Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/oahT3NnXYjR3eROBPXgVqmExzQ4.roa
File: oahT3NnXYjR3eROBPXgVqmExzQ4.roa (raw, json)
Hash identifier: bnS1mpf3MDyZgM1InA26BT5kDTmxTLYenqIA43EOv8s=
Subject key identifier: A1:A8:53:DC:D9:D7:62:34:77:79:13:81:3D:78:15:AA:61:31:CD:0E
Certificate issuer: /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial: 01989E907817EF23196D0247D9B215922BD8
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/oahT3NnXYjR3eROBPXgVqmExzQ4.roa
Signing time: Tue 12 Aug 2025 13:55:24 +0000
ROA not before: Tue 12 Aug 2025 13:55:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212477
IP address blocks: 45.144.196.0/24 maxlen: 24
170.62.96.0/22 maxlen: 24
170.62.101.0/24 maxlen: 24
170.62.105.0/24 maxlen: 24
170.62.109.0/24 maxlen: 24
170.62.176.0/21 maxlen: 24
185.102.172.0/22 maxlen: 24
192.253.211.0/24 maxlen: 24
203.188.173.0/24 maxlen: 24
203.188.174.0/24 maxlen: 24
203.188.180.0/24 maxlen: 24
213.254.162.0/24 maxlen: 24
213.254.172.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 23:01:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:9e:90:78:17:ef:23:19:6d:02:47:d9:b2:15:92:2b:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
Validity
Not Before: Aug 12 13:55:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a1a853dcd9d76234777913813d7815aa6131cd0e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:30:8d:59:6e:35:96:aa:09:7a:44:5e:4f:4e:
ef:22:8b:de:cf:24:6d:9e:84:58:be:76:a2:ea:5d:
73:25:8b:77:7a:d2:aa:e9:0a:7b:33:df:cd:79:4f:
90:03:e6:7e:d8:04:14:e2:c1:fb:f8:21:6a:50:a3:
50:8d:ec:39:87:64:68:52:06:ef:aa:e3:ad:6b:66:
d2:ea:36:88:96:cf:93:2a:28:6e:bf:5e:b9:42:7a:
1e:59:47:29:90:23:70:04:21:d7:aa:43:05:46:ef:
02:fe:00:0e:82:32:bc:d3:5f:87:4e:e5:c2:e9:4a:
9d:ae:65:66:a5:f4:7b:3f:d2:43:ba:a6:3d:30:36:
ba:80:e9:26:9d:08:57:fc:7b:30:30:83:85:7d:6b:
d4:30:10:03:70:23:b6:45:8c:89:d4:e5:c6:21:28:
9c:16:c3:20:eb:ee:1f:2c:e9:9a:68:68:53:34:72:
18:ca:c6:a5:57:1f:f1:be:a6:ce:72:20:85:b6:ab:
1c:9d:07:16:ef:cb:5e:cf:c1:c9:38:f8:f3:3f:eb:
72:82:3b:37:16:d3:f5:91:d9:b6:d1:ce:9d:be:18:
2f:7a:23:54:fa:18:10:51:e0:96:7b:aa:e2:59:1a:
9d:b6:ab:32:a7:41:51:e0:e7:bc:22:aa:1d:3d:31:
32:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:A8:53:DC:D9:D7:62:34:77:79:13:81:3D:78:15:AA:61:31:CD:0E
X509v3 Authority Key Identifier:
keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/oahT3NnXYjR3eROBPXgVqmExzQ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.144.196.0/24
