Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/kMR-QfeDtCXrH6KaC8fd3q46UD0.roa
File: kMR-QfeDtCXrH6KaC8fd3q46UD0.roa (raw, json)
Hash identifier: 3G94bGBmGhHgTXEu5GeWzI4ZUQXww57vFy+evvpPr2k=
Subject key identifier: 90:C4:7E:41:F7:83:B4:25:EB:1F:A2:9A:0B:C7:DD:DE:AE:3A:50:3D
Certificate issuer: /CN=3bccbc70e18b6c69e53ef52a5e925e5f4f0cdcc1
Certificate serial: 01970AE8713DF5D9A10CAD2954BD883A55A2
Authority key identifier: 3B:CC:BC:70:E1:8B:6C:69:E5:3E:F5:2A:5E:92:5E:5F:4F:0C:DC:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/kMR-QfeDtCXrH6KaC8fd3q46UD0.roa
Signing time: Mon 26 May 2025 04:44:54 +0000
ROA not before: Mon 26 May 2025 04:44:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39891
IP address blocks: 159.0.186.0/24 maxlen: 24
185.139.8.0/24 maxlen: 24
185.139.9.0/24 maxlen: 24
185.139.10.0/24 maxlen: 24
185.139.11.0/24 maxlen: 24
212.215.129.0/24 maxlen: 24
212.215.208.0/22 maxlen: 22
212.215.212.0/22 maxlen: 22
212.215.216.0/22 maxlen: 22
212.215.232.0/22 maxlen: 22
212.215.238.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.crl
rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.mft
rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 03:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:0a:e8:71:3d:f5:d9:a1:0c:ad:29:54:bd:88:3a:55:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3bccbc70e18b6c69e53ef52a5e925e5f4f0cdcc1
Validity
Not Before: May 26 04:44:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=90c47e41f783b425eb1fa29a0bc7dddeae3a503d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:98:fc:1e:e6:86:09:c0:0b:48:1a:61:99:7f:
ff:9d:f5:a0:a1:7a:b8:b4:b0:cf:18:75:11:09:ed:
12:1a:32:98:a1:f3:b0:58:0e:55:93:46:f8:af:8f:
2e:00:92:72:8a:72:15:ec:c4:ac:4a:63:8d:6f:4b:
56:3b:4c:5c:9c:2b:01:7c:6e:82:20:41:7c:83:da:
a4:d5:0f:42:3a:32:ba:28:eb:5f:81:5e:f8:e9:35:
88:e0:76:50:d4:72:18:25:a6:cb:ab:22:d8:88:aa:
2b:a4:b6:ef:c7:88:3d:ea:72:9c:a7:7d:0e:80:2a:
65:f2:1a:7e:8a:df:42:6f:8e:d1:30:70:88:22:a7:
d8:bf:d0:21:79:e7:c5:45:ff:2d:f5:4f:58:39:fa:
9f:d6:73:fe:f9:5c:05:71:75:c0:a8:2b:bf:da:34:
90:e4:c6:3e:36:86:f9:ff:b6:3f:17:b1:52:c1:9e:
45:6c:a7:cf:31:67:45:74:88:39:cd:1d:20:7a:02:
60:9c:80:65:92:31:c8:2c:3c:e2:0b:ad:45:bb:93:
09:91:0d:d1:14:16:a1:c6:9a:37:fe:db:b6:fc:07:
f6:19:24:af:17:d0:b5:d0:e2:92:4a:65:64:cd:1c:
52:51:af:5a:ae:08:20:e2:8c:3b:2d:ec:e1:b7:cb:
d9:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:C4:7E:41:F7:83:B4:25:EB:1F:A2:9A:0B:C7:DD:DE:AE:3A:50:3D
X509v3 Authority Key Identifier:
keyid:3B:CC:BC:70:E1:8B:6C:69:E5:3E:F5:2A:5E:92:5E:5F:4F:0C:DC:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/kMR-QfeDtCXrH6KaC8fd3q46UD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.0.186.0/24
185.139.8.0/22
212.215.129.0/24
212.215.208.0-212.215.219.255
212.215.232.0/22
212.215.238.0/24
Signature Algorithm: sha256WithRSAEncryption
32:c5:cd:c0:77:25:2d:ce:02:be:ea:f3:2b:3e:a9:8a:7c:5c:
a8:db:a7:b5:72:99:d9:09:51:a8:73:f5:b4:93:6f:a2:1c:56:
fb:41:50:c3:d5:e2:45:27:37:cf:6b:f7:92:16:00:24:97:fa:
86:4a:96:07:c6:94:8d:90:a6:3d:eb:f5:59:5a:76:e7:cb:94:
49:f4:31:68:27:6c:05:b8:eb:6a:88:68:8b:df:aa:6c:15:73:
a2:87:ad:8f:97:f9:e4:df:b5:0e:0b:d6:79:32:fd:8d:41:ed:
43:1a:02:de:9a:87:55:d7:cb:8a:70:dc:ed:b8:f2:bf:84:71:
99:94:aa:b5:16:2e:d8:a6:71:cb:8f:34:d3:cf:46:b4:ee:5b:
32:4c:df:21:e4:70:56:37:be:77:79:f2:2b:e1:fa:9c:9b:42:
f8:d9:01:9a:d5:4a:13:72:87:30:ba:7b:e2:0d:24:13:76:65:
81:1d:0e:68:a3:37:24:6f:29:b5:cf:7d:c4:c6:07:9b:38:e8:
ff:67:37:8e:b1:ac:2e:26:29:d1:eb:b4:98:af:92:b2:ce:40:
13:67:5d:90:37:8d:34:08:f2:b4:f7:a0:93:73:aa:43:2f:b3:
5a:8b:40:5a:1c:34:e2:f9:d2:73:5f:a9:b5:2c:ea:b9:16:5e:
fc:ef:2b:f8
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZcK6HE99dmhDK0pVL2IOlWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiY2NiYzcwZTE4YjZjNjllNTNlZjUyYTVlOTI1ZTVmNGYw
Y2RjYzEwHhcNMjUwNTI2MDQ0NDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGM0N2U0MWY3ODNiNDI1ZWIxZmEyOWEwYmM3ZGRkZWFlM2E1MDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5j8HuaGCcALSBphmX//nfWgoXq4
tLDPGHURCe0SGjKYofOwWA5Vk0b4r48uAJJyinIV7MSsSmONb0tWO0xcnCsBfG6C
IEF8g9qk1Q9COjK6KOtfgV746TWI4HZQ1HIYJabLqyLYiKorpLbvx4g96nKcp30O
gCpl8hp+it9Cb47RMHCIIqfYv9AheefFRf8t9U9YOfqf1nP++VwFcXXAqCu/2jSQ
5MY+Nob5/7Y/F7FSwZ5FbKfPMWdFdIg5zR0gegJgnIBlkjHILDziC61Fu5MJkQ3R
FBahxpo3/tu2/Af2GSSvF9C10OKSSmVkzRxSUa9arggg4ow7Lezht8vZ/wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFJDEfkH3g7Ql6x+imgvH3d6uOlA9MB8GA1UdIwQY
MBaAFDvMvHDhi2xp5T71Kl6SXl9PDNzBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzh5OGNPR0xiR25sUHZVcVhwSmVYMDhNM01FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS84YTQ3NzMtYTJiZC00MGQyLWJmYzgt
YmJlNjBlYTIyMmM1LzEva01SLVFmZUR0Q1hySDZLYUM4ZmQzcTQ2VUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS84YTQ3NzMtYTJiZC00MGQyLWJmYzgtYmJlNjBlYTIyMmM1
LzEvTzh5OGNPR0xiR25sUHZVcVhwSmVYMDhNM01FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAnwC6AwQC
uYsIAwQA1NeBMAwDBATU19ADBALU19gDBALU1+gDBADU1+4wDQYJKoZIhvcNAQEL
BQADggEBADLFzcB3JS3OAr7q8ys+qYp8XKjbp7VymdkJUahz9bSTb6IcVvtBUMPV
4kUnN89r95IWACSX+oZKlgfGlI2Qpj3r9VladufLlEn0MWgnbAW462qIaIvfqmwV
c6KHrY+X+eTftQ4L1nky/Y1B7UMaAt6ah1XXy4pw3O248r+EcZmUqrUWLtimccuP
NNPPRrTuWzJM3yHkcFY3vnd58ivh+pybQvjZAZrVShNyhzC6e+INJBN2ZYEdDmij
NyRvKbXPfcTGB5s46P9nN46xrC4mKdHrtJivkrLOQBNnXZA3jTQI8rT3oJNzqkMv
s1qLQFocNOL50nNfqbUs6rkWXvzvK/g=
-----END CERTIFICATE-----
Generated at Sun Jun 8 10:28:52 2025 by rpki-client