Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/MKk2eIZdBEHoejBBXOnExSwoMxY.roa
File: MKk2eIZdBEHoejBBXOnExSwoMxY.roa (raw, json)
Hash identifier: a46f0IAxws6EBAs2zTmMvZ2jH6RBYNwGRDtcrPOSWm4=
Subject key identifier: 30:A9:36:78:86:5D:04:41:E8:7A:30:41:5C:E9:C4:C5:2C:28:33:16
Certificate issuer: /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial: 0198EF3ACA9AE2933545BF5F116FAC43B43F
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/MKk2eIZdBEHoejBBXOnExSwoMxY.roa
Signing time: Thu 28 Aug 2025 05:51:04 +0000
ROA not before: Thu 28 Aug 2025 05:51:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8562
IP address blocks: 84.20.184.0/22 maxlen: 22
90.152.128.0/17 maxlen: 17
176.66.64.0/18 maxlen: 18
185.157.248.0/23 maxlen: 23
188.45.192.0/18 maxlen: 18
193.154.144.0/20 maxlen: 20
217.76.160.0/20 maxlen: 20
2001:890:c000::/34 maxlen: 34
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 02:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ef:3a:ca:9a:e2:93:35:45:bf:5f:11:6f:ac:43:b4:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Validity
Not Before: Aug 28 05:51:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=30a93678865d0441e87a30415ce9c4c52c283316
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:a7:ce:0e:99:16:0f:64:f6:5e:70:23:89:0e:
ac:18:fb:0c:eb:19:9f:0b:3c:4f:77:a9:14:f8:b8:
3b:86:8f:b6:29:f4:44:c3:6f:d0:2a:00:56:8e:f8:
1b:47:65:f2:ba:6e:45:2d:8c:26:32:6a:6f:b8:3b:
7b:ca:cf:95:b5:19:50:ff:bd:51:fb:d1:9e:95:b9:
e6:95:43:44:4e:ce:f1:48:74:18:7b:94:c9:e9:9b:
4b:05:70:95:d5:90:82:38:98:21:08:8b:8d:a3:b5:
10:79:ab:d7:fb:92:85:26:52:f1:20:a4:12:c7:1d:
7d:a9:1b:87:91:64:b9:4b:04:42:f7:7c:3b:9b:80:
26:4a:25:71:47:b7:b3:46:53:ab:07:65:93:70:ca:
15:58:e4:4e:35:31:11:cb:24:e6:5f:97:a2:0b:c3:
37:66:80:eb:db:6f:b4:3b:a8:99:9c:64:00:d5:d8:
4b:46:70:b0:5f:9f:39:72:97:89:4c:3e:75:fb:1e:
1e:5c:cf:27:ea:5c:bc:e3:f6:2d:1d:ef:c0:bb:fc:
bd:35:e6:02:a5:af:bf:5a:72:fd:6e:b6:25:3a:ed:
a8:6a:c4:a7:bc:17:ec:7c:bb:5d:d2:2e:25:f8:af:
ac:aa:df:32:59:ab:c5:08:52:c5:5d:67:ed:58:92:
2b:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:A9:36:78:86:5D:04:41:E8:7A:30:41:5C:E9:C4:C5:2C:28:33:16
X509v3 Authority Key Identifier:
keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/MKk2eIZdBEHoejBBXOnExSwoMxY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.20.184.0/22
90.152.128.0/17
