Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/cU_I9TidZj4nU7sS_xr7pPT_pB4.roa
File: cU_I9TidZj4nU7sS_xr7pPT_pB4.roa (raw, json)
Hash identifier: 16Ejv95R5ribf55f7UHTBZ0NB/jkpbPmNTXlJWrzXF8=
Subject key identifier: 71:4F:C8:F5:38:9D:66:3E:27:53:BB:12:FF:1A:FB:A4:F4:FF:A4:1E
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 01975BF566B42F13ED2E3930653BE8D82A9B
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/cU_I9TidZj4nU7sS_xr7pPT_pB4.roa
Signing time: Tue 10 Jun 2025 22:28:18 +0000
ROA not before: Tue 10 Jun 2025 22:28:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208485
IP address blocks: 45.88.137.0/24 maxlen: 24
45.132.180.0/24 maxlen: 24
91.223.110.0/24 maxlen: 24
195.211.188.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 22:19:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5b:f5:66:b4:2f:13:ed:2e:39:30:65:3b:e8:d8:2a:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Jun 10 22:28:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=714fc8f5389d663e2753bb12ff1afba4f4ffa41e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:c8:07:e0:7a:ba:a4:01:b8:75:a1:57:f0:86:
1d:2a:98:22:e1:6f:68:e1:b7:6b:cd:d6:19:cc:3e:
15:5e:17:98:62:58:9d:19:9c:9d:16:71:97:74:61:
f6:69:83:01:f4:23:81:e8:6e:12:c6:20:85:c5:b3:
e3:fe:77:0d:72:8c:b2:ac:16:19:38:9f:1b:a3:ed:
b9:76:e2:5a:36:f4:81:9b:58:2b:ff:6e:1a:9f:2f:
36:c2:55:08:12:95:f3:d5:d5:2a:98:9a:ad:c6:bc:
50:3a:5d:1a:d0:e8:ec:5b:f5:11:f2:66:ec:e6:de:
ce:ee:a4:6f:27:8c:6f:f9:bc:72:cf:4f:8d:36:42:
d5:48:33:07:4f:dc:36:6a:22:21:44:bf:77:db:a5:
20:cd:8e:e1:8b:08:5e:8a:9a:fc:e4:11:cd:3d:5b:
fd:8f:d5:36:11:f1:15:38:a5:de:2d:b6:12:37:56:
30:77:75:ef:ac:ae:bb:55:fb:af:37:7e:0e:b3:3a:
70:aa:b7:d1:b2:2a:92:0f:6c:d0:c8:1c:99:0a:bf:
9e:e5:ae:0e:5e:2b:e9:48:31:53:80:7b:0e:49:a1:
5d:16:9c:a6:a8:bf:ba:c2:fd:1f:b0:6c:e8:1e:05:
f7:b1:dd:11:3e:55:35:15:a9:83:d2:f6:57:27:27:
a0:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:4F:C8:F5:38:9D:66:3E:27:53:BB:12:FF:1A:FB:A4:F4:FF:A4:1E
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/cU_I9TidZj4nU7sS_xr7pPT_pB4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.88.137.0/24
45.132.180.0/24
91.223.110.0/24
195.211.188.0/24
Signature Algorithm: sha256WithRSAEncryption
4c:9c:30:79:cc:cc:df:fc:c9:05:90:1f:54:59:03:96:30:44:
9f:0a:a5:dc:80:92:8a:81:c5:52:4d:c0:84:a3:d3:77:cd:07:
ae:bf:86:bf:be:84:f5:11:32:b3:c6:74:27:ed:bf:2e:8c:f6:
d0:6b:3e:0d:10:46:e6:86:04:3a:e7:37:f8:7d:c4:2d:0e:50:
ff:6d:8e:89:6b:80:8f:75:1f:23:93:41:38:e2:a6:03:6d:bb:
2f:26:0b:75:1f:48:2d:1c:9c:d7:ba:49:fc:26:12:f5:5d:c2:
f6:90:4d:0e:f9:72:33:57:a4:3a:f1:4e:42:9f:2e:b5:b6:f7:
e4:44:3e:58:b2:7c:75:47:ac:3b:07:b1:ea:d3:ed:14:b6:ad:
ee:b4:7d:41:92:60:69:76:d0:3e:26:b6:34:12:94:ac:ba:34:
30:cf:21:5c:80:bc:b5:30:54:cd:03:fb:c8:5a:bc:54:ed:28:
ed:8b:e4:ed:37:c4:26:db:27:9e:8b:3e:e0:d6:90:07:46:14:
65:19:db:9a:c7:a1:50:83:55:14:88:2d:27:ac:ac:93:80:a3:
0b:fc:a3:d7:16:73:b5:7d:56:aa:d2:c2:38:e5:8f:e4:6b:bd:
12:55:86:0d:3e:18:2f:eb:8e:f2:a6:c6:47:7d:b1:e1:d1:1c:
c2:b4:0c:5a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZdb9Wa0LxPtLjkwZTvo2CqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNjEwMjIyODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTRmYzhmNTM4OWQ2NjNlMjc1M2JiMTJmZjFhZmJhNGY0ZmZhNDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8gH4Hq6pAG4daFX8IYdKpgi4W9o
4bdrzdYZzD4VXheYYlidGZydFnGXdGH2aYMB9COB6G4SxiCFxbPj/ncNcoyyrBYZ
OJ8bo+25duJaNvSBm1gr/24any82wlUIEpXz1dUqmJqtxrxQOl0a0OjsW/UR8mbs
5t7O7qRvJ4xv+bxyz0+NNkLVSDMHT9w2aiIhRL9326UgzY7hiwheipr85BHNPVv9
j9U2EfEVOKXeLbYSN1Ywd3XvrK67VfuvN34OszpwqrfRsiqSD2zQyByZCr+e5a4O
XivpSDFTgHsOSaFdFpymqL+6wv0fsGzoHgX3sd0RPlU1FamD0vZXJyegQQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHFPyPU4nWY+J1O7Ev8a+6T0/6QeMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvY1VfSTlUaWRaajRuVTdzU194cjdwUFRfcEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALViJAwQA
LYS0AwQAW99uAwQAw9O8MA0GCSqGSIb3DQEBCwUAA4IBAQBMnDB5zMzf/MkFkB9U
WQOWMESfCqXcgJKKgcVSTcCEo9N3zQeuv4a/voT1ETKzxnQn7b8ujPbQaz4NEEbm
hgQ65zf4fcQtDlD/bY6Ja4CPdR8jk0E44qYDbbsvJgt1H0gtHJzXukn8JhL1XcL2
kE0O+XIzV6Q68U5Cny61tvfkRD5Ysnx1R6w7B7Hq0+0Utq3utH1BkmBpdtA+JrY0
EpSsujQwzyFcgLy1MFTNA/vIWrxU7Sjti+TtN8Qm2yeeiz7g1pAHRhRlGduax6FQ
g1UUiC0nrKyTgKML/KPXFnO1fVaq0sI45Y/ka70SVYYNPhgv647ypsZHfbHh0RzC
tAxa
-----END CERTIFICATE-----
Generated at Sun Jun 15 07:32:37 2025 by rpki-client