Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/bf5JniBkyKbSSiSrUK6PpsjkA_o.roa
File: bf5JniBkyKbSSiSrUK6PpsjkA_o.roa (raw, json)
Hash identifier: G/EVvuIiKK3u39WnHajT6FKjkBStN9/ciaxEIQanbJk=
Subject key identifier: 6D:FE:49:9E:20:64:C8:A6:D2:4A:24:AB:50:AE:8F:A6:C8:E4:03:FA
Certificate issuer: /CN=38e7f47bb9b91657e5726bfcb2def8aad973e268
Certificate serial: 01981404258197944820FC04AADFA3ACEB39
Authority key identifier: 38:E7:F4:7B:B9:B9:16:57:E5:72:6B:FC:B2:DE:F8:AA:D9:73:E2:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OOf0e7m5Flflcmv8st74qtlz4mg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/bf5JniBkyKbSSiSrUK6PpsjkA_o.roa
Signing time: Wed 16 Jul 2025 16:14:32 +0000
ROA not before: Wed 16 Jul 2025 16:14:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59796
IP address blocks: 185.71.64.0/24 maxlen: 24
185.71.66.0/24 maxlen: 24
193.84.85.0/24 maxlen: 24
193.84.88.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/OOf0e7m5Flflcmv8st74qtlz4mg.crl
rsync://rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/OOf0e7m5Flflcmv8st74qtlz4mg.mft
rsync://rpki.ripe.net/repository/DEFAULT/OOf0e7m5Flflcmv8st74qtlz4mg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 10:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:14:04:25:81:97:94:48:20:fc:04:aa:df:a3:ac:eb:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38e7f47bb9b91657e5726bfcb2def8aad973e268
Validity
Not Before: Jul 16 16:14:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6dfe499e2064c8a6d24a24ab50ae8fa6c8e403fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:95:84:eb:b0:50:6d:42:c1:ad:eb:b3:2b:41:
62:d4:f7:84:83:3c:da:28:bd:45:b4:0f:25:10:b1:
60:18:05:5e:79:e3:70:aa:83:33:02:6c:df:b3:48:
d9:81:11:e0:69:76:16:fe:24:8d:39:c7:ae:18:fb:
f4:01:09:3c:49:d4:af:b0:07:52:8e:b2:c5:d9:08:
7a:4d:f8:ba:5e:42:1c:53:cc:a8:0b:7d:43:47:56:
f4:e3:cc:f7:13:8b:69:30:d3:26:ad:34:a2:78:33:
39:6d:79:9e:ac:7a:6a:33:5e:71:c2:29:e9:05:57:
6e:0a:55:cc:cf:24:70:e8:e0:d3:ad:cc:13:f6:23:
77:97:c5:ae:65:45:f0:aa:ac:39:99:1c:26:ba:e6:
30:17:5d:39:4f:57:7e:fe:7d:5e:6f:3d:e3:ee:f8:
46:c4:91:97:79:16:0f:3b:e2:2c:1c:4a:4f:97:f4:
f6:aa:95:73:7f:c1:2a:8d:c8:48:0c:97:0e:c9:75:
5f:d6:71:ff:04:71:04:58:91:6e:cf:9b:75:b7:c7:
bf:0b:25:0b:ec:8c:93:f5:b9:11:5f:24:bd:56:d1:
b3:f3:ba:0f:64:97:fe:ee:e7:0b:f4:98:66:a1:b3:
3e:10:56:e8:5d:04:b1:b2:11:f4:50:17:80:d1:68:
07:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:FE:49:9E:20:64:C8:A6:D2:4A:24:AB:50:AE:8F:A6:C8:E4:03:FA
X509v3 Authority Key Identifier:
keyid:38:E7:F4:7B:B9:B9:16:57:E5:72:6B:FC:B2:DE:F8:AA:D9:73:E2:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OOf0e7m5Flflcmv8st74qtlz4mg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/bf5JniBkyKbSSiSrUK6PpsjkA_o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/bb0e7b-2a81-4970-b3bd-686f0a0616cc/1/OOf0e7m5Flflcmv8st74qtlz4mg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.71.64.0/24
