Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/8788e5-8ab8-43e9-9dab-a0ec84a31393/1/9BGILAnZ0E1buckVknM_BD_9cHw.roa
File: 9BGILAnZ0E1buckVknM_BD_9cHw.roa (raw, json)
Hash identifier: B/wVfv0goOmUGD/dZEjtMoprzU5nQZjGpEWlTzk5/cI=
Subject key identifier: F4:11:88:2C:09:D9:D0:4D:5B:B9:C9:15:92:73:3F:04:3F:FD:70:7C
Certificate issuer: /CN=acddc73b59a1fcdee22e25824d40acc27286aa52
Certificate serial: 019883FE5357C4A0D463A0401A0CD1DDC44C
Authority key identifier: AC:DD:C7:3B:59:A1:FC:DE:E2:2E:25:82:4D:40:AC:C2:72:86:AA:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rN3HO1mh_N7iLiWCTUCswnKGqlI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/8788e5-8ab8-43e9-9dab-a0ec84a31393/1/9BGILAnZ0E1buckVknM_BD_9cHw.roa
Signing time: Thu 07 Aug 2025 10:05:39 +0000
ROA not before: Thu 07 Aug 2025 10:05:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39305
IP address blocks: 78.24.32.0/21 maxlen: 21
185.88.9.0/24 maxlen: 24
185.151.214.0/23 maxlen: 23
185.196.63.0/24 maxlen: 24
193.57.226.0/24 maxlen: 24
193.57.227.0/24 maxlen: 24
195.242.146.0/24 maxlen: 24
212.108.108.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/8788e5-8ab8-43e9-9dab-a0ec84a31393/1/rN3HO1mh_N7iLiWCTUCswnKGqlI.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/8788e5-8ab8-43e9-9dab-a0ec84a31393/1/rN3HO1mh_N7iLiWCTUCswnKGqlI.mft
rsync://rpki.ripe.net/repository/DEFAULT/rN3HO1mh_N7iLiWCTUCswnKGqlI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 08 Aug 2025 16:13:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:83:fe:53:57:c4:a0:d4:63:a0:40:1a:0c:d1:dd:c4:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=acddc73b59a1fcdee22e25824d40acc27286aa52
Validity
Not Before: Aug 7 10:05:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f411882c09d9d04d5bb9c91592733f043ffd707c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:af:83:2e:1e:25:5b:69:f6:54:af:e3:20:04:
dd:3f:8f:48:47:9e:5c:72:b9:9d:bf:3d:f7:b5:61:
4c:8c:37:3a:f9:18:c6:21:ef:e0:ac:c1:6d:ca:b5:
8f:97:e0:6f:c0:39:f4:d8:be:fe:df:1f:bf:d4:c2:
61:f0:b1:b0:d9:cd:e9:fc:51:04:06:95:2b:ee:76:
70:76:5f:16:e0:da:ec:65:ff:ba:7e:f8:71:1d:cb:
0e:7a:a0:0a:01:56:26:ed:8c:6d:cf:e3:87:a5:9c:
c0:cf:d3:88:f1:08:ae:2f:24:e0:88:b6:e6:90:93:
ad:e4:2c:2f:ab:5f:0b:23:76:fa:fd:de:d7:eb:e2:
87:49:d3:df:fa:d7:d4:5b:ca:17:68:a7:52:18:3d:
6c:e4:23:f9:eb:ac:4a:c9:9e:ad:bd:eb:ec:67:a9:
3f:0f:6f:c4:32:e8:1f:bd:03:99:72:1b:e8:b6:45:
c1:33:d7:ec:15:41:13:d4:7f:8a:6f:5d:33:57:d6:
ee:63:c6:6b:8c:3d:52:6b:c7:52:b2:c2:2e:3e:83:
92:9f:5b:84:b2:7b:db:f8:cc:f9:87:6c:81:85:20:
71:f3:17:e1:24:ac:04:fd:7f:96:c4:f4:a3:cf:eb:
2c:87:44:c7:fa:3b:ef:a7:0f:e6:32:57:29:5d:d0:
59:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:11:88:2C:09:D9:D0:4D:5B:B9:C9:15:92:73:3F:04:3F:FD:70:7C
X509v3 Authority Key Identifier:
keyid:AC:DD:C7:3B:59:A1:FC:DE:E2:2E:25:82:4D:40:AC:C2:72:86:AA:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rN3HO1mh_N7iLiWCTUCswnKGqlI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/8788e5-8ab8-43e9-9dab-a0ec84a31393/1/9BGILAnZ0E1buckVknM_BD_9cHw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/8788e5-8ab8-43e9-9dab-a0ec84a31393/1/rN3HO1mh_N7iLiWCTUCswnKGqlI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.24.32.0/21
185.88.9.0/24
185.151.214.0/23
185.196.63.0/24
193.57.226.0/23
195.242.146.0/24
212.108.108.0/24
Signature Algorithm: sha256WithRSAEncryption
44:84:dc:b7:26:4c:84:1b:81:e2:1c:46:40:38:15:ad:4c:4b:
f6:e7:d5:76:92:03:30:1e:dd:77:80:0f:d1:95:0d:4f:f2:a3:
1a:0e:d9:a7:cc:0a:5d:bc:92:f8:03:59:fe:32:07:cd:5b:67:
d3:da:11:f5:0a:5c:25:86:da:d8:e0:4a:d6:c1:cc:4a:a1:87:
05:eb:f7:d2:ea:de:15:d0:a4:16:d0:b5:c7:f3:de:19:b8:6d:
25:46:74:34:1e:1f:0b:4a:9d:55:5c:88:e6:8a:03:fc:d7:f3:
55:a3:16:be:37:82:e3:5e:57:69:c4:dd:41:d0:4b:6c:3d:ea:
f9:fe:05:9a:69:44:2a:ba:cf:67:53:27:1a:fe:fd:8d:71:ff:
ab:66:d9:15:a2:b4:68:6b:a5:e5:5e:0e:00:9a:97:bc:88:ce:
b6:77:dd:ca:5e:f8:e7:f4:21:6b:95:24:b5:ee:eb:bb:0e:c0:
9a:39:fb:f2:d2:52:ea:d3:f3:da:27:72:f0:70:59:8b:19:27:
3c:34:f0:93:b2:61:f9:a4:43:de:89:03:92:4c:96:b1:77:41:
dd:0a:8f:2d:8c:68:94:cd:3d:01:1e:97:47:12:75:fe:02:8a:
40:eb:a2:61:54:1b:8c:34:d6:23:22:40:84:be:dd:51:b7:fd:
1c:cc:44:fb
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZiD/lNXxKDUY6BAGgzR3cRMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZGRjNzNiNTlhMWZjZGVlMjJlMjU4MjRkNDBhY2MyNzI4
NmFhNTIwHhcNMjUwODA3MTAwNTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDExODgyYzA5ZDlkMDRkNWJiOWM5MTU5MjczM2YwNDNmZmQ3MDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0a+DLh4lW2n2VK/jIATdP49IR55c
crmdvz33tWFMjDc6+RjGIe/grMFtyrWPl+BvwDn02L7+3x+/1MJh8LGw2c3p/FEE
BpUr7nZwdl8W4NrsZf+6fvhxHcsOeqAKAVYm7Yxtz+OHpZzAz9OI8QiuLyTgiLbm
kJOt5Cwvq18LI3b6/d7X6+KHSdPf+tfUW8oXaKdSGD1s5CP566xKyZ6tvevsZ6k/
D2/EMugfvQOZchvotkXBM9fsFUET1H+Kb10zV9buY8ZrjD1Sa8dSssIuPoOSn1uE
snvb+Mz5h2yBhSBx8xfhJKwE/X+WxPSjz+ssh0TH+jvvpw/mMlcpXdBZ3QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFPQRiCwJ2dBNW7nJFZJzPwQ//XB8MB8GA1UdIwQY
MBaAFKzdxztZofze4i4lgk1ArMJyhqpSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck4zSE8xbWhfTjdpTGlXQ1RVQ3N3bktHcWxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS84Nzg4ZTUtOGFiOC00M2U5LTlkYWIt
YTBlYzg0YTMxMzkzLzEvOUJHSUxBblowRTFidWNrVmtuTV9CRF85Y0h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS84Nzg4ZTUtOGFiOC00M2U5LTlkYWItYTBlYzg0YTMxMzkz
LzEvck4zSE8xbWhfTjdpTGlXQ1RVQ3N3bktHcWxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQDThggAwQA
uVgJAwQBuZfWAwQAucQ/AwQBwTniAwQAw/KSAwQA1GxsMA0GCSqGSIb3DQEBCwUA
A4IBAQBEhNy3JkyEG4HiHEZAOBWtTEv259V2kgMwHt13gA/RlQ1P8qMaDtmnzApd
vJL4A1n+MgfNW2fT2hH1ClwlhtrY4ErWwcxKoYcF6/fS6t4V0KQW0LXH894ZuG0l
RnQ0Hh8LSp1VXIjmigP81/NVoxa+N4LjXldpxN1B0EtsPer5/gWaaUQqus9nUyca
/v2Ncf+rZtkVorRoa6XlXg4Ampe8iM62d93KXvjn9CFrlSS17uu7DsCaOfvy0lLq
0/PaJ3LwcFmLGSc8NPCTsmH5pEPeiQOSTJaxd0HdCo8tjGiUzT0BHpdHEnX+AopA
66JhVBuMNNYjIkCEvt1Rt/0czET7
-----END CERTIFICATE-----
Generated at Thu Aug 7 23:58:04 2025 by rpki-client