Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/d4bd8b-55f4-4765-ad22-3460cc26480b/1/8VWdbwuahqcw7zclxs3ZXPAVWno.roa
File: 8VWdbwuahqcw7zclxs3ZXPAVWno.roa (raw, json)
Hash identifier: ZO8J4VlFR2M5Qop1zlocM8dgwe5Uq6otS6RyEiq+ukI=
Subject key identifier: F1:55:9D:6F:0B:9A:86:A7:30:EF:37:25:C6:CD:D9:5C:F0:15:5A:7A
Certificate issuer: /CN=97bd9b86531e544afa0309d8be2a7ba69163f9ad
Certificate serial: 0196CDC9673AB81C77C13BD1525469D6CB9E
Authority key identifier: 97:BD:9B:86:53:1E:54:4A:FA:03:09:D8:BE:2A:7B:A6:91:63:F9:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l72bhlMeVEr6AwnYvip7ppFj-a0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/d4bd8b-55f4-4765-ad22-3460cc26480b/1/8VWdbwuahqcw7zclxs3ZXPAVWno.roa
Signing time: Wed 14 May 2025 07:54:10 +0000
ROA not before: Wed 14 May 2025 07:54:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198949
IP address blocks: 141.226.110.0/24 maxlen: 24
167.17.128.0/19 maxlen: 24
185.139.240.0/22 maxlen: 24
2a07:1980::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/d4bd8b-55f4-4765-ad22-3460cc26480b/1/l72bhlMeVEr6AwnYvip7ppFj-a0.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/d4bd8b-55f4-4765-ad22-3460cc26480b/1/l72bhlMeVEr6AwnYvip7ppFj-a0.mft
rsync://rpki.ripe.net/repository/DEFAULT/l72bhlMeVEr6AwnYvip7ppFj-a0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 07:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:cd:c9:67:3a:b8:1c:77:c1:3b:d1:52:54:69:d6:cb:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=97bd9b86531e544afa0309d8be2a7ba69163f9ad
Validity
Not Before: May 14 07:54:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f1559d6f0b9a86a730ef3725c6cdd95cf0155a7a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:99:da:a7:81:66:28:35:3e:5f:c2:81:53:61:
34:9e:71:0a:fe:11:3d:35:40:0d:7b:16:2e:cf:70:
1d:06:f3:a4:41:04:ce:8e:80:ca:20:85:b3:00:75:
dd:80:47:4b:f5:bc:af:be:05:82:30:ab:e5:d1:2e:
a9:b6:42:71:f5:1e:1c:e7:ca:1d:ae:4b:12:7f:4d:
04:40:bf:1a:8c:27:d8:7b:4f:d0:01:a2:87:19:25:
b2:1e:e3:65:63:25:b8:51:ce:36:d3:4b:ec:0f:fb:
2c:dd:83:44:69:f9:d3:d3:da:7b:fc:af:ad:6b:e8:
70:a6:ed:bc:61:5e:e0:81:3f:55:2f:d1:72:12:9e:
77:d2:f5:cd:5c:87:5e:d6:ea:be:78:5a:91:45:f7:
04:6d:58:f0:6e:66:ce:4d:33:cf:13:72:f7:06:13:
52:60:be:80:74:cd:89:91:71:4a:9f:51:b5:a0:ae:
58:42:d0:a9:7d:b1:8b:dc:66:c2:db:43:b5:1a:d9:
01:05:b9:86:42:42:1e:31:c0:b8:a5:9f:fa:6a:98:
0b:6b:60:f2:fc:76:ad:7f:bb:b4:9d:60:87:30:a5:
bf:09:82:8e:e7:49:5e:38:62:cd:16:54:6b:21:7a:
e4:8d:4d:ff:75:de:6f:20:00:69:58:08:60:ad:5d:
a3:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:55:9D:6F:0B:9A:86:A7:30:EF:37:25:C6:CD:D9:5C:F0:15:5A:7A
X509v3 Authority Key Identifier:
keyid:97:BD:9B:86:53:1E:54:4A:FA:03:09:D8:BE:2A:7B:A6:91:63:F9:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l72bhlMeVEr6AwnYvip7ppFj-a0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d4bd8b-55f4-4765-ad22-3460cc26480b/1/8VWdbwuahqcw7zclxs3ZXPAVWno.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d4bd8b-55f4-4765-ad22-3460cc26480b/1/l72bhlMeVEr6AwnYvip7ppFj-a0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.226.110.0/24
167.17.128.0/19
185.139.240.0/22
IPv6:
2a07:1980::/29
Signature Algorithm: sha256WithRSAEncryption
3a:5b:a6:1c:08:a1:27:57:4e:49:df:cd:c7:65:e1:9b:9d:12:
c2:4b:ae:ff:cf:ce:ba:61:f9:01:36:05:b4:d9:89:5b:61:9e:
23:99:51:f0:ff:12:90:84:29:99:12:08:44:a3:0f:bc:32:d0:
7c:ce:21:f0:bf:ff:77:97:b2:35:1d:11:b3:16:30:a1:32:e1:
1a:55:d5:61:9a:3a:3c:92:23:6f:df:ae:81:74:4f:c2:c3:59:
8f:ad:ec:47:eb:72:43:b1:a1:3d:4e:3f:8b:97:f2:a1:79:a3:
e4:f5:94:bc:45:39:dc:71:a6:43:6f:75:c4:e0:e0:fe:4b:cb:
c8:bf:0e:b2:f7:7a:1f:fd:03:83:34:e0:90:28:9b:03:07:4d:
40:a7:8c:fb:25:8c:b6:eb:c1:b2:5e:c9:3e:58:d9:08:23:79:
ec:41:cd:75:ec:68:86:7b:9a:4b:cf:cd:f6:a1:c7:2f:98:af:
7a:c6:54:06:72:59:20:60:26:4a:11:2c:e8:81:f1:3c:78:a4:
31:f1:c2:c1:95:e2:f9:5d:fd:95:88:b0:f3:84:c2:75:f6:df:
a6:ab:36:d4:7f:b1:e9:bb:9a:b4:6f:d7:1b:6d:c2:39:43:f2:
f6:3d:a3:c7:17:97:9e:87:9a:0d:ed:ba:e2:1e:b4:58:2b:53:
f0:8f:b0:1b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZbNyWc6uBx3wTvRUlRp1sueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YmQ5Yjg2NTMxZTU0NGFmYTAzMDlkOGJlMmE3YmE2OTE2
M2Y5YWQwHhcNMjUwNTE0MDc1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTU1OWQ2ZjBiOWE4NmE3MzBlZjM3MjVjNmNkZDk1Y2YwMTU1YTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Jnap4FmKDU+X8KBU2E0nnEK/hE9
NUANexYuz3AdBvOkQQTOjoDKIIWzAHXdgEdL9byvvgWCMKvl0S6ptkJx9R4c58od
rksSf00EQL8ajCfYe0/QAaKHGSWyHuNlYyW4Uc4200vsD/ss3YNEafnT09p7/K+t
a+hwpu28YV7ggT9VL9FyEp530vXNXIde1uq+eFqRRfcEbVjwbmbOTTPPE3L3BhNS
YL6AdM2JkXFKn1G1oK5YQtCpfbGL3GbC20O1GtkBBbmGQkIeMcC4pZ/6apgLa2Dy
/Hatf7u0nWCHMKW/CYKO50leOGLNFlRrIXrkjU3/dd5vIABpWAhgrV2jLwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFPFVnW8LmoanMO83JcbN2VzwFVp6MB8GA1UdIwQY
MBaAFJe9m4ZTHlRK+gMJ2L4qe6aRY/mtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDcyYmhsTWVWRXI2QXduWXZpcDdwcEZqLWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9kNGJkOGItNTVmNC00NzY1LWFkMjIt
MzQ2MGNjMjY0ODBiLzEvOFZXZGJ3dWFocWN3N3pjbHhzM1pYUEFWV25vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9kNGJkOGItNTVmNC00NzY1LWFkMjItMzQ2MGNjMjY0ODBi
LzEvbDcyYmhsTWVWRXI2QXduWXZpcDdwcEZqLWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAjeJuAwQF
pxGAAwQCuYvwMA0EAgACMAcDBQMqBxmAMA0GCSqGSIb3DQEBCwUAA4IBAQA6W6Yc
CKEnV05J383HZeGbnRLCS67/z866YfkBNgW02YlbYZ4jmVHw/xKQhCmZEghEow+8
MtB8ziHwv/93l7I1HRGzFjChMuEaVdVhmjo8kiNv366BdE/Cw1mPrexH63JDsaE9
Tj+Ll/KheaPk9ZS8RTnccaZDb3XE4OD+S8vIvw6y93of/QODNOCQKJsDB01Ap4z7
JYy268GyXsk+WNkII3nsQc117GiGe5pLz832occvmK96xlQGclkgYCZKESzogfE8
eKQx8cLBleL5Xf2ViLDzhMJ19t+mqzbUf7Hpu5q0b9cbbcI5Q/L2PaPHF5eeh5oN
7briHrRYK1Pwj7Ab
-----END CERTIFICATE-----
Generated at Sat Jun 7 13:08:49 2025 by rpki-client