185.71.66.0/24
193.84.85.0/24
193.84.88.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:f0:48:e1:2c:2c:29:fb:60:63:7b:e9:84:33:09:39:b1:9a:
4c:94:55:02:ec:e9:8d:20:2d:7f:81:b6:75:08:fa:3e:d7:05:
a4:ae:89:29:ec:2a:cb:dc:86:9d:df:2e:0e:b9:0b:d4:f0:ea:
ea:73:b1:4c:f3:8a:25:9c:d4:20:94:b5:ad:8d:9a:b0:76:ca:
89:0c:c6:f4:5c:44:78:b5:06:57:9e:89:25:8c:ff:f4:37:79:
64:69:12:e2:47:63:1c:dd:f9:98:34:ad:57:f6:93:dc:17:8c:
18:73:77:b1:34:8f:87:7e:33:1b:0a:ca:23:ab:8a:04:e7:1d:
01:1d:17:bd:34:27:83:ad:88:94:40:3a:85:03:85:03:27:04:
dd:23:2c:70:6e:ff:a8:d8:9e:e3:8b:be:14:0a:40:10:bc:b8:
9b:c0:09:44:0a:ff:32:01:d9:03:58:56:8f:79:22:35:91:c2:
7b:06:7c:66:b5:69:de:45:da:87:fd:61:3c:bb:ff:12:53:84:
07:a5:2f:44:ec:0e:44:a5:50:6a:b7:19:67:b6:88:cb:8f:3a:
73:a3:8a:9b:a2:09:df:3f:a0:9e:de:d1:ee:ff:65:9b:10:c3:
85:72:21:92:d6:bc:30:69:87:2c:b1:b3:ad:8b:d5:9c:a2:85:
ef:20:3f:e5
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZgUBCWBl5RIIPwEqt+jrOs5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZTdmNDdiYjliOTE2NTdlNTcyNmJmY2IyZGVmOGFhZDk3
M2UyNjgwHhcNMjUwNzE2MTYxNDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGZlNDk5ZTIwNjRjOGE2ZDI0YTI0YWI1MGFlOGZhNmM4ZTQwM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpWE67BQbULBreuzK0Fi1PeEgzza
KL1FtA8lELFgGAVeeeNwqoMzAmzfs0jZgRHgaXYW/iSNOceuGPv0AQk8SdSvsAdS
jrLF2Qh6Tfi6XkIcU8yoC31DR1b048z3E4tpMNMmrTSieDM5bXmerHpqM15xwinp
BVduClXMzyRw6ODTrcwT9iN3l8WuZUXwqqw5mRwmuuYwF105T1d+/n1ebz3j7vhG
xJGXeRYPO+IsHEpPl/T2qpVzf8EqjchIDJcOyXVf1nH/BHEEWJFuz5t1t8e/CyUL
7IyT9bkRXyS9VtGz87oPZJf+7ucL9JhmobM+EFboXQSxshH0UBeA0WgHVQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFG3+SZ4gZMim0kokq1Cuj6bI5AP6MB8GA1UdIwQY
MBaAFDjn9Hu5uRZX5XJr/LLe+KrZc+JoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT09mMGU3bTVGbGZsY212OHN0NzRxdGx6NG1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9iYjBlN2ItMmE4MS00OTcwLWIzYmQt
Njg2ZjBhMDYxNmNjLzEvYmY1Sm5pQmt5S2JTU2lTclVLNlBwc2prQV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9iYjBlN2ItMmE4MS00OTcwLWIzYmQtNjg2ZjBhMDYxNmNj
LzEvT09mMGU3bTVGbGZsY212OHN0NzRxdGx6NG1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuUdAAwQA
uUdCAwQAwVRVAwQAwVRYMA0GCSqGSIb3DQEBCwUAA4IBAQBP8EjhLCwp+2Bje+mE
Mwk5sZpMlFUC7OmNIC1/gbZ1CPo+1wWkrokp7CrL3Iad3y4OuQvU8Orqc7FM84ol
nNQglLWtjZqwdsqJDMb0XER4tQZXnokljP/0N3lkaRLiR2Mc3fmYNK1X9pPcF4wY
c3exNI+HfjMbCsojq4oE5x0BHRe9NCeDrYiUQDqFA4UDJwTdIyxwbv+o2J7ji74U
CkAQvLibwAlECv8yAdkDWFaPeSI1kcJ7BnxmtWneRdqH/WE8u/8SU4QHpS9E7A5E
pVBqtxlntojLjzpzo4qbognfP6Ce3tHu/2WbEMOFciGS1rwwaYcssbOti9WcooXv
ID/l
-----END CERTIFICATE-----
Generated at Wed Jul 23 16:51:22 2025 by rpki-client