Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/2ITJmEtwojQ3DH4pL8HTXjdLM_w.roa
File: 2ITJmEtwojQ3DH4pL8HTXjdLM_w.roa (raw, json)
Hash identifier: LgkVTJwNyUbm76D9pkR0ApuYZjOHFOALEG2alzj2A78=
Subject key identifier: D8:84:C9:98:4B:70:A2:34:37:0C:7E:29:2F:C1:D3:5E:37:4B:33:FC
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 019908D00C771820F6678E5B937BBE137C5B
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/2ITJmEtwojQ3DH4pL8HTXjdLM_w.roa
Signing time: Tue 02 Sep 2025 05:04:36 +0000
ROA not before: Tue 02 Sep 2025 05:04:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205899
IP address blocks: 46.249.110.0/24 maxlen: 24
89.251.10.0/24 maxlen: 24
185.215.247.0/24 maxlen: 24
185.231.172.0/24 maxlen: 24
185.231.173.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 17 Sep 2025 07:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:08:d0:0c:77:18:20:f6:67:8e:5b:93:7b:be:13:7c:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Sep 2 05:04:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d884c9984b70a234370c7e292fc1d35e374b33fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:ed:4f:4a:22:6c:23:62:96:f1:f9:46:78:44:
e3:04:08:3b:b3:98:22:7a:c1:8a:59:d1:5e:7a:dc:
62:c7:b2:58:41:55:3e:95:5d:c1:f9:38:d3:bc:ae:
67:93:0f:50:eb:2d:34:8a:00:62:c3:bb:b2:73:53:
5d:b6:3c:b8:96:ea:0d:d7:35:c5:40:6f:ff:14:5c:
e1:23:08:8b:1d:ef:1a:a7:49:7f:47:48:dd:38:14:
db:26:8c:6e:25:32:e3:e2:d7:ac:1f:d6:07:e2:6e:
be:a7:45:9c:3c:51:93:6b:05:90:37:44:8e:60:6f:
c8:34:86:4e:d5:09:6f:44:46:a7:ab:06:03:f3:11:
54:4f:5e:28:e9:8a:a4:77:c9:34:42:c0:da:11:54:
7d:cb:bc:2f:37:bd:fd:94:13:a4:12:6e:7b:e2:94:
0f:87:68:5c:e2:31:64:5a:45:0e:fe:1a:e6:e2:48:
1c:7f:bd:e1:c4:49:a9:0e:07:14:89:84:71:da:38:
5e:d6:36:aa:6f:b7:75:2f:f6:d7:e8:eb:a6:a0:0a:
42:eb:98:8f:18:e8:6b:14:83:f9:bd:59:15:b9:36:
f5:1c:14:17:96:8a:73:3b:b5:9c:86:52:da:98:37:
5b:b6:dc:92:71:bb:ff:db:cd:35:90:2a:9e:62:58:
d8:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:84:C9:98:4B:70:A2:34:37:0C:7E:29:2F:C1:D3:5E:37:4B:33:FC
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/2ITJmEtwojQ3DH4pL8HTXjdLM_w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.249.110.0/24
89.251.10.0/24
185.215.247.0/24
185.231.172.0/23
Signature Algorithm: sha256WithRSAEncryption
da:8d:22:0e:95:c5:4a:81:f7:4e:ca:01:f4:3d:4d:d4:f4:26:
de:84:c6:8a:a6:e4:97:99:2b:a4:59:87:9b:c0:87:93:64:20:
3d:06:38:a8:09:46:84:16:6e:ae:65:3f:d4:6a:42:50:a7:18:
4e:ec:c3:6c:ba:00:d9:6b:1b:01:03:9b:f9:dc:e5:1c:1f:44:
1e:b1:60:15:29:ab:e1:65:e0:60:77:d0:21:ce:32:63:cc:93:
19:38:a0:55:13:92:c6:4d:f4:39:0c:20:40:87:51:cf:6d:eb:
9d:b4:92:dd:be:41:86:54:8a:c0:04:52:02:68:ae:be:cc:40:
83:a9:51:fe:9b:68:0c:35:54:01:d5:96:66:48:27:96:63:94:
6b:24:89:d0:f5:3e:25:ca:cf:3c:c8:ef:c1:5c:77:a8:f2:ea:
32:85:c0:9a:5f:35:58:b6:bd:a4:b1:d5:3a:dd:60:2f:ea:d0:
6d:8b:a3:c0:44:e8:d9:a5:1b:88:91:44:91:68:69:9c:bd:0b:
e3:06:ce:01:ca:fe:06:e3:c2:43:e2:06:24:16:4e:bb:2e:04:
1c:32:3a:76:2b:3c:ce:27:14:0e:5e:cd:28:2e:56:4e:ab:79:
4b:38:3b:3b:c0:07:64:b0:82:3b:63:49:11:e2:f6:2e:07:dd:
6f:3f:0b:43
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZkI0Ax3GCD2Z45bk3u+E3xbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwOTAyMDUwNDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODg0Yzk5ODRiNzBhMjM0MzcwYzdlMjkyZmMxZDM1ZTM3NGIzM2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu1PSiJsI2KW8flGeETjBAg7s5gi
esGKWdFeetxix7JYQVU+lV3B+TjTvK5nkw9Q6y00igBiw7uyc1Ndtjy4luoN1zXF
QG//FFzhIwiLHe8ap0l/R0jdOBTbJoxuJTLj4tesH9YH4m6+p0WcPFGTawWQN0SO
YG/INIZO1QlvREanqwYD8xFUT14o6Yqkd8k0QsDaEVR9y7wvN739lBOkEm574pQP
h2hc4jFkWkUO/hrm4kgcf73hxEmpDgcUiYRx2jhe1jaqb7d1L/bX6OumoApC65iP
GOhrFIP5vVkVuTb1HBQXlopzO7WchlLamDdbttyScbv/2801kCqeYljYpQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNiEyZhLcKI0Nwx+KS/B0143SzP8MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvMklUSm1FdHdvalEzREg0cEw4SFRYamRMTV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALvluAwQA
WfsKAwQAudf3AwQBueesMA0GCSqGSIb3DQEBCwUAA4IBAQDajSIOlcVKgfdOygH0
PU3U9CbehMaKpuSXmSukWYebwIeTZCA9BjioCUaEFm6uZT/UakJQpxhO7MNsugDZ
axsBA5v53OUcH0QesWAVKavhZeBgd9AhzjJjzJMZOKBVE5LGTfQ5DCBAh1HPbeud
tJLdvkGGVIrABFICaK6+zECDqVH+m2gMNVQB1ZZmSCeWY5RrJInQ9T4lys88yO/B
XHeo8uoyhcCaXzVYtr2ksdU63WAv6tBti6PAROjZpRuIkUSRaGmcvQvjBs4Byv4G
48JD4gYkFk67LgQcMjp2KzzOJxQOXs0oLlZOq3lLODs7wAdksII7Y0kR4vYuB91v
PwtD
-----END CERTIFICATE-----
Generated at Tue Sep 16 12:18:11 2025 by rpki-client