyMWQ4NzAyLzEvaW1IUVlnNUxqcGVjVVhtUkJmMndJSzlmNzBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kYjU2NTQtM2ViNy00ODM1LWFmMzItZjFlNGYyMWQ4NzAy
LzEvTDctTWI3ZjFSeGNMWjVZbGRjOHJxTzBWNVVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQAuetRAwQA
uetTMBgEAgACMBIDBwAqCltAAAEDBwAqCltAAAMwDQYJKoZIhvcNAQELBQADggEB
ADQYSBPgYnwEZzDA7UnbFflDQqksklgWgNSQpO9qBYThUoi3P4injIzUXPfLPEYH
Wh1UzKMnJ8KaXcPEZjUMd9F5ZBk+0lv/ouEiXRk2tVUca7faQ/AkinG5gP7cwP+Q
ZbZZ2A4SPoquGHLBxjLxNMpmp093San7VqhCSkeR6fU6graxZEr4YWNqFOu2Rt7e
tZcJ6AjuOpNlE97M9D/B8IpELOL5mGFSpDxqhMOGqKqxvitBoXBUYKNt486r1rpz
FxPu6f/P4zjKmRSXxq8tZkjDE3lPPAPv87KId5xcjlIbQHU+zXl5hvHvnOqg7Ei1
f0vP4RrGiVeulylOr9QHXDM=
-----END CERTIFICATE-----
Generated at Tue Sep 9 23:19:21 2025 by rpki-client