Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/0lKJFqHkqcQa34WNQL0q3q_mxyc.roa
File: 0lKJFqHkqcQa34WNQL0q3q_mxyc.roa (raw, json)
Hash identifier: pVBhkQZdhMUaNd2IKogFDhterV1L6h4+E6xSS0B0v7I=
Subject key identifier: D2:52:89:16:A1:E4:A9:C4:1A:DF:85:8D:40:BD:2A:DE:AF:E6:C7:27
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 0197C7809754C1C67AF145B795C9C5477B38
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/0lKJFqHkqcQa34WNQL0q3q_mxyc.roa
Signing time: Tue 01 Jul 2025 19:39:42 +0000
ROA not before: Tue 01 Jul 2025 19:39:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 967
IP address blocks: 45.10.68.0/24 maxlen: 24
91.208.109.0/24 maxlen: 24
91.213.174.0/24 maxlen: 24
91.213.186.0/24 maxlen: 24
91.213.189.0/24 maxlen: 24
91.216.169.0/24 maxlen: 24
91.216.190.0/24 maxlen: 24
91.217.135.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 22:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c7:80:97:54:c1:c6:7a:f1:45:b7:95:c9:c5:47:7b:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: Jul 1 19:39:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d2528916a1e4a9c41adf858d40bd2adeafe6c727
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:98:6e:54:d0:60:45:04:33:65:07:b4:e8:21:
e6:0c:99:85:9d:86:33:44:be:13:5a:98:b4:6c:4d:
ef:fe:2c:6b:00:ec:c6:cb:4b:4b:b8:e2:3b:e9:34:
d9:2f:93:87:c2:37:e1:67:4d:0b:ea:06:aa:c3:2b:
9a:6a:80:8b:3b:43:2b:5b:66:3e:b0:4c:33:f3:ef:
76:d9:c6:f0:93:ed:ad:5c:f2:b0:7d:db:f2:48:c5:
45:c9:a0:4f:da:fa:56:f2:ec:88:8e:bc:e8:c8:7c:
32:c2:e3:b5:53:a3:79:ef:b5:26:28:00:1f:0d:6d:
b7:cf:da:23:fb:07:3d:10:94:b1:bb:2f:66:9b:b1:
85:f4:9f:f4:9b:50:02:10:d3:65:e7:48:6e:a3:01:
dc:da:e5:a5:fc:78:78:05:d8:eb:82:b2:3b:28:b7:
17:4d:dc:27:a5:b3:75:f1:3e:ad:12:be:18:7b:81:
1f:cc:cc:e0:b1:fd:97:5b:e2:d6:64:9a:be:0b:3c:
48:59:c0:ca:46:ee:68:42:a4:ae:e6:06:ae:f3:b9:
48:4b:41:6f:44:38:ed:cc:06:2e:3f:dd:f4:a9:07:
12:b4:b5:fe:6b:4e:30:d1:33:18:3b:d7:a4:4d:a5:
10:df:2a:88:cc:8e:ed:31:d9:b6:5f:66:31:27:80:
63:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:52:89:16:A1:E4:A9:C4:1A:DF:85:8D:40:BD:2A:DE:AF:E6:C7:27
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/0lKJFqHkqcQa34WNQL0q3q_mxyc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.68.0/24
91.208.109.0/24
91.213.174.0/24
91.213.186.0/24
91.213.189.0/24
91.216.169.0/24
91.216.190.0/24
91.217.135.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:39:84:76:0c:27:60:4f:ae:43:c1:5c:f4:fe:f7:49:31:64:
32:23:aa:2b:4d:12:3e:ef:d8:5d:8c:aa:9e:c7:1a:7b:98:bc:
a6:21:79:25:1a:69:17:c8:7c:c0:a1:94:e5:79:ac:02:45:84:
38:c2:8d:9e:a8:d2:40:80:1d:d5:b9:6e:c3:41:b7:09:ac:8f:
7d:f7:4f:06:f5:f4:c9:6d:f5:11:87:1a:2b:8f:67:6f:de:77:
af:c8:82:8a:db:70:f1:c9:3f:e2:8c:e1:ef:05:85:1f:6c:54:
51:f5:82:e5:7b:c8:3b:64:50:a1:5b:19:b4:58:24:6d:3e:d7:
87:6d:d5:b7:6b:3c:ea:dc:40:f1:fe:d9:4e:be:ee:8c:e3:dc:
b0:52:32:ce:ec:24:78:87:69:76:22:44:1b:41:6d:4f:0f:65:
4a:e4:7c:7d:0f:44:e2:0c:96:71:d0:18:ed:75:76:f9:16:4e:
ef:58:32:51:ca:00:3d:5c:f8:ed:c2:ab:1a:eb:f5:c3:b8:56:
84:65:d6:70:c8:69:c1:25:6c:49:05:de:11:5c:e9:af:99:df:
63:a6:b4:4c:98:0b:d7:98:28:cd:64:1a:57:c1:14:6a:bd:0f:
f5:c9:dd:62:49:90:dc:b5:f0:2d:20:bb:ae:13:04:d8:fb:e5:
e1:c6:93:51
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZfHgJdUwcZ68UW3lcnFR3s4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjUwNzAxMTkzOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjUyODkxNmExZTRhOWM0MWFkZjg1OGQ0MGJkMmFkZWFmZTZjNzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtphuVNBgRQQzZQe06CHmDJmFnYYz
RL4TWpi0bE3v/ixrAOzGy0tLuOI76TTZL5OHwjfhZ00L6gaqwyuaaoCLO0MrW2Y+
sEwz8+922cbwk+2tXPKwfdvySMVFyaBP2vpW8uyIjrzoyHwywuO1U6N577UmKAAf
DW23z9oj+wc9EJSxuy9mm7GF9J/0m1ACENNl50huowHc2uWl/Hh4BdjrgrI7KLcX
TdwnpbN18T6tEr4Ye4EfzMzgsf2XW+LWZJq+CzxIWcDKRu5oQqSu5gau87lIS0Fv
RDjtzAYuP930qQcStLX+a04w0TMYO9ekTaUQ3yqIzI7tMdm2X2YxJ4BjQQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNJSiRah5KnEGt+FjUC9Kt6v5scnMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvMGxLSkZxSGtxY1FhMzRXTlFMMHEzcV9teHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQpEAwQA
W9BtAwQAW9WuAwQAW9W6AwQAW9W9AwQAW9ipAwQAW9i+AwQAW9mHMA0GCSqGSIb3
DQEBCwUAA4IBAQBOOYR2DCdgT65DwVz0/vdJMWQyI6orTRI+79hdjKqexxp7mLym
IXklGmkXyHzAoZTleawCRYQ4wo2eqNJAgB3VuW7DQbcJrI99908G9fTJbfURhxor
j2dv3nevyIKK23DxyT/ijOHvBYUfbFRR9YLle8g7ZFChWxm0WCRtPteHbdW3azzq
3EDx/tlOvu6M49ywUjLO7CR4h2l2IkQbQW1PD2VK5Hx9D0TiDJZx0BjtdXb5Fk7v
WDJRygA9XPjtwqsa6/XDuFaEZdZwyGnBJWxJBd4RXOmvmd9jprRMmAvXmCjNZBpX
wRRqvQ/1yd1iSZDctfAtILuuEwTY++XhxpNR
-----END CERTIFICATE-----
Generated at Mon Jul 21 03:15:41 2025 by rpki-client