Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/0IRPcg0Zsb-gPoOdS1ZxVTcB0GM.roa
File: 0IRPcg0Zsb-gPoOdS1ZxVTcB0GM.roa (raw, json)
Hash identifier: ujPSAk32+dpIjTUsucTHydurSTU82h9ZEz2rCwGCvb4=
Subject key identifier: D0:84:4F:72:0D:19:B1:BF:A0:3E:83:9D:4B:56:71:55:37:01:D0:63
Certificate issuer: /CN=f8ad543624f8d3281ec970458ee752f10a424529
Certificate serial: 01971E0071F1ECFA8DBF3F13B601FEB76054
Authority key identifier: F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/0IRPcg0Zsb-gPoOdS1ZxVTcB0GM.roa
Signing time: Thu 29 May 2025 21:43:55 +0000
ROA not before: Thu 29 May 2025 21:43:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204666
IP address blocks: 176.119.192.0/24 maxlen: 24
185.85.36.0/22 maxlen: 24
185.87.140.0/22 maxlen: 24
185.87.142.0/23 maxlen: 24
185.230.172.0/22 maxlen: 24
185.243.172.0/22 maxlen: 24
2a05:aa00::/29 maxlen: 48
2a0d:1880::/29 maxlen: 48
2a0f:fec0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl
rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 10:01:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:1e:00:71:f1:ec:fa:8d:bf:3f:13:b6:01:fe:b7:60:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8ad543624f8d3281ec970458ee752f10a424529
Validity
Not Before: May 29 21:43:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d0844f720d19b1bfa03e839d4b5671553701d063
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:55:7e:cb:b0:dd:b6:3a:8c:1b:cb:43:42:a9:
66:69:06:30:dd:00:fb:28:21:47:07:ab:c9:31:3b:
62:d3:4d:86:01:8d:41:9f:de:9d:c9:cb:12:86:43:
66:86:cc:4e:8f:75:a7:9a:55:64:8d:c2:c9:ba:c6:
0e:16:be:c8:56:6d:41:0b:47:b7:ef:4c:a1:9c:78:
c9:01:b6:df:87:f1:9b:2a:2d:47:31:73:76:7d:4b:
8e:9c:f2:56:e6:47:14:93:36:87:0e:9b:ef:06:f5:
93:51:80:c7:be:39:0d:69:81:1b:57:16:83:f5:dc:
0d:b4:5d:2d:67:1a:9d:aa:32:7b:5c:c6:60:29:74:
d9:2f:4a:80:47:b3:ca:3f:d2:7a:6a:23:17:10:92:
0c:ad:56:5d:96:dc:19:b2:78:9f:52:2b:bb:a9:0a:
f7:cb:c8:40:dd:e6:eb:c1:e7:55:e4:da:5b:f8:60:
36:17:a0:b2:03:a2:17:bd:36:a2:79:c1:f4:8f:67:
45:0c:2a:26:ed:17:57:db:1c:35:0e:1d:c7:1c:67:
4f:f5:aa:e8:fb:15:52:2f:29:74:dd:9e:a5:8f:02:
a8:6d:5a:7c:67:76:4b:68:2d:4e:8c:68:61:b8:f9:
8b:6f:b4:71:e6:e6:be:3e:7a:15:a0:87:cc:40:df:
41:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:84:4F:72:0D:19:B1:BF:A0:3E:83:9D:4B:56:71:55:37:01:D0:63
X509v3 Authority Key Identifier:
keyid:F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/0IRPcg0Zsb-gPoOdS1ZxVTcB0GM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.119.192.0/24
185.85.36.0/22
185.87.140.0/22
185.230.172.0/22
185.243.172.0/22
IPv6:
2a05:aa00::/29
2a0d:1880::/29
2a0f:fec0::/29
Signature Algorithm: sha256WithRSAEncryption
1b:c0:cf:0e:a3:81:86:86:a8:98:a0:be:e0:1b:a7:c5:98:13:
c6:95:c1:af:da:5c:11:da:46:bd:bc:f9:57:31:1c:f0:1f:58:
82:f9:f7:fa:5a:2b:0d:a8:b9:71:ca:46:68:cd:a7:e4:7b:15:
a0:e5:95:fc:15:af:49:e7:2d:8e:65:8d:e5:fa:be:f6:e3:46:
b4:2b:33:e2:af:9e:38:e9:0d:f8:9d:3c:6a:23:74:89:c8:1f:
a8:3b:7a:f1:02:0e:78:72:4b:93:c3:4a:5a:19:8c:2f:fa:56:
d4:d3:d7:26:bb:bc:d6:65:35:96:df:db:9f:e6:68:59:fb:ee:
ac:40:9f:b3:55:5b:78:7c:e6:86:18:27:e8:01:bd:c7:f3:7a:
60:f7:d8:2d:92:60:23:47:24:7b:8f:ac:e8:b1:73:d1:00:44:
2e:10:c9:28:78:d5:95:05:6f:f7:ce:78:64:ca:c6:b8:82:76:
cf:2d:6d:22:8a:36:17:88:16:4c:e1:2b:da:0b:9e:eb:73:2f:
cb:66:16:41:32:11:40:d4:1b:28:25:1c:b5:05:8c:75:7d:54:
eb:c9:08:02:f4:82:4d:1e:be:d3:5c:6f:41:df:07:5e:f4:e0:
f5:6c:12:d1:e5:ae:cd:b8:60:b8:80:5a:7a:fa:fd:67:ba:53:
f3:1f:a5:91
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAZceAHHx7PqNvz8TtgH+t2BUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YWQ1NDM2MjRmOGQzMjgxZWM5NzA0NThlZTc1MmYxMGE0
MjQ1MjkwHhcNMjUwNTI5MjE0MzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDg0NGY3MjBkMTliMWJmYTAzZTgzOWQ0YjU2NzE1NTM3MDFkMDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFV+y7DdtjqMG8tDQqlmaQYw3QD7
KCFHB6vJMTti002GAY1Bn96dycsShkNmhsxOj3WnmlVkjcLJusYOFr7IVm1BC0e3
70yhnHjJAbbfh/GbKi1HMXN2fUuOnPJW5kcUkzaHDpvvBvWTUYDHvjkNaYEbVxaD
9dwNtF0tZxqdqjJ7XMZgKXTZL0qAR7PKP9J6aiMXEJIMrVZdltwZsnifUiu7qQr3
y8hA3ebrwedV5Npb+GA2F6CyA6IXvTaiecH0j2dFDCom7RdX2xw1Dh3HHGdP9aro
+xVSLyl03Z6ljwKobVp8Z3ZLaC1OjGhhuPmLb7Rx5ua+PnoVoIfMQN9BJwIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFNCET3INGbG/oD6DnUtWcVU3AdBjMB8GA1UdIwQY
MBaAFPitVDYk+NMoHslwRY7nUvEKQkUpMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LMVVOaVQ0MHlnZXlYQkZqdWRTOFFwQ1JTay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5
LThhMTFiNDcxOWQ4Mi8xLzBJUlBjZzBac2ItZ1BvT2RTMVp4VlRjQjBHTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5LThhMTFiNDcxOWQ4
Mi8xLzEtSzFVTmlUNDB5Z2V5WEJGanVkUzhRcENSU2suY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVAYIKwYBBQUHAQcBAf8ERTBDMCQEAgABMB4DBACwd8AD
BAK5VSQDBAK5V4wDBAK55qwDBAK586wwGwQCAAIwFQMFAyoFqgADBQMqDRiAAwUD
Kg/+wDANBgkqhkiG9w0BAQsFAAOCAQEAG8DPDqOBhoaomKC+4BunxZgTxpXBr9pc
EdpGvbz5VzEc8B9Ygvn3+lorDai5ccpGaM2n5HsVoOWV/BWvSectjmWN5fq+9uNG
tCsz4q+eOOkN+J08aiN0icgfqDt68QIOeHJLk8NKWhmML/pW1NPXJru81mU1lt/b
n+ZoWfvurECfs1VbeHzmhhgn6AG9x/N6YPfYLZJgI0cke4+s6LFz0QBELhDJKHjV
lQVv9854ZMrGuIJ2zy1tIoo2F4gWTOEr2gue63Mvy2YWQTIRQNQbKCUctQWMdX1U
68kIAvSCTR6+01xvQd8HXvTg9WwS0eWuzbhguIBaevr9Z7pT8x+lkQ==
-----END CERTIFICATE-----
Generated at Sat Jun 7 21:02:11 2025 by rpki-client