Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/9yysPrsTvaDRMls4-pX0957dwiw.roa
File: 9yysPrsTvaDRMls4-pX0957dwiw.roa (raw, json)
Hash identifier: aqJVPhU1WTAEqvaL619sknSOiWwAlubUTNbFFjISOrQ=
Subject key identifier: F7:2C:AC:3E:BB:13:BD:A0:D1:32:5B:38:FA:95:F4:F7:9E:DD:C2:2C
Certificate issuer: /CN=67589d5fe4bb1c5bdb83a353c2737dc604341326
Certificate serial: 0198649B7F758C857E38DC06EA98C4D43943
Authority key identifier: 67:58:9D:5F:E4:BB:1C:5B:DB:83:A3:53:C2:73:7D:C6:04:34:13:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/9yysPrsTvaDRMls4-pX0957dwiw.roa
Signing time: Fri 01 Aug 2025 07:49:28 +0000
ROA not before: Fri 01 Aug 2025 07:49:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9123
IP address blocks: 185.207.64.0/24 maxlen: 24
185.207.65.0/24 maxlen: 24
185.207.66.0/24 maxlen: 24
217.199.241.0/24 maxlen: 24
217.199.248.0/24 maxlen: 24
217.199.252.0/24 maxlen: 24
217.199.253.0/24 maxlen: 24
217.199.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.crl
rsync://rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 07:01:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:64:9b:7f:75:8c:85:7e:38:dc:06:ea:98:c4:d4:39:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67589d5fe4bb1c5bdb83a353c2737dc604341326
Validity
Not Before: Aug 1 07:49:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f72cac3ebb13bda0d1325b38fa95f4f79eddc22c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:c3:32:fb:85:90:8f:0f:99:a1:a4:95:24:0b:
ec:c0:53:23:ca:5c:59:74:dc:d2:7d:9a:4f:90:37:
4c:91:ae:30:73:f6:5f:10:29:c7:c8:d3:dc:24:cf:
43:41:ea:b2:e8:fb:04:ff:3d:20:4b:e3:c6:90:b6:
52:81:3f:87:29:e0:65:50:02:2f:ba:ed:93:0a:77:
91:cd:2f:be:a2:3e:eb:1b:9b:6d:ba:ae:23:31:d6:
9c:51:56:ef:8e:e0:6a:e9:25:98:f4:8e:8c:0f:88:
64:23:62:93:e0:1c:24:78:93:7b:67:97:7c:7a:59:
be:81:55:4c:22:ac:d2:fb:77:a2:ee:95:40:84:c7:
a0:fd:52:8a:88:73:f3:a4:13:be:e9:fb:55:b3:44:
dc:fd:84:78:83:fb:56:d0:80:7e:0a:fd:6a:00:93:
13:ef:9f:c5:4c:64:ec:a6:bd:27:8b:7e:54:a7:33:
27:a2:6a:67:be:e9:20:45:1d:4f:35:aa:be:53:dc:
df:de:b0:97:aa:26:d0:76:8e:33:e8:73:cd:20:49:
b3:91:ff:72:1b:55:03:59:68:0f:2f:1a:bb:1d:65:
7e:d5:1e:8b:fe:46:7e:85:e2:08:56:21:a0:34:81:
f2:3e:39:5b:68:80:7a:10:78:9f:00:a5:48:ca:2b:
8a:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:2C:AC:3E:BB:13:BD:A0:D1:32:5B:38:FA:95:F4:F7:9E:DD:C2:2C
X509v3 Authority Key Identifier:
keyid:67:58:9D:5F:E4:BB:1C:5B:DB:83:A3:53:C2:73:7D:C6:04:34:13:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/9yysPrsTvaDRMls4-pX0957dwiw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.207.64.0-185.207.66.255
217.199.241.0/24
217.199.248.0/24
