Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/v9qbF4LYUnhnpR0EOPiha8K3YB4.roa
File: v9qbF4LYUnhnpR0EOPiha8K3YB4.roa (raw, json)
Hash identifier: D6yRkwvsYTKHCx+d4L0SAcGasfUnTpr7jrIeGf0l2G0=
Subject key identifier: BF:DA:9B:17:82:D8:52:78:67:A5:1D:04:38:F8:A1:6B:C2:B7:60:1E
Certificate issuer: /CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Certificate serial: 0196CD685B4395A809AF2AE59EAF91498803
Authority key identifier: A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/v9qbF4LYUnhnpR0EOPiha8K3YB4.roa
Signing time: Wed 14 May 2025 06:08:10 +0000
ROA not before: Wed 14 May 2025 06:08:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51191
IP address blocks: 130.185.104.0/21 maxlen: 21
185.24.68.0/22 maxlen: 22
185.108.216.0/22 maxlen: 22
195.138.240.0/21 maxlen: 21
195.138.241.0/24 maxlen: 24
195.138.244.0/24 maxlen: 24
2a01:4a0:2000::/48 maxlen: 48
2a01:4a0:2001::/48 maxlen: 48
2a01:4a0:2002::/48 maxlen: 48
2a06:4b00::/29 maxlen: 29
2a06:4b01:3300::/40 maxlen: 48
2a06:4b01:3400::/40 maxlen: 48
2a06:4b01:3500::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.mft
rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 10 Jun 2025 19:25:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:cd:68:5b:43:95:a8:09:af:2a:e5:9e:af:91:49:88:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Validity
Not Before: May 14 06:08:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bfda9b1782d8527867a51d0438f8a16bc2b7601e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:2e:cb:de:75:78:ed:e4:59:82:c8:f5:9e:e5:
2c:6e:ab:28:55:38:c0:77:7c:97:10:43:57:6f:b4:
42:bf:65:71:5b:b6:8c:82:11:4a:6d:84:eb:b0:d3:
cb:ce:9f:bf:0e:7b:b2:2a:c0:e9:9d:29:4a:23:74:
17:82:21:04:2c:96:63:49:5d:55:ae:b3:03:8f:c5:
ce:e6:a5:51:99:8b:06:54:3f:49:a7:e6:18:40:f4:
e1:99:70:75:7e:6f:61:77:a9:7c:9c:51:e1:c4:28:
65:b0:6c:50:3e:18:de:90:d7:a1:e6:5b:9e:10:4b:
83:2a:d9:1d:c2:3d:8f:de:d4:63:a7:04:b0:94:d2:
a4:f0:90:64:6a:cf:cf:9b:5b:cd:d2:7b:ed:87:7c:
b6:ee:ee:55:e0:f8:1a:71:20:93:f4:eb:e1:0d:ff:
ae:fa:6b:80:4f:e5:b4:a8:6f:30:ec:2d:79:41:8e:
f4:4f:60:dc:15:21:35:2e:9a:a3:66:6f:d6:1e:41:
41:a2:f4:76:64:65:73:20:2b:03:b8:95:7a:2b:33:
25:54:cf:f3:e8:51:7b:ff:b6:d9:23:b2:1e:ae:c6:
2a:b6:33:0e:60:1f:a0:ed:7e:35:47:a3:76:37:bb:
56:6a:d2:6b:50:61:5a:c9:9c:95:8a:dc:5b:a6:8a:
71:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:DA:9B:17:82:D8:52:78:67:A5:1D:04:38:F8:A1:6B:C2:B7:60:1E
X509v3 Authority Key Identifier:
keyid:A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/v9qbF4LYUnhnpR0EOPiha8K3YB4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.185.104.0/21
