Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/XbTeM1PqMKcQqGHBF2Epuf32B9A.roa
File: XbTeM1PqMKcQqGHBF2Epuf32B9A.roa (raw, json)
Hash identifier: hOnMCvxmcOEtS0aimUSMyI+EYwi7WWRIO2fcpaLnTMo=
Subject key identifier: 5D:B4:DE:33:53:EA:30:A7:10:A8:61:C1:17:61:29:B9:FD:F6:07:D0
Certificate issuer: /CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Certificate serial: 0196FCDF00CAA38051594AC64190124FE43C
Authority key identifier: A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/XbTeM1PqMKcQqGHBF2Epuf32B9A.roa
Signing time: Fri 23 May 2025 11:19:55 +0000
ROA not before: Fri 23 May 2025 11:19:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210099
IP address blocks: 85.117.236.0/24 maxlen: 24
85.117.237.0/24 maxlen: 24
85.117.238.0/24 maxlen: 24
185.17.113.0/24 maxlen: 24
185.73.200.0/22 maxlen: 22
185.73.200.0/24 maxlen: 24
185.73.201.0/24 maxlen: 24
185.73.202.0/24 maxlen: 24
185.165.77.0/24 maxlen: 24
2a04:7c1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl
rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.mft
rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 18:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:fc:df:00:ca:a3:80:51:59:4a:c6:41:90:12:4f:e4:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Validity
Not Before: May 23 11:19:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5db4de3353ea30a710a861c1176129b9fdf607d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:b6:0c:de:33:96:d5:5e:51:ac:a9:4e:97:5b:
03:e3:a7:63:f1:44:b4:26:9e:d3:cc:ae:a8:59:ab:
9c:2e:06:81:b9:1b:70:88:4d:bd:7a:06:4a:13:d2:
ed:17:bc:36:dd:4d:b3:00:b3:90:5e:6e:1d:76:55:
e2:73:48:e6:fe:4e:63:b3:f2:5e:71:03:d7:09:7f:
ae:51:fc:51:fe:6d:ff:f0:96:56:2b:e3:2c:df:a2:
07:98:6d:67:f5:97:7d:5f:00:78:87:df:95:51:01:
ac:5b:33:3b:11:dd:e8:36:20:e0:6f:6e:c5:9b:88:
09:60:34:79:53:9e:fd:8c:44:32:8e:82:e1:ec:63:
83:61:d8:a2:0d:3d:00:99:9e:e7:54:ce:cc:7d:01:
46:07:15:cf:3a:f9:69:1c:cd:ca:28:03:4a:34:21:
85:aa:a3:ba:10:dc:8b:4d:6a:2b:85:89:26:ec:d4:
4e:29:63:92:2c:f3:6c:fa:34:e7:73:5b:c1:cf:d6:
70:c0:b1:7c:da:6a:c9:b4:13:e1:61:f4:5e:ed:cd:
e4:b8:17:9b:c0:64:d6:fe:e4:ad:4f:8c:a4:8f:aa:
53:56:19:5e:5d:cc:9c:c9:f8:71:14:61:60:71:50:
46:93:e1:ef:59:be:a3:ff:35:32:92:11:9e:76:46:
06:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:B4:DE:33:53:EA:30:A7:10:A8:61:C1:17:61:29:B9:FD:F6:07:D0
X509v3 Authority Key Identifier:
keyid:A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/XbTeM1PqMKcQqGHBF2Epuf32B9A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.117.236.0-85.117.238.255
185.17.113.0/24
185.73.200.0/22
185.165.77.0/24
IPv6:
2a04:7c1::/32
Signature Algorithm: sha256WithRSAEncryption
2e:43:f4:bc:a4:a7:f4:4a:32:00:19:17:bb:e9:50:0b:5c:23:
61:0d:54:a6:ed:ec:51:8a:c4:02:59:df:0b:38:44:20:e7:70:
5c:46:84:de:8b:5c:56:a2:a6:d8:6b:f3:4a:60:94:46:d7:1b:
2a:70:45:01:f0:96:d7:4d:52:cb:66:ef:64:b2:c9:23:aa:ca:
1e:f9:dc:ee:ff:86:f6:b3:bf:2d:c0:1d:9f:2e:cc:f6:61:21:
ee:2d:10:83:1a:06:ea:1e:6f:79:22:bf:cf:11:f2:1d:cf:61:
dc:0d:4e:49:a4:1c:8e:7c:d8:89:2b:fe:4c:83:70:96:4d:7d:
5b:fa:83:94:44:c3:99:9b:b2:a8:1b:0c:e7:cb:1d:3c:b4:1c:
9c:a3:cd:08:e2:49:1a:73:a9:59:2c:82:15:c4:d4:19:3f:ef:
c5:42:2a:f5:27:0a:de:77:56:5b:bb:b0:b5:57:c8:69:59:c2:
e9:7a:0a:c0:26:a3:96:73:29:21:e7:ae:97:c6:dd:fd:e8:b0:
c3:06:7a:eb:2b:a5:65:a2:c1:95:cc:c5:23:73:0b:37:40:0f:
58:8c:07:32:9b:d6:e3:cd:43:d7:a8:f8:f0:fa:ec:d9:0a:9d:
41:2e:bf:d3:ae:19:94:5b:b1:cd:08:2c:04:7c:4c:b3:d9:07:
2e:28:55:c8
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZb83wDKo4BRWUrGQZAST+Q8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmRkOWRhZDc1ODc3ZjdkMjhkMTRlMDhkYzU1YjEzMzBi
ZDEzYjcwHhcNMjUwNTIzMTExOTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGI0ZGUzMzUzZWEzMGE3MTBhODYxYzExNzYxMjliOWZkZjYwN2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7YM3jOW1V5RrKlOl1sD46dj8US0
Jp7TzK6oWaucLgaBuRtwiE29egZKE9LtF7w23U2zALOQXm4ddlXic0jm/k5js/Je
cQPXCX+uUfxR/m3/8JZWK+Ms36IHmG1n9Zd9XwB4h9+VUQGsWzM7Ed3oNiDgb27F
m4gJYDR5U579jEQyjoLh7GODYdiiDT0AmZ7nVM7MfQFGBxXPOvlpHM3KKANKNCGF
qqO6ENyLTWorhYkm7NROKWOSLPNs+jTnc1vBz9ZwwLF82mrJtBPhYfRe7c3kuBeb
wGTW/uStT4ykj6pTVhleXcycyfhxFGFgcVBGk+HvWb6j/zUykhGedkYG9wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFF203jNT6jCnEKhhwRdhKbn99gfQMB8GA1UdIwQY
MBaAFKdt2drXWHf30o0U4I3FWxMwvRO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQt
MmFjNmZmNzViZWIwLzEvWGJUZU0xUHFNS2NRcUdIQkYyRXB1ZjMyQjlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQtMmFjNmZmNzViZWIw
LzEvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBAJVdewD
BABVde4DBAC5EXEDBAK5ScgDBAC5pU0wDQQCAAIwBwMFACoEB8EwDQYJKoZIhvcN
AQELBQADggEBAC5D9Lykp/RKMgAZF7vpUAtcI2ENVKbt7FGKxAJZ3ws4RCDncFxG
hN6LXFaipthr80pglEbXGypwRQHwltdNUstm72SyySOqyh753O7/hvazvy3AHZ8u
zPZhIe4tEIMaBuoeb3kiv88R8h3PYdwNTkmkHI582Ikr/kyDcJZNfVv6g5REw5mb
sqgbDOfLHTy0HJyjzQjiSRpzqVksghXE1Bk/78VCKvUnCt53Vlu7sLVXyGlZwul6
CsAmo5ZzKSHnrpfG3f3osMMGeusrpWWiwZXMxSNzCzdAD1iMBzKb1uPNQ9eo+PD6
7NkKnUEuv9OuGZRbsc0ILAR8TLPZBy4oVcg=
-----END CERTIFICATE-----
Generated at Sun Jun 8 04:18:04 2025 by rpki-client