Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/STK-O3Jy4bB5rT3tLgySD-E_yc0.roa
File: STK-O3Jy4bB5rT3tLgySD-E_yc0.roa (raw, json)
Hash identifier: vVGAYny2UAqSEDs+b7/ni4Xd2yZBXnYpdV6jirBtDJI=
Subject key identifier: 49:32:BE:3B:72:72:E1:B0:79:AD:3D:ED:2E:0C:92:0F:E1:3F:C9:CD
Certificate issuer: /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial: 0198E3704D70945BFB5198F3662A0ED5B387
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/STK-O3Jy4bB5rT3tLgySD-E_yc0.roa
Signing time: Mon 25 Aug 2025 22:54:04 +0000
ROA not before: Mon 25 Aug 2025 22:54:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62068
IP address blocks: 43.240.150.0/24 maxlen: 24
43.240.151.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 07:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e3:70:4d:70:94:5b:fb:51:98:f3:66:2a:0e:d5:b3:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Validity
Not Before: Aug 25 22:54:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4932be3b7272e1b079ad3ded2e0c920fe13fc9cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:ac:e3:46:ea:f2:77:df:73:75:23:ee:d3:c0:
15:b4:a9:29:b9:02:03:f8:6c:26:ae:6b:ea:67:4d:
1a:74:51:0a:f7:71:f5:f8:ad:57:83:23:d1:81:d5:
35:fb:bd:63:57:ee:cb:b5:c0:57:bb:e5:6d:3f:81:
83:4d:76:e8:92:f6:97:b3:61:a1:32:1a:f6:05:16:
b7:47:cb:87:09:a7:60:b4:5e:16:21:c2:8a:31:f7:
fa:9c:30:1b:cd:23:42:30:57:f0:d2:3c:e0:85:8c:
e1:b5:83:c1:90:81:9e:2d:65:2c:ee:27:ed:0b:0f:
9f:96:9a:89:a8:b6:85:31:d1:f0:7b:67:ea:c5:2f:
97:a4:74:9f:ae:4c:87:fc:0a:01:bd:89:dc:6f:0a:
01:88:23:d0:48:c3:72:6e:2e:c6:2a:a1:97:46:52:
94:35:3f:15:9a:9a:04:16:ad:4a:a2:08:8e:76:63:
eb:eb:65:da:56:6c:5c:0a:11:b1:d9:cd:48:fb:ca:
19:5d:20:fe:a1:ca:19:48:ea:e3:01:bd:0f:2b:b2:
93:7c:8e:11:7a:0d:9a:82:82:e4:74:92:a6:68:73:
7c:86:bc:16:db:71:0c:ca:cb:fc:37:09:4f:35:87:
b2:5e:cb:3c:a6:74:01:86:7d:9d:b8:c0:35:a1:19:
26:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:32:BE:3B:72:72:E1:B0:79:AD:3D:ED:2E:0C:92:0F:E1:3F:C9:CD
X509v3 Authority Key Identifier:
keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/STK-O3Jy4bB5rT3tLgySD-E_yc0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
43.240.150.0/23
Signature Algorithm: sha256WithRSAEncryption
2d:d4:23:7a:9d:57:af:49:bf:d9:83:25:da:fa:93:2c:e4:04:
ce:b8:00:0e:f0:46:45:51:e7:bf:57:b6:82:44:be:c4:49:8b:
93:7c:ce:f2:7f:2f:68:01:4e:d5:1f:fc:45:fa:2a:c6:06:59:
f3:e7:92:ab:84:43:d7:86:f4:6c:33:e3:e8:a6:53:a4:a4:77:
51:04:42:d2:40:f3:67:ea:18:3f:5d:3a:30:55:8c:1b:94:61:
c4:9b:7a:fc:a3:99:b8:d0:84:0d:47:8d:ad:2d:2b:e5:77:d0:
a5:46:f2:5f:c8:97:c4:07:ca:a5:d0:98:3f:30:27:f2:9c:f6:
ad:81:2a:20:8d:2f:2a:bd:23:75:74:2c:34:5e:cb:95:fc:02:
f2:5e:40:86:ff:8f:84:b3:7d:2c:56:de:1a:d9:94:da:b8:3c:
12:36:c3:58:0d:ef:d6:de:d1:42:b4:64:e1:b0:29:10:d8:be:
ee:a2:eb:9c:57:22:ac:04:4f:d6:15:30:3b:82:5a:01:1f:04:
e6:e5:97:dd:88:0b:cd:05:99:f4:7e:84:6a:43:41:13:0e:f5:
c6:db:9f:ac:43:c8:96:c5:ab:27:c2:7e:90:61:cb:5d:e9:2f:
02:07:8a:f7:db:e5:4d:f8:61:55:07:2e:66:86:12:c9:4b:2c:
dc:f4:82:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjjcE1wlFv7UZjzZioO1bOHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwODI1MjI1NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTMyYmUzYjcyNzJlMWIwNzlhZDNkZWQyZTBjOTIwZmUxM2ZjOWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyazjRuryd99zdSPu08AVtKkpuQID
+GwmrmvqZ00adFEK93H1+K1XgyPRgdU1+71jV+7LtcBXu+VtP4GDTXbokvaXs2Gh
Mhr2BRa3R8uHCadgtF4WIcKKMff6nDAbzSNCMFfw0jzghYzhtYPBkIGeLWUs7ift
Cw+flpqJqLaFMdHwe2fqxS+XpHSfrkyH/AoBvYncbwoBiCPQSMNybi7GKqGXRlKU
NT8VmpoEFq1KogiOdmPr62XaVmxcChGx2c1I+8oZXSD+ocoZSOrjAb0PK7KTfI4R
eg2agoLkdJKmaHN8hrwW23EMysv8NwlPNYeyXss8pnQBhn2duMA1oRkmeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkyvjtycuGwea097S4Mkg/hP8nNMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvU1RLLU8zSnk0YkI1clQzdExneVNELUVfeWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBK/CWMA0G
CSqGSIb3DQEBCwUAA4IBAQAt1CN6nVevSb/ZgyXa+pMs5ATOuAAO8EZFUee/V7aC
RL7ESYuTfM7yfy9oAU7VH/xF+irGBlnz55KrhEPXhvRsM+PoplOkpHdRBELSQPNn
6hg/XTowVYwblGHEm3r8o5m40IQNR42tLSvld9ClRvJfyJfEB8ql0Jg/MCfynPat
gSogjS8qvSN1dCw0XsuV/ALyXkCG/4+Es30sVt4a2ZTauDwSNsNYDe/W3tFCtGTh
sCkQ2L7uouucVyKsBE/WFTA7gloBHwTm5ZfdiAvNBZn0foRqQ0ETDvXG25+sQ8iW
xasnwn6QYctd6S8CB4r32+VN+GFVBy5mhhLJSyzc9II/
-----END CERTIFICATE-----
Generated at Sun Sep 7 16:57:04 2025 by rpki-client