Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xHRuB04WVelcGlor8QgRfxuqgaA.roa
File: xHRuB04WVelcGlor8QgRfxuqgaA.roa (raw, json)
Hash identifier: 6+003LoatefRRQL8EWqTRr2bABcnmrzl+azEagj1yIc=
Subject key identifier: C4:74:6E:07:4E:16:55:E9:5C:1A:5A:2B:F1:08:11:7F:1B:AA:81:A0
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0198DD5494875361FB487DC8C54C8597F4EB
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xHRuB04WVelcGlor8QgRfxuqgaA.roa
Signing time: Sun 24 Aug 2025 18:26:04 +0000
ROA not before: Sun 24 Aug 2025 18:26:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207957
IP address blocks: 64.188.90.0/24 maxlen: 24
64.188.98.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
77.239.107.0/24 maxlen: 24
144.31.213.0/24 maxlen: 24
144.31.214.0/24 maxlen: 24
144.31.215.0/24 maxlen: 24
144.31.216.0/24 maxlen: 24
144.31.217.0/24 maxlen: 24
144.31.218.0/24 maxlen: 24
144.31.219.0/24 maxlen: 24
185.170.153.0/24 maxlen: 24
185.170.154.0/24 maxlen: 24
193.23.200.0/24 maxlen: 24
193.23.201.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 17:17:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:dd:54:94:87:53:61:fb:48:7d:c8:c5:4c:85:97:f4:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Aug 24 18:26:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c4746e074e1655e95c1a5a2bf108117f1baa81a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:d4:65:d7:dd:49:92:8e:6f:4d:ab:79:0b:6d:
f2:eb:d3:4e:55:22:52:a7:be:b8:e9:35:cd:2d:cd:
d9:95:e1:85:5b:d4:c6:2d:b2:1e:2d:c0:96:bd:52:
30:d7:15:79:f7:17:48:70:36:9d:fa:ff:72:73:7d:
00:69:16:7a:2b:cc:11:16:99:29:89:3f:8c:0a:db:
b0:f8:b4:0f:01:af:f4:53:20:d2:99:63:15:19:b2:
10:b2:5f:82:0a:a8:b2:ae:56:f5:e5:a6:49:66:d0:
7f:e7:1f:c1:c0:db:d4:da:aa:5d:fb:cd:10:2d:fa:
ad:cc:e5:63:1d:42:36:50:cc:6e:8d:07:7d:75:3b:
42:e0:78:1a:bc:11:02:99:3a:e7:c8:39:0c:80:ad:
a1:bd:b7:27:cc:f6:17:94:3d:70:0f:46:57:c3:a0:
48:06:03:fa:ad:ed:40:2e:80:f6:bc:7c:d4:58:35:
9d:b6:08:28:2f:db:6c:a5:1b:5a:91:90:c4:3d:39:
84:d8:a8:ec:5b:f4:12:42:c7:14:98:37:d2:e3:96:
6e:30:76:6a:62:48:e7:f0:e5:30:36:a9:e2:2e:c2:
2b:8b:2e:50:c7:73:e2:ba:ea:74:2e:16:08:dc:61:
85:e8:18:d4:1d:99:8b:f8:8a:57:16:a8:4a:3d:ad:
00:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:74:6E:07:4E:16:55:E9:5C:1A:5A:2B:F1:08:11:7F:1B:AA:81:A0
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xHRuB04WVelcGlor8QgRfxuqgaA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.90.0/24
