Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/IEhCe2RiP1kHaLgPWp2uIGJfAZ0.roa
File: IEhCe2RiP1kHaLgPWp2uIGJfAZ0.roa (raw, json)
Hash identifier: sMwZ3VZLJy7JBktDBg+JlT8/uki4J/lb2LVY4JhqWmc=
Subject key identifier: 20:48:42:7B:64:62:3F:59:07:68:B8:0F:5A:9D:AE:20:62:5F:01:9D
Certificate issuer: /CN=68b22eea4a4a3b81654a227eda94e0e75937b015
Certificate serial: 01976DEB2AC421A66D6B292D0707201001EF
Authority key identifier: 68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/IEhCe2RiP1kHaLgPWp2uIGJfAZ0.roa
Signing time: Sat 14 Jun 2025 10:10:17 +0000
ROA not before: Sat 14 Jun 2025 10:10:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204348
IP address blocks: 185.249.255.0/24 maxlen: 24
185.252.112.0/24 maxlen: 24
185.252.112.0/25 maxlen: 25
185.252.112.128/26 maxlen: 26
185.252.112.192/26 maxlen: 26
185.252.113.0/24 maxlen: 24
185.252.115.0/24 maxlen: 24
2a04:b800::/32 maxlen: 32
2a04:b801::/32 maxlen: 32
2a04:b802::/32 maxlen: 32
2a04:b803::/32 maxlen: 32
2a04:b804::/32 maxlen: 32
2a04:b805::/32 maxlen: 32
2a04:b806::/32 maxlen: 32
2a04:b807::/32 maxlen: 32
2a0e:e7c0::/32 maxlen: 32
2a0e:e7c1::/32 maxlen: 32
2a0e:e7c2::/32 maxlen: 32
2a0e:e7c3::/32 maxlen: 32
2a0e:e7c4::/32 maxlen: 32
2a0e:e7c5::/32 maxlen: 32
2a0e:e7c6::/32 maxlen: 32
2a0e:e7c7::/32 maxlen: 32
2a10:a6c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.mft
rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 19:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:6d:eb:2a:c4:21:a6:6d:6b:29:2d:07:07:20:10:01:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68b22eea4a4a3b81654a227eda94e0e75937b015
Validity
Not Before: Jun 14 10:10:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2048427b64623f590768b80f5a9dae20625f019d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:d6:5c:8a:72:ee:e2:b6:08:20:ba:c4:9c:5f:
ca:dc:5f:46:ea:2b:6e:46:8b:61:7a:8e:2c:33:fe:
95:10:07:0b:e6:9a:38:9b:1f:07:be:4f:f2:61:31:
6d:3a:a7:52:9c:f5:53:97:52:ce:11:c3:c4:0c:dc:
f6:38:9a:59:17:37:ce:a4:18:72:93:d2:74:0c:17:
68:60:c5:7d:b5:55:57:33:36:d2:ac:bc:bd:fb:19:
30:7a:b6:2c:d6:27:9f:84:69:43:f8:1a:63:b8:4f:
ac:23:3d:8d:65:cc:f2:9d:60:94:69:19:fc:ee:c2:
e5:0e:c9:45:19:5b:a4:69:eb:9b:8c:c2:f9:bd:ba:
22:63:15:1c:a8:c6:1f:c2:57:4a:e5:2d:71:ee:6e:
a3:77:5f:3e:d7:6d:84:8c:a7:39:6e:1e:c4:93:06:
00:71:2b:8b:34:5e:d7:52:d0:92:37:eb:47:51:53:
21:22:1a:be:1f:e0:3e:c5:a3:c0:92:23:46:e7:35:
c0:8c:74:ee:1d:e8:64:55:f6:52:bf:2e:0e:a9:e7:
01:2a:06:3a:2c:99:e6:2e:6a:26:be:26:bb:bc:54:
b5:88:20:b6:70:7c:22:f7:99:13:5a:36:dc:e1:3b:
1b:73:1f:51:90:fb:9f:4f:63:a8:43:af:0e:24:12:
e3:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:48:42:7B:64:62:3F:59:07:68:B8:0F:5A:9D:AE:20:62:5F:01:9D
