Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/YH9rgvwa_c5tkfoIds2w3LcyxQU.roa
File: YH9rgvwa_c5tkfoIds2w3LcyxQU.roa (raw, json)
Hash identifier: O5b96K5UqDPwtmiTY4ipuOfWppIds6W4j/eFK50+Z/0=
Subject key identifier: 60:7F:6B:82:FC:1A:FD:CE:6D:91:FA:08:76:CD:B0:DC:B7:32:C5:05
Certificate issuer: /CN=a76fcfad966ae7e8171cfce26db3f65776d26fe8
Certificate serial: 019711F23385C9A4AC957A61F3F9C97F3FFC
Authority key identifier: A7:6F:CF:AD:96:6A:E7:E8:17:1C:FC:E2:6D:B3:F6:57:76:D2:6F:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/YH9rgvwa_c5tkfoIds2w3LcyxQU.roa
Signing time: Tue 27 May 2025 13:32:54 +0000
ROA not before: Tue 27 May 2025 13:32:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199541
IP address blocks: 147.196.0.0/16 maxlen: 16
153.98.1.0/24 maxlen: 24
153.98.5.0/24 maxlen: 24
153.98.9.0/24 maxlen: 24
153.98.13.0/24 maxlen: 24
153.98.36.0/24 maxlen: 24
153.98.37.0/24 maxlen: 24
153.98.68.0/24 maxlen: 24
153.98.70.0/24 maxlen: 24
153.98.71.0/24 maxlen: 24
153.98.83.0/24 maxlen: 24
153.98.100.0/24 maxlen: 24
153.98.105.0/24 maxlen: 24
153.98.106.0/24 maxlen: 24
153.98.107.0/24 maxlen: 24
153.98.108.0/24 maxlen: 24
153.98.109.0/24 maxlen: 24
153.98.110.0/24 maxlen: 24
153.98.111.0/24 maxlen: 24
153.98.112.0/24 maxlen: 24
153.98.113.0/24 maxlen: 24
153.98.114.0/24 maxlen: 24
153.98.115.0/24 maxlen: 24
153.98.116.0/24 maxlen: 24
153.98.117.0/24 maxlen: 24
153.98.118.0/24 maxlen: 24
153.98.119.0/24 maxlen: 24
153.98.120.0/24 maxlen: 24
153.98.121.0/24 maxlen: 24
153.98.122.0/24 maxlen: 24
153.98.123.0/24 maxlen: 24
192.70.89.0/24 maxlen: 24
192.70.90.0/24 maxlen: 24
192.93.20.0/22 maxlen: 22
193.58.19.0/24 maxlen: 24
193.58.21.0/24 maxlen: 24
193.58.31.0/24 maxlen: 24
193.221.2.0/24 maxlen: 24
193.221.14.0/24 maxlen: 24
193.221.170.0/24 maxlen: 24
193.221.181.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.crl
rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.mft
rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 03:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:11:f2:33:85:c9:a4:ac:95:7a:61:f3:f9:c9:7f:3f:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a76fcfad966ae7e8171cfce26db3f65776d26fe8
Validity
Not Before: May 27 13:32:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=607f6b82fc1afdce6d91fa0876cdb0dcb732c505
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:66:33:19:fd:d5:ab:2b:ba:e3:2c:0e:69:eb:
7a:21:c1:c3:08:85:60:8c:d0:06:d7:c8:0c:83:59:
ab:53:86:f3:23:1e:d9:19:2c:56:9a:10:82:41:bd:
0b:5d:03:d2:19:38:64:fa:dd:5f:5e:9f:bf:82:7f:
71:80:bc:6a:ca:19:1f:5f:e9:2a:1f:fc:74:18:2a:
23:fc:fa:f7:0b:27:ee:2d:04:07:cd:5a:45:0a:bf:
ea:1a:7c:d4:28:72:77:0f:7f:b3:57:30:6f:df:d3:
34:15:c2:18:ab:ea:e6:e8:5c:20:0f:39:dd:6d:ea:
46:25:81:fd:0c:20:b6:f7:28:04:e0:32:86:4d:64:
0c:17:d2:62:cd:cf:9c:0e:88:69:75:eb:62:6a:77:
69:b3:1b:4b:e7:7a:4d:f3:79:a0:29:48:5c:e6:cf:
da:fa:37:6b:6a:c4:c6:d7:bb:1e:5b:12:46:07:f1:
fc:aa:36:e1:cc:ad:ae:a7:a9:9b:f8:0d:4b:15:c2:
52:62:60:e5:9c:c9:5d:64:18:e6:06:13:fc:32:db:
84:e5:e2:3b:7a:8c:99:c4:d7:85:f3:ad:37:bb:20:
53:5e:d0:6d:6c:ea:da:ba:ba:b3:0b:77:ff:b0:8c:
0e:0c:53:24:cd:10:28:3d:7b:eb:aa:36:27:07:a4:
96:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:7F:6B:82:FC:1A:FD:CE:6D:91:FA:08:76:CD:B0:DC:B7:32:C5:05
X509v3 Authority Key Identifier:
keyid:A7:6F:CF:AD:96:6A:E7:E8:17:1C:FC:E2:6D:B3:F6:57:76:D2:6F:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/YH9rgvwa_c5tkfoIds2w3LcyxQU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.196.0.0/16
153.98.1.0/24
153.98.5.0/24
153.98.9.0/24
153.98.13.0/24
153.98.36.0/23
153.98.68.0/24
153.98.70.0/23
153.98.83.0/24
153.98.100.0/24
153.98.105.0-153.98.123.255
192.70.89.0-192.70.90.255
192.93.20.0/22
193.58.19.0/24
193.58.21.0/24
193.58.31.0/24
193.221.2.0/24
193.221.14.0/24
193.221.170.0/24
193.221.181.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:ef:0c:f8:52:87:6d:d3:8f:5d:d7:41:db:1e:e1:7c:42:7e:
91:70:15:11:8a:f3:7a:01:86:04:c9:af:9e:ac:bb:39:b2:02:
1f:3a:cd:85:08:4a:74:7f:bc:49:fa:f1:26:74:fb:3d:db:ba:
84:d9:fa:47:8b:a4:09:a4:21:1c:bc:21:fc:63:64:ad:95:15:
78:24:fe:04:93:7f:b6:fb:9b:35:7b:ab:bd:c7:f9:64:62:61:
cf:40:ca:6e:e4:83:7c:c3:4b:e9:2a:fc:37:eb:41:c3:e6:0f:
1a:83:79:52:53:fc:cc:90:a8:2a:0c:b9:2e:b4:68:6b:8c:58:
65:71:d3:8a:9a:d0:1a:b8:b6:37:cc:4d:8e:22:de:21:a6:ac:
43:1e:8b:b3:b8:6b:e4:e9:f0:6e:28:ea:74:4c:a1:2d:76:10:
9d:c3:3e:7d:fc:7d:7e:d4:e1:ad:1f:b8:d0:eb:ef:e1:2f:70:
4a:be:e7:58:32:11:0f:e1:a8:88:6a:88:71:d9:17:45:e1:f0:
fb:15:00:0d:75:c4:61:cb:d5:ec:55:80:62:bd:f8:05:85:71:
9e:6d:27:08:74:8b:a3:16:da:b3:47:e1:ec:58:fb:66:20:5d:
ef:4a:6d:28:15:26:14:ad:e4:6c:e2:b5:4f:56:2f:dc:a7:4b:
c8:61:c7:dc
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgISAZcR8jOFyaSslXph8/nJfz/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmZjZmFkOTY2YWU3ZTgxNzFjZmNlMjZkYjNmNjU3NzZk
MjZmZTgwHhcNMjUwNTI3MTMzMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDdmNmI4MmZjMWFmZGNlNmQ5MWZhMDg3NmNkYjBkY2I3MzJjNTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmYzGf3Vqyu64ywOaet6IcHDCIVg
jNAG18gMg1mrU4bzIx7ZGSxWmhCCQb0LXQPSGThk+t1fXp+/gn9xgLxqyhkfX+kq
H/x0GCoj/Pr3CyfuLQQHzVpFCr/qGnzUKHJ3D3+zVzBv39M0FcIYq+rm6FwgDznd
bepGJYH9DCC29ygE4DKGTWQMF9Jizc+cDohpdetiandpsxtL53pN83mgKUhc5s/a
+jdrasTG17seWxJGB/H8qjbhzK2up6mb+A1LFcJSYmDlnMldZBjmBhP8MtuE5eI7
eoyZxNeF8603uyBTXtBtbOraurqzC3f/sIwODFMkzRAoPXvrqjYnB6SWOQIDAQAB
o4ICjzCCAoswHQYDVR0OBBYEFGB/a4L8Gv3ObZH6CHbNsNy3MsUFMB8GA1UdIwQY
MBaAFKdvz62WaufoFxz84m2z9ld20m/oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDJfUHJaWnE1LWdYSFB6aWJiUDJWM2JTYi1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9kYjg3NTItODRiMi00MzhhLTliYzEt
YzU0MDFmNmQ5MWQxLzEvWUg5cmd2d2FfYzV0a2ZvSWRzMnczTGN5eFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9kYjg3NTItODRiMi00MzhhLTliYzEtYzU0MDFmNmQ5MWQx
LzEvcDJfUHJaWnE1LWdYSFB6aWJiUDJWM2JTYi1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGkBggrBgEFBQcBBwEB/wSBlDCBkTCBjgQCAAEwgYcDAwCT
xAMEAJliAQMEAJliBQMEAJliCQMEAJliDQMEAZliJAMEAJliRAMEAZliRgMEAJli
UwMEAJliZDAMAwQAmWJpAwQCmWJ4MAwDBADARlkDBADARloDBALAXRQDBADBOhMD
BADBOhUDBADBOh8DBADB3QIDBADB3Q4DBADB3aoDBADB3bUwDQYJKoZIhvcNAQEL
BQADggEBAH3vDPhSh23Tj13XQdse4XxCfpFwFRGK83oBhgTJr56suzmyAh86zYUI
SnR/vEn68SZ0+z3buoTZ+keLpAmkIRy8IfxjZK2VFXgk/gSTf7b7mzV7q73H+WRi
Yc9Aym7kg3zDS+kq/DfrQcPmDxqDeVJT/MyQqCoMuS60aGuMWGVx04qa0Bq4tjfM
TY4i3iGmrEMei7O4a+Tp8G4o6nRMoS12EJ3DPn38fX7U4a0fuNDr7+EvcEq+51gy
EQ/hqIhqiHHZF0Xh8PsVAA11xGHL1exVgGK9+AWFcZ5tJwh0i6MW2rNH4exY+2Yg
Xe9KbSgVJhSt5GzitU9WL9ynS8hhx9w=
-----END CERTIFICATE-----
Generated at Sun Jun 8 07:23:22 2025 by rpki-client