Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/589761-c662-4f13-870a-13e8801628f5/1/uMFOgPoc2NWCSxPiOG6b1D8E-ZI.roa
File: uMFOgPoc2NWCSxPiOG6b1D8E-ZI.roa (raw, json)
Hash identifier: R/unw2gN5aPMxs/UeuzYe+LHJKBGKVUf8WbT/53nntg=
Subject key identifier: B8:C1:4E:80:FA:1C:D8:D5:82:4B:13:E2:38:6E:9B:D4:3F:04:F9:92
Certificate issuer: /CN=761624dddc5c0279c7f8c9ff1288a4d3044c0847
Certificate serial: 0197213117E4344986779DE38B9E815B4E06
Authority key identifier: 76:16:24:DD:DC:5C:02:79:C7:F8:C9:FF:12:88:A4:D3:04:4C:08:47
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dhYk3dxcAnnH-Mn_Eoik0wRMCEc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/589761-c662-4f13-870a-13e8801628f5/1/uMFOgPoc2NWCSxPiOG6b1D8E-ZI.roa
Signing time: Fri 30 May 2025 12:35:54 +0000
ROA not before: Fri 30 May 2025 12:35:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202865
IP address blocks: 185.152.68.0/22 maxlen: 22
185.152.68.0/23 maxlen: 23
185.152.68.0/24 maxlen: 24
185.152.69.0/24 maxlen: 24
185.152.70.0/23 maxlen: 23
185.152.70.0/24 maxlen: 24
185.152.71.0/24 maxlen: 24
2a07:8100::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0d/589761-c662-4f13-870a-13e8801628f5/1/dhYk3dxcAnnH-Mn_Eoik0wRMCEc.crl
rsync://rpki.ripe.net/repository/DEFAULT/0d/589761-c662-4f13-870a-13e8801628f5/1/dhYk3dxcAnnH-Mn_Eoik0wRMCEc.mft
rsync://rpki.ripe.net/repository/DEFAULT/dhYk3dxcAnnH-Mn_Eoik0wRMCEc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 03:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:21:31:17:e4:34:49:86:77:9d:e3:8b:9e:81:5b:4e:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=761624dddc5c0279c7f8c9ff1288a4d3044c0847
Validity
Not Before: May 30 12:35:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b8c14e80fa1cd8d5824b13e2386e9bd43f04f992
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:19:52:fb:c4:a7:c9:5c:48:c6:a6:54:c9:16:
bd:63:f9:2b:1d:04:26:03:39:19:bb:4c:c6:79:4c:
c7:c7:5f:a9:7d:b8:11:a9:68:f8:5d:a1:af:2b:df:
86:93:b6:32:72:f2:60:6a:33:20:d2:dc:df:0b:b2:
f6:79:6e:b8:7d:f7:cb:d6:4a:02:d1:3b:5f:b7:6b:
de:e4:05:bc:6e:ae:58:e9:ac:05:b7:8f:9c:65:10:
7b:53:3b:95:3b:bc:22:d3:91:c1:39:d8:0c:93:41:
1b:4f:ed:25:ef:38:d0:a7:5b:ba:65:ce:b1:b5:ab:
eb:5a:c1:88:33:cc:e2:1e:cd:43:12:f9:a2:6e:de:
de:8f:58:a9:dc:f0:ba:cc:57:70:7a:83:24:05:88:
c6:9f:3e:88:8d:88:b7:fe:8a:9e:94:a7:bc:bd:8b:
65:10:a0:77:42:e7:24:33:e0:da:61:ac:2d:c1:65:
ae:e7:e2:dd:1e:2c:89:7a:84:81:f5:a1:43:52:0e:
15:19:3f:e5:2b:97:b7:57:79:17:a1:96:6b:70:72:
93:e1:fb:eb:44:c2:aa:28:ca:e7:d0:bf:15:92:53:
9f:fb:78:cc:b6:2a:c3:cb:01:ec:c6:97:b3:27:83:
c1:cd:0e:3b:14:52:58:cd:3d:bf:9a:8f:db:22:fd:
e9:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:C1:4E:80:FA:1C:D8:D5:82:4B:13:E2:38:6E:9B:D4:3F:04:F9:92
X509v3 Authority Key Identifier:
keyid:76:16:24:DD:DC:5C:02:79:C7:F8:C9:FF:12:88:A4:D3:04:4C:08:47
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhYk3dxcAnnH-Mn_Eoik0wRMCEc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/589761-c662-4f13-870a-13e8801628f5/1/uMFOgPoc2NWCSxPiOG6b1D8E-ZI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/589761-c662-4f13-870a-13e8801628f5/1/dhYk3dxcAnnH-Mn_Eoik0wRMCEc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.152.68.0/22
IPv6:
2a07:8100::/29
Signature Algorithm: sha256WithRSAEncryption
95:08:0b:6e:2a:34:0a:86:42:36:c7:4a:46:b0:3f:2e:1f:35:
c5:24:43:6c:ce:6c:f3:e0:26:fc:dc:34:b1:ab:c4:9d:ac:14:
74:ca:d6:28:a4:17:02:8a:4d:cf:64:40:49:7d:d6:b3:28:c1:
a9:1d:66:11:9a:92:94:c5:75:1f:1d:f1:86:f9:3b:6c:93:5b:
63:85:b6:c3:a5:0e:de:31:df:41:7d:54:a9:f1:a3:f6:be:a1:
f2:09:16:e5:33:f1:54:d6:78:ed:8a:dc:25:32:20:00:42:19:
ba:67:0d:17:e1:14:98:a3:b4:3f:7a:bf:94:2d:1c:02:c5:d1:
03:82:9b:8d:c2:43:8b:70:ec:fc:20:e6:1e:02:7e:f3:61:35:
ba:90:7c:69:1a:67:d1:a0:c5:ab:46:3c:a2:08:44:ca:35:48:
f5:bb:93:41:bc:2d:5b:1f:ed:e8:43:e3:94:f9:22:a9:b5:f6:
c1:f5:19:63:22:16:a1:ab:76:33:47:45:98:92:19:cf:a1:53:
48:ac:5f:ab:03:bc:f4:a8:b0:9e:bf:45:00:21:67:1f:b7:f4:
73:92:78:cd:ff:8b:e9:cb:6f:ad:c7:50:83:bf:e6:12:25:0d:
18:8f:64:b1:22:cb:7b:1e:ca:05:b4:3f:d6:16:fe:77:a0:35:
1e:db:cb:83
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZchMRfkNEmGd53ji56BW04GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MTYyNGRkZGM1YzAyNzljN2Y4YzlmZjEyODhhNGQzMDQ0
YzA4NDcwHhcNMjUwNTMwMTIzNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGMxNGU4MGZhMWNkOGQ1ODI0YjEzZTIzODZlOWJkNDNmMDRmOTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBlS+8SnyVxIxqZUyRa9Y/krHQQm
AzkZu0zGeUzHx1+pfbgRqWj4XaGvK9+Gk7YycvJgajMg0tzfC7L2eW64fffL1koC
0Ttft2ve5AW8bq5Y6awFt4+cZRB7UzuVO7wi05HBOdgMk0EbT+0l7zjQp1u6Zc6x
tavrWsGIM8ziHs1DEvmibt7ej1ip3PC6zFdweoMkBYjGnz6IjYi3/oqelKe8vYtl
EKB3QuckM+DaYawtwWWu5+LdHiyJeoSB9aFDUg4VGT/lK5e3V3kXoZZrcHKT4fvr
RMKqKMrn0L8VklOf+3jMtirDywHsxpezJ4PBzQ47FFJYzT2/mo/bIv3pNwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLjBToD6HNjVgksT4jhum9Q/BPmSMB8GA1UdIwQY
MBaAFHYWJN3cXAJ5x/jJ/xKIpNMETAhHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGhZazNkeGNBbm5ILU1uX0VvaWswd1JNQ0VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC81ODk3NjEtYzY2Mi00ZjEzLTg3MGEt
MTNlODgwMTYyOGY1LzEvdU1GT2dQb2MyTldDU3hQaU9HNmIxRDhFLVpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC81ODk3NjEtYzY2Mi00ZjEzLTg3MGEtMTNlODgwMTYyOGY1
LzEvZGhZazNkeGNBbm5ILU1uX0VvaWswd1JNQ0VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZhEMA0E
AgACMAcDBQMqB4EAMA0GCSqGSIb3DQEBCwUAA4IBAQCVCAtuKjQKhkI2x0pGsD8u
HzXFJENszmzz4Cb83DSxq8SdrBR0ytYopBcCik3PZEBJfdazKMGpHWYRmpKUxXUf
HfGG+Ttsk1tjhbbDpQ7eMd9BfVSp8aP2vqHyCRblM/FU1njtitwlMiAAQhm6Zw0X
4RSYo7Q/er+ULRwCxdEDgpuNwkOLcOz8IOYeAn7zYTW6kHxpGmfRoMWrRjyiCETK
NUj1u5NBvC1bH+3oQ+OU+SKptfbB9RljIhahq3YzR0WYkhnPoVNIrF+rA7z0qLCe
v0UAIWcft/RzknjN/4vpy2+tx1CDv+YSJQ0Yj2SxIst7HsoFtD/WFv53oDUe28uD
-----END CERTIFICATE-----
Generated at Sun Jun 8 07:39:00 2025 by rpki-client