Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/JfF0v8eby0BQNtVREEaJFT1Zxcs.roa
File: JfF0v8eby0BQNtVREEaJFT1Zxcs.roa (raw, json)
Hash identifier: OQTTsSrZcqdOC8lDs04JBaSkoqVL61gLZ8I1J00GtDk=
Subject key identifier: 25:F1:74:BF:C7:9B:CB:40:50:36:D5:51:10:46:89:15:3D:59:C5:CB
Certificate issuer: /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial: 019913B3A460AB1D73CAD46B30069F56A64E
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/JfF0v8eby0BQNtVREEaJFT1Zxcs.roa
Signing time: Thu 04 Sep 2025 07:49:24 +0000
ROA not before: Thu 04 Sep 2025 07:49:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42473
IP address blocks: 152.53.0.0/16 maxlen: 24
152.53.6.0/24 maxlen: 24
152.53.7.0/24 maxlen: 24
152.53.8.0/24 maxlen: 24
152.53.9.0/24 maxlen: 24
152.53.24.0/24 maxlen: 24
152.53.25.0/24 maxlen: 24
152.53.26.0/24 maxlen: 24
152.53.27.0/24 maxlen: 24
152.53.30.0/24 maxlen: 24
152.53.36.0/22 maxlen: 24
152.53.41.0/24 maxlen: 24
152.53.48.0/22 maxlen: 22
152.53.58.0/24 maxlen: 24
152.53.59.0/24 maxlen: 24
152.53.62.0/24 maxlen: 24
152.53.63.0/24 maxlen: 24
152.53.64.0/22 maxlen: 24
152.53.69.0/24 maxlen: 24
152.53.74.0/24 maxlen: 24
152.53.75.0/24 maxlen: 24
152.53.78.0/24 maxlen: 24
152.53.79.0/24 maxlen: 24
152.53.80.0/22 maxlen: 22
152.53.84.0/22 maxlen: 22
152.53.88.0/22 maxlen: 22
152.53.92.0/22 maxlen: 22
152.53.96.0/24 maxlen: 24
152.53.97.0/24 maxlen: 24
152.53.98.0/24 maxlen: 24
152.53.100.0/22 maxlen: 22
152.53.104.0/22 maxlen: 22
152.53.108.0/22 maxlen: 22
152.53.112.0/22 maxlen: 22
152.53.116.0/22 maxlen: 22
152.53.124.0/22 maxlen: 22
152.53.128.0/20 maxlen: 22
152.53.160.0/22 maxlen: 22
152.53.164.0/22 maxlen: 22
152.53.168.0/22 maxlen: 22
152.53.176.0/22 maxlen: 22
152.53.180.0/22 maxlen: 22
152.53.224.0/22 maxlen: 22
152.53.228.0/22 maxlen: 22
152.53.236.0/22 maxlen: 22
152.53.240.0/22 maxlen: 22
152.53.244.0/22 maxlen: 22
152.53.248.0/22 maxlen: 22
152.53.252.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 10 Sep 2025 17:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:13:b3:a4:60:ab:1d:73:ca:d4:6b:30:06:9f:56:a6:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Validity
Not Before: Sep 4 07:49:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=25f174bfc79bcb405036d551104689153d59c5cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:fc:bf:cf:e0:45:78:e6:b8:43:18:2b:cd:53:
c5:ef:1d:77:bc:35:07:ff:6f:64:8b:07:36:cd:e7:
c1:f8:98:ac:31:b3:d1:b2:11:bc:23:d4:11:3e:99:
08:bf:bb:56:89:47:45:68:e9:1d:04:f5:18:7b:72:
7c:14:e9:3c:5e:20:9b:83:26:17:09:92:61:f0:37:
24:4c:06:2a:d6:af:b8:8b:48:88:6a:99:a5:56:2f:
82:59:19:b0:24:ad:1e:07:d6:6a:9e:98:e1:2f:b7:
89:40:9a:db:f1:30:6e:e8:2d:31:97:2c:60:df:83:
34:a1:c1:6a:7e:50:c4:61:c1:80:f6:21:c7:e5:93:
64:a7:a4:10:90:dc:ae:ae:e5:9a:8d:42:76:9a:78:
d9:0a:ae:bb:5e:09:f2:50:d8:88:16:40:e7:b7:73:
d4:a0:5d:86:26:80:5f:94:f9:b9:e0:4a:c1:f0:41:
d0:a2:97:87:83:77:76:56:d8:4e:08:8b:82:ad:cc:
dd:da:fe:8d:8c:be:e7:11:a5:a5:a8:6a:62:3c:b6:
12:05:e3:0e:f9:cc:dc:b0:ec:50:d8:1c:c6:a4:fa:
eb:ed:60:3c:f7:22:0e:2f:4f:0b:4b:c4:98:2f:c6:
10:9d:b9:57:c5:b3:6d:3d:bc:48:6c:75:fc:04:56:
d7:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:F1:74:BF:C7:9B:CB:40:50:36:D5:51:10:46:89:15:3D:59:C5:CB
X509v3 Authority Key Identifier:
keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/JfF0v8eby0BQNtVREEaJFT1Zxcs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.53.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3b:5f:f6:a1:9b:30:a4:4c:8d:db:bf:5d:b9:04:86:f5:6d:ad:
c7:af:a2:38:9e:48:d7:36:df:a9:76:c1:26:0c:c3:d3:1d:4a:
b9:1e:18:39:a7:42:63:dc:b6:72:e6:61:64:3c:cd:a5:52:ce:
f2:34:fa:89:14:d9:c4:7a:00:4c:0e:08:13:fb:71:86:9e:09:
a1:0f:8a:70:a7:2e:be:4f:2d:b2:82:ae:66:81:ec:78:d2:36:
ab:be:de:b1:10:38:41:14:17:e7:d6:3d:48:ad:39:35:14:c5:
89:47:72:01:9a:68:77:08:1c:ca:e7:35:f3:1f:ce:e3:d1:b7:
35:c2:17:d4:bb:12:28:6f:b1:d4:1c:8d:cd:84:67:53:61:9e:
f5:20:50:6d:de:65:5a:ab:3c:e4:c8:e7:d6:97:f7:0b:f0:43:
ed:0c:19:42:23:d8:c8:6e:61:27:33:65:e5:4d:6b:e7:47:1f:
cc:89:83:af:bd:3b:9c:fe:31:4f:c8:b3:70:05:e2:71:f6:21:
eb:29:45:d7:dd:fe:bf:b3:59:c6:48:ba:68:8a:1e:03:f8:12:
5f:fe:de:df:24:5e:ae:80:b2:b5:f2:3e:55:da:49:23:3e:99:
39:4d:04:3e:0a:ef:ed:52:75:bb:ac:31:7c:29:3b:1c:21:1f:
51:55:0f:93
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZkTs6Rgqx1zytRrMAafVqZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjUwOTA0MDc0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWYxNzRiZmM3OWJjYjQwNTAzNmQ1NTExMDQ2ODkxNTNkNTljNWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPy/z+BFeOa4QxgrzVPF7x13vDUH
/29kiwc2zefB+JisMbPRshG8I9QRPpkIv7tWiUdFaOkdBPUYe3J8FOk8XiCbgyYX
CZJh8DckTAYq1q+4i0iIapmlVi+CWRmwJK0eB9ZqnpjhL7eJQJrb8TBu6C0xlyxg
34M0ocFqflDEYcGA9iHH5ZNkp6QQkNyuruWajUJ2mnjZCq67XgnyUNiIFkDnt3PU
oF2GJoBflPm54ErB8EHQopeHg3d2VthOCIuCrczd2v6NjL7nEaWlqGpiPLYSBeMO
+czcsOxQ2BzGpPrr7WA89yIOL08LS8SYL8YQnblXxbNtPbxIbHX8BFbXxQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCXxdL/Hm8tAUDbVURBGiRU9WcXLMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvSmZGMHY4ZWJ5MEJRTnRWUkVFYUpGVDFaeGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBADtf9qGbMKRMjdu/XbkEhvVtrcevojieSNc236l2wSYM
w9MdSrkeGDmnQmPctnLmYWQ8zaVSzvI0+okU2cR6AEwOCBP7cYaeCaEPinCnLr5P
LbKCrmaB7HjSNqu+3rEQOEEUF+fWPUitOTUUxYlHcgGaaHcIHMrnNfMfzuPRtzXC
F9S7EihvsdQcjc2EZ1NhnvUgUG3eZVqrPOTI59aX9wvwQ+0MGUIj2MhuYSczZeVN
a+dHH8yJg6+9O5z+MU/Is3AF4nH2IespRdfd/r+zWcZIumiKHgP4El/+3t8kXq6A
srXyPlXaSSM+mTlNBD4K7+1SdbusMXwpOxwhH1FVD5M=
-----END CERTIFICATE-----
Generated at Tue Sep 9 23:48:26 2025 by rpki-client