Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/xxDRFOTla8N7tGZn7evy3dACgq4.roa
File: xxDRFOTla8N7tGZn7evy3dACgq4.roa (raw, json)
Hash identifier: TgmRLmPdu38ZIfbUlnhFYOpaX8B5Morn7URlc3ZpGIw=
Subject key identifier: C7:10:D1:14:E4:E5:6B:C3:7B:B4:66:67:ED:EB:F2:DD:D0:02:82:AE
Certificate issuer: /CN=9803c40f77bc88faf209f31d361ebbab5caeac4a
Certificate serial: 01973B0ADFA9EA73364B9E4A80E879FF9060
Authority key identifier: 98:03:C4:0F:77:BC:88:FA:F2:09:F3:1D:36:1E:BB:AB:5C:AE:AC:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mAPED3e8iPryCfMdNh67q1yurEo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/xxDRFOTla8N7tGZn7evy3dACgq4.roa
Signing time: Wed 04 Jun 2025 13:04:17 +0000
ROA not before: Wed 04 Jun 2025 13:04:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51172
IP address blocks: 185.150.40.0/24 maxlen: 24
185.150.41.0/24 maxlen: 24
185.150.43.0/24 maxlen: 24
195.8.218.0/23 maxlen: 23
2001:67c:218::/48 maxlen: 48
2a07:ab40::/48 maxlen: 48
2a07:ab41::/48 maxlen: 48
2a07:ab43::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/mAPED3e8iPryCfMdNh67q1yurEo.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/mAPED3e8iPryCfMdNh67q1yurEo.mft
rsync://rpki.ripe.net/repository/DEFAULT/mAPED3e8iPryCfMdNh67q1yurEo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 11 Jun 2025 04:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3b:0a:df:a9:ea:73:36:4b:9e:4a:80:e8:79:ff:90:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9803c40f77bc88faf209f31d361ebbab5caeac4a
Validity
Not Before: Jun 4 13:04:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c710d114e4e56bc37bb46667edebf2ddd00282ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:62:6f:da:b5:1c:bd:79:0e:66:27:8d:4f:ac:
6e:60:2a:d4:e4:67:c1:cc:d4:11:6b:be:83:1e:3f:
4a:3b:96:88:f3:df:ad:cb:62:f5:8e:54:8e:ea:01:
c4:8e:11:2a:45:57:2d:e2:2a:d9:7b:bc:0c:11:69:
2b:23:21:87:01:91:10:a1:b0:ab:44:eb:ea:3a:54:
df:c1:2a:e0:45:5a:c1:52:f0:e4:a0:5f:92:91:c4:
f0:e4:ed:98:52:8f:05:24:23:34:c3:f9:5e:58:09:
b4:24:af:f0:29:41:f8:9e:b9:43:ca:48:09:03:b1:
15:04:e6:ea:04:f9:7f:f0:14:2f:fc:13:d0:08:e7:
11:f9:40:e2:cd:d0:0a:1f:37:b9:04:5e:20:54:48:
de:78:2b:2f:3f:31:35:2d:6d:ce:e0:90:2b:13:36:
e2:13:83:df:5b:f9:e4:9c:03:68:0b:ff:26:a5:7f:
99:9a:fe:88:57:59:21:3d:31:6e:38:ae:e9:4f:d1:
af:43:75:f9:3f:97:2a:60:61:52:af:9e:11:e1:d0:
08:fd:31:d3:8b:77:12:12:cf:a8:cd:01:ae:54:44:
75:7d:1c:44:6a:8e:bb:e7:74:65:32:63:2b:51:01:
6b:fc:f0:30:b4:8c:90:99:3b:07:f7:69:d6:1e:b0:
02:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:10:D1:14:E4:E5:6B:C3:7B:B4:66:67:ED:EB:F2:DD:D0:02:82:AE
X509v3 Authority Key Identifier:
keyid:98:03:C4:0F:77:BC:88:FA:F2:09:F3:1D:36:1E:BB:AB:5C:AE:AC:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mAPED3e8iPryCfMdNh67q1yurEo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/xxDRFOTla8N7tGZn7evy3dACgq4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/mAPED3e8iPryCfMdNh67q1yurEo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.150.40.0/23
