Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FKkTKRINhBH9fQHsda1lHKlvrCQ.roa
File: FKkTKRINhBH9fQHsda1lHKlvrCQ.roa (raw, json)
Hash identifier: cgemZCPxZhaYvh9kF9IO+QbzrYULexhgvVyj8sqPDow=
Subject key identifier: 14:A9:13:29:12:0D:84:11:FD:7D:01:EC:75:AD:65:1C:A9:6F:AC:24
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 019904EA21F1838B9EAA775D02D64AA5D916
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FKkTKRINhBH9fQHsda1lHKlvrCQ.roa
Signing time: Mon 01 Sep 2025 10:54:36 +0000
ROA not before: Mon 01 Sep 2025 10:54:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42831
IP address blocks: 176.125.248.0/24 maxlen: 24
185.222.29.0/24 maxlen: 24
185.240.122.0/24 maxlen: 24
185.251.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 10:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:04:ea:21:f1:83:8b:9e:aa:77:5d:02:d6:4a:a5:d9:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Sep 1 10:54:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=14a91329120d8411fd7d01ec75ad651ca96fac24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:b2:0e:01:ef:98:30:79:6d:fb:86:0f:e0:ec:
a1:59:9f:b1:45:99:24:f7:04:38:25:03:06:33:62:
46:78:ee:d9:e6:70:3c:92:e8:3b:c8:29:38:96:39:
fc:8a:2c:26:32:97:4e:24:67:89:31:61:82:3b:05:
a2:cb:85:28:69:79:08:fa:2b:f3:26:68:fa:15:6a:
6c:f3:45:2c:ed:40:ef:38:d0:8e:9f:99:7e:0d:11:
a5:64:3f:55:0e:9b:3a:4b:f3:94:b2:4f:32:6d:b2:
27:af:2e:7e:53:a3:83:9e:7c:75:e4:7e:6b:31:68:
66:7c:11:12:ff:24:8d:f7:0b:21:20:09:6d:1e:ff:
68:89:c0:26:37:03:2b:8e:2f:7d:40:d2:97:34:86:
2c:0c:41:9d:54:fe:ec:2a:be:39:3b:7e:49:09:ed:
86:a4:8a:16:5d:a9:01:c5:2d:c7:3f:26:b4:e9:0e:
df:79:c1:3f:06:1b:7c:45:64:b6:83:2b:8b:b0:a7:
69:4d:6d:26:55:58:83:98:c0:79:53:9e:bf:39:22:
20:30:d9:82:83:86:f2:f3:85:20:ba:10:fa:c6:78:
2c:57:b5:0f:e0:c8:74:d6:2a:54:72:b4:dc:20:fe:
f5:55:e2:15:00:a8:34:14:dc:6d:e3:ae:5f:19:e1:
b1:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:A9:13:29:12:0D:84:11:FD:7D:01:EC:75:AD:65:1C:A9:6F:AC:24
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FKkTKRINhBH9fQHsda1lHKlvrCQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.125.248.0/24
185.222.29.0/24
185.240.122.0/24
185.251.231.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:12:b7:34:98:50:8f:29:86:33:98:6b:15:1c:8a:7d:e0:3a:
b1:76:2f:a8:2a:60:58:4c:75:61:b0:00:5b:94:f4:f2:11:b6:
42:b8:e5:0e:65:65:fd:e5:12:a8:df:51:77:97:42:60:bd:44:
17:6a:d2:29:93:97:06:ea:bd:db:7d:97:ec:d8:5c:8b:65:31:
eb:b1:a5:d4:b3:ab:1d:28:5e:dd:a6:22:1a:ee:d5:53:80:87:
96:9e:73:0e:e6:4c:9a:06:5e:3a:3a:be:0e:22:9f:fd:0c:7d:
be:b7:e2:bf:8c:95:0d:47:64:c3:bc:0d:e2:91:df:cd:a6:e8:
2f:fa:8d:f9:11:9c:c0:1b:ff:f3:7f:7c:a4:43:eb:56:b6:b3:
05:4a:1b:f6:41:6c:c7:1b:f6:37:b2:d3:31:78:0f:28:bf:be:
b0:45:3f:de:d8:d9:ba:49:8f:75:e1:d2:c1:39:cb:1a:dc:68:
27:4f:cf:4e:17:ec:c1:9f:95:36:6e:f5:52:72:30:40:77:84:
e0:e9:02:9a:ca:de:76:8f:cc:ef:32:8b:02:8e:72:24:27:6c:
b0:54:63:98:85:95:07:8a:f8:e2:fa:a8:b4:f6:f0:09:7e:16:
b6:12:47:fe:d6:bb:8f:cd:96:9e:02:85:ab:72:79:40:2c:e0:
32:4c:c3:d7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZkE6iHxg4ueqnddAtZKpdkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwOTAxMTA1NDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGE5MTMyOTEyMGQ4NDExZmQ3ZDAxZWM3NWFkNjUxY2E5NmZhYzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8rIOAe+YMHlt+4YP4OyhWZ+xRZkk
9wQ4JQMGM2JGeO7Z5nA8kug7yCk4ljn8iiwmMpdOJGeJMWGCOwWiy4UoaXkI+ivz
Jmj6FWps80Us7UDvONCOn5l+DRGlZD9VDps6S/OUsk8ybbInry5+U6ODnnx15H5r
MWhmfBES/ySN9wshIAltHv9oicAmNwMrji99QNKXNIYsDEGdVP7sKr45O35JCe2G
pIoWXakBxS3HPya06Q7fecE/Bht8RWS2gyuLsKdpTW0mVViDmMB5U56/OSIgMNmC
g4by84UguhD6xngsV7UP4Mh01ipUcrTcIP71VeIVAKg0FNxt465fGeGxBwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBSpEykSDYQR/X0B7HWtZRypb6wkMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRktrVEtSSU5oQkg5ZlFIc2RhMWxIS2x2ckNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAsH34AwQA
ud4dAwQAufB6AwQAufvnMA0GCSqGSIb3DQEBCwUAA4IBAQArErc0mFCPKYYzmGsV
HIp94Dqxdi+oKmBYTHVhsABblPTyEbZCuOUOZWX95RKo31F3l0JgvUQXatIpk5cG
6r3bfZfs2FyLZTHrsaXUs6sdKF7dpiIa7tVTgIeWnnMO5kyaBl46Or4OIp/9DH2+
t+K/jJUNR2TDvA3ikd/Npugv+o35EZzAG//zf3ykQ+tWtrMFShv2QWzHG/Y3stMx
eA8ov76wRT/e2Nm6SY914dLBOcsa3GgnT89OF+zBn5U2bvVScjBAd4Tg6QKayt52
j8zvMosCjnIkJ2ywVGOYhZUHivji+qi09vAJfha2Ekf+1ruPzZaeAoWrcnlALOAy
TMPX
-----END CERTIFICATE-----
Generated at Fri Sep 5 18:01:26 2025 by rpki-client