Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/oamx7vbBGKXzD2JNpf9DYrZteYM.roa
File: oamx7vbBGKXzD2JNpf9DYrZteYM.roa (raw, json)
Hash identifier: bLkSsqGN7tZEHLXspUIi8oLFEUYvArpdmAq5oAfMK58=
Subject key identifier: A1:A9:B1:EE:F6:C1:18:A5:F3:0F:62:4D:A5:FF:43:62:B6:6D:79:83
Certificate issuer: /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial: 0199104A63939D8C830EA8D33CCDDD9AAA2E
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/oamx7vbBGKXzD2JNpf9DYrZteYM.roa
Signing time: Wed 03 Sep 2025 15:55:34 +0000
ROA not before: Wed 03 Sep 2025 15:55:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 400696
IP address blocks: 46.244.98.0/24 maxlen: 24
66.56.83.0/24 maxlen: 24
92.240.148.0/24 maxlen: 24
103.138.78.0/24 maxlen: 24
124.198.134.0/24 maxlen: 24
155.2.193.0/24 maxlen: 24
155.2.220.0/24 maxlen: 24
158.173.145.0/24 maxlen: 24
185.102.168.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 19:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:10:4a:63:93:9d:8c:83:0e:a8:d3:3c:cd:dd:9a:aa:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
Validity
Not Before: Sep 3 15:55:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a1a9b1eef6c118a5f30f624da5ff4362b66d7983
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:00:9a:a7:a2:1c:bd:b1:12:03:13:3e:55:7b:
d6:72:f6:a5:72:13:4c:19:0b:7b:52:d3:fd:1f:db:
ae:94:4b:fa:18:86:79:0c:0f:28:58:d5:3c:e6:b5:
36:4b:6e:45:b1:2b:9a:37:3d:1b:9f:be:eb:42:4b:
d7:78:9b:c5:57:1e:20:09:70:81:71:93:ed:11:9d:
4b:a1:00:eb:12:5e:89:52:73:b1:d5:ce:fc:11:1d:
2b:98:1d:5f:89:9a:93:79:4e:07:fa:cd:14:48:ec:
a8:d4:d6:92:f2:e1:f7:de:01:75:d0:94:1b:e3:3a:
4b:4b:3a:e9:77:5d:bc:cb:bf:94:8a:d7:6d:3c:cc:
17:ef:f6:c6:08:c7:d8:9c:7a:cc:eb:e1:4a:54:66:
c5:f7:7b:59:dd:85:0a:46:ac:35:50:78:44:ce:39:
21:55:a7:a8:5b:17:e3:60:64:c0:77:f9:80:09:03:
43:1d:d4:5a:bf:bc:b9:36:fc:9e:0f:f8:cf:cd:cc:
92:71:ca:1f:df:b9:84:21:e8:9f:0b:b4:e5:45:b7:
64:9b:f8:f1:2f:72:98:97:ed:ce:92:6e:e4:d9:15:
28:10:aa:3c:72:65:62:2a:2b:5d:16:ae:d8:ad:f7:
9f:fc:87:2e:f2:97:94:a5:6e:4b:49:b4:a6:e2:64:
e1:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:A9:B1:EE:F6:C1:18:A5:F3:0F:62:4D:A5:FF:43:62:B6:6D:79:83
X509v3 Authority Key Identifier:
keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/oamx7vbBGKXzD2JNpf9DYrZteYM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.244.98.0/24
66.56.83.0/24
92.240.148.0/24
103.138.78.0/24
124.198.134.0/24
155.2.193.0/24
155.2.220.0/24
158.173.145.0/24
185.102.168.0/24
Signature Algorithm: sha256WithRSAEncryption
78:f4:68:92:20:bf:d0:a7:c8:db:80:34:51:72:e7:8e:f3:8a:
ed:a6:87:19:42:33:10:94:23:e4:77:91:bc:f8:c3:da:ca:fc:
97:4d:fb:2c:4a:bb:dd:59:1a:25:11:db:49:cc:6e:9d:df:f2:
a7:87:93:ac:46:19:40:28:7f:88:61:81:83:83:c9:4f:28:4b:
e3:13:06:a8:04:ea:97:a6:0a:ce:39:2a:72:aa:41:2e:4d:37:
3a:ad:ba:34:dd:23:fa:0a:93:92:34:86:d8:c2:16:52:2f:47:
31:f9:ff:06:a6:50:4f:50:97:84:25:5e:5e:0e:b5:be:14:45:
ff:28:28:a4:c6:7e:fe:ab:f5:82:00:9b:1b:e9:0b:c2:16:d3:
84:cc:15:bc:ea:c6:92:29:b2:46:ea:ac:6f:fc:d4:6f:bb:3a:
20:8e:c0:25:2e:28:0b:1e:66:6a:7f:a1:f3:de:2a:f1:0c:76:
9b:70:3a:70:2b:d9:f2:52:8f:f9:9a:79:3b:9e:c5:cc:40:23:
ed:76:37:2a:82:94:e2:f2:01:33:e9:36:cd:35:ec:21:dc:5a:
06:53:ad:05:f5:4f:fa:3e:3d:54:77:31:d7:a2:eb:75:95:aa:
af:a2:23:e9:c1:2e:43:5a:e8:50:97:d0:12:91:46:c8:41:d2:
a3:95:37:67
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZkQSmOTnYyDDqjTPM3dmqouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwOTAzMTU1NTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWE5YjFlZWY2YzExOGE1ZjMwZjYyNGRhNWZmNDM2MmI2NmQ3OTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwCap6IcvbESAxM+VXvWcvalchNM
GQt7UtP9H9uulEv6GIZ5DA8oWNU85rU2S25FsSuaNz0bn77rQkvXeJvFVx4gCXCB
cZPtEZ1LoQDrEl6JUnOx1c78ER0rmB1fiZqTeU4H+s0USOyo1NaS8uH33gF10JQb
4zpLSzrpd128y7+UitdtPMwX7/bGCMfYnHrM6+FKVGbF93tZ3YUKRqw1UHhEzjkh
VaeoWxfjYGTAd/mACQNDHdRav7y5NvyeD/jPzcySccof37mEIeifC7TlRbdkm/jx
L3KYl+3Okm7k2RUoEKo8cmViKitdFq7Yrfef/Icu8peUpW5LSbSm4mTh3wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKGpse72wRil8w9iTaX/Q2K2bXmDMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvb2FteDd2YkJHS1h6RDJKTnBmOURZclp0ZVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALvRiAwQA
QjhTAwQAXPCUAwQAZ4pOAwQAfMaGAwQAmwLBAwQAmwLcAwQAnq2RAwQAuWaoMA0G
CSqGSIb3DQEBCwUAA4IBAQB49GiSIL/Qp8jbgDRRcueO84rtpocZQjMQlCPkd5G8
+MPayvyXTfssSrvdWRolEdtJzG6d3/Knh5OsRhlAKH+IYYGDg8lPKEvjEwaoBOqX
pgrOOSpyqkEuTTc6rbo03SP6CpOSNIbYwhZSL0cx+f8GplBPUJeEJV5eDrW+FEX/
KCikxn7+q/WCAJsb6QvCFtOEzBW86saSKbJG6qxv/NRvuzogjsAlLigLHmZqf6Hz
3irxDHabcDpwK9nyUo/5mnk7nsXMQCPtdjcqgpTi8gEz6TbNNewh3FoGU60F9U/6
Pj1UdzHXout1laqvoiPpwS5DWuhQl9ASkUbIQdKjlTdn
-----END CERTIFICATE-----
Generated at Sat Sep 6 03:27:10 2025 by rpki-client