Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/cd472c-4256-40ff-98e2-d98384397929/1/S2hU1G91sKiWUh8YeDBY-hdp4ZQ.roa
File: S2hU1G91sKiWUh8YeDBY-hdp4ZQ.roa (raw, json)
Hash identifier: vffsi4me5kbuxqBTjwviA+XxgoZKSQ7xUMSzQTNSOQs=
Subject key identifier: 4B:68:54:D4:6F:75:B0:A8:96:52:1F:18:78:30:58:FA:17:69:E1:94
Certificate issuer: /CN=f815e02bda7a9071487837d31558b5e0221d3cf9
Certificate serial: 019880D06CB52EA90CD5309E390F6863F769
Authority key identifier: F8:15:E0:2B:DA:7A:90:71:48:78:37:D3:15:58:B5:E0:22:1D:3C:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-BXgK9p6kHFIeDfTFVi14CIdPPk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/cd472c-4256-40ff-98e2-d98384397929/1/S2hU1G91sKiWUh8YeDBY-hdp4ZQ.roa
Signing time: Wed 06 Aug 2025 19:16:39 +0000
ROA not before: Wed 06 Aug 2025 19:16:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31246
IP address blocks: 193.176.32.0/24 maxlen: 24
194.164.239.0/24 maxlen: 24
195.200.23.0/24 maxlen: 24
2a14:2040::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/cd472c-4256-40ff-98e2-d98384397929/1/1-BXgK9p6kHFIeDfTFVi14CIdPPk.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/cd472c-4256-40ff-98e2-d98384397929/1/1-BXgK9p6kHFIeDfTFVi14CIdPPk.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-BXgK9p6kHFIeDfTFVi14CIdPPk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 13:01:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:80:d0:6c:b5:2e:a9:0c:d5:30:9e:39:0f:68:63:f7:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f815e02bda7a9071487837d31558b5e0221d3cf9
Validity
Not Before: Aug 6 19:16:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b6854d46f75b0a896521f18783058fa1769e194
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:eb:31:07:36:16:e5:58:de:20:6e:77:4a:47:
71:cd:5f:5e:4a:4c:c1:83:2a:56:6b:ee:23:9b:10:
df:ec:dd:1d:18:38:d5:92:96:a5:4f:8e:36:b0:8c:
5b:d8:b4:c0:00:a8:e7:4f:93:2c:06:c1:ca:14:76:
14:44:44:53:46:5b:7b:22:f2:c6:6a:1d:5d:c1:6a:
5e:5d:67:61:ba:8d:c8:e6:a1:f9:8c:a9:be:9c:cf:
92:76:ab:06:da:7d:33:af:5b:9b:d3:70:83:3f:78:
c5:bd:c7:16:ac:57:25:cb:22:b4:85:41:b7:e6:b2:
ac:ba:23:19:a6:99:dd:ee:71:3d:06:f5:7f:e3:83:
fb:d6:a0:d6:ab:bf:09:4c:e1:0c:33:e2:b2:c7:78:
e8:4a:d7:d5:3b:f3:aa:31:3b:7d:4b:2b:75:52:d6:
e9:0e:80:22:82:1b:b6:df:31:90:4d:e7:3b:4c:2b:
25:9d:10:90:18:92:37:3a:3b:5e:b4:71:66:40:ab:
1c:87:57:20:b3:75:e9:a7:32:e1:f0:ab:e9:51:ee:
d1:be:36:c6:5f:d7:f4:b4:4c:79:18:52:79:7e:74:
54:88:b7:16:80:e0:31:26:54:bb:af:6f:c5:2d:c0:
c6:f2:73:ee:02:9d:c8:d6:30:a3:af:21:12:ee:a5:
1b:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:68:54:D4:6F:75:B0:A8:96:52:1F:18:78:30:58:FA:17:69:E1:94
X509v3 Authority Key Identifier:
keyid:F8:15:E0:2B:DA:7A:90:71:48:78:37:D3:15:58:B5:E0:22:1D:3C:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-BXgK9p6kHFIeDfTFVi14CIdPPk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/cd472c-4256-40ff-98e2-d98384397929/1/S2hU1G91sKiWUh8YeDBY-hdp4ZQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/cd472c-4256-40ff-98e2-d98384397929/1/1-BXgK9p6kHFIeDfTFVi14CIdPPk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.176.32.0/24
194.164.239.0/24
195.200.23.0/24
IPv6:
2a14:2040::/29
Signature Algorithm: sha256WithRSAEncryption
78:86:c5:a0:7e:4f:e9:ac:09:66:9b:cc:78:d6:7b:b5:e4:a5:
e3:ab:ea:1c:81:e6:1a:19:d7:8d:e1:48:e9:a9:99:42:28:4b:
0a:69:ce:81:9e:bb:e9:1d:87:8f:74:ba:08:fb:6c:a2:03:c8:
56:4c:41:60:4e:15:12:41:5c:39:1f:25:4e:1c:f2:55:c4:e5:
62:9e:bf:8f:f0:5c:4a:9a:e6:5c:79:5e:70:48:a3:bf:ba:9e:
c2:c6:84:bd:f3:97:86:c8:18:00:6d:fc:fb:cd:dc:9e:55:00:
85:37:73:84:e7:3d:5e:0b:99:73:e4:e6:ae:49:15:ca:b2:78:
f9:88:37:f1:e4:42:02:89:3e:c2:08:d0:93:fc:77:69:d9:61:
ba:16:7b:9c:4c:c4:8d:71:70:98:c9:09:ab:af:0b:37:ec:28:
91:d3:cc:36:97:13:20:ec:bf:9b:e4:8a:c4:1d:56:67:c1:00:
3b:09:0b:a7:af:ce:dc:0d:a7:91:b3:c5:32:4e:d7:27:14:a6:
b7:51:95:94:8a:8e:e5:98:af:2f:dd:29:ac:45:9b:54:06:ad:
83:cd:11:eb:86:47:0c:3b:42:2f:33:3e:0c:e0:78:fe:1e:b8:
e2:b8:43:58:78:a1:da:71:b9:2b:8b:b1:c1:40:79:49:a9:ce:
1e:7f:47:72
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZiA0Gy1LqkM1TCeOQ9oY/dpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MTVlMDJiZGE3YTkwNzE0ODc4MzdkