Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/2K6387yyM5gxakFjGUcn1KUMQ58.roa
File: 2K6387yyM5gxakFjGUcn1KUMQ58.roa (raw, json)
Hash identifier: KwEJI06hkpRX+nj9eXMKKI3vC9xa4ElKQ9FhYTbVyds=
Subject key identifier: D8:AE:B7:F3:BC:B2:33:98:31:6A:41:63:19:47:27:D4:A5:0C:43:9F
Certificate issuer: /CN=aa5b471d0ba089d9e9f46c291319674fac8128d0
Certificate serial: 019725A6C1BB29E39D3BAD1368155DBF6ADC
Authority key identifier: AA:5B:47:1D:0B:A0:89:D9:E9:F4:6C:29:13:19:67:4F:AC:81:28:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/2K6387yyM5gxakFjGUcn1KUMQ58.roa
Signing time: Sat 31 May 2025 09:22:55 +0000
ROA not before: Sat 31 May 2025 09:22:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207922
IP address blocks: 185.83.126.0/23 maxlen: 23
195.26.8.0/24 maxlen: 24
195.28.6.0/23 maxlen: 23
195.28.7.0/24 maxlen: 24
2a05:9b40::/29 maxlen: 29
2a0f:4a40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.mft
rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Jun 2025 00:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:25:a6:c1:bb:29:e3:9d:3b:ad:13:68:15:5d:bf:6a:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa5b471d0ba089d9e9f46c291319674fac8128d0
Validity
Not Before: May 31 09:22:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d8aeb7f3bcb23398316a4163194727d4a50c439f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:6d:39:c2:33:c0:68:a0:4d:51:c9:3b:22:34:
d7:6b:fb:b2:5d:4c:43:c9:96:ab:bc:13:ae:80:24:
d1:df:15:5f:8a:6e:e1:eb:21:ee:c8:00:ed:15:d3:
4a:b5:89:19:f9:11:58:e8:76:12:0d:d8:92:41:b5:
d0:4f:43:5b:a6:63:46:77:99:81:74:6b:3f:e1:f8:
04:66:9e:7c:f0:e0:d0:89:48:b7:d9:70:59:55:5a:
b6:85:8f:90:cc:35:31:1b:52:94:b6:53:97:d2:ba:
6c:45:b0:ae:96:3a:a7:49:dc:15:6a:73:a9:4b:04:
f1:70:56:2d:b3:54:39:be:d3:f9:7b:cd:70:18:28:
5b:9e:02:57:11:62:32:4d:e7:f9:5a:69:cb:91:a1:
55:60:ad:86:1a:5d:67:fa:0b:f7:54:92:33:4f:98:
89:fc:22:af:82:7d:7e:3f:e7:29:c9:36:72:53:b8:
8c:7c:ca:56:6f:9a:45:65:b3:27:21:d1:14:28:74:
ed:06:a1:d1:94:77:e1:9e:80:55:3c:5d:b2:e1:f7:
5b:ef:57:31:83:09:81:ea:03:67:6a:90:1a:b5:46:
dd:40:a2:2d:5e:a7:fa:ab:6d:19:dc:ce:a1:45:ba:
4a:83:70:a8:ae:e0:64:2c:55:7e:3e:2d:e9:ae:30:
95:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:AE:B7:F3:BC:B2:33:98:31:6A:41:63:19:47:27:D4:A5:0C:43:9F
X509v3 Authority Key Identifier:
keyid:AA:5B:47:1D:0B:A0:89:D9:E9:F4:6C:29:13:19:67:4F:AC:81:28:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/2K6387yyM5gxakFjGUcn1KUMQ58.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.83.126.0/23
195.26.8.0/24
195.28.6.0/23
IPv6:
2a05:9b40::/29
2a0f:4a40::/29
Signature Algorithm: sha256WithRSAEncryption
1f:12:74:8e:c4:ff:f3:d7:39:b8:d4:15:bf:72:cb:3e:c7:1b:
ff:2b:be:07:e2:8c:be:d8:f2:bb:8b:f5:f6:00:4d:6f:cd:98:
fb:de:8d:f6:a5:36:32:f0:62:30:c4:c4:29:0e:89:1c:ed:ed:
09:4d:d9:40:fc:0a:0d:c0:9c:e5:be:78:ca:66:0f:0e:ce:b8:
29:5a:09:e3:50:f7:3d:da:32:0d:e5:ab:4e:6f:24:69:32:44:
da:09:d3:55:a4:0f:84:04:fc:52:7c:a9:91:58:98:08:a7:2e:
f7:b0:50:82:46:7d:6b:f1:1b:59:f1:1b:dd:8d:16:c2:c0:b8:
62:a3:02:c6:91:ce:17:4e:bf:e4:63:e1:4f:ca:46:6a:bb:29:
08:16:60:ee:ff:2f:94:26:38:23:91:24:d5:0a:89:4c:8c:8d:
0d:5f:aa:f0:eb:bd:a0:03:37:8e:82:fd:7a:bf:f6:eb:a3:63:
a4:7b:17:8b:6d:cf:b7:c9:c2:67:53:6c:10:3d:5d:9f:2e:b2:
ca:04:3d:54:ef:cf:3f:9e:ae:10:dc:50:b2:77:e7:11:eb:e5:
84:22:51:70:89:21:b8:a4:4c:56:8f:36:70:05:3d:46:67:1e:
69:89:87:0c:55:ed:91:d1:bb:e5:8c:3b:9a:49:9c:8d:33:4b:
a4:ad:92:df
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZclpsG7KeOdO60TaBVdv2rcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNWI0NzFkMGJhMDg5ZDllOWY0NmMyOTEzMTk2NzRmYWM4
MTI4ZDAwHhcNMjUwNTMxMDkyMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGFlYjdmM2JjYjIzMzk4MzE2YTQxNjMxOTQ3MjdkNGE1MGM0MzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjW05wjPAaKBNUck7IjTXa/uyXUxD
yZarvBOugCTR3xVfim7h6yHuyADtFdNKtYkZ+RFY6HYSDdiSQbXQT0NbpmNGd5mB
dGs/4fgEZp588ODQiUi32XBZVVq2hY+QzDUxG1KUtlOX0rpsRbCuljqnSdwVanOp
SwTxcFYts1Q5vtP5e81wGChbngJXEWIyTef5WmnLkaFVYK2GGl1n+gv3VJIzT5iJ
/CKvgn1+P+cpyTZyU7iMfMpWb5pFZbMnIdEUKHTtBqHRlHfhnoBVPF2y4fdb71cx
gwmB6gNnapAatUbdQKItXqf6q20Z3M6hRbpKg3CoruBkLFV+Pi3prjCVywIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFNiut/O8sjOYMWpBYxlHJ9SlDEOfMB8GA1UdIwQY
MBaAFKpbRx0LoInZ6fRsKRMZZ0+sgSjQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWx0SEhRdWdpZG5wOUd3cEV4bG5UNnlCS05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS80YmUwMjctODhlOS00N2UzLWJiODgt
NmYyZTI1MjliZTgyLzEvMks2Mzg3eXlNNWd4YWtGakdVY24xS1VNUTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS80YmUwMjctODhlOS00N2UzLWJiODgtNmYyZTI1MjliZTgy
LzEvcWx0SEhRdWdpZG5wOUd3cEV4bG5UNnlCS05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQBuVN+AwQA
wxoIAwQBwxwGMBQEAgACMA4DBQMqBZtAAwUDKg9KQDANBgkqhkiG9w0BAQsFAAOC
AQEAHxJ0jsT/89c5uNQVv3LLPscb/yu+B+KMvtjyu4v19gBNb82Y+96N9qU2MvBi
MMTEKQ6JHO3tCU3ZQPwKDcCc5b54ymYPDs64KVoJ41D3PdoyDeWrTm8kaTJE2gnT
VaQPhAT8UnypkViYCKcu97BQgkZ9a/EbWfEb3Y0WwsC4YqMCxpHOF06/5GPhT8pG
arspCBZg7v8vlCY4I5Ek1QqJTIyNDV+q8Ou9oAM3joL9er/266NjpHsXi23Pt8nC
Z1NsED1dny6yygQ9VO/PP56uENxQsnfnEevlhCJRcIkhuKRMVo82cAU9RmceaYmH
DFXtkdG75Yw7mkmcjTNLpK2S3w==
-----END CERTIFICATE-----
Generated at Thu Jun 12 08:57:21 2025 by rpki-client