Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/J8HqZbweBSBfotj9M3AMH0o24CY.roa
File: J8HqZbweBSBfotj9M3AMH0o24CY.roa (raw, json)
Hash identifier: KkFoXwUHnXFgQiJUTdylT6bFXV0tnmXRuocNWtuhH7k=
Subject key identifier: 27:C1:EA:65:BC:1E:05:20:5F:A2:D8:FD:33:70:0C:1F:4A:36:E0:26
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 019734CB745CEBF6BFA72925ACC6C5EA80F1
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/J8HqZbweBSBfotj9M3AMH0o24CY.roa
Signing time: Tue 03 Jun 2025 07:57:18 +0000
ROA not before: Tue 03 Jun 2025 07:57:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6205
IP address blocks: 84.54.14.0/24 maxlen: 24
86.104.14.0/24 maxlen: 24
89.43.78.0/24 maxlen: 24
176.98.42.0/24 maxlen: 24
176.98.43.0/24 maxlen: 24
185.81.152.0/24 maxlen: 24
185.81.153.0/24 maxlen: 24
185.81.154.0/24 maxlen: 24
185.81.155.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.mft
rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 12 Jun 2025 04:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:34:cb:74:5c:eb:f6:bf:a7:29:25:ac:c6:c5:ea:80:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jun 3 07:57:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=27c1ea65bc1e05205fa2d8fd33700c1f4a36e026
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:ce:08:03:e4:61:1c:7b:43:2e:67:4c:f1:7f:
32:a7:67:b9:e9:9a:0a:e0:a5:21:d7:01:3c:95:fd:
4c:7f:5f:fe:fd:32:ed:97:92:0c:94:da:a9:df:44:
72:f9:ef:40:3c:4f:6b:9d:25:cb:7d:88:0b:c4:91:
ba:47:ec:c0:d8:3f:a4:23:4e:a8:04:75:1d:b7:4f:
95:82:75:b4:f6:87:ed:30:ad:b9:01:a9:67:4a:86:
d1:d8:70:08:4a:af:4d:2b:e9:dd:79:c0:a4:63:67:
79:cb:10:30:83:ae:65:02:2e:59:76:8b:50:51:d6:
22:5f:33:b9:7b:69:8d:11:34:94:87:9e:d1:e1:24:
84:9e:3b:ff:11:76:77:b7:c1:60:45:76:bf:63:e6:
1a:c7:90:9d:cf:15:c6:58:92:e8:fc:73:45:e1:52:
f3:99:95:48:f1:15:a6:24:de:4f:c9:d4:7d:01:ae:
da:5b:5b:33:1c:d9:02:52:fd:e2:e7:f8:5b:81:9a:
2f:ab:5f:58:f8:f4:9d:e9:fa:ad:14:83:05:c6:4f:
a6:d4:53:d6:d9:7d:1d:30:e9:5d:02:a0:20:a9:b2:
a8:92:51:34:b2:c6:dc:7a:c7:b1:04:23:e9:bb:fa:
4d:56:7d:8f:d8:60:07:e6:8b:aa:8d:f9:5d:99:8c:
c3:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:C1:EA:65:BC:1E:05:20:5F:A2:D8:FD:33:70:0C:1F:4A:36:E0:26
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/J8HqZbweBSBfotj9M3AMH0o24CY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.14.0/24
86.104.14.0/24
89.43.78.0/24
176.98.42.0/23
185.81.152.0/22
Signature Algorithm: sha256WithRSAEncryption
18:8a:c6:d4:ab:0d:4a:72:06:15:dd:a7:c7:cf:46:b0:67:fb:
25:40:52:0d:e6:af:6a:50:bd:74:23:a3:9b:23:99:b7:9d:be:
fb:a7:9a:49:c8:2e:a1:e9:81:ab:67:b3:b0:15:55:4e:14:10:
4f:3d:c3:c2:64:af:38:55:9e:19:e1:4f:6a:6d:a8:39:bf:8b:
04:55:04:5c:a5:fc:d5:45:3d:c8:b8:93:83:2e:4e:4d:c9:3a:
41:f5:01:fb:aa:e3:2f:81:73:da:52:6e:6f:75:88:52:cf:c3:
0e:6f:4d:7f:36:ca:f2:d0:5e:b3:f5:c8:f2:46:7d:b2:4a:95:
46:8e:6b:be:2e:65:13:4e:9d:40:f4:0a:ef:60:f6:30:41:c6:
5e:bd:0a:5d:47:fe:aa:d7:a2:12:2a:5f:be:e4:ed:47:67:6f:
8f:cd:44:1d:f0:a7:b2:be:2f:aa:4b:97:02:c3:68:1a:d6:9d:
58:57:53:31:44:f1:67:38:6d:19:96:90:24:22:ea:9c:18:25:
70:38:f1:f3:69:9b:6f:09:ab:15:a6:0d:73:78:71:a4:c1:39:
50:4a:fb:7d:f7:76:18:1b:52:a1:37:f1:cd:87:24:c1:c7:d9:
fd:28:cd:70:ad:e0:c1:e3:3d:fc:d5:1d:5e:b6:93:b0:14:41:
01:c3:62:07
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZc0y3Rc6/a/pyklrMbF6oDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjUwNjAzMDc1NzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2MxZWE2NWJjMWUwNTIwNWZhMmQ4ZmQzMzcwMGMxZjRhMzZlMDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8s4IA+RhHHtDLmdM8X8yp2e56ZoK
4KUh1wE8lf1Mf1/+/TLtl5IMlNqp30Ry+e9APE9rnSXLfYgLxJG6R+zA2D+kI06o
BHUdt0+VgnW09oftMK25AalnSobR2HAISq9NK+ndecCkY2d5yxAwg65lAi5ZdotQ
UdYiXzO5e2mNETSUh57R4SSEnjv/EXZ3t8FgRXa/Y+Yax5CdzxXGWJLo/HNF4VLz
mZVI8RWmJN5PydR9Aa7aW1szHNkCUv3i5/hbgZovq19Y+PSd6fqtFIMFxk+m1FPW
2X0dMOldAqAgqbKoklE0ssbcesexBCPpu/pNVn2P2GAH5ouqjfldmYzDmwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCfB6mW8HgUgX6LY/TNwDB9KNuAmMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvSjhIcVpid2VCU0Jmb3RqOU0zQU1IMG8yNENZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVDYOAwQA
VmgOAwQAWStOAwQBsGIqAwQCuVGYMA0GCSqGSIb3DQEBCwUAA4IBAQAYisbUqw1K
cgYV3afHz0awZ/slQFIN5q9qUL10I6ObI5m3nb77p5pJyC6h6YGrZ7OwFVVOFBBP
PcPCZK84VZ4Z4U9qbag5v4sEVQRcpfzVRT3IuJODLk5NyTpB9QH7quMvgXPaUm5v
dYhSz8MOb01/Nsry0F6z9cjyRn2ySpVGjmu+LmUTTp1A9ArvYPYwQcZevQpdR/6q
16ISKl++5O1HZ2+PzUQd8Keyvi+qS5cCw2ga1p1YV1MxRPFnOG0ZlpAkIuqcGCVw
OPHzaZtvCasVpg1zeHGkwTlQSvt993YYG1KhN/HNhyTBx9n9KM1wreDB4z381R1e
tpOwFEEBw2IH
-----END CERTIFICATE-----
Generated at Wed Jun 11 11:03:57 2025 by rpki-client