Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/0J1BscA7ehqbG9hZ9JbrawPNkVs.roa
File: 0J1BscA7ehqbG9hZ9JbrawPNkVs.roa (raw, json)
Hash identifier: /iRggTw1aJBwhVUj4BhUfXwzpsGpq6zWBqZNLYzvF+Y=
Subject key identifier: D0:9D:41:B1:C0:3B:7A:1A:9B:1B:D8:59:F4:96:EB:6B:03:CD:91:5B
Certificate issuer: /CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
Certificate serial: 0196F8535C1E502E8E569C9645EF5155B35A
Authority key identifier: 6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/0J1BscA7ehqbG9hZ9JbrawPNkVs.roa
Signing time: Thu 22 May 2025 14:08:54 +0000
ROA not before: Thu 22 May 2025 14:08:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42894
IP address blocks: 131.237.0.0/16 maxlen: 24
131.237.0.0/24 maxlen: 24
131.237.1.0/24 maxlen: 24
131.237.8.0/24 maxlen: 24
131.237.32.0/24 maxlen: 24
131.237.40.0/24 maxlen: 24
131.237.41.0/24 maxlen: 24
131.237.42.0/24 maxlen: 24
131.237.43.0/24 maxlen: 24
131.237.70.0/24 maxlen: 24
131.237.71.0/24 maxlen: 24
131.237.72.0/24 maxlen: 24
131.237.73.0/24 maxlen: 24
131.237.74.0/24 maxlen: 24
131.237.77.0/24 maxlen: 24
131.237.78.0/24 maxlen: 24
131.237.80.0/24 maxlen: 24
131.237.83.0/24 maxlen: 24
131.237.84.0/24 maxlen: 24
131.237.96.0/24 maxlen: 24
131.237.120.0/24 maxlen: 24
131.237.121.0/24 maxlen: 24
131.237.163.0/24 maxlen: 24
145.31.0.0/16 maxlen: 24
145.45.0.0/17 maxlen: 24
145.45.0.0/24 maxlen: 24
145.45.48.0/24 maxlen: 24
145.45.110.0/24 maxlen: 24
145.50.0.0/16 maxlen: 24
145.50.37.0/24 maxlen: 24
145.50.39.0/24 maxlen: 24
145.50.105.0/24 maxlen: 24
145.50.233.0/24 maxlen: 24
194.104.116.0/22 maxlen: 24
194.104.116.0/24 maxlen: 24
194.104.117.0/24 maxlen: 24
194.104.118.0/24 maxlen: 24
194.104.119.0/24 maxlen: 24
2a13:e080::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 05 Jun 2025 08:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:f8:53:5c:1e:50:2e:8e:56:9c:96:45:ef:51:55:b3:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
Validity
Not Before: May 22 14:08:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d09d41b1c03b7a1a9b1bd859f496eb6b03cd915b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:bf:7b:cb:2b:a1:d3:5a:81:19:a1:0d:c0:ad:
d5:a5:a7:ae:14:70:9d:ee:6b:bf:6e:d5:1f:0c:05:
a7:63:9e:8b:ea:79:ad:36:45:52:02:ea:61:4e:b0:
9f:db:be:95:27:2b:11:77:84:01:29:53:4a:29:f3:
e8:df:98:ec:c9:3b:15:a0:9c:2a:22:ae:25:d0:5a:
2b:b5:a0:51:9a:6f:a3:9f:70:63:f5:be:a0:d2:97:
24:ad:82:e8:f2:25:94:9f:1d:b6:5d:61:51:ff:b2:
60:fa:04:6f:d5:b0:ab:7b:23:07:79:b9:e3:5d:81:
f7:19:6e:a1:67:41:05:c9:33:38:89:65:64:05:3c:
45:00:74:7f:e0:5e:da:4d:bd:d0:fe:93:d5:ec:34:
36:2e:3f:fe:88:4a:f3:61:be:86:38:1c:c0:c2:d0:
4b:71:f5:83:90:76:fa:34:1d:40:07:90:5e:29:e4:
16:f4:53:d9:92:dc:85:71:c2:e9:3f:d6:93:c7:78:
b4:f6:61:44:e4:42:51:31:24:0e:63:ea:b5:8a:50:
79:a3:cd:ce:b4:3d:01:e4:a3:70:ad:ce:f3:42:80:
76:7e:4a:0b:20:15:bb:33:2f:d9:5e:e9:78:33:12:
df:8a:fb:9f:52:ac:09:ac:ff:e9:3f:86:c0:0c:32:
0e:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:9D:41:B1:C0:3B:7A:1A:9B:1B:D8:59:F4:96:EB:6B:03:CD:91:5B
X509v3 Authority Key Identifier:
keyid:6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/0J1BscA7ehqbG9hZ9JbrawPNkVs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.237.0.0/16
145.31.0.0/16
145.45.0.0/17
145.50.0.0/16
194.104.116.0/22
IPv6:
2a13:e080::/32
Signature Algorithm: sha256WithRSAEncryption
73:d6:04:49:9a:c9:99:0d:69:06:f1:e8:f0:1a:04:01:18:52:
24:a1:a0:37:73:3f:de:c6:03:13:71:45:be:1d:1c:ff:8a:f8:
0f:3e:fb:6f:a8:48:33:06:a4:fb:b3:a7:ea:a1:21:0b:de:2f:
33:82:83:e9:97:f6:f5:58:7d:c7:3e:dc:e8:6c:5d:4c:3c:94:
63:7e:a4:66:93:f9:f8:f3:68:ce:b8:72:e4:7f:27:5a:90:80:
ee:6b:3a:5d:7c:e1:80:0d:4c:9e:32:69:f9:c7:69:3e:af:53:
17:46:6f:d0:3a:57:a6:b8:42:5c:79:d2:b8:2f:95:d3:3e:99:
01:de:18:1b:47:1e:0b:9f:44:c1:84:0e:17:bd:a8:a0:93:34:
2d:72:ae:8f:67:c4:19:1b:3b:f8:e3:ca:f6:03:55:7c:69:98:
ff:ad:25:38:68:e1:a1:a1:e6:7a:a0:45:56:40:02:0e:83:4f:
e7:aa:f6:7c:71:87:35:7f:b3:75:2e:5f:e4:ab:fd:88:18:8a:
15:b2:41:69:b2:b4:80:8f:84:64:cc:8c:e4:b5:e9:23:27:50:
75:be:9b:bf:23:57:b8:e8:bb:63:f9:73:42:b0:1d:d3:bd:8b:
ca:1d:a7:b1:ae:b8:e3:ac:8c:df:04:fe:ac:30:a5:95:20:93:
df:74:22:32
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZb4U1weUC6OVpyWRe9RVbNaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDY5ZTE5ZTEyYzEwNDAwNGU4YjRiNzVmOGE3Nzg5Yjdl
MTEzOTYwHhcNMjUwNTIyMTQwODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDlkNDFiMWMwM2I3YTFhOWIxYmQ4NTlmNDk2ZWI2YjAzY2Q5MTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL97yyuh01qBGaENwK3VpaeuFHCd
7mu/btUfDAWnY56L6nmtNkVSAuphTrCf276VJysRd4QBKVNKKfPo35jsyTsVoJwq
Iq4l0FortaBRmm+jn3Bj9b6g0pckrYLo8iWUnx22XWFR/7Jg+gRv1bCreyMHebnj
XYH3GW6hZ0EFyTM4iWVkBTxFAHR/4F7aTb3Q/pPV7DQ2Lj/+iErzYb6GOBzAwtBL
cfWDkHb6NB1AB5BeKeQW9FPZktyFccLpP9aTx3i09mFE5EJRMSQOY+q1ilB5o83O
tD0B5KNwrc7zQoB2fkoLIBW7My/ZXul4MxLfivufUqwJrP/pP4bADDIOYwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNCdQbHAO3oamxvYWfSW62sDzZFbMB8GA1UdIwQY
MBaAFG0GnhnhLBBABOi0t1+Kd4m34ROWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmIt
N2JmZjI5NmM2YjAyLzEvMEoxQnNjQTdlaHFiRzloWjlKYnJhd1BOa1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmItN2JmZjI5NmM2YjAy
LzEvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAhBAIAATAbAwMAg+0DAwCR
HwMEB5EtAAMDAJEyAwQCwmh0MA0EAgACMAcDBQAqE+CAMA0GCSqGSIb3DQEBCwUA
A4IBAQBz1gRJmsmZDWkG8ejwGgQBGFIkoaA3cz/exgMTcUW+HRz/ivgPPvtvqEgz
BqT7s6fqoSEL3i8zgoPpl/b1WH3HPtzobF1MPJRjfqRmk/n482jOuHLkfydakIDu
azpdfOGADUyeMmn5x2k+r1MXRm/QOlemuEJcedK4L5XTPpkB3hgbRx4Ln0TBhA4X
vaigkzQtcq6PZ8QZGzv448r2A1V8aZj/rSU4aOGhoeZ6oEVWQAIOg0/nqvZ8cYc1
f7N1Ll/kq/2IGIoVskFpsrSAj4RkzIzktekjJ1B1vpu/I1e46Ltj+XNCsB3TvYvK
HaexrrjjrIzfBP6sMKWVIJPfdCIy
-----END CERTIFICATE-----
Generated at Wed Jun 4 12:14:35 2025 by rpki-client