Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/iHCOSESssENXgIrAg7szxGin4a8.roa
File: iHCOSESssENXgIrAg7szxGin4a8.roa (raw, json)
Hash identifier: D++50SWUTphE56/ef0P/p1C+NQyxcKhWsuhwzqYT+D4=
Subject key identifier: 88:70:8E:48:44:AC:B0:43:57:80:8A:C0:83:BB:33:C4:68:A7:E1:AF
Certificate issuer: /CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
Certificate serial: 019894EDDF48A96E4D86EE9DF511198F6F95
Authority key identifier: EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/iHCOSESssENXgIrAg7szxGin4a8.roa
Signing time: Sun 10 Aug 2025 17:01:13 +0000
ROA not before: Sun 10 Aug 2025 17:01:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215120
IP address blocks: 91.227.33.0/24 maxlen: 24
91.244.70.0/24 maxlen: 24
91.244.71.0/24 maxlen: 24
93.157.138.0/24 maxlen: 24
93.157.139.0/24 maxlen: 24
193.178.186.0/24 maxlen: 24
2a07:cec4::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.mft
rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 Aug 2025 10:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:94:ed:df:48:a9:6e:4d:86:ee:9d:f5:11:19:8f:6f:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
Validity
Not Before: Aug 10 17:01:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=88708e4844acb04357808ac083bb33c468a7e1af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:14:ff:0a:fb:be:b5:b2:3c:a5:f9:e3:62:8d:
b5:a6:72:d3:52:e3:3b:25:d1:e8:69:e7:ab:d0:81:
2e:2e:11:26:27:91:49:09:9b:e8:52:43:1b:b9:a8:
e6:6d:34:8e:94:d9:b2:5f:7b:98:98:f2:53:b0:ed:
45:e3:50:53:46:35:6a:f7:03:b7:6a:37:f4:5d:d7:
95:10:42:da:c8:50:68:5b:8b:36:90:16:db:31:5d:
c3:aa:bc:81:3a:9f:79:f1:b7:b2:8f:5d:d8:fe:90:
24:fb:6e:ab:80:08:a7:f7:5f:c1:1a:1d:8a:4b:c9:
0f:bb:8b:1f:4c:5f:7b:3f:2e:28:01:8a:86:e4:4c:
fe:8a:6b:d9:6e:b7:4d:2b:72:08:5b:35:b9:2e:08:
2b:61:e0:ac:41:90:07:39:b8:db:60:dc:0f:5c:a5:
26:56:44:0e:19:ff:cf:b6:40:0b:64:47:0c:5c:8e:
8d:fe:bb:fc:08:cf:59:d6:af:a8:bd:29:2a:31:e3:
e0:7c:9a:30:cf:d1:b4:46:db:c3:ab:ed:f5:9d:51:
cd:16:0d:0b:57:2a:e1:07:29:7a:38:91:57:7b:fd:
ea:09:74:bd:d0:ba:51:1a:7d:9e:bb:c9:08:54:32:
94:ce:fa:b0:42:94:41:4a:e3:f3:31:82:47:25:dc:
52:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:70:8E:48:44:AC:B0:43:57:80:8A:C0:83:BB:33:C4:68:A7:E1:AF
X509v3 Authority Key Identifier:
keyid:EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/iHCOSESssENXgIrAg7szxGin4a8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.227.33.0/24
91.244.70.0/23
93.157.138.0/23
