Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/67db0b-1d10-4c97-9af6-ac01f0c5662b/1/VnjAZXEV2IpEDwg3p4BnaouHiwY.roa
File: VnjAZXEV2IpEDwg3p4BnaouHiwY.roa (raw, json)
Hash identifier: +OjGTLOvqNCpLYSjRU9GeBSRZeFRlVpWW6Mj3HPVgqw=
Subject key identifier: 56:78:C0:65:71:15:D8:8A:44:0F:08:37:A7:80:67:6A:8B:87:8B:06
Certificate issuer: /CN=8ac7eae649d9547b0ad0ab007ab4e8a48ded4d5d
Certificate serial: 0197EF84D2D56BFB462B9BD96052F0D67755
Authority key identifier: 8A:C7:EA:E6:49:D9:54:7B:0A:D0:AB:00:7A:B4:E8:A4:8D:ED:4D:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/isfq5knZVHsK0KsAerTopI3tTV0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/67db0b-1d10-4c97-9af6-ac01f0c5662b/1/VnjAZXEV2IpEDwg3p4BnaouHiwY.roa
Signing time: Wed 09 Jul 2025 14:09:08 +0000
ROA not before: Wed 09 Jul 2025 14:09:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207054
IP address blocks: 45.10.12.0/22 maxlen: 22
45.15.92.0/22 maxlen: 22
66.81.144.0/21 maxlen: 21
185.167.112.0/22 maxlen: 22
185.231.192.0/22 maxlen: 22
194.58.24.0/22 maxlen: 22
2a0b:1a00::/29 maxlen: 29
2a0e:2680::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1d/67db0b-1d10-4c97-9af6-ac01f0c5662b/1/isfq5knZVHsK0KsAerTopI3tTV0.crl
rsync://rpki.ripe.net/repository/DEFAULT/1d/67db0b-1d10-4c97-9af6-ac01f0c5662b/1/isfq5knZVHsK0KsAerTopI3tTV0.mft
rsync://rpki.ripe.net/repository/DEFAULT/isfq5knZVHsK0KsAerTopI3tTV0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 Aug 2025 11:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ef:84:d2:d5:6b:fb:46:2b:9b:d9:60:52:f0:d6:77:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8ac7eae649d9547b0ad0ab007ab4e8a48ded4d5d
Validity
Not Before: Jul 9 14:09:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5678c0657115d88a440f0837a780676a8b878b06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:9e:23:b3:67:19:d6:c9:cf:e4:19:ca:19:0e:
25:11:c4:5b:88:c0:e0:75:7d:c6:a8:d8:5d:dc:33:
6e:0c:ee:e4:56:65:eb:b3:0f:81:ba:21:f9:05:5e:
51:57:86:be:10:47:75:7c:67:e2:cd:f5:84:5a:d1:
1a:bb:4a:7f:e6:e1:5b:0f:65:7c:33:44:b0:7e:73:
0e:c5:2c:1f:2a:76:2e:d2:39:d0:33:e7:7d:33:66:
61:69:15:8b:64:ab:68:9e:3c:56:b4:65:30:93:4e:
13:02:3a:36:9f:ad:ac:7b:71:8f:8b:26:79:06:23:
c3:c8:66:31:61:1a:08:19:cb:f0:c9:44:8b:6d:c3:
a9:75:aa:f7:fa:24:86:e6:cb:de:2e:33:66:c5:86:
77:a3:7e:04:bb:35:9a:1d:f4:bc:86:05:6e:21:fa:
7b:3a:b1:df:a8:6c:e0:c5:d0:45:25:f4:0e:8e:eb:
d4:fa:3d:36:b6:6d:c0:c1:2e:91:f0:51:79:20:62:
6e:1d:57:82:da:82:67:ab:85:31:f8:ca:2d:d4:b0:
c7:bd:ed:f1:25:95:b2:10:b1:4d:48:54:c7:fc:dd:
2c:60:ad:25:e7:86:f1:1b:0f:7f:9a:7b:b0:b6:47:
41:8a:01:de:0a:d9:e3:6e:8c:cb:2c:29:4d:cd:8d:
19:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:78:C0:65:71:15:D8:8A:44:0F:08:37:A7:80:67:6A:8B:87:8B:06
X509v3 Authority Key Identifier:
keyid:8A:C7:EA:E6:49:D9:54:7B:0A:D0:AB:00:7A:B4:E8:A4:8D:ED:4D:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/isfq5knZVHsK0KsAerTopI3tTV0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67db0b-1d10-4c97-9af6-ac01f0c5662b/1/VnjAZXEV2IpEDwg3p4BnaouHiwY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67db0b-1d10-4c97-9af6-ac01f0c5662b/1/isfq5knZVHsK0KsAerTopI3tTV0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.12.0/22
45.15.92.0/22
66.81.144.0/21
185.167.112.0/22
185.231.192.0/22
194.58.24.0/22
IPv6:
2a0b:1a00::/29
2a0e:2680::/29
Signature Algorithm: sha256WithRSAEncryption
99:a5:79:e9:81:a6:f1:ae:f3:31:17:3b:40:86:e3:b3:d5:84:
f3:17:da:5f:00:fa:22:74:e4:58:3d:bc:91:43:54:d3:79:92:
09:1a:c8:96:0f:d9:82:13:d0:28:fb:8b:34:19:b3:02:57:13:
e3:72:b0:39:9f:5f:2e:4c:ff:8c:a4:9c:e3:0b:b0:ed:b3:c9:
27:b7:28:f2:ce:1c:d2:4b:d7:ed:fb:a9:88:4a:bf:93:7b:4f:
e1:aa:68:19:3d:fa:5d:64:a6:4c:3d:bc:8d:6d:fc:18:cd:ad:
e1:fe:ed:b1:2b:7f:c1:61:34:32:c4:99:9d:90:74:03:24:93:
82:32:85:3b:6e:e6:88:13:38:ce:13:0f:bb:62:90:f5:ef:5d:
1b:50:98:25:8f:bc:ac:66:81:12:e9:70:23:5e:d4:95:7d:c0:
fe:f5:3e:ff:bd:26:09:08:86:24:27:da:9b:2a:d7:af:fc:ca:
b9:8f:9d:28:24:a9:cd:02:ba:0f:30:8d:d3:95:56:1a:fe:3a:
ff:ab:25:7e:e3:8a:d0:68:e6:32:5a:4d:7d:c5:33:d9:7f:78:
e4:0e:c9:43:4d:1c:9e:8b:6e:53:df:44:e1:5f:67:25:af:a5:
50:1b:de:a6:12:ae:5a:ec:5e:5b:2f:71:16:4e:25:96:e1:e2:
31:23:ea:a5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZfvhNLVa/tGK5vZYFLw1ndVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYzdlYWU2NDlkOTU0N2IwYWQwYWIwMDdhYjRlOGE0OGRl
ZDRkNWQwHhcNMjUwNzA5MTQwOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Njc4YzA2NTcxMTVkODhhNDQwZjA4MzdhNzgwNjc2YThiODc4YjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ4js2cZ1snP5BnKGQ4lEcRbiMDg
dX3GqNhd3DNuDO7kVmXrsw+BuiH5BV5RV4a+EEd1fGfizfWEWtEau0p/5uFbD2V8
M0SwfnMOxSwfKnYu0jnQM+d9M2ZhaRWLZKtonjxWtGUwk04TAjo2n62se3GPiyZ5
BiPDyGYxYRoIGcvwyUSLbcOpdar3+iSG5sveLjNmxYZ3o34EuzWaHfS8hgVuIfp7
OrHfqGzgxdBFJfQOjuvU+j02tm3AwS6R8FF5IGJuHVeC2oJnq4Ux+Mot1LDHve3x
JZWyELFNSFTH/N0sYK0l54bxGw9/mnuwtkdBigHeCtnjbozLLClNzY0ZTwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFFZ4wGVxFdiKRA8IN6eAZ2qLh4sGMB8GA1UdIwQY
MBaAFIrH6uZJ2VR7CtCrAHq06KSN7U1dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXNmcTVrblpWSHNLMEtzQWVyVG9wSTN0VFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC82N2RiMGItMWQxMC00Yzk3LTlhZjYt
YWMwMWYwYzU2NjJiLzEvVm5qQVpYRVYySXBFRHdnM3A0Qm5hb3VIaXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC82N2RiMGItMWQxMC00Yzk3LTlhZjYtYWMwMWYwYzU2NjJi
LzEvaXNmcTVrblpWSHNLMEtzQWVyVG9wSTN0VFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCLQoMAwQC
LQ9cAwQDQlGQAwQCuadwAwQCuefAAwQCwjoYMBQEAgACMA4DBQMqCxoAAwUDKg4m
gDANBgkqhkiG9w0BAQsFAAOCAQEAmaV56YGm8a7zMRc7QIbjs9WE8xfaXwD6InTk
WD28kUNU03mSCRrIlg/ZghPQKPuLNBmzAlcT43KwOZ9fLkz/jKSc4wuw7bPJJ7co
8s4c0kvX7fupiEq/k3tP4apoGT36XWSmTD28jW38GM2t4f7tsSt/wWE0MsSZnZB0
AySTgjKFO27miBM4zhMPu2KQ9e9dG1CYJY+8rGaBEulwI17UlX3A/vU+/70mCQiG
JCfamyrXr/zKuY+dKCSpzQK6DzCN05VWGv46/6slfuOK0GjmMlpNfcUz2X945A7J
Q00cnotuU99E4V9nJa+lUBvephKuWuxeWy9xFk4lluHiMSPqpQ==
-----END CERTIFICATE-----
Generated at Wed Aug 13 17:48:03 2025 by rpki-client