176.66.64.0/18
185.157.248.0/23
188.45.192.0/18
193.154.144.0/20
217.76.160.0/20
IPv6:
2001:890:c000::/34
Signature Algorithm: sha256WithRSAEncryption
d3:98:97:e4:6c:b6:80:59:98:f0:18:f1:d7:ac:27:39:e3:f5:
19:e9:8c:cf:37:44:36:7b:d1:a1:66:02:ef:68:0a:0c:53:76:
4a:c7:9f:24:d6:be:05:b1:c9:72:f0:0f:9b:d7:83:49:4e:23:
3a:b9:0c:3a:ad:81:31:ae:0a:42:2e:0a:f9:45:0a:aa:3c:03:
dd:85:6b:34:18:11:7f:d2:40:fe:43:eb:b1:b9:55:4a:4b:7a:
b3:38:20:20:e9:7e:90:29:ae:2d:d7:89:4f:5e:4a:01:20:49:
d3:a9:49:d0:8e:e7:e4:57:75:bb:c3:f5:47:e6:90:b3:2f:ef:
7f:89:00:d7:e4:df:24:8c:3f:40:3a:58:1f:e0:19:19:5a:47:
9a:5a:3e:cd:5c:e0:51:39:78:20:77:4b:04:39:dc:90:9e:04:
b7:78:c2:00:dd:8b:cf:e6:e0:9b:bd:97:d1:36:46:5e:f6:69:
41:fe:9a:f4:9f:0b:dd:82:19:db:69:8b:bf:18:50:35:fc:c9:
e4:39:b4:48:1e:b9:3e:f7:40:b1:5a:4a:97:57:22:db:37:6e:
ce:ab:e7:33:06:0d:cd:58:63:d5:be:61:d2:d5:49:e7:28:9f:
28:6c:f7:58:a8:5e:8c:6e:e9:ac:34:57:8c:49:d9:0a:e7:bd:
b6:96:47:bd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZjvOsqa4pM1Rb9fEW+sQ7Q/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjUwODI4MDU1MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGE5MzY3ODg2NWQwNDQxZTg3YTMwNDE1Y2U5YzRjNTJjMjgzMzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqfODpkWD2T2XnAjiQ6sGPsM6xmf
CzxPd6kU+Lg7ho+2KfREw2/QKgBWjvgbR2Xyum5FLYwmMmpvuDt7ys+VtRlQ/71R
+9GelbnmlUNETs7xSHQYe5TJ6ZtLBXCV1ZCCOJghCIuNo7UQeavX+5KFJlLxIKQS
xx19qRuHkWS5SwRC93w7m4AmSiVxR7ezRlOrB2WTcMoVWORONTERyyTmX5eiC8M3
ZoDr22+0O6iZnGQA1dhLRnCwX585cpeJTD51+x4eXM8n6ly84/YtHe/Au/y9NeYC
pa+/WnL9brYlOu2oasSnvBfsfLtd0i4l+K+sqt8yWavFCFLFXWftWJIrZwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFDCpNniGXQRB6HowQVzpxMUsKDMWMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvTUtrMmVJWmRCRUhvZWpCQlhPbkV4U3dvTXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAwBAIAATAqAwQCVBS4AwQH
WpiAAwQGsEJAAwQBuZ34AwQGvC3AAwQEwZqQAwQE2UygMA4EAgACMAgDBgYgAQiQ
wDANBgkqhkiG9w0BAQsFAAOCAQEA05iX5Gy2gFmY8Bjx16wnOeP1GemMzzdENnvR
oWYC72gKDFN2SsefJNa+BbHJcvAPm9eDSU4jOrkMOq2BMa4KQi4K+UUKqjwD3YVr
NBgRf9JA/kPrsblVSkt6szggIOl+kCmuLdeJT15KASBJ06lJ0I7n5Fd1u8P1R+aQ
sy/vf4kA1+TfJIw/QDpYH+AZGVpHmlo+zVzgUTl4IHdLBDnckJ4Et3jCAN2Lz+bg
m72X0TZGXvZpQf6a9J8L3YIZ22mLvxhQNfzJ5Dm0SB65PvdAsVpKl1ci2zduzqvn
MwYNzVhj1b5h0tVJ5yifKGz3WKhejG7prDRXjEnZCue9tpZHvQ==
-----END CERTIFICATE-----
Generated at Wed Sep 10 10:30:55 2025 by rpki-client