Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/NH2BjpUAouOhcpZouA1RZzjRVTY.roa
File: NH2BjpUAouOhcpZouA1RZzjRVTY.roa (raw, json)
Hash identifier: 24a7YxtpdykxCsVljEKHdP+oA0xGv3G4hBA1X06gGy8=
Subject key identifier: 34:7D:81:8E:95:00:A2:E3:A1:72:96:68:B8:0D:51:67:38:D1:55:36
Certificate issuer: /CN=a5a42d260d5ecdc2fa2b0b5dbf603b90d715444d
Certificate serial: 01987E8CBC0A0ABA4B2020E390EF8C390C06
Authority key identifier: A5:A4:2D:26:0D:5E:CD:C2:FA:2B:0B:5D:BF:60:3B:90:D7:15:44:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/paQtJg1ezcL6Kwtdv2A7kNcVRE0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/NH2BjpUAouOhcpZouA1RZzjRVTY.roa
Signing time: Wed 06 Aug 2025 08:43:29 +0000
ROA not before: Wed 06 Aug 2025 08:43:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44097
IP address blocks: 193.27.0.0/24 maxlen: 24
193.43.214.0/24 maxlen: 24
193.222.128.0/24 maxlen: 32
2001:67c:ec::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/paQtJg1ezcL6Kwtdv2A7kNcVRE0.crl
rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/paQtJg1ezcL6Kwtdv2A7kNcVRE0.mft
rsync://rpki.ripe.net/repository/DEFAULT/paQtJg1ezcL6Kwtdv2A7kNcVRE0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 05:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:7e:8c:bc:0a:0a:ba:4b:20:20:e3:90:ef:8c:39:0c:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5a42d260d5ecdc2fa2b0b5dbf603b90d715444d
Validity
Not Before: Aug 6 08:43:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=347d818e9500a2e3a1729668b80d516738d15536
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:1e:cd:ba:f8:0f:92:24:d5:24:90:80:db:3b:
43:c4:aa:8a:77:74:eb:b5:dc:0d:93:c5:85:ba:8b:
96:a0:4c:97:bc:8f:f9:5a:97:82:e3:dd:e4:db:b9:
d0:d9:f0:6a:e4:54:a3:77:54:20:ef:25:5e:c2:a3:
4b:18:31:bb:1c:d7:47:5d:18:4e:ae:e9:88:f7:93:
c2:17:f9:a9:a0:da:fc:d9:38:13:16:46:c1:3a:02:
54:06:b9:cf:72:d9:43:4b:86:54:00:4b:eb:66:b9:
bd:17:7b:4d:7b:ef:0c:04:d7:7d:cd:38:fe:eb:47:
f4:34:c6:2c:14:c3:a6:96:41:ca:01:18:c9:ff:5e:
c4:70:24:e4:17:c4:cb:77:9c:61:c4:b0:31:7c:59:
3d:4d:92:8f:e2:5e:b1:34:21:7b:92:24:2f:d0:71:
e2:39:3d:b6:d0:3e:a0:0d:19:cf:15:17:e8:11:c8:
41:ed:8f:dd:e6:8c:0c:bc:8e:8a:54:dc:8c:3d:b4:
c3:04:8f:e0:0c:11:35:01:2a:d0:30:2e:da:9b:95:
05:a8:ec:b3:6f:c4:a2:a2:12:f4:58:b1:76:ce:de:
60:9c:3e:14:81:57:03:26:f3:43:1b:ec:60:74:0c:
19:57:e3:8c:61:69:5e:47:e3:ff:c9:08:3a:c3:aa:
de:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:7D:81:8E:95:00:A2:E3:A1:72:96:68:B8:0D:51:67:38:D1:55:36
X509v3 Authority Key Identifier:
keyid:A5:A4:2D:26:0D:5E:CD:C2:FA:2B:0B:5D:BF:60:3B:90:D7:15:44:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/paQtJg1ezcL6Kwtdv2A7kNcVRE0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/NH2BjpUAouOhcpZouA1RZzjRVTY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/paQtJg1ezcL6Kwtdv2A7kNcVRE0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.27.0.0/24
193.43.214.0/24
193.222.128.0/24
IPv6:
2001:67c:ec::/48
Signature Algorithm: sha256WithRSAEncryption
48:48:f1:e9:a3:d7:49:d0:63:2c:76:d4:d8:dc:c7:18:27:38:
45:ce:95:bc:78:58:37:6f:d6:04:52:81:25:8b:74:08:7f:b4:
3a:f4:c2:a0:9c:42:d8:3e:0a:c4:0f:d3:bc:ec:7a:d1:bf:d4:
d3:d5:e9:c6:26:e2:89:24:d2:bc:7d:71:b0:27:66:26:34:fa:
bd:21:bf:97:ab:49:7f:34:dc:d7:a7:40:c9:e5:a4:e2:2e:70:
93:09:a3:a7:cd:5b:a9:8a:b8:9f:4c:8a:f5:bd:91:2b:48:fc:
f0:91:c4:71:21:19:ea:a8:f2:2d:be:80:29:86:44:87:2b:ac:
59:4f:a2:7a:e2:52:30:41:47:16:e4:b8:10:3a:37:76:e2:c2:
13:91:ad:9f:a7:e6:42:29:41:ac:2f:0a:6a:db:78:a8:40:6d:
a3:07:34:dd:20:60:f5:3a:34:5d:e1:6d:6c:d7:7d:f9:8e:6e:
a8:94:80:d0:ec:35:e8:91:d4:3c:86:74:15:b0:7b:df:ad:cf:
6a:d3:c7:65:49:16:0c:df:2d:92:b2:6b:31:14:d7:83:4e:70:
97:17:81:29:dd:75:8a:94:e2:10:50:d4:37:13:cc:e0:97:d8:
13:9e:7f:d9:d3:1f:87:a1:24:aa:4f:71:ef:a3:1c:3d:92:bf:
33:f5:45:57
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZh+jLwKCrpLICDjkO+MOQwGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YTQyZDI2MGQ1ZWNkYzJmYTJiMGI1ZGJmNjAzYjkwZDcx
NTQ0NGQwHhcNMjUwODA2MDg0MzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDdkODE4ZTk1MDBhMmUzYTE3Mjk2NjhiODBkNTE2NzM4ZDE1NTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmB7NuvgPkiTVJJCA2ztDxKqKd3Tr
tdwNk8WFuouWoEyXvI/5WpeC493k27nQ2fBq5FSjd1Qg7yVewqNLGDG7HNdHXRhO
rumI95PCF/mpoNr82TgTFkbBOgJUBrnPctlDS4ZUAEvrZrm9F3tNe+8MBNd9zTj+
60f0NMYsFMOmlkHKARjJ/17EcCTkF8TLd5xhxLAxfFk9TZKP4l6xNCF7kiQv0HHi
OT220D6gDRnPFRfoEchB7Y/d5owMvI6KVNyMPbTDBI/gDBE1ASrQMC7am5UFqOyz
b8SiohL0WLF2zt5gnD4UgVcDJvNDG+xgdAwZV+OMYWleR+P/yQg6w6reDwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFDR9gY6VAKLjoXKWaLgNUWc40VU2MB8GA1UdIwQY
MBaAFKWkLSYNXs3C+isLXb9gO5DXFURNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFRdEpnMWV6Y0w2S3d0ZHYyQTdrTmNWUkUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jMzkyZDctMGE5OS00MWM5LWEyY2Qt
ZjBkMmI5NDNjYjUzLzEvTkgyQmpwVUFvdU9oY3Bab3VBMVJaempSVlRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jMzkyZDctMGE5OS00MWM5LWEyY2QtZjBkMmI5NDNjYjUz
LzEvcGFRdEpnMWV6Y0w2S3d0ZHYyQTdrTmNWUkUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAwRsAAwQA
wSvWAwQAwd6AMA8EAgACMAkDBwAgAQZ8AOwwDQYJKoZIhvcNAQELBQADggEBAEhI
8emj10nQYyx21NjcxxgnOEXOlbx4WDdv1gRSgSWLdAh/tDr0wqCcQtg+CsQP07zs
etG/1NPV6cYm4okk0rx9cbAnZiY0+r0hv5erSX803NenQMnlpOIucJMJo6fNW6mK
uJ9MivW9kStI/PCRxHEhGeqo8i2+gCmGRIcrrFlPonriUjBBRxbkuBA6N3biwhOR
rZ+n5kIpQawvCmrbeKhAbaMHNN0gYPU6NF3hbWzXffmObqiUgNDsNeiR1DyGdBWw
e9+tz2rTx2VJFgzfLZKyazEU14NOcJcXgSnddYqU4hBQ1DcTzOCX2BOef9nTH4eh
JKpPce+jHD2SvzP1RVc=
-----END CERTIFICATE-----
Generated at Sat Aug 9 14:17:29 2025 by rpki-client