Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Ox9l-Q6QHLtWtQwnrTN0doqDHds.roa
File: Ox9l-Q6QHLtWtQwnrTN0doqDHds.roa (raw, json)
Hash identifier: Nw2WdF0Pz/EN2zKgTzj+nwEe10ekglfZupvnnXLcq30=
Subject key identifier: 3B:1F:65:F9:0E:90:1C:BB:56:B5:0C:27:AD:33:74:76:8A:83:1D:DB
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019889256191EBB5C9D03742FFA8BCD18995
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Ox9l-Q6QHLtWtQwnrTN0doqDHds.roa
Signing time: Fri 08 Aug 2025 10:06:25 +0000
ROA not before: Fri 08 Aug 2025 10:06:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205936
IP address blocks: 104.238.28.0/24 maxlen: 24
104.243.192.0/24 maxlen: 24
104.249.21.0/24 maxlen: 24
204.52.104.0/24 maxlen: 24
216.173.92.0/24 maxlen: 24
216.173.93.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 23:01:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:89:25:61:91:eb:b5:c9:d0:37:42:ff:a8:bc:d1:89:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Aug 8 10:06:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b1f65f90e901cbb56b50c27ad3374768a831ddb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:9e:10:1a:59:44:72:ef:8a:a3:30:08:bf:9c:
21:f0:9f:16:36:4e:0b:97:15:80:3e:7c:9e:1f:8f:
a6:29:04:ee:f2:3d:ff:78:de:83:18:3e:2d:f4:2f:
8e:d5:67:17:4d:4d:6b:37:ec:73:47:f3:39:d2:1e:
a9:30:14:03:85:76:f9:39:5f:c4:41:06:53:b5:7e:
d3:ea:4f:27:c3:3c:ab:87:e2:a6:fd:03:d4:a9:6f:
86:79:41:3c:a3:d0:c4:ec:6e:0b:82:b3:de:e7:2f:
c9:ae:81:ef:09:a3:59:cc:e8:9b:dd:39:03:2a:f6:
5d:fd:f5:f9:9f:d9:da:32:12:c0:85:13:1e:2c:37:
b3:26:90:d7:23:de:77:2e:31:26:50:92:d3:27:6f:
76:35:8e:14:58:0b:fc:be:d9:55:cc:33:2b:34:9d:
bd:fe:24:f2:0a:5a:3b:00:d6:f1:88:03:3d:d1:e7:
a0:b1:db:65:8d:9f:5b:84:91:55:44:aa:d1:97:63:
7d:a8:cb:7e:bc:b3:a6:01:97:cf:cd:de:bf:0c:8c:
ef:db:50:ec:08:49:58:42:4b:ed:d2:59:c3:be:cb:
2f:12:86:08:7f:6a:c2:53:48:e5:6b:54:cc:80:5b:
98:fc:52:ae:df:37:e8:fa:27:e2:a0:a8:15:0f:25:
eb:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:1F:65:F9:0E:90:1C:BB:56:B5:0C:27:AD:33:74:76:8A:83:1D:DB
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Ox9l-Q6QHLtWtQwnrTN0doqDHds.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.238.28.0/24
104.243.192.0/24
104.249.21.0/24
204.52.104.0/24
216.173.92.0/23
Signature Algorithm: sha256WithRSAEncryption
78:89:2a:f1:22:7a:76:81:ef:64:21:74:42:d2:85:b4:6b:20:
83:0b:f8:d7:3b:1f:57:ac:fb:e7:44:7f:e5:78:73:f5:b9:3f:
52:5b:ff:f3:02:ab:60:db:9e:58:d3:ba:39:77:4a:8c:fc:3e:
20:9f:fb:e7:32:79:0d:85:e2:6d:68:54:e9:88:52:d2:21:fc:
df:43:00:56:af:52:f7:7c:12:8d:35:49:1e:17:d9:cc:36:0d:
43:b5:03:b3:34:66:3e:e8:00:b8:e5:d0:41:70:48:0d:f5:4c:
36:8f:68:32:78:0a:77:41:ba:c8:84:17:37:ef:4c:89:bb:b7:
88:7e:99:42:7f:db:75:24:53:df:5d:de:a9:3d:7a:04:5f:d0:
94:52:7b:f0:43:a2:c3:d6:f2:63:28:7c:36:74:f1:30:16:08:
c5:40:48:3a:f0:a2:3f:af:a2:4b:ff:6a:8a:fb:b3:28:3c:c9:
ce:4c:f7:ba:15:7f:d8:04:9b:d0:b8:c1:6a:16:af:47:b2:57:
3f:b6:61:94:43:ee:90:b6:f8:66:66:fc:3c:59:36:b7:33:d1:
48:0d:26:5c:5e:47:6f:d6:7b:1c:b4:9d:4e:6f:3d:be:77:85:
cb:c5:4b:8d:2a:42:d8:37:c5:d8:c0:94:71:10:70:18:a2:5f:
31:6a:bf:00
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZiJJWGR67XJ0DdC/6i80YmVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwODA4MTAwNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjFmNjVmOTBlOTAxY2JiNTZiNTBjMjdhZDMzNzQ3NjhhODMxZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Z4QGllEcu+KozAIv5wh8J8WNk4L
lxWAPnyeH4+mKQTu8j3/eN6DGD4t9C+O1WcXTU1rN+xzR/M50h6pMBQDhXb5OV/E
QQZTtX7T6k8nwzyrh+Km/QPUqW+GeUE8o9DE7G4LgrPe5y/JroHvCaNZzOib3TkD
KvZd/fX5n9naMhLAhRMeLDezJpDXI953LjEmUJLTJ292NY4UWAv8vtlVzDMrNJ29
/iTyClo7ANbxiAM90eegsdtljZ9bhJFVRKrRl2N9qMt+vLOmAZfPzd6/DIzv21Ds
CElYQkvt0lnDvssvEoYIf2rCU0jla1TMgFuY/FKu3zfo+ifioKgVDyXrkwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDsfZfkOkBy7VrUMJ60zdHaKgx3bMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvT3g5bC1RNlFITHRXdFF3bnJUTjBkb3FESGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAaO4cAwQA
aPPAAwQAaPkVAwQAzDRoAwQB2K1cMA0GCSqGSIb3DQEBCwUAA4IBAQB4iSrxInp2
ge9kIXRC0oW0ayCDC/jXOx9XrPvnRH/leHP1uT9SW//zAqtg255Y07o5d0qM/D4g
n/vnMnkNheJtaFTpiFLSIfzfQwBWr1L3fBKNNUkeF9nMNg1DtQOzNGY+6AC45dBB
cEgN9Uw2j2gyeAp3QbrIhBc370yJu7eIfplCf9t1JFPfXd6pPXoEX9CUUnvwQ6LD
1vJjKHw2dPEwFgjFQEg68KI/r6JL/2qK+7MoPMnOTPe6FX/YBJvQuMFqFq9Hslc/
tmGUQ+6QtvhmZvw8WTa3M9FIDSZcXkdv1nsctJ1Obz2+d4XLxUuNKkLYN8XYwJRx
EHAYol8xar8A
-----END CERTIFICATE-----
Generated at Thu Aug 21 07:01:14 2025 by rpki-client