Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/3LrpyUuD7JO9u3wG7kplnqGqXDA.roa
File: 3LrpyUuD7JO9u3wG7kplnqGqXDA.roa (raw, json)
Hash identifier: o/QJ9iM/EHh0RGCqkBBGdUEXsIwv5yymFRMEJNyhZUs=
Subject key identifier: DC:BA:E9:C9:4B:83:EC:93:BD:BB:7C:06:EE:4A:65:9E:A1:AA:5C:30
Certificate issuer: /CN=8c32a6e57ec81cc5cb43bb503749b360f2b05c3b
Certificate serial: 01973609237D822B7CFF1E6B44312C6C97EB
Authority key identifier: 8C:32:A6:E5:7E:C8:1C:C5:CB:43:BB:50:37:49:B3:60:F2:B0:5C:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/3LrpyUuD7JO9u3wG7kplnqGqXDA.roa
Signing time: Tue 03 Jun 2025 13:44:17 +0000
ROA not before: Tue 03 Jun 2025 13:44:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59877
IP address blocks: 31.223.190.0/24 maxlen: 24
62.68.65.0/24 maxlen: 24
185.61.176.0/22 maxlen: 24
185.160.52.0/22 maxlen: 24
193.39.0.0/22 maxlen: 24
217.197.108.0/24 maxlen: 24
2a02:7b20::/32 maxlen: 32
2a03:9260::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.crl
rsync://rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.mft
rsync://rpki.ripe.net/repository/DEFAULT/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 07:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:36:09:23:7d:82:2b:7c:ff:1e:6b:44:31:2c:6c:97:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8c32a6e57ec81cc5cb43bb503749b360f2b05c3b
Validity
Not Before: Jun 3 13:44:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dcbae9c94b83ec93bdbb7c06ee4a659ea1aa5c30
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:b7:35:db:ea:41:1e:a6:10:e6:5b:8c:cb:47:
f2:e4:14:d7:cb:fb:48:f3:53:af:6f:59:9c:73:76:
84:ca:b2:b0:a0:b5:23:82:25:08:e2:05:ac:35:af:
7b:ed:0f:99:6f:8e:a6:73:a8:c8:78:8d:81:02:ec:
95:60:ad:3c:b9:12:fa:6d:91:cd:f2:0f:91:03:b5:
77:80:52:04:0a:48:dc:fd:ad:13:1e:90:af:9f:d4:
84:bf:c0:55:4a:06:59:e7:bb:3a:ac:32:a6:2b:9e:
e7:cb:16:4e:4e:4f:f3:e7:b3:58:ae:f3:02:43:fa:
5e:b3:5b:bd:ff:d0:d9:97:f6:c8:e3:b2:c4:bd:50:
cc:58:53:f3:aa:ac:0b:fc:cd:c1:77:8c:74:f9:ab:
58:aa:ca:c0:a2:9b:b1:4c:ed:f1:7b:4c:52:fe:40:
4d:ea:f8:4f:b2:4b:52:1f:de:fb:a5:ca:b3:8a:93:
33:71:ee:5e:cb:c8:00:a3:70:84:e1:a2:f3:9e:c5:
ad:74:48:95:09:c7:65:3c:12:f3:47:dd:97:25:29:
fc:f0:72:36:74:ed:57:c0:90:f5:b5:08:c2:cf:2e:
a8:36:a8:b2:6a:45:40:58:b8:0d:65:03:06:48:f0:
8f:27:4f:98:c1:fa:1f:14:d2:e6:12:ed:a0:af:2c:
82:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:BA:E9:C9:4B:83:EC:93:BD:BB:7C:06:EE:4A:65:9E:A1:AA:5C:30
X509v3 Authority Key Identifier:
keyid:8C:32:A6:E5:7E:C8:1C:C5:CB:43:BB:50:37:49:B3:60:F2:B0:5C:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/3LrpyUuD7JO9u3wG7kplnqGqXDA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/6e0cfa-205e-4d66-ae3a-c743d7c0bb22/1/jDKm5X7IHMXLQ7tQN0mzYPKwXDs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.223.190.0/24
62.68.65.0/24
185.61.176.0/22
185.160.52.0/22
193.39.0.0/22
217.197.108.0/24
IPv6:
2a02:7b20::/32
2a03:9260::/32
Signature Algorithm: sha256WithRSAEncryption
89:c8:9c:dd:8a:e6:ca:1a:9b:b6:ba:93:8d:49:64:2b:b7:6e:
85:d5:57:1a:99:e9:5a:c6:d7:37:0e:9c:ff:a6:c2:18:30:a5:
46:4f:ee:72:a0:d1:c8:2c:d2:3f:e1:64:d0:ea:4d:23:8b:41:
4f:72:61:4b:ee:f8:96:46:da:57:30:12:38:fb:dc:a8:69:b1:
cf:dd:c0:31:e3:79:02:10:b9:26:15:e1:e7:5c:cf:d5:68:93:
d9:01:91:b4:a4:ad:20:43:04:c5:3d:24:3e:12:1f:e7:b2:61:
2f:f4:e6:c9:99:0c:92:0a:f7:92:98:59:b2:95:0c:e8:ce:87:
9c:a9:4b:04:32:8f:33:90:10:b6:0c:c7:d6:5f:d2:8a:63:c3:
97:71:19:23:d9:ba:7b:95:89:57:82:bb:d2:19:9e:6f:d8:88:
5d:bb:d6:9e:2b:c2:3b:5a:cc:f9:f0:a4:74:c7:3b:ed:31:5f:
3c:9c:29:38:c6:c7:e5:9a:ae:10:04:8e:d2:0d:0f:e0:b4:8f:
b7:52:5f:c4:cf:29:e0:31:5a:09:4a:8e:5e:1c:77:1e:24:31:
cb:a6:27:42:f5:7e:02:f3:ad:c8:d6:2d:d8:a9:62:d5:00:18:
f8:e0:31:6c:fc:72:89:a3:b7:c0:f8:5a:43:fc:fe:e0:2b:4e:
07:92:5f:9d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZc2CSN9git8/x5rRDEsbJfrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMzJhNmU1N2VjODFjYzVjYjQzYmI1MDM3NDliMzYwZjJi
MDVjM2IwHhcNMjUwNjAzMTM0NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2JhZTljOTRiODNlYzkzYmRiYjdjMDZlZTRhNjU5ZWExYWE1YzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrc12+pBHqYQ5luMy0fy5BTXy/tI
81Ovb1mcc3aEyrKwoLUjgiUI4gWsNa977Q+Zb46mc6jIeI2BAuyVYK08uRL6bZHN
8g+RA7V3gFIECkjc/a0THpCvn9SEv8BVSgZZ57s6rDKmK57nyxZOTk/z57NYrvMC
Q/pes1u9/9DZl/bI47LEvVDMWFPzqqwL/M3Bd4x0+atYqsrAopuxTO3xe0xS/kBN
6vhPsktSH977pcqzipMzce5ey8gAo3CE4aLznsWtdEiVCcdlPBLzR92XJSn88HI2
dO1XwJD1tQjCzy6oNqiyakVAWLgNZQMGSPCPJ0+YwfofFNLmEu2gryyCWQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNy66clLg+yTvbt8Bu5KZZ6hqlwwMB8GA1UdIwQY
MBaAFIwypuV+yBzFy0O7UDdJs2DysFw7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakRLbTVYN0lITVhMUTd0UU4wbXpZUEt3WERzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC82ZTBjZmEtMjA1ZS00ZDY2LWFlM2Et
Yzc0M2Q3YzBiYjIyLzEvM0xycHlVdUQ3Sk85dTN3RzdrcGxucUdxWERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC82ZTBjZmEtMjA1ZS00ZDY2LWFlM2EtYzc0M2Q3YzBiYjIy
LzEvakRLbTVYN0lITVhMUTd0UU4wbXpZUEt3WERzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQAH9++AwQA
PkRBAwQCuT2wAwQCuaA0AwQCwScAAwQA2cVsMBQEAgACMA4DBQAqAnsgAwUAKgOS
YDANBgkqhkiG9w0BAQsFAAOCAQEAicic3YrmyhqbtrqTjUlkK7duhdVXGpnpWsbX
Nw6c/6bCGDClRk/ucqDRyCzSP+Fk0OpNI4tBT3JhS+74lkbaVzASOPvcqGmxz93A
MeN5AhC5JhXh51zP1WiT2QGRtKStIEMExT0kPhIf57JhL/TmyZkMkgr3kphZspUM
6M6HnKlLBDKPM5AQtgzH1l/SimPDl3EZI9m6e5WJV4K70hmeb9iIXbvWnivCO1rM
+fCkdMc77TFfPJwpOMbH5ZquEASO0g0P4LSPt1JfxM8p4DFaCUqOXhx3HiQxy6Yn
QvV+AvOtyNYt2Kli1QAY+OAxbPxyiaO3wPhaQ/z+4CtOB5JfnQ==
-----END CERTIFICATE-----
Generated at Sat Jun 7 13:45:18 2025 by rpki-client