64.188.98.0/24
64.188.127.0/24
77.239.107.0/24
144.31.213.0-144.31.219.255
185.170.153.0-185.170.154.255
193.23.200.0/23
Signature Algorithm: sha256WithRSAEncryption
19:68:37:3b:bc:ae:95:1d:ff:c9:0c:ab:e1:f3:f6:82:c3:1f:
be:08:3d:a8:c5:76:40:84:72:1e:55:f5:3d:d3:28:fc:9c:61:
22:a2:c7:d9:55:f2:e5:46:28:56:ac:da:ff:87:30:f6:4c:aa:
f9:f8:88:fe:f7:76:12:18:5b:94:23:0a:9f:96:91:b6:ba:78:
e6:ce:00:f3:3e:3b:fc:a3:c2:0b:cc:5e:c8:4e:85:5a:02:2e:
9b:d5:63:d1:7e:b4:f4:3e:e1:a9:9e:a1:05:02:57:d0:40:2f:
cf:16:9c:ab:1a:2c:bd:b1:b9:bd:66:5a:e5:c7:31:a7:23:d3:
09:57:fa:f0:c0:bc:45:df:dd:3a:a1:c4:6e:34:cb:25:4c:62:
04:15:9c:cb:c4:03:5f:a0:df:9a:16:59:71:65:c0:c1:78:a1:
6f:63:0c:ef:1d:fe:8d:01:ac:e3:70:d0:af:27:3d:1a:1a:dc:
b3:f4:b2:16:c7:93:80:d6:b8:b7:a3:4f:57:55:05:c0:db:b7:
c7:50:0b:af:da:ea:dc:ca:fa:73:d1:fe:e2:c4:eb:84:82:1a:
a0:23:46:eb:09:ab:c9:f4:d5:bd:b6:02:f2:75:73:b8:36:c1:
a5:77:3a:7d:43:bf:a0:d1:01:81:b1:24:29:38:8e:18:9e:39:
ef:8e:df:6c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZjdVJSHU2H7SH3IxUyFl/TrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODI0MTgyNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDc0NmUwNzRlMTY1NWU5NWMxYTVhMmJmMTA4MTE3ZjFiYWE4MWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9Rl191Jko5vTat5C23y69NOVSJS
p7646TXNLc3ZleGFW9TGLbIeLcCWvVIw1xV59xdIcDad+v9yc30AaRZ6K8wRFpkp
iT+MCtuw+LQPAa/0UyDSmWMVGbIQsl+CCqiyrlb15aZJZtB/5x/BwNvU2qpd+80Q
LfqtzOVjHUI2UMxujQd9dTtC4HgavBECmTrnyDkMgK2hvbcnzPYXlD1wD0ZXw6BI
BgP6re1ALoD2vHzUWDWdtggoL9tspRtakZDEPTmE2KjsW/QSQscUmDfS45ZuMHZq
Ykjn8OUwNqniLsIriy5Qx3Piuup0LhYI3GGF6BjUHZmL+IpXFqhKPa0AHQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFMR0bgdOFlXpXBpaK/EIEX8bqoGgMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveEhSdUIwNFdWZWxjR2xvcjhRZ1JmeHVxZ2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQAQLxaAwQA
QLxiAwQAQLx/AwQATe9rMAwDBACQH9UDBAKQH9gwDAMEALmqmQMEALmqmgMEAcEX
yDANBgkqhkiG9w0BAQsFAAOCAQEAGWg3O7yulR3/yQyr4fP2gsMfvgg9qMV2QIRy
HlX1PdMo/JxhIqLH2VXy5UYoVqza/4cw9kyq+fiI/vd2EhhblCMKn5aRtrp45s4A
8z47/KPCC8xeyE6FWgIum9Vj0X609D7hqZ6hBQJX0EAvzxacqxosvbG5vWZa5ccx
pyPTCVf68MC8Rd/dOqHEbjTLJUxiBBWcy8QDX6DfmhZZcWXAwXihb2MM7x3+jQGs
43DQryc9Ghrcs/SyFseTgNa4t6NPV1UFwNu3x1ALr9rq3Mr6c9H+4sTrhIIaoCNG
6wmryfTVvbYC8nVzuDbBpXc6fUO/oNEBgbEkKTiOGJ45747fbA==
-----END CERTIFICATE-----
Generated at Fri Sep 5 21:59:06 2025 by rpki-client