Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/9c1ec8-cc39-4389-8584-85173e57eb52/1/T1NphBpxfH2bIKCDktHdRZTHIcY.roa
File: T1NphBpxfH2bIKCDktHdRZTHIcY.roa (raw, json)
Hash identifier: jIDQlaKJTEZfvbg4vcsOnliaPcSJWC3wo/0K3CkIb7o=
Subject key identifier: 4F:53:69:84:1A:71:7C:7D:9B:20:A0:83:92:D1:DD:45:94:C7:21:C6
Certificate issuer: /CN=8db49baf17f06c364a00f8e64c891c53729f7a2f
Certificate serial: 019874961338C3F295CEBBEC4388D2C89DA5
Authority key identifier: 8D:B4:9B:AF:17:F0:6C:36:4A:00:F8:E6:4C:89:1C:53:72:9F:7A:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbSbrxfwbDZKAPjmTIkcU3Kfei8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/9c1ec8-cc39-4389-8584-85173e57eb52/1/T1NphBpxfH2bIKCDktHdRZTHIcY.roa
Signing time: Mon 04 Aug 2025 10:17:28 +0000
ROA not before: Mon 04 Aug 2025 10:17:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 680
IP address blocks: 131.188.0.0/16 maxlen: 16
192.44.81.0/24 maxlen: 24
192.44.82.0/23 maxlen: 23
192.44.84.0/22 maxlen: 22
192.44.88.0/23 maxlen: 23
192.44.90.0/24 maxlen: 24
192.129.10.0/23 maxlen: 23
192.129.12.0/23 maxlen: 23
192.129.14.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0f/9c1ec8-cc39-4389-8584-85173e57eb52/1/jbSbrxfwbDZKAPjmTIkcU3Kfei8.crl
rsync://rpki.ripe.net/repository/DEFAULT/0f/9c1ec8-cc39-4389-8584-85173e57eb52/1/jbSbrxfwbDZKAPjmTIkcU3Kfei8.mft
rsync://rpki.ripe.net/repository/DEFAULT/jbSbrxfwbDZKAPjmTIkcU3Kfei8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 08:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:74:96:13:38:c3:f2:95:ce:bb:ec:43:88:d2:c8:9d:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db49baf17f06c364a00f8e64c891c53729f7a2f
Validity
Not Before: Aug 4 10:17:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4f5369841a717c7d9b20a08392d1dd4594c721c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:f9:2a:81:c5:cd:b8:83:1e:eb:2a:f8:37:9e:
20:7b:18:c8:95:4d:83:35:20:9a:96:e4:db:7d:11:
2a:43:90:45:88:fd:c1:9a:27:45:66:75:81:67:e5:
76:ae:f0:45:f4:98:b0:0a:77:34:78:58:bf:21:b9:
4c:56:bc:52:e8:94:7a:7c:e6:fd:9b:87:bd:e1:bb:
89:2e:4b:45:43:53:54:f5:22:e6:26:0f:0f:ea:e7:
46:17:8d:89:c1:18:32:05:02:ea:06:ca:63:1f:04:
98:0f:ec:be:7c:b0:5b:d1:55:f4:b6:bb:89:63:91:
b3:15:7a:c5:9a:76:ae:8e:84:4e:5b:b2:be:06:5e:
74:a2:ef:9f:02:b7:2d:01:b5:21:13:9a:8c:aa:e6:
63:96:bb:bb:96:bf:1b:fa:37:29:0e:55:a9:64:25:
a6:e2:5d:66:7b:b4:86:d4:99:3d:8f:fb:76:fd:b4:
e1:f0:db:09:b1:e1:e5:f6:b4:8c:46:ab:a7:64:03:
5c:97:06:33:87:e5:5e:50:e2:83:40:5a:d9:74:16:
94:3c:7d:94:8a:0b:f9:30:a5:57:fc:ab:ea:07:4a:
e1:bf:31:99:73:40:9e:32:45:de:6e:de:27:a6:51:
ab:c8:fa:dd:f5:1e:24:1e:a1:a5:59:b6:73:c8:0f:
48:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:53:69:84:1A:71:7C:7D:9B:20:A0:83:92:D1:DD:45:94:C7:21:C6
X509v3 Authority Key Identifier:
keyid:8D:B4:9B:AF:17:F0:6C:36:4A:00:F8:E6:4C:89:1C:53:72:9F:7A:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbSbrxfwbDZKAPjmTIkcU3Kfei8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/9c1ec8-cc39-4389-8584-85173e57eb52/1/T1NphBpxfH2bIKCDktHdRZTHIcY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/9c1ec8-cc39-4389-8584-85173e57eb52/1/jbSbrxfwbDZKAPjmTIkcU3Kfei8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.188.0.0/16
192.44.81.0-192.44.90.255
192.129.10.0-192.129.14.255
Signature Algorithm: sha256WithRSAEncryption
a9:e8:83:4c:12:70:b6:ae:28:b3:96:93:d7:b5:5b:6d:63:dc:
f9:d2:da:ea:29:69:4e:79:cf:f9:7d:5a:ce:4f:0f:55:d2:76:
c3:f9:87:d1:42:ca:8f:4e:c3:39:2d:73:dd:69:4c:d1:0c:63:
97:a8:03:51:0e:af:39:63:7c:7e:33:87:c2:eb:6e:2b:a5:a7:
01:52:5a:e0:98:3a:aa:d3:45:84:a2:f8:05:4b:78:7c:49:fb:
44:d1:b1:f0:5e:73:80:d6:5c:ff:d9:3b:14:18:72:20:cf:1c:
ef:07:7e:11:43:8f:ea:8f:e0:e9:71:ec:d3:45:8a:62:3d:e8:
17:94:0e:f1:03:40:30:fd:aa:ac:aa:ce:17:11:f4:9c:46:2c:
d8:d0:3c:f1:59:fd:8f:c8:1a:58:be:23:8d:46:3b:08:df:67:
c0:86:7e:30:a9:54:28:72:83:1e:72:7b:b6:9c:1b:f2:35:69:
51:21:24:df:0a:52:79:3f:bd:d6:90:2a:93:96:70:69:09:e0:
66:f5:e0:0d:17:49:52:8f:6c:9e:ce:d3:df:44:9d:4b:88:23:
1b:0a:85:ff:d3:ab:d5:f1:94:8e:96:aa:fc:12:ba:41:58:3d:
c3:94:40:23:83:f3:e4:7d:08:a4:dc:04:ba:52:7f:f2:da:3a:
38:c1:2c:93
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZh0lhM4w/KVzrvsQ4jSyJ2lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjQ5YmFmMTdmMDZjMzY0YTAwZjhlNjRjODkxYzUzNzI5
ZjdhMmYwHhcNMjUwODA0MTAxNzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjUzNjk4NDFhNzE3YzdkOWIyMGEwODM5MmQxZGQ0NTk0YzcyMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfkqgcXNuIMe6yr4N54gexjIlU2D
NSCaluTbfREqQ5BFiP3BmidFZnWBZ+V2rvBF9JiwCnc0eFi/IblMVrxS6JR6fOb9
m4e94buJLktFQ1NU9SLmJg8P6udGF42JwRgyBQLqBspjHwSYD+y+fLBb0VX0truJ
Y5GzFXrFmnaujoROW7K+Bl50ou+fArctAbUhE5qMquZjlru7lr8b+jcpDlWpZCWm
4l1me7SG1Jk9j/t2/bTh8NsJseHl9rSMRqunZANclwYzh+VeUOKDQFrZdBaUPH2U
igv5MKVX/KvqB0rhvzGZc0CeMkXebt4nplGryPrd9R4kHqGlWbZzyA9IZwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFE9TaYQacXx9myCgg5LR3UWUxyHGMB8GA1UdIwQY
MBaAFI20m68X8Gw2SgD45kyJHFNyn3ovMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJTYnJ4ZndiRFpLQVBqbVRJa2NVM0tmZWk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi85YzFlYzgtY2MzOS00Mzg5LTg1ODQt
ODUxNzNlNTdlYjUyLzEvVDFOcGhCcHhmSDJiSUtDRGt0SGRSWlRISWNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi85YzFlYzgtY2MzOS00Mzg5LTg1ODQtODUxNzNlNTdlYjUy
LzEvamJTYnJ4ZndiRFpLQVBqbVRJa2NVM0tmZWk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAnBAIAATAhAwMAg7wwDAME
AMAsUQMEAMAsWjAMAwQBwIEKAwQAwIEOMA0GCSqGSIb3DQEBCwUAA4IBAQCp6INM
EnC2riizlpPXtVttY9z50trqKWlOec/5fVrOTw9V0nbD+YfRQsqPTsM5LXPdaUzR
DGOXqANRDq85Y3x+M4fC624rpacBUlrgmDqq00WEovgFS3h8SftE0bHwXnOA1lz/
2TsUGHIgzxzvB34RQ4/qj+DpcezTRYpiPegXlA7xA0Aw/aqsqs4XEfScRizY0Dzx
Wf2PyBpYviONRjsI32fAhn4wqVQocoMecnu2nBvyNWlRISTfClJ5P73WkCqTlnBp
CeBm9eANF0lSj2yeztPfRJ1LiCMbCoX/06vV8ZSOlqr8ErpBWD3DlEAjg/PkfQik
3AS6Un/y2jo4wSyT
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:54:50 2025 by rpki-client