217.199.252.0-217.199.254.255
Signature Algorithm: sha256WithRSAEncryption
29:99:0d:69:57:f2:a0:89:a8:15:4c:20:db:d2:63:24:9c:5f:
9c:e9:c2:d3:97:d9:ab:8e:bc:0a:66:bb:7a:7a:5b:33:2a:ae:
2f:87:3a:a3:2b:d1:0b:18:da:c3:14:41:9d:52:d4:78:72:8a:
17:e1:93:e2:72:e4:2a:15:6c:a7:db:55:c5:be:cb:e0:5b:5d:
cf:8d:b0:61:11:ff:b7:fc:4d:3e:cd:32:c6:1e:4b:40:a5:e4:
4a:d6:6e:14:81:ae:ba:f2:9a:9a:27:de:ec:6d:7b:d3:b4:00:
2b:2f:a5:97:d2:db:1f:58:f2:b7:f6:c5:f5:e5:25:0d:a8:94:
b3:81:17:8e:e0:e5:c4:72:c3:f9:7e:cb:56:fe:9f:fb:32:4f:
a3:10:63:37:1c:03:c1:97:cf:25:7e:50:1b:2c:7f:a1:29:e7:
14:e3:a7:a7:a8:83:46:39:45:65:7b:92:25:ff:0e:0d:ad:99:
63:19:79:4b:9a:e1:2d:ea:36:95:7e:85:9c:ab:d1:8f:f3:7d:
5e:df:46:cf:6e:6f:52:c7:87:37:d1:c0:6c:24:11:0a:7d:bf:
78:c5:8f:de:b3:bc:38:16:4c:92:08:1b:d6:4d:7e:4e:18:3a:
42:c5:b2:3d:7d:dc:66:fc:74:4e:9b:b9:2c:5f:09:45:4c:57:
5a:6d:0d:d3
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZhkm391jIV+ONwG6pjE1DlDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NTg5ZDVmZTRiYjFjNWJkYjgzYTM1M2MyNzM3ZGM2MDQz
NDEzMjYwHhcNMjUwODAxMDc0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzJjYWMzZWJiMTNiZGEwZDEzMjViMzhmYTk1ZjRmNzllZGRjMjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscMy+4WQjw+ZoaSVJAvswFMjylxZ
dNzSfZpPkDdMka4wc/ZfECnHyNPcJM9DQeqy6PsE/z0gS+PGkLZSgT+HKeBlUAIv
uu2TCneRzS++oj7rG5ttuq4jMdacUVbvjuBq6SWY9I6MD4hkI2KT4BwkeJN7Z5d8
elm+gVVMIqzS+3ei7pVAhMeg/VKKiHPzpBO+6ftVs0Tc/YR4g/tW0IB+Cv1qAJMT
75/FTGTspr0ni35UpzMnompnvukgRR1PNaq+U9zf3rCXqibQdo4z6HPNIEmzkf9y
G1UDWWgPLxq7HWV+1R6L/kZ+heIIViGgNIHyPjlbaIB6EHifAKVIyiuKIwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFPcsrD67E72g0TJbOPqV9Pee3cIsMB8GA1UdIwQY
MBaAFGdYnV/kuxxb24OjU8JzfcYENBMmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjFpZFgtUzdIRnZiZzZOVHduTjl4Z1EwRXlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC83MzNmOWMtYjExNS00OWM4LTk1OWIt
ZjU4Y2I2NDgwYTdlLzEvOXl5c1Byc1R2YURSTWxzNC1wWDA5NTdkd2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC83MzNmOWMtYjExNS00OWM4LTk1OWItZjU4Y2I2NDgwYTdl
LzEvWjFpZFgtUzdIRnZiZzZOVHduTjl4Z1EwRXlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAa5z0AD
BAC5z0IDBADZx/EDBADZx/gwDAMEAtnH/AMEANnH/jANBgkqhkiG9w0BAQsFAAOC
AQEAKZkNaVfyoImoFUwg29JjJJxfnOnC05fZq468Cma7enpbMyquL4c6oyvRCxja
wxRBnVLUeHKKF+GT4nLkKhVsp9tVxb7L4Ftdz42wYRH/t/xNPs0yxh5LQKXkStZu
FIGuuvKamife7G1707QAKy+ll9LbH1jyt/bF9eUlDaiUs4EXjuDlxHLD+X7LVv6f
+zJPoxBjNxwDwZfPJX5QGyx/oSnnFOOnp6iDRjlFZXuSJf8ODa2ZYxl5S5rhLeo2
lX6FnKvRj/N9Xt9Gz25vUseHN9HAbCQRCn2/eMWP3rO8OBZMkggb1k1+Thg6QsWy
PX3cZvx0Tpu5LF8JRUxXWm0N0w==
-----END CERTIFICATE-----
Generated at Mon Aug 4 16:12:47 2025 by rpki-client