193.178.186.0/24
IPv6:
2a07:cec4::/30
Signature Algorithm: sha256WithRSAEncryption
4e:5b:31:cb:ea:33:41:35:e5:94:c4:67:09:62:c9:cb:5e:18:
ec:6a:4d:76:dd:35:a0:e2:25:c5:fd:62:cd:ce:ab:13:0a:02:
06:2d:4e:ef:e2:cb:ce:9d:19:18:fa:b3:eb:c4:f9:ab:9a:24:
c5:b8:a3:18:d1:fe:ad:ca:ff:c0:f6:04:0a:19:aa:55:42:88:
5c:ea:6e:87:2f:b5:e7:f6:a5:26:d4:cc:90:57:2b:6f:12:a8:
c0:a0:de:14:c1:55:01:28:41:fb:f6:4b:36:bb:f5:b8:1c:c0:
25:21:d6:44:9a:f0:9c:43:e1:59:0e:37:c4:7b:ff:8b:73:82:
ae:ab:f3:91:cb:20:94:5d:e9:7b:e3:4f:ee:b5:88:47:eb:d1:
80:47:3a:65:25:93:71:c9:32:8b:9d:b5:10:24:b1:b6:5d:f0:
2b:e5:13:11:31:84:b1:7b:02:b0:64:58:fd:26:f4:07:c5:c8:
d4:0c:60:15:2b:f0:c6:f1:d2:7d:e9:ba:d0:45:e9:38:45:b3:
92:0f:5a:bd:b2:eb:5e:4a:16:b2:d3:1a:8b:ce:f0:9b:45:52:
8f:82:42:8a:06:4f:fb:52:84:25:48:18:1c:b4:8a:06:be:79:
59:79:4f:3b:f2:6f:2c:20:dd:7b:de:9e:75:13:c0:79:7d:d1:
58:b8:18:6f
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZiU7d9IqW5Nhu6d9REZj2+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTViNjIzNDdhMWI2NGNlYTQ5YTJhYjNhYjQ5ODNjMzQ4
NjFmYjIwHhcNMjUwODEwMTcwMTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODcwOGU0ODQ0YWNiMDQzNTc4MDhhYzA4M2JiMzNjNDY4YTdlMWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhT/Cvu+tbI8pfnjYo21pnLTUuM7
JdHoaeer0IEuLhEmJ5FJCZvoUkMbuajmbTSOlNmyX3uYmPJTsO1F41BTRjVq9wO3
ajf0XdeVEELayFBoW4s2kBbbMV3DqryBOp958beyj13Y/pAk+26rgAin91/BGh2K
S8kPu4sfTF97Py4oAYqG5Ez+imvZbrdNK3IIWzW5LggrYeCsQZAHObjbYNwPXKUm
VkQOGf/PtkALZEcMXI6N/rv8CM9Z1q+ovSkqMePgfJowz9G0RtvDq+31nVHNFg0L
VyrhByl6OJFXe/3qCXS90LpRGn2eu8kIVDKUzvqwQpRBSuPzMYJHJdxSqwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFIhwjkhErLBDV4CKwIO7M8Rop+GvMB8GA1UdIwQY
MBaAFO+ltiNHobZM6kmiqzq0mDw0hh+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQt
MDEzZDJhMTFjMGE1LzEvaUhDT1NFU3NzRU5YZ0lyQWc3c3p4R2luNGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQtMDEzZDJhMTFjMGE1
LzEvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAW+MhAwQB
W/RGAwQBXZ2KAwQAwbK6MA0EAgACMAcDBQIqB87EMA0GCSqGSIb3DQEBCwUAA4IB
AQBOWzHL6jNBNeWUxGcJYsnLXhjsak123TWg4iXF/WLNzqsTCgIGLU7v4svOnRkY
+rPrxPmrmiTFuKMY0f6tyv/A9gQKGapVQohc6m6HL7Xn9qUm1MyQVytvEqjAoN4U
wVUBKEH79ks2u/W4HMAlIdZEmvCcQ+FZDjfEe/+Lc4Kuq/ORyyCUXel740/utYhH
69GARzplJZNxyTKLnbUQJLG2XfAr5RMRMYSxewKwZFj9JvQHxcjUDGAVK/DG8dJ9
6brQRek4RbOSD1q9suteShay0xqLzvCbRVKPgkKKBk/7UoQlSBgctIoGvnlZeU87
8m8sIN173p51E8B5fdFYuBhv
-----END CERTIFICATE-----
Generated at Wed Aug 13 15:59:44 2025 by rpki-client