170.62.96.0/22
170.62.101.0/24
170.62.105.0/24
170.62.109.0/24
170.62.176.0/21
185.102.172.0/22
192.253.211.0/24
203.188.173.0-203.188.174.255
203.188.180.0/24
213.254.162.0/24
213.254.172.0/23
Signature Algorithm: sha256WithRSAEncryption
e6:0a:bd:a8:8a:90:1f:2d:37:15:a8:9c:76:ce:af:6a:51:5f:
ab:c2:59:ab:60:66:af:7d:7e:60:59:27:85:b0:9f:5c:ca:1f:
3a:e4:2a:55:bf:1a:c7:c8:f8:10:77:1c:ae:34:1e:09:b0:8c:
4d:26:d2:80:a3:c8:3c:28:66:b7:9a:33:3c:b2:90:9e:fb:c0:
dc:e5:89:cd:68:da:92:c2:e0:21:f3:7f:d7:db:90:4b:69:29:
1f:44:85:4e:8c:5f:50:93:4b:d7:1d:db:da:f1:ad:a8:f8:3c:
92:e1:c1:aa:e5:07:5a:1d:ee:41:cc:d4:b9:5d:01:44:b2:76:
93:02:a2:62:b9:79:f1:aa:d7:24:79:55:3c:74:40:2d:42:b4:
0e:30:89:84:c3:87:a4:d6:e2:52:56:ea:e4:fd:06:77:a1:a4:
92:7b:10:d6:aa:24:59:0a:1b:f1:b3:ec:02:bb:e8:2a:1a:cf:
8b:90:32:3e:21:61:f4:34:6d:8b:55:df:77:8e:98:8b:71:01:
af:45:7c:d9:4c:e9:ab:11:29:06:85:7b:c8:67:83:4f:98:b6:
eb:92:94:c9:ff:2b:43:20:81:22:72:68:d3:39:34:5d:62:5b:
b0:05:89:50:4e:86:37:68:ed:1e:58:8f:34:6c:af:10:20:96:
bd:d9:bf:e1
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZiekHgX7yMZbQJH2bIVkivYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwODEyMTM1NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWE4NTNkY2Q5ZDc2MjM0Nzc3OTEzODEzZDc4MTVhYTYxMzFjZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzCNWW41lqoJekReT07vIovezyRt
noRYvnai6l1zJYt3etKq6Qp7M9/NeU+QA+Z+2AQU4sH7+CFqUKNQjew5h2RoUgbv
quOta2bS6jaIls+TKihuv165QnoeWUcpkCNwBCHXqkMFRu8C/gAOgjK801+HTuXC
6UqdrmVmpfR7P9JDuqY9MDa6gOkmnQhX/HswMIOFfWvUMBADcCO2RYyJ1OXGISic
FsMg6+4fLOmaaGhTNHIYysalVx/xvqbOciCFtqscnQcW78tez8HJOPjzP+tygjs3
FtP1kdm20c6dvhgveiNU+hgQUeCWe6riWRqdtqsyp0FR4Oe8IqodPTEyyQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFKGoU9zZ12I0d3kTgT14FaphMc0OMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvb2FoVDNOblhZalIzZVJPQlBYZ1ZxbUV4elE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALZDEAwQC
qj5gAwQAqj5lAwQAqj5pAwQAqj5tAwQDqj6wAwQCuWasAwQAwP3TMAwDBADLvK0D
BADLvK4DBADLvLQDBADV/qIDBAHV/qwwDQYJKoZIhvcNAQELBQADggEBAOYKvaiK
kB8tNxWonHbOr2pRX6vCWatgZq99fmBZJ4Wwn1zKHzrkKlW/GsfI+BB3HK40Hgmw
jE0m0oCjyDwoZreaMzyykJ77wNzlic1o2pLC4CHzf9fbkEtpKR9EhU6MX1CTS9cd
29rxraj4PJLhwarlB1od7kHM1LldAUSydpMComK5efGq1yR5VTx0QC1CtA4wiYTD
h6TW4lJW6uT9BnehpJJ7ENaqJFkKG/Gz7AK76Coaz4uQMj4hYfQ0bYtV33eOmItx
Aa9FfNlM6asRKQaFe8hng0+YtuuSlMn/K0MggSJyaNM5NF1iW7AFiVBOhjdo7R5Y
jzRsrxAglr3Zv+E=
-----END CERTIFICATE-----
Generated at Thu Aug 21 03:57:17 2025 by rpki-client