Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/CKnGlMti8o0cW0_TTOvILvH3GTI.roa
File: CKnGlMti8o0cW0_TTOvILvH3GTI.roa (raw, json)
Hash identifier: YTW1LO8LVEETvg+a9fQK9S1TnT1qN+MypvEcBqNeL10=
Subject key identifier: 08:A9:C6:94:CB:62:F2:8D:1C:5B:4F:D3:4C:EB:C8:2E:F1:F7:19:32
Certificate issuer: /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial: 0198F3FB1B6DB306B257F77008C215C9F18F
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/CKnGlMti8o0cW0_TTOvILvH3GTI.roa
Signing time: Fri 29 Aug 2025 03:59:36 +0000
ROA not before: Fri 29 Aug 2025 03:59:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7029
IP address blocks: 140.225.192.0/21 maxlen: 21
140.225.200.0/21 maxlen: 21
140.225.208.0/21 maxlen: 21
140.225.216.0/21 maxlen: 21
206.245.136.0/21 maxlen: 21
206.245.144.0/21 maxlen: 21
208.123.184.0/24 maxlen: 24
208.123.186.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 01:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f3:fb:1b:6d:b3:06:b2:57:f7:70:08:c2:15:c9:f1:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Validity
Not Before: Aug 29 03:59:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08a9c694cb62f28d1c5b4fd34cebc82ef1f71932
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:e2:57:68:46:f8:c3:62:ac:f6:6d:16:54:16:
4a:4a:fe:de:d4:74:b6:44:2e:01:86:82:7d:cf:25:
b5:fe:98:a3:11:ec:14:47:63:60:f8:a0:2e:5d:f7:
14:d2:23:05:74:91:6e:54:cd:8e:6d:e2:ec:f8:f7:
dc:ce:e6:8c:13:4f:f6:90:c2:d2:f3:b4:95:e6:6d:
9c:49:59:26:fd:4d:a4:49:30:10:27:30:e6:24:9b:
c9:f5:1b:3f:5c:9f:96:d0:d0:82:b0:b5:f2:0e:35:
97:64:86:b3:05:54:a4:d0:13:c9:eb:24:16:ef:c8:
c5:2d:3b:c8:ac:8d:ae:b9:fa:12:e1:62:83:ce:d2:
5a:45:fa:0f:c5:f3:77:b3:75:72:8c:e1:f1:b4:c1:
90:6e:fb:49:78:87:b1:3a:30:75:59:86:72:fb:50:
7b:4a:af:ad:aa:42:cc:b3:05:df:9e:07:4d:ea:7c:
c4:d1:c5:09:ec:8e:46:31:44:a5:47:d4:9c:22:fb:
aa:87:90:ad:29:90:ff:2a:7d:c0:7b:18:dc:e4:9f:
fd:fe:c6:c0:a6:0f:13:0a:11:0b:95:1b:2b:3c:2a:
9f:d9:f4:a7:5b:0f:c6:e0:0a:62:c4:dd:5e:dd:b3:
7e:5f:2a:42:be:a0:32:a3:7b:74:1a:a6:11:aa:14:
c4:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:A9:C6:94:CB:62:F2:8D:1C:5B:4F:D3:4C:EB:C8:2E:F1:F7:19:32
X509v3 Authority Key Identifier:
keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/CKnGlMti8o0cW0_TTOvILvH3GTI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.225.192.0/19
206.245.136.0-206.245.151.255
208.123.184.0/24
208.123.186.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:5b:be:97:f4:f4:b5:3b:6f:8a:b4:28:51:35:79:c5:e6:ed:
b3:f2:29:4b:b4:4a:c6:d0:a4:c8:ba:58:85:2b:0d:c9:90:9f:
16:56:b6:33:f7:77:7d:4c:78:24:7c:73:8f:b3:20:02:e9:07:
c7:24:9c:31:7d:3f:d3:1b:ac:96:a5:79:0d:1e:07:fd:f8:c3:
bc:9a:d8:66:40:a5:2a:a8:6b:29:34:14:75:37:02:a6:7f:5d:
c4:33:66:f8:be:ee:a3:72:bc:18:65:ec:cd:b1:3f:21:94:a6:
28:c9:9f:c7:26:39:de:dc:1f:1a:99:49:2f:f4:61:95:15:04:
33:7c:c5:d1:87:72:6f:c7:33:28:ac:d3:d4:4f:32:db:cf:6d:
dd:fc:73:77:a6:d1:76:eb:d7:9a:94:84:64:ed:43:50:49:d7:
bd:5f:cf:6a:30:0e:58:80:7b:19:ce:a7:05:e8:1b:8f:b9:05:
d4:9f:5e:90:7a:27:a6:6e:58:58:5b:17:06:b6:61:bd:9a:4c:
f4:f3:3b:2a:b2:59:aa:8a:d1:3e:87:cf:78:2e:bd:24:19:a2:
b9:8d:a8:8f:06:96:07:e7:1e:9d:85:d6:6c:1e:3c:c6:5b:fd:
73:c1:18:41:3c:33:93:c9:45:e8:12:a5:f0:d9:33:7b:3a:1f:
25:e6:49:44
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZjz+xttswayV/dwCMIVyfGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwODI5MDM1OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGE5YzY5NGNiNjJmMjhkMWM1YjRmZDM0Y2ViYzgyZWYxZjcxOTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+JXaEb4w2Ks9m0WVBZKSv7e1HS2
RC4BhoJ9zyW1/pijEewUR2Ng+KAuXfcU0iMFdJFuVM2ObeLs+PfczuaME0/2kMLS
87SV5m2cSVkm/U2kSTAQJzDmJJvJ9Rs/XJ+W0NCCsLXyDjWXZIazBVSk0BPJ6yQW
78jFLTvIrI2uufoS4WKDztJaRfoPxfN3s3VyjOHxtMGQbvtJeIexOjB1WYZy+1B7
Sq+tqkLMswXfngdN6nzE0cUJ7I5GMUSlR9ScIvuqh5CtKZD/Kn3Aexjc5J/9/sbA
pg8TChELlRsrPCqf2fSnWw/G4ApixN1e3bN+XypCvqAyo3t0GqYRqhTERQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAipxpTLYvKNHFtP00zryC7x9xkyMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvQ0tuR2xNdGk4bzBjVzBfVFRPdklMdkgzR1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQFjOHAMAwD
BAPO9YgDBAPO9ZADBADQe7gDBADQe7owDQYJKoZIhvcNAQELBQADggEBAA5bvpf0
9LU7b4q0KFE1ecXm7bPyKUu0SsbQpMi6WIUrDcmQnxZWtjP3d31MeCR8c4+zIALp
B8cknDF9P9MbrJaleQ0eB/34w7ya2GZApSqoayk0FHU3AqZ/XcQzZvi+7qNyvBhl
7M2xPyGUpijJn8cmOd7cHxqZSS/0YZUVBDN8xdGHcm/HMyis09RPMtvPbd38c3em
0Xbr15qUhGTtQ1BJ171fz2owDliAexnOpwXoG4+5BdSfXpB6J6ZuWFhbFwa2Yb2a
TPTzOyqyWaqK0T6Hz3guvSQZormNqI8GlgfnHp2F1mwePMZb/XPBGEE8M5PJRegS
pfDZM3s6HyXmSUQ=
-----END CERTIFICATE-----
Generated at Fri Sep 5 08:35:47 2025 by rpki-client