X509v3 Authority Key Identifier:
keyid:68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/IEhCe2RiP1kHaLgPWp2uIGJfAZ0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.249.255.0/24
185.252.112.0/23
185.252.115.0/24
IPv6:
2a04:b800::/29
2a0e:e7c0::/29
2a10:a6c0::/29
Signature Algorithm: sha256WithRSAEncryption
29:01:ac:c3:da:61:e2:b5:18:f8:d6:58:fc:72:4a:92:c6:e4:
30:9a:9a:ff:1d:77:78:74:58:6a:4b:7f:ce:45:c1:42:6e:d6:
58:34:23:43:d4:9b:06:a8:d1:68:e3:aa:10:89:1e:ec:50:a8:
47:da:fc:53:16:39:5d:45:0e:94:43:7f:d1:44:02:b3:fa:ec:
81:d0:d3:eb:76:4a:52:ba:4c:cb:0c:ce:f1:9b:a7:4d:da:06:
e1:2e:e8:b1:dc:8b:26:39:90:3a:13:b4:5a:37:f5:23:a9:4c:
69:f2:79:2d:db:fc:c3:89:84:51:c2:3a:1d:3e:aa:72:5e:1c:
10:99:67:9e:55:f4:48:06:71:d0:0a:5f:36:dd:06:f3:97:3b:
b1:f2:76:fa:6f:72:76:e9:1f:7e:d7:8b:92:92:13:b9:08:18:
f8:bc:99:cf:f8:9e:69:5f:70:fc:60:73:61:e3:c4:c8:46:b9:
a7:2b:5b:6d:bc:de:e7:03:72:32:63:dc:52:da:f1:72:04:9d:
5c:01:52:9a:4d:4c:ec:b6:3e:6d:9b:b6:0b:fe:e1:96:07:66:
2c:a1:bb:c1:d7:78:de:b4:f6:0b:c8:b7:16:0e:b7:dd:1c:93:
64:87:bf:6f:bd:f9:96:03:32:d0:30:5f:a5:95:d4:2e:99:9f:
4e:b7:29:37
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZdt6yrEIaZtayktBwcgEAHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YjIyZWVhNGE0YTNiODE2NTRhMjI3ZWRhOTRlMGU3NTkz
N2IwMTUwHhcNMjUwNjE0MTAxMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDQ4NDI3YjY0NjIzZjU5MDc2OGI4MGY1YTlkYWUyMDYyNWYwMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9ZcinLu4rYIILrEnF/K3F9G6itu
Rotheo4sM/6VEAcL5po4mx8Hvk/yYTFtOqdSnPVTl1LOEcPEDNz2OJpZFzfOpBhy
k9J0DBdoYMV9tVVXMzbSrLy9+xkwerYs1iefhGlD+BpjuE+sIz2NZczynWCUaRn8
7sLlDslFGVukaeubjML5vboiYxUcqMYfwldK5S1x7m6jd18+122EjKc5bh7EkwYA
cSuLNF7XUtCSN+tHUVMhIhq+H+A+xaPAkiNG5zXAjHTuHehkVfZSvy4OqecBKgY6
LJnmLmomvia7vFS1iCC2cHwi95kTWjbc4Tsbcx9RkPufT2OoQ68OJBLjeQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFCBIQntkYj9ZB2i4D1qdriBiXwGdMB8GA1UdIwQY
MBaAFGiyLupKSjuBZUoiftqU4OdZN7AVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2It
MmI2NWE3YThiZThjLzEvSUVoQ2UyUmlQMWtIYUxnUFdwMnVJR0pmQVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2ItMmI2NWE3YThiZThj
LzEvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAYBAIAATASAwQAufn/AwQB
ufxwAwQAufxzMBsEAgACMBUDBQMqBLgAAwUDKg7nwAMFAyoQpsAwDQYJKoZIhvcN
AQELBQADggEBACkBrMPaYeK1GPjWWPxySpLG5DCamv8dd3h0WGpLf85FwUJu1lg0
I0PUmwao0WjjqhCJHuxQqEfa/FMWOV1FDpRDf9FEArP67IHQ0+t2SlK6TMsMzvGb
p03aBuEu6LHciyY5kDoTtFo39SOpTGnyeS3b/MOJhFHCOh0+qnJeHBCZZ55V9EgG
cdAKXzbdBvOXO7HydvpvcnbpH37Xi5KSE7kIGPi8mc/4nmlfcPxgc2HjxMhGuacr
W2283ucDcjJj3FLa8XIEnVwBUppNTOy2Pm2btgv+4ZYHZiyhu8HXeN609gvItxYO
t90ck2SHv2+9+ZYDMtAwX6WV1C6Zn063KTc=
-----END CERTIFICATE-----
Generated at Sun Jun 15 02:43:07 2025 by rpki-client