Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/URMm7nOJVBSB1J48VqgNMKbDrLE.roa
File: URMm7nOJVBSB1J48VqgNMKbDrLE.roa (raw, json)
Hash identifier: FfKszsA68FyKcST8RPHfZf3Ma6LTOJP6UJPvUL8qLVY=
Subject key identifier: 51:13:26:EE:73:89:54:14:81:D4:9E:3C:56:A8:0D:30:A6:C3:AC:B1
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019720F855404BE8F5962D4C8B06D1856119
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/URMm7nOJVBSB1J48VqgNMKbDrLE.roa
Signing time: Fri 30 May 2025 11:33:54 +0000
ROA not before: Fri 30 May 2025 11:33:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.86.6.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.153.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 06:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:20:f8:55:40:4b:e8:f5:96:2d:4c:8b:06:d1:85:61:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: May 30 11:33:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=511326ee7389541481d49e3c56a80d30a6c3acb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:f9:17:e8:32:29:bf:c0:9b:b0:21:46:21:d0:
9a:96:39:0d:20:b7:61:87:e9:f0:70:b4:47:94:ec:
23:f7:44:04:e4:89:da:06:65:60:05:3f:80:e4:46:
07:98:b2:d1:23:a5:1d:e8:ad:ad:b8:83:a3:6d:ed:
8f:cd:a2:c1:6f:d4:ce:89:b4:36:27:8e:b9:9f:3b:
2e:94:bd:27:7f:37:cd:7e:1b:4e:b6:33:31:99:4a:
24:e3:ca:7a:23:4e:0b:71:69:78:31:77:a7:97:f3:
b8:c5:00:69:a5:28:73:e3:1a:c9:f4:be:c7:33:86:
db:41:ee:5f:59:b6:a9:c7:df:97:1a:84:ac:09:d8:
e2:fd:33:37:78:d8:25:2c:75:ea:96:b6:45:10:45:
56:12:9e:9d:3d:a6:2e:0b:a4:38:2c:2b:8f:a2:03:
5f:94:3a:85:08:0a:f2:8a:cb:29:f0:72:00:ec:e4:
ca:e8:d7:fa:6c:aa:52:c8:8a:21:16:aa:e8:17:d7:
54:fc:20:f9:6a:79:05:54:69:33:ed:66:0a:97:f4:
15:4e:ba:f5:a8:c9:56:e3:7f:4f:75:d5:73:4f:59:
57:2a:bd:ab:ea:72:63:9f:c4:82:fd:f1:ac:0d:7b:
9a:b3:33:05:cf:42:fc:be:01:1a:b1:62:5e:ba:e8:
0c:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:13:26:EE:73:89:54:14:81:D4:9E:3C:56:A8:0D:30:A6:C3:AC:B1
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/URMm7nOJVBSB1J48VqgNMKbDrLE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.86.6.0/24
185.254.28.0/23
193.35.152.0/23
Signature Algorithm: sha256WithRSAEncryption
a3:80:cb:58:6b:a3:a2:fe:08:42:46:03:7f:fa:05:e5:92:ae:
a6:4a:3a:54:b1:59:76:a2:e0:e1:15:b4:f2:55:ad:19:bd:91:
57:f5:b2:e2:f4:b7:14:af:eb:29:43:9c:2a:bb:f8:b3:ee:d1:
dd:f7:f3:00:91:1e:16:a2:34:83:cb:01:d3:ce:05:97:7a:87:
ed:f8:db:e8:78:d4:92:7e:f8:f1:d3:15:87:e1:d2:94:ba:2a:
7a:98:9d:d9:4d:e6:4b:82:be:be:11:42:18:6a:c6:fd:bd:a1:
a1:ff:8b:3d:be:83:0a:b3:dc:c0:91:af:63:2a:63:e1:3a:cc:
95:83:e1:01:b0:09:64:ec:b1:74:2e:4b:21:c9:c2:f1:36:c7:
08:9a:44:e9:5f:e7:dc:a4:12:53:b3:92:d9:0b:64:6d:30:ea:
f4:2c:11:02:e2:05:5b:4d:f9:6d:c7:91:85:be:92:d2:7d:1c:
ae:a6:4b:37:ab:2b:95:19:cf:1e:12:f7:8c:71:3a:bf:b0:0c:
22:d6:71:1b:99:98:f4:4f:68:94:75:3d:3b:7e:86:60:4c:e5:
db:03:ee:91:24:9f:2e:e6:8c:ea:ae:ca:17:28:e2:94:72:9a:
ae:a4:93:c2:ab:a7:6c:81:93:6a:88:5f:fa:ad:bf:24:e8:e7:
44:05:89:82
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZcg+FVAS+j1li1MiwbRhWEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNTMwMTEzMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTEzMjZlZTczODk1NDE0ODFkNDllM2M1NmE4MGQzMGE2YzNhY2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/kX6DIpv8CbsCFGIdCaljkNILdh
h+nwcLRHlOwj90QE5InaBmVgBT+A5EYHmLLRI6Ud6K2tuIOjbe2PzaLBb9TOibQ2
J465nzsulL0nfzfNfhtOtjMxmUok48p6I04LcWl4MXenl/O4xQBppShz4xrJ9L7H
M4bbQe5fWbapx9+XGoSsCdji/TM3eNglLHXqlrZFEEVWEp6dPaYuC6Q4LCuPogNf
lDqFCAryissp8HIA7OTK6Nf6bKpSyIohFqroF9dU/CD5ankFVGkz7WYKl/QVTrr1
qMlW439PddVzT1lXKr2r6nJjn8SC/fGsDXuaszMFz0L8vgEasWJeuugMVwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFFETJu5ziVQUgdSePFaoDTCmw6yxMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvVVJNbTduT0pWQlNCMUo0OFZxZ05NS2JEckxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBABt7DED
BAJt7DADBAC5VgYDBAG5/hwDBAHBI5gwDQYJKoZIhvcNAQELBQADggEBAKOAy1hr
o6L+CEJGA3/6BeWSrqZKOlSxWXai4OEVtPJVrRm9kVf1suL0txSv6ylDnCq7+LPu
0d338wCRHhaiNIPLAdPOBZd6h+342+h41JJ++PHTFYfh0pS6KnqYndlN5kuCvr4R
Qhhqxv29oaH/iz2+gwqz3MCRr2MqY+E6zJWD4QGwCWTssXQuSyHJwvE2xwiaROlf
59ykElOzktkLZG0w6vQsEQLiBVtN+W3HkYW+ktJ9HK6mSzerK5UZzx4S94xxOr+w
DCLWcRuZmPRPaJR1PTt+hmBM5dsD7pEkny7mjOquyhco4pRymq6kk8Krp2yBk2qI
X/qtvyTo50QFiYI=
-----END CERTIFICATE-----
Generated at Fri Jun 6 16:51:25 2025 by rpki-client