Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e1cbc3-28a1-4e53-a0a4-f9172ccbc5af/1/hydDgB-snN9BWY7iUjkavnwziQE.roa
File: hydDgB-snN9BWY7iUjkavnwziQE.roa (raw, json)
Hash identifier: ysVRmS6Ip962i/GMIlN3GEIvctnMgjlKTRzkw2GE/YI=
Subject key identifier: 87:27:43:80:1F:AC:9C:DF:41:59:8E:E2:52:39:1A:BE:7C:33:89:01
Certificate issuer: /CN=d670034104f1bf658144b4aa45b41a3f5779dc0f
Certificate serial: 01983C30C295AD7054E3CFB35D8482802916
Authority key identifier: D6:70:03:41:04:F1:BF:65:81:44:B4:AA:45:B4:1A:3F:57:79:DC:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1nADQQTxv2WBRLSqRbQaP1d53A8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/e1cbc3-28a1-4e53-a0a4-f9172ccbc5af/1/hydDgB-snN9BWY7iUjkavnwziQE.roa
Signing time: Thu 24 Jul 2025 11:28:05 +0000
ROA not before: Thu 24 Jul 2025 11:28:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210149
IP address blocks: 192.66.100.0/24 maxlen: 24
192.66.101.0/24 maxlen: 24
192.66.102.0/24 maxlen: 24
193.163.56.0/24 maxlen: 24
193.163.57.0/24 maxlen: 24
193.163.58.0/24 maxlen: 24
193.163.59.0/24 maxlen: 24
193.163.60.0/24 maxlen: 24
193.163.61.0/24 maxlen: 24
193.163.62.0/24 maxlen: 24
193.163.63.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/e1cbc3-28a1-4e53-a0a4-f9172ccbc5af/1/1nADQQTxv2WBRLSqRbQaP1d53A8.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/e1cbc3-28a1-4e53-a0a4-f9172ccbc5af/1/1nADQQTxv2WBRLSqRbQaP1d53A8.mft
rsync://rpki.ripe.net/repository/DEFAULT/1nADQQTxv2WBRLSqRbQaP1d53A8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 08:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:3c:30:c2:95:ad:70:54:e3:cf:b3:5d:84:82:80:29:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d670034104f1bf658144b4aa45b41a3f5779dc0f
Validity
Not Before: Jul 24 11:28:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=872743801fac9cdf41598ee252391abe7c338901
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:a7:91:cd:4d:0b:c2:c8:dd:22:6d:18:80:e6:
a4:17:4c:8f:7d:53:b1:f7:a1:c1:5c:d8:dd:fc:9d:
8b:69:22:92:a7:34:a4:ad:eb:00:86:57:46:10:b4:
f8:13:db:6b:85:31:c5:88:9d:d6:35:ca:eb:96:87:
20:5a:a1:0f:0c:71:e9:82:6f:52:ab:e7:ca:4c:4b:
33:ae:2c:c2:e0:cf:62:b9:2e:2a:15:6f:93:59:d4:
f4:0b:72:94:6e:79:bd:46:a0:60:9b:5a:45:6a:06:
60:df:ab:53:6a:70:a9:22:5c:74:fb:f4:b7:8a:cd:
1f:98:1a:d8:64:e7:e7:32:a8:73:e1:d9:bf:b4:97:
e5:c5:9f:04:b3:64:ce:9b:27:9f:92:8f:dd:e4:d8:
69:f2:81:35:d9:73:05:c2:fc:ef:fb:40:0e:23:06:
9c:27:20:0d:27:09:ba:0f:a1:3d:1f:e4:d1:56:60:
e0:cd:16:af:f3:59:91:c7:05:de:25:fb:8e:86:21:
71:1a:76:66:26:5c:15:84:35:7d:b4:b6:88:93:15:
c1:ce:7f:2c:1c:8a:c8:f4:f8:0a:ce:f6:13:de:0c:
7f:d8:3b:75:23:e5:33:c0:59:a4:50:a4:08:f7:25:
1e:32:de:57:4f:2c:ec:14:e2:b8:95:4a:40:99:b5:
13:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:27:43:80:1F:AC:9C:DF:41:59:8E:E2:52:39:1A:BE:7C:33:89:01
X509v3 Authority Key Identifier:
keyid:D6:70:03:41:04:F1:BF:65:81:44:B4:AA:45:B4:1A:3F:57:79:DC:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nADQQTxv2WBRLSqRbQaP1d53A8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e1cbc3-28a1-4e53-a0a4-f9172ccbc5af/1/hydDgB-snN9BWY7iUjkavnwziQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e1cbc3-28a1-4e53-a0a4-f9172ccbc5af/1/1nADQQTxv2WBRLSqRbQaP1d53A8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.66.100.0-192.66.102.255
193.163.56.0/21
Signature Algorithm: sha256WithRSAEncryption
46:01:64:c0:23:28:a3:5d:d5:b2:ce:80:39:68:2e:3d:56:19:
12:fa:98:fa:24:ea:79:08:03:ab:60:da:b5:70:a4:12:60:91:
35:a6:4c:20:58:65:91:d8:42:e6:e7:f0:93:72:7c:3f:66:87:
52:e0:ea:cb:2c:6e:d1:0a:87:74:91:ec:b5:7a:e4:ab:9b:80:
74:44:3a:aa:e8:cc:4a:cb:fe:bb:8a:86:ff:b5:a9:2c:aa:5a:
8b:86:89:fc:b9:24:e7:29:e2:c6:56:11:d4:a4:29:67:8f:1a:
3f:da:dd:63:7f:12:55:1d:e7:ea:13:51:71:a4:a9:29:90:53:
8d:8c:2b:11:41:26:d8:65:62:cd:90:ba:dc:f6:59:19:3b:01:
17:3e:ba:fd:bd:0a:24:0c:b0:11:27:15:ae:ea:3e:b6:d9:4b:
57:f9:7e:93:cd:9b:ca:f1:14:26:bd:9d:97:1d:11:a2:99:2f:
f5:89:5e:f7:7f:f3:2a:eb:ae:ae:97:4e:e5:02:ab:c5:fd:c2:
26:71:c4:7b:cc:6a:01:ba:1c:5f:0a:03:8c:8a:7a:52:59:ed:
6c:7f:e2:1a:02:26:94:c4:41:12:51:fd:43:e6:71:06:c4:9b:
94:47:90:b5:98:20:a4:1d:66:64:29:d7:64:88:86:22:98:b0:
63:31:29:3e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZg8MMKVrXBU48+zXYSCgCkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzAwMzQxMDRmMWJmNjU4MTQ0YjRhYTQ1YjQxYTNmNTc3
OWRjMGYwHhcNMjUwNzI0MTEyODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzI3NDM4MDFmYWM5Y2RmNDE1OThlZTI1MjM5MWFiZTdjMzM4OTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6eRzU0LwsjdIm0YgOakF0yPfVOx
96HBXNjd/J2LaSKSpzSkresAhldGELT4E9trhTHFiJ3WNcrrlocgWqEPDHHpgm9S
q+fKTEszrizC4M9iuS4qFW+TWdT0C3KUbnm9RqBgm1pFagZg36tTanCpIlx0+/S3
is0fmBrYZOfnMqhz4dm/tJflxZ8Es2TOmyefko/d5Nhp8oE12XMFwvzv+0AOIwac
JyANJwm6D6E9H+TRVmDgzRav81mRxwXeJfuOhiFxGnZmJlwVhDV9tLaIkxXBzn8s
HIrI9PgKzvYT3gx/2Dt1I+UzwFmkUKQI9yUeMt5XTyzsFOK4lUpAmbUT5wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIcnQ4AfrJzfQVmO4lI5Gr58M4kBMB8GA1UdIwQY
MBaAFNZwA0EE8b9lgUS0qkW0Gj9XedwPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5BRFFRVHh2MldCUkxTcVJiUWFQMWQ1M0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMWNiYzMtMjhhMS00ZTUzLWEwYTQt
ZjkxNzJjY2JjNWFmLzEvaHlkRGdCLXNuTjlCV1k3aVVqa2F2bnd6aVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMWNiYzMtMjhhMS00ZTUzLWEwYTQtZjkxNzJjY2JjNWFm
LzEvMW5BRFFRVHh2MldCUkxTcVJiUWFQMWQ1M0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBALAQmQD
BADAQmYDBAPBozgwDQYJKoZIhvcNAQELBQADggEBAEYBZMAjKKNd1bLOgDloLj1W
GRL6mPok6nkIA6tg2rVwpBJgkTWmTCBYZZHYQubn8JNyfD9mh1Lg6sssbtEKh3SR
7LV65KubgHREOqrozErL/ruKhv+1qSyqWouGify5JOcp4sZWEdSkKWePGj/a3WN/
ElUd5+oTUXGkqSmQU42MKxFBJthlYs2Qutz2WRk7ARc+uv29CiQMsBEnFa7qPrbZ
S1f5fpPNm8rxFCa9nZcdEaKZL/WJXvd/8yrrrq6XTuUCq8X9wiZxxHvMagG6HF8K
A4yKelJZ7Wx/4hoCJpTEQRJR/UPmcQbEm5RHkLWYIKQdZmQp12SIhiKYsGMxKT4=
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:50:31 2025 by rpki-client