Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/oPRXnsL5INwqLC1NQuIf4ZAf32c.roa
File: oPRXnsL5INwqLC1NQuIf4ZAf32c.roa (raw, json)
Hash identifier: Q33Xwu3J1rkbAKsrHCB0KfJpoWIRtKaUuoBQYcngjzk=
Subject key identifier: A0:F4:57:9E:C2:F9:20:DC:2A:2C:2D:4D:42:E2:1F:E1:90:1F:DF:67
Certificate issuer: /CN=7f50077d2dd8a67a1ae8b6abd6bbb3489028a5bb
Certificate serial: 0197361160AEBD2FF3056945B3BEFE75B31A
Authority key identifier: 7F:50:07:7D:2D:D8:A6:7A:1A:E8:B6:AB:D6:BB:B3:48:90:28:A5:BB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/oPRXnsL5INwqLC1NQuIf4ZAf32c.roa
Signing time: Tue 03 Jun 2025 13:53:17 +0000
ROA not before: Tue 03 Jun 2025 13:53:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 766
IP address blocks: 130.206.0.0/16 maxlen: 16
158.99.0.0/16 maxlen: 16
185.205.148.0/22 maxlen: 22
192.148.201.0/24 maxlen: 24
192.148.202.0/23 maxlen: 23
192.148.204.0/22 maxlen: 22
192.187.24.0/23 maxlen: 23
193.144.0.0/14 maxlen: 14
212.128.0.0/18 maxlen: 18
212.128.64.0/20 maxlen: 20
212.128.80.0/21 maxlen: 21
212.128.128.0/17 maxlen: 17
2001:720::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.crl
rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.mft
rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 11:24:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:36:11:60:ae:bd:2f:f3:05:69:45:b3:be:fe:75:b3:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7f50077d2dd8a67a1ae8b6abd6bbb3489028a5bb
Validity
Not Before: Jun 3 13:53:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a0f4579ec2f920dc2a2c2d4d42e21fe1901fdf67
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:79:a5:87:1f:76:c2:f0:82:40:28:61:d1:cc:
19:60:d4:5b:e3:8d:ca:a4:82:71:a3:fe:ea:5f:b4:
56:3d:bf:fe:5e:90:5c:7a:c9:42:39:77:51:05:c4:
ab:44:52:c9:b0:13:05:ba:a1:2b:7c:7a:2f:e9:53:
f0:7e:47:3c:e5:e2:19:0d:26:34:0c:a5:08:d9:43:
96:d7:66:d1:24:cf:5b:54:d8:52:64:b0:e9:fd:b0:
d6:a4:d9:fe:db:ae:58:11:d6:76:66:59:bc:d6:d7:
d0:0c:5a:ba:41:6a:3d:7b:55:e2:cb:d3:fa:46:d9:
9b:12:1b:c6:7d:ba:ad:99:24:77:9f:ff:c7:92:7d:
6c:67:ce:9a:96:fa:0d:f7:9a:86:7e:01:c6:dc:dd:
3a:2c:7a:78:6b:ed:c5:29:bd:73:85:00:e1:7a:e8:
dc:ed:49:80:07:78:32:b7:92:4a:03:37:16:93:b8:
b9:57:df:f1:62:00:31:29:db:ca:d4:66:03:48:56:
bb:e0:6a:84:95:b1:7d:3c:77:8b:2c:cd:8f:97:04:
25:7e:17:52:d2:28:69:83:fb:cc:98:54:51:de:19:
75:38:6f:15:d6:5c:32:8c:c3:1a:0d:4d:df:d9:12:
3b:01:c5:c2:8c:3b:0c:fb:20:2d:d7:24:ea:55:74:
78:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:F4:57:9E:C2:F9:20:DC:2A:2C:2D:4D:42:E2:1F:E1:90:1F:DF:67
X509v3 Authority Key Identifier:
keyid:7F:50:07:7D:2D:D8:A6:7A:1A:E8:B6:AB:D6:BB:B3:48:90:28:A5:BB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/oPRXnsL5INwqLC1NQuIf4ZAf32c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.206.0.0/16
158.99.0.0/16
