Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/f5b63b-d0e0-460c-9308-7cef10ade8df/1/yOFLOKqrASqCbG9H8LDQX86pKIw.roa
File: yOFLOKqrASqCbG9H8LDQX86pKIw.roa (raw, json)
Hash identifier: XxA6ziYUOm/wMTbCGGt/j2IVpWOap4P3oBr16w5IzVs=
Subject key identifier: C8:E1:4B:38:AA:AB:01:2A:82:6C:6F:47:F0:B0:D0:5F:CE:A9:28:8C
Certificate issuer: /CN=c3a9e5f5356623e1c28f2db693e05fc6d604cc81
Certificate serial: 01973AD9A5ABF1C668F06537871F5FA3BC21
Authority key identifier: C3:A9:E5:F5:35:66:23:E1:C2:8F:2D:B6:93:E0:5F:C6:D6:04:CC:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w6nl9TVmI-HCjy22k-BfxtYEzIE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/f5b63b-d0e0-460c-9308-7cef10ade8df/1/yOFLOKqrASqCbG9H8LDQX86pKIw.roa
Signing time: Wed 04 Jun 2025 12:10:31 +0000
ROA not before: Wed 04 Jun 2025 12:10:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198525
IP address blocks: 91.236.4.0/22 maxlen: 24
185.235.206.0/24 maxlen: 24
195.34.92.0/24 maxlen: 24
2a10:8640::/32 maxlen: 32
2a10:8641::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0d/f5b63b-d0e0-460c-9308-7cef10ade8df/1/w6nl9TVmI-HCjy22k-BfxtYEzIE.crl
rsync://rpki.ripe.net/repository/DEFAULT/0d/f5b63b-d0e0-460c-9308-7cef10ade8df/1/w6nl9TVmI-HCjy22k-BfxtYEzIE.mft
rsync://rpki.ripe.net/repository/DEFAULT/w6nl9TVmI-HCjy22k-BfxtYEzIE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 18:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3a:d9:a5:ab:f1:c6:68:f0:65:37:87:1f:5f:a3:bc:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c3a9e5f5356623e1c28f2db693e05fc6d604cc81
Validity
Not Before: Jun 4 12:10:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c8e14b38aaab012a826c6f47f0b0d05fcea9288c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:e4:30:e0:7a:99:42:4b:3f:fe:80:04:a4:0a:
30:6d:c3:d5:14:54:71:b1:1c:b3:f3:3e:62:08:33:
11:de:d7:a0:b5:c5:73:9d:1e:e3:33:a4:ab:ae:f1:
db:e8:ae:87:cc:59:fc:eb:95:32:e4:04:70:e4:d6:
67:e8:44:22:c5:6a:22:a2:5e:61:fa:46:f4:2c:6c:
d7:97:12:19:36:8c:8f:96:3b:b2:16:f9:03:97:ca:
3e:aa:33:c5:f8:cd:19:55:39:af:44:f3:bb:9b:2a:
bb:30:b3:f5:6c:12:a5:a3:c6:bf:32:a4:84:1f:1c:
6a:53:67:c3:1f:6c:28:8b:8d:a8:04:be:cd:c4:3c:
dd:ea:31:ea:49:e3:32:6d:d9:11:3d:77:ff:0a:d3:
60:d5:22:1b:e8:c2:59:ce:51:09:ae:c3:c7:ac:da:
f9:9c:7b:09:cd:f9:76:b7:d3:bb:2f:47:87:32:65:
ee:17:33:bc:f3:79:f5:5a:40:0d:9f:52:db:fd:d4:
af:06:0a:57:b6:b1:84:66:85:ea:8f:f7:e7:5e:20:
99:02:e0:73:92:d4:3d:79:cf:ea:e8:ba:b7:e3:ce:
2d:ec:96:56:35:1c:f9:6e:de:05:35:f2:a9:7e:47:
c4:1e:06:f6:44:c2:7f:89:66:4d:b2:0c:02:4c:5e:
86:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:E1:4B:38:AA:AB:01:2A:82:6C:6F:47:F0:B0:D0:5F:CE:A9:28:8C
X509v3 Authority Key Identifier:
keyid:C3:A9:E5:F5:35:66:23:E1:C2:8F:2D:B6:93:E0:5F:C6:D6:04:CC:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6nl9TVmI-HCjy22k-BfxtYEzIE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/f5b63b-d0e0-460c-9308-7cef10ade8df/1/yOFLOKqrASqCbG9H8LDQX86pKIw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/f5b63b-d0e0-460c-9308-7cef10ade8df/1/w6nl9TVmI-HCjy22k-BfxtYEzIE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.236.4.0/22
185.235.206.0/24
195.34.92.0/24
IPv6:
2a10:8640::/31
Signature Algorithm: sha256WithRSAEncryption
9b:8c:ae:48:40:e5:50:0d:2c:52:3a:a8:9c:ce:95:e1:48:75:
a4:dd:e7:29:eb:78:06:71:a0:0b:dc:84:ab:57:64:0f:86:5b:
9d:b4:81:f1:a9:db:a4:28:67:1f:47:db:b2:8b:28:6c:a4:03:
0b:b9:3f:27:73:52:36:ff:86:2f:34:e1:e6:f3:90:75:d6:63:
1e:f0:00:da:f4:c5:b5:9d:ba:c7:ea:43:61:b3:2e:6f:eb:2f:
36:07:17:ef:58:4b:25:e5:49:82:a0:10:f8:21:00:ba:1d:f2:
3e:f9:44:94:4c:15:81:df:68:2d:d5:f5:f1:fe:23:24:9a:80:
69:a2:d2:e2:41:50:54:5c:79:3f:4a:11:bc:1b:7d:da:d9:39:
a4:ed:c5:29:20:b4:01:78:0f:f3:04:24:f1:33:ed:3b:5f:08:
fe:cb:99:fb:e1:69:37:17:4c:70:ac:64:c1:d5:70:92:8a:39:
b0:a1:1a:9e:16:93:ed:37:e3:9a:70:06:94:d6:b2:f1:19:3e:
c7:44:86:a0:6e:67:40:4c:c9:93:12:b3:70:3d:d4:26:a3:5e:
65:d2:7c:51:91:b1:a2:e6:78:31:e4:8e:dc:29:a8:ac:cd:a6:
38:26:ff:0f:35:d5:9a:e9:75:69:8e:db:d0:32:01:3f:91:9a:
7f:76:19:6c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZc62aWr8cZo8GU3hx9fo7whMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYTllNWY1MzU2NjIzZTFjMjhmMmRiNjkzZTA1ZmM2ZDYw
NGNjODEwHhcNMjUwNjA0MTIxMDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGUxNGIzOGFhYWIwMTJhODI2YzZmNDdmMGIwZDA1ZmNlYTkyODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuQw4HqZQks//oAEpAowbcPVFFRx
sRyz8z5iCDMR3tegtcVznR7jM6SrrvHb6K6HzFn865Uy5ARw5NZn6EQixWoiol5h
+kb0LGzXlxIZNoyPljuyFvkDl8o+qjPF+M0ZVTmvRPO7myq7MLP1bBKlo8a/MqSE
HxxqU2fDH2woi42oBL7NxDzd6jHqSeMybdkRPXf/CtNg1SIb6MJZzlEJrsPHrNr5
nHsJzfl2t9O7L0eHMmXuFzO883n1WkANn1Lb/dSvBgpXtrGEZoXqj/fnXiCZAuBz
ktQ9ec/q6Lq3484t7JZWNRz5bt4FNfKpfkfEHgb2RMJ/iWZNsgwCTF6GnwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMjhSziqqwEqgmxvR/Cw0F/OqSiMMB8GA1UdIwQY
MBaAFMOp5fU1ZiPhwo8ttpPgX8bWBMyBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZubDlUVm1JLUhDankyMmstQmZ4dFlFeklFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9mNWI2M2ItZDBlMC00NjBjLTkzMDgt
N2NlZjEwYWRlOGRmLzEveU9GTE9LcXJBU3FDYkc5SDhMRFFYODZwS0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9mNWI2M2ItZDBlMC00NjBjLTkzMDgtN2NlZjEwYWRlOGRm
LzEvdzZubDlUVm1JLUhDankyMmstQmZ4dFlFeklFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCW+wEAwQA
uevOAwQAwyJcMA0EAgACMAcDBQEqEIZAMA0GCSqGSIb3DQEBCwUAA4IBAQCbjK5I
QOVQDSxSOqiczpXhSHWk3ecp63gGcaAL3ISrV2QPhludtIHxqdukKGcfR9uyiyhs
pAMLuT8nc1I2/4YvNOHm85B11mMe8ADa9MW1nbrH6kNhsy5v6y82BxfvWEsl5UmC
oBD4IQC6HfI++USUTBWB32gt1fXx/iMkmoBpotLiQVBUXHk/ShG8G33a2Tmk7cUp
ILQBeA/zBCTxM+07Xwj+y5n74Wk3F0xwrGTB1XCSijmwoRqeFpPtN+OacAaU1rLx
GT7HRIagbmdATMmTErNwPdQmo15l0nxRkbGi5ngx5I7cKaiszaY4Jv8PNdWa6XVp
jtvQMgE/kZp/dhls
-----END CERTIFICATE-----
Generated at Sun Jun 8 04:15:01 2025 by rpki-client