Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/O-fHhprqGev3-IJ0WYfupseeN5o.roa
File: O-fHhprqGev3-IJ0WYfupseeN5o.roa (raw, json)
Hash identifier: CBrzYPOBKTf77W1XU6o13UR2nC0+TLV/Wd4aCflFF2g=
Subject key identifier: 3B:E7:C7:86:9A:EA:19:EB:F7:F8:82:74:59:87:EE:A6:C7:9E:37:9A
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01973FCC86910E1AFA7AA8310CB7B047BAA5
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/O-fHhprqGev3-IJ0WYfupseeN5o.roa
Signing time: Thu 05 Jun 2025 11:14:17 +0000
ROA not before: Thu 05 Jun 2025 11:14:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.139.6.0/23 maxlen: 24
46.249.110.0/24 maxlen: 24
82.115.0.0/24 maxlen: 24
82.115.2.0/24 maxlen: 24
82.115.9.0/24 maxlen: 24
82.115.10.0/23 maxlen: 24
82.115.28.0/23 maxlen: 24
89.251.10.0/24 maxlen: 24
159.255.32.0/22 maxlen: 22
159.255.36.0/22 maxlen: 22
185.231.172.0/22 maxlen: 24
188.209.156.0/22 maxlen: 24
188.253.8.0/21 maxlen: 24
202.133.90.0/23 maxlen: 24
212.90.100.0/22 maxlen: 24
213.173.32.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Jun 2025 22:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3f:cc:86:91:0e:1a:fa:7a:a8:31:0c:b7:b0:47:ba:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jun 5 11:14:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3be7c7869aea19ebf7f882745987eea6c79e379a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:72:5d:77:03:f9:f9:50:b2:0a:10:20:0a:dc:
fb:cc:86:3e:18:2d:83:d0:4e:53:7b:55:91:45:67:
f2:3d:3e:1b:62:e2:44:26:65:ed:14:d7:b5:8e:ec:
3d:da:7d:e9:4e:2e:b0:a7:73:69:07:ed:6c:d6:2f:
7b:88:1b:ea:66:00:37:d1:5b:31:25:1f:da:29:7e:
2f:9d:4f:15:91:ea:8d:22:3a:3e:4e:e5:35:99:d7:
6c:4d:c9:9a:61:ce:41:3f:a6:b4:44:62:8b:54:0b:
b8:a0:b9:01:86:0d:dc:5c:10:7d:6b:0c:c0:25:c5:
40:3b:5a:05:57:4d:e1:5f:f9:35:da:c0:5b:bf:0b:
6c:25:df:dd:8b:63:11:c2:0a:30:49:02:e6:c3:50:
af:62:a9:dc:32:03:80:83:a0:15:fa:b3:25:2e:16:
d1:3b:79:8b:04:ec:f8:4f:18:4e:98:99:09:4d:b4:
2a:28:f7:1b:ca:ba:3e:f6:41:18:b3:d4:7f:25:b9:
58:4a:bd:67:c7:95:97:6a:4b:19:d3:e9:7f:a2:bc:
8e:c7:5f:a9:22:a7:c4:49:3e:3a:b8:74:73:86:79:
d4:e7:07:21:c5:f2:aa:1c:58:94:e1:d1:a8:ff:06:
2e:dd:ba:69:20:fe:0b:c2:0f:8f:6d:35:76:8f:63:
5e:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:E7:C7:86:9A:EA:19:EB:F7:F8:82:74:59:87:EE:A6:C7:9E:37:9A
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/O-fHhprqGev3-IJ0WYfupseeN5o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.139.6.0/23
46.249.110.0/24
82.115.0.0/24
82.115.2.0/24
82.115.9.0-82.115.11.255
82.115.28.0/23
89.251.10.0/24
159.255.32.0/21
185.231.172.0/22
188.209.156.0/22
188.253.8.0/21
202.133.90.0/23
212.90.100.0/22
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
d4:9e:07:cf:73:40:22:0e:73:c9:b4:39:2a:fc:68:49:f2:25:
40:7d:6c:18:a5:5a:5e:f5:05:6f:d6:c7:7e:98:3a:65:c0:e5:
6d:4e:01:3e:5b:9c:a3:03:1a:89:12:e6:9f:b4:ba:72:c2:cf:
bd:83:16:d3:17:f7:21:e9:7e:20:76:57:d0:55:0f:96:0f:03:
30:c6:1b:04:38:53:5f:42:7b:2c:f3:8f:32:bb:a4:db:28:de:
01:fd:53:8f:01:8e:93:1c:49:eb:30:b7:94:31:71:af:74:79:
57:8a:02:67:2f:22:2c:1d:d2:54:ee:3b:23:d8:c3:92:03:4e:
bc:03:88:e9:dd:f6:85:23:18:e8:7f:ca:4a:e5:ef:d7:78:dd:
bf:64:9a:6d:e0:1f:05:0a:49:70:23:4f:63:ea:ab:3b:4a:6f:
a8:5d:43:94:0d:b8:62:18:9d:51:8a:c8:37:0d:2f:d4:8c:7d:
ec:8a:dc:2f:b8:05:c9:b1:02:86:c1:18:6c:57:7f:cb:aa:96:
bc:2b:e6:fa:68:21:97:db:a3:33:8a:6d:88:a3:1c:78:02:c2:
8b:c2:01:f2:1e:b7:23:b1:cd:e0:bd:7c:41:6f:a9:be:9b:2a:
ae:ac:e4:8d:b2:bc:e0:b6:fe:99:dd:09:9c:51:ea:db:e7:d2:
46:d1:ea:50
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAZc/zIaRDhr6eqgxDLewR7qlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwNjA1MTExNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmU3Yzc4NjlhZWExOWViZjdmODgyNzQ1OTg3ZWVhNmM3OWUzNzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3JddwP5+VCyChAgCtz7zIY+GC2D
0E5Te1WRRWfyPT4bYuJEJmXtFNe1juw92n3pTi6wp3NpB+1s1i97iBvqZgA30Vsx
JR/aKX4vnU8VkeqNIjo+TuU1mddsTcmaYc5BP6a0RGKLVAu4oLkBhg3cXBB9awzA
JcVAO1oFV03hX/k12sBbvwtsJd/di2MRwgowSQLmw1CvYqncMgOAg6AV+rMlLhbR
O3mLBOz4TxhOmJkJTbQqKPcbyro+9kEYs9R/JblYSr1nx5WXaksZ0+l/oryOx1+p
IqfEST46uHRzhnnU5wchxfKqHFiU4dGo/wYu3bppIP4Lwg+PbTV2j2Ne5wIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFDvnx4aa6hnr9/iCdFmH7qbHnjeaMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvTy1mSGhwcnFHZXYzLUlKMFdZZnVwc2VlTjVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQBLYsGAwQA
LvluAwQAUnMAAwQAUnMCMAwDBABScwkDBAJScwgDBAFScxwDBABZ+woDBAOf/yAD
BAK556wDBAK80ZwDBAO8/QgDBAHKhVoDBALUWmQDBALVrSAwDQYJKoZIhvcNAQEL
BQADggEBANSeB89zQCIOc8m0OSr8aEnyJUB9bBilWl71BW/Wx36YOmXA5W1OAT5b
nKMDGokS5p+0unLCz72DFtMX9yHpfiB2V9BVD5YPAzDGGwQ4U19CeyzzjzK7pNso
3gH9U48BjpMcSeswt5Qxca90eVeKAmcvIiwd0lTuOyPYw5IDTrwDiOnd9oUjGOh/
ykrl79d43b9kmm3gHwUKSXAjT2PqqztKb6hdQ5QNuGIYnVGKyDcNL9SMfeyK3C+4
BcmxAobBGGxXf8uqlrwr5vpoIZfbozOKbYijHHgCwovCAfIetyOxzeC9fEFvqb6b
Kq6s5I2yvOC2/pndCZxR6tvn0kbR6lA=
-----END CERTIFICATE-----
Generated at Fri Jun 13 07:44:08 2025 by rpki-client