185.150.43.0/24
195.8.218.0/23
IPv6:
2001:67c:218::/48
2a07:ab40::/48
2a07:ab41::/48
2a07:ab43::/48
Signature Algorithm: sha256WithRSAEncryption
50:2d:d5:b3:e7:ce:30:58:76:5c:9b:ce:a1:2a:17:3d:86:bf:
d3:b6:09:e2:45:eb:26:3c:cf:02:59:36:8e:71:05:07:da:42:
b0:25:16:86:07:5d:c3:22:0b:bd:c4:9e:69:30:04:53:8b:e9:
c7:0a:bb:56:ad:cf:a1:5b:21:93:f1:45:30:5a:4d:d7:f3:74:
c6:1b:8e:69:6a:a6:83:a9:db:5e:39:49:8b:76:28:10:04:a9:
dc:2d:58:46:d2:72:a6:a2:25:7e:94:67:38:94:94:16:d9:49:
7d:d9:31:10:39:12:e8:ce:ab:83:39:50:c5:1c:14:df:7b:43:
fb:22:60:09:b6:9d:de:8b:7f:35:98:05:7e:66:34:2f:24:a1:
91:43:e6:de:fd:b5:a4:b7:81:67:e2:9c:f9:cc:e4:25:b5:83:
7f:64:cd:d2:3f:b5:04:b6:34:9c:0e:69:a7:1f:02:40:af:a4:
25:f9:cb:cf:94:f4:30:2c:cb:e4:09:ca:af:27:5b:39:df:41:
e6:89:85:2f:52:ed:5a:03:0b:ba:f5:9c:6f:94:4c:83:a6:ae:
26:0f:53:49:20:1e:cf:63:55:62:fe:60:d5:2b:9a:ee:75:71:
be:ac:1d:87:7e:39:44:be:35:19:dc:7c:54:f1:52:a5:a4:e7:
e3:45:1a:54
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZc7Ct+p6nM2S55KgOh5/5BgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MDNjNDBmNzdiYzg4ZmFmMjA5ZjMxZDM2MWViYmFiNWNh
ZWFjNGEwHhcNMjUwNjA0MTMwNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzEwZDExNGU0ZTU2YmMzN2JiNDY2NjdlZGViZjJkZGQwMDI4MmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmJv2rUcvXkOZieNT6xuYCrU5GfB
zNQRa76DHj9KO5aI89+ty2L1jlSO6gHEjhEqRVct4irZe7wMEWkrIyGHAZEQobCr
ROvqOlTfwSrgRVrBUvDkoF+SkcTw5O2YUo8FJCM0w/leWAm0JK/wKUH4nrlDykgJ
A7EVBObqBPl/8BQv/BPQCOcR+UDizdAKHze5BF4gVEjeeCsvPzE1LW3O4JArEzbi
E4PfW/nknANoC/8mpX+Zmv6IV1khPTFuOK7pT9GvQ3X5P5cqYGFSr54R4dAI/THT
i3cSEs+ozQGuVER1fRxEao6753RlMmMrUQFr/PAwtIyQmTsH92nWHrACPwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFMcQ0RTk5WvDe7RmZ+3r8t3QAoKuMB8GA1UdIwQY
MBaAFJgDxA93vIj68gnzHTYeu6tcrqxKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUFQRUQzZThpUHJ5Q2ZNZE5oNjdxMXl1ckVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iYWQ0YTAtM2U5Yi00NzY0LThhMjQt
ZjNhMjZmMDU1ZjRlLzEveHhEUkZPVGxhOE43dEdabjdldnkzZEFDZ3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iYWQ0YTAtM2U5Yi00NzY0LThhMjQtZjNhMjZmMDU1ZjRl
LzEvbUFQRUQzZThpUHJ5Q2ZNZE5oNjdxMXl1ckVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAYBAIAATASAwQBuZYoAwQA
uZYrAwQBwwjaMCoEAgACMCQDBwAgAQZ8AhgDBwAqB6tAAAADBwAqB6tBAAADBwAq
B6tDAAAwDQYJKoZIhvcNAQELBQADggEBAFAt1bPnzjBYdlybzqEqFz2Gv9O2CeJF
6yY8zwJZNo5xBQfaQrAlFoYHXcMiC73EnmkwBFOL6ccKu1atz6FbIZPxRTBaTdfz
dMYbjmlqpoOp2145SYt2KBAEqdwtWEbScqaiJX6UZziUlBbZSX3ZMRA5EujOq4M5
UMUcFN97Q/siYAm2nd6LfzWYBX5mNC8koZFD5t79taS3gWfinPnM5CW1g39kzdI/
tQS2NJwOaacfAkCvpCX5y8+U9DAsy+QJyq8nWznfQeaJhS9S7VoDC7r1nG+UTIOm
riYPU0kgHs9jVWL+YNUrmu51cb6sHYd+OUS+NRncfFTxUqWk5+NFGlQ=
-----END CERTIFICATE-----
Generated at Tue Jun 10 11:59:52 2025 by rpki-client