Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/87rCeXjc--U2MEaz_6ZYtD4HU4E.roa
File: 87rCeXjc--U2MEaz_6ZYtD4HU4E.roa (raw, json)
Hash identifier: ydDuWVVaegMjDA1upmqp2wQvpdN6HPlZ3Xtoz4MpNxg=
Subject key identifier: F3:BA:C2:79:78:DC:FB:E5:36:30:46:B3:FF:A6:58:B4:3E:07:53:81
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 019743E78DC414814E6B12DC95CCB0A600FE
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/87rCeXjc--U2MEaz_6ZYtD4HU4E.roa
Signing time: Fri 06 Jun 2025 06:22:18 +0000
ROA not before: Fri 06 Jun 2025 06:22:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34267
IP address blocks: 37.19.32.0/20 maxlen: 20
84.42.32.0/19 maxlen: 24
84.42.72.0/21 maxlen: 24
94.75.128.0/18 maxlen: 18
109.198.192.0/19 maxlen: 19
109.198.192.0/21 maxlen: 21
213.155.192.0/19 maxlen: 19
213.155.192.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 11 Jun 2025 16:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:43:e7:8d:c4:14:81:4e:6b:12:dc:95:cc:b0:a6:00:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Jun 6 06:22:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f3bac27978dcfbe5363046b3ffa658b43e075381
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:eb:e8:c8:5e:be:3b:12:51:d9:27:1a:fe:11:
20:1d:33:ba:25:24:bb:53:bb:0c:7a:ea:9b:04:c8:
5a:70:49:88:6e:e7:d5:50:01:c3:0f:02:7e:1d:78:
80:58:b1:e8:92:79:d1:00:40:d5:73:61:12:b5:68:
f3:2c:5f:cc:b0:b9:11:8b:02:9b:22:58:98:33:fd:
e0:1c:32:0f:fe:b0:87:4d:28:52:40:2e:03:fd:08:
6b:b0:a7:4e:89:59:e0:18:14:82:2d:7b:32:5d:68:
06:4d:f8:a1:c1:e3:08:57:35:86:da:b7:29:0e:9d:
04:31:24:da:4f:8a:54:c0:87:e6:62:2a:98:62:da:
26:63:32:0c:ed:3c:33:c1:99:09:8a:4a:0a:6b:ee:
f4:cd:04:ec:8e:e7:28:94:f7:38:f2:b3:38:4a:a1:
5f:0c:d4:12:bf:f8:2c:8d:2e:15:cb:a2:5d:f6:84:
b5:05:be:b1:99:81:52:d7:0b:ba:62:ef:a8:d6:df:
9d:29:0c:1e:2f:97:ea:b7:27:47:c9:37:77:bc:cf:
b9:67:41:e9:3e:80:c2:d1:f2:9f:1a:fa:25:37:2b:
5b:4f:2b:53:07:e2:b8:ad:b2:b4:0e:3a:32:8e:1e:
a0:19:89:7a:a2:b7:93:bd:20:66:44:96:2f:2e:41:
ab:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:BA:C2:79:78:DC:FB:E5:36:30:46:B3:FF:A6:58:B4:3E:07:53:81
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/87rCeXjc--U2MEaz_6ZYtD4HU4E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.19.32.0/20
84.42.32.0/19
84.42.72.0/21
94.75.128.0/18
109.198.192.0/19
213.155.192.0/19
Signature Algorithm: sha256WithRSAEncryption
6b:78:ed:dd:c3:46:ae:76:4e:76:eb:52:67:8f:15:c4:f8:2b:
7c:6c:c3:9d:13:db:69:ef:a2:bb:f0:6b:5c:fe:4c:d4:a2:11:
ff:a0:24:ef:18:c1:45:46:af:65:b5:ea:0c:22:70:40:65:ab:
9f:91:c0:ca:69:38:99:4e:4d:47:94:55:2f:bd:00:86:1f:71:
bc:3d:47:4e:c8:23:e8:57:1f:b4:54:ab:6f:64:32:a0:31:9c:
04:b1:3a:ad:c9:26:61:45:3b:93:68:7a:52:29:e2:5d:3e:cd:
9e:09:e1:38:6e:30:5b:db:cf:ef:b2:ea:8d:46:5f:12:67:25:
8c:e3:5a:24:68:8c:61:de:46:25:bb:d7:31:2f:9b:fb:60:d6:
97:08:14:a5:0e:2c:17:ce:63:f4:23:76:17:d1:85:93:c3:03:
69:bd:71:4d:bd:87:2f:5a:0d:3e:85:89:c7:ed:2f:ab:0c:18:
13:7d:43:85:12:a7:99:6d:eb:e3:fe:33:0b:e6:98:af:44:07:
39:0c:88:5d:49:1e:39:78:03:f9:c0:e2:0b:4a:d5:b7:d7:fc:
42:a9:92:84:67:34:39:46:ac:01:40:13:5a:d6:55:35:ab:66:
25:b5:08:76:cb:66:6f:a8:d0:a1:68:ec:71:9f:d3:c5:56:ee:
9b:d4:46:67
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZdD543EFIFOaxLclcywpgD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwNjA2MDYyMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2JhYzI3OTc4ZGNmYmU1MzYzMDQ2YjNmZmE2NThiNDNlMDc1MzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+voyF6+OxJR2Sca/hEgHTO6JSS7
U7sMeuqbBMhacEmIbufVUAHDDwJ+HXiAWLHoknnRAEDVc2EStWjzLF/MsLkRiwKb
IliYM/3gHDIP/rCHTShSQC4D/QhrsKdOiVngGBSCLXsyXWgGTfihweMIVzWG2rcp
Dp0EMSTaT4pUwIfmYiqYYtomYzIM7TwzwZkJikoKa+70zQTsjucolPc48rM4SqFf
DNQSv/gsjS4Vy6Jd9oS1Bb6xmYFS1wu6Yu+o1t+dKQweL5fqtydHyTd3vM+5Z0Hp
PoDC0fKfGvolNytbTytTB+K4rbK0Djoyjh6gGYl6oreTvSBmRJYvLkGryQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPO6wnl43PvlNjBGs/+mWLQ+B1OBMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvODdyQ2VYamMtLVUyTUVhel82Wll0RDRIVTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQEJRMgAwQF
VCogAwQDVCpIAwQGXkuAAwQFbcbAAwQF1ZvAMA0GCSqGSIb3DQEBCwUAA4IBAQBr
eO3dw0audk5261JnjxXE+Ct8bMOdE9tp76K78Gtc/kzUohH/oCTvGMFFRq9lteoM
InBAZaufkcDKaTiZTk1HlFUvvQCGH3G8PUdOyCPoVx+0VKtvZDKgMZwEsTqtySZh
RTuTaHpSKeJdPs2eCeE4bjBb28/vsuqNRl8SZyWM41okaIxh3kYlu9cxL5v7YNaX
CBSlDiwXzmP0I3YX0YWTwwNpvXFNvYcvWg0+hYnH7S+rDBgTfUOFEqeZbevj/jML
5pivRAc5DIhdSR45eAP5wOILStW31/xCqZKEZzQ5RqwBQBNa1lU1q2YltQh2y2Zv
qNChaOxxn9PFVu6b1EZn
-----END CERTIFICATE-----
Generated at Wed Jun 11 01:25:48 2025 by rpki-client