185.24.68.0/22
185.108.216.0/22
195.138.240.0/21
IPv6:
2a01:4a0:2000::-2a01:4a0:2002:ffff:ffff:ffff:ffff:ffff
2a06:4b00::/29
Signature Algorithm: sha256WithRSAEncryption
4f:3d:59:4c:18:c3:1c:55:35:af:84:ad:2c:f2:f5:9c:f4:0d:
be:7d:64:03:1a:28:38:92:34:16:02:6c:82:84:a6:88:34:05:
1a:92:83:04:a7:6a:e3:9e:ef:80:d2:c2:1d:94:21:fa:6d:6f:
f2:c0:3a:e9:0c:19:6e:41:74:bd:75:9e:c7:0d:f3:47:62:14:
ce:10:2b:25:69:72:71:95:f3:c4:7e:37:74:2a:bb:e7:05:36:
b1:c2:c9:d9:a5:6a:58:c3:4d:79:4d:7f:f2:ba:ea:c3:ae:f8:
02:d8:8a:b9:1b:cf:53:de:f9:9a:ef:b0:39:ea:bd:fb:ae:cf:
fa:e5:de:c8:40:78:2d:d4:66:f5:d8:2e:d0:97:bd:73:95:7b:
cb:cf:f1:fc:05:34:d9:e4:da:4d:59:51:ab:45:8e:78:da:43:
d0:14:d0:57:e2:8a:67:a2:bd:40:f2:1a:f9:b8:1f:ec:a1:8f:
3b:ca:a4:f8:64:5d:b4:e6:ba:ba:a7:3f:22:36:0b:f5:fb:49:
6f:a2:5f:d1:c9:ed:4b:61:17:d0:13:37:8c:08:2d:71:55:c5:
11:21:d2:2a:23:12:73:cd:14:99:77:84:ac:5c:f1:f1:20:23:
28:6b:fd:4e:ad:d7:22:2b:22:ea:ad:5f:af:d7:cc:a5:bd:85:
24:b5:65:f3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZbNaFtDlagJryrlnq+RSYgDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Yjc1YjY0ZDVkYTE3ZDcwYmJhYmQ4MTFhMzlhNjAyZGRh
Zjk2M2EwHhcNMjUwNTE0MDYwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmRhOWIxNzgyZDg1Mjc4NjdhNTFkMDQzOGY4YTE2YmMyYjc2MDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtS7L3nV47eRZgsj1nuUsbqsoVTjA
d3yXEENXb7RCv2VxW7aMghFKbYTrsNPLzp+/DnuyKsDpnSlKI3QXgiEELJZjSV1V
rrMDj8XO5qVRmYsGVD9Jp+YYQPThmXB1fm9hd6l8nFHhxChlsGxQPhjekNeh5lue
EEuDKtkdwj2P3tRjpwSwlNKk8JBkas/Pm1vN0nvth3y27u5V4PgacSCT9OvhDf+u
+muAT+W0qG8w7C15QY70T2DcFSE1LpqjZm/WHkFBovR2ZGVzICsDuJV6KzMlVM/z
6FF7/7bZI7IersYqtjMOYB+g7X41R6N2N7tWatJrUGFayZyVitxbpopxqwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFL/amxeC2FJ4Z6UdBDj4oWvCt2AeMB8GA1UdIwQY
MBaAFKm3W2TV2hfXC7q9gRo5pgLdr5Y6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUt
OWIxMTgwNGVjZDM5LzEvdjlxYkY0TFlVbmhucFIwRU9QaWhhOEszWUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUtOWIxMTgwNGVjZDM5
LzEvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAeBAIAATAYAwQDgrloAwQC
uRhEAwQCuWzYAwQDw4rwMCAEAgACMBowEQMGBSoBBKAgAwcAKgEEoCACAwUDKgZL
ADANBgkqhkiG9w0BAQsFAAOCAQEATz1ZTBjDHFU1r4StLPL1nPQNvn1kAxooOJI0
FgJsgoSmiDQFGpKDBKdq457vgNLCHZQh+m1v8sA66QwZbkF0vXWexw3zR2IUzhAr
JWlycZXzxH43dCq75wU2scLJ2aVqWMNNeU1/8rrqw674AtiKuRvPU975mu+wOeq9
+67P+uXeyEB4LdRm9dgu0Je9c5V7y8/x/AU02eTaTVlRq0WOeNpD0BTQV+KKZ6K9
QPIa+bgf7KGPO8qk+GRdtOa6uqc/IjYL9ftJb6Jf0cntS2EX0BM3jAgtcVXFESHS
KiMSc80UmXeErFzx8SAjKGv9Tq3XIisi6q1fr9fMpb2FJLVl8w==
-----END CERTIFICATE-----
Generated at Tue Jun 10 02:03:46 2025 by rpki-client