185.205.148.0/22
192.148.201.0-192.148.207.255
192.187.24.0/23
193.144.0.0/14
212.128.0.0-212.128.87.255
212.128.128.0/17
IPv6:
2001:720::/32
Signature Algorithm: sha256WithRSAEncryption
a5:ce:da:ec:2e:dd:0d:ab:78:70:45:5f:fd:3c:30:e0:a6:ea:
8b:3d:58:bc:a9:97:cd:a6:4d:dd:17:fc:e0:82:3c:bf:f5:54:
f1:30:f9:82:c8:59:92:d0:38:f6:71:6a:5b:21:40:8d:b8:8f:
ce:5b:24:4a:5b:7e:c9:09:f8:57:bc:6e:d4:c1:b8:ce:13:54:
b0:22:bb:14:1f:35:68:7d:ec:b3:55:d0:a3:cf:86:10:89:3a:
4e:1e:8a:80:77:ab:b2:5e:b0:6c:c7:64:7e:3b:75:05:ea:73:
7a:6a:fe:c0:b2:cb:1a:c8:c5:26:b4:ec:03:22:1e:2f:16:ff:
3f:f3:25:6d:7d:71:4a:b6:22:9a:53:f9:6e:92:e2:cc:8b:ec:
68:ca:f5:a5:aa:23:f3:37:97:bf:a8:86:ba:00:a2:2d:f9:ae:
33:d1:18:37:f3:98:f7:45:5c:eb:26:50:51:40:b6:5a:38:70:
a2:b9:a6:e2:f7:15:fb:11:21:21:68:2a:c5:e1:ce:1d:50:b7:
38:a8:57:a0:7d:01:8c:9f:f3:56:b2:af:ae:2b:a8:23:2e:37:
83:c0:fc:4a:a6:71:f1:49:ba:68:2c:14:65:47:84:04:c5:8e:
98:c3:22:c9:2e:ee:85:61:c4:e0:c0:d2:af:59:2a:bd:fd:28:
c0:82:16:50
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZc2EWCuvS/zBWlFs77+dbMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTAwNzdkMmRkOGE2N2ExYWU4YjZhYmQ2YmJiMzQ4OTAy
OGE1YmIwHhcNMjUwNjAzMTM1MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGY0NTc5ZWMyZjkyMGRjMmEyYzJkNGQ0MmUyMWZlMTkwMWZkZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunmlhx92wvCCQChh0cwZYNRb443K
pIJxo/7qX7RWPb/+XpBceslCOXdRBcSrRFLJsBMFuqErfHov6VPwfkc85eIZDSY0
DKUI2UOW12bRJM9bVNhSZLDp/bDWpNn+265YEdZ2Zlm81tfQDFq6QWo9e1Xiy9P6
RtmbEhvGfbqtmSR3n//Hkn1sZ86alvoN95qGfgHG3N06LHp4a+3FKb1zhQDheujc
7UmAB3gyt5JKAzcWk7i5V9/xYgAxKdvK1GYDSFa74GqElbF9PHeLLM2PlwQlfhdS
0ihpg/vMmFRR3hl1OG8V1lwyjMMaDU3f2RI7AcXCjDsM+yAt1yTqVXR4VwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFKD0V57C+SDcKiwtTULiH+GQH99nMB8GA1UdIwQY
MBaAFH9QB30t2KZ6Gui2q9a7s0iQKKW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFBSGZTM1lwbm9hNkxhcjFydXpTSkFvcGJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9jMWMxY2UtZWE1OS00ZGNmLWJjY2Mt
M2U3Y2FkZDg4YzcwLzEvb1BSWG5zTDVJTndxTEMxTlF1SWY0WkFmMzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9jMWMxY2UtZWE1OS00ZGNmLWJjY2MtM2U3Y2FkZDg4Yzcw
LzEvZjFBSGZTM1lwbm9hNkxhcjFydXpTSkFvcGJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwMAgs4DAwCe
YwMEArnNlDAMAwQAwJTJAwQEwJTAAwQBwLsYAwMCwZAwCwMDB9SAAwQD1IBQAwQH
1ICAMA0EAgACMAcDBQAgAQcgMA0GCSqGSIb3DQEBCwUAA4IBAQClztrsLt0Nq3hw
RV/9PDDgpuqLPVi8qZfNpk3dF/zggjy/9VTxMPmCyFmS0Dj2cWpbIUCNuI/OWyRK
W37JCfhXvG7UwbjOE1SwIrsUHzVofeyzVdCjz4YQiTpOHoqAd6uyXrBsx2R+O3UF
6nN6av7AsssayMUmtOwDIh4vFv8/8yVtfXFKtiKaU/lukuLMi+xoyvWlqiPzN5e/
qIa6AKIt+a4z0Rg385j3RVzrJlBRQLZaOHCiuabi9xX7ESEhaCrF4c4dULc4qFeg
fQGMn/NWsq+uK6gjLjeDwPxKpnHxSbpoLBRlR4QExY6YwyLJLu6FYcTgwNKvWSq9
/SjAghZQ
-----END CERTIFICATE-----
Generated at Sat Jun 7 22:05:59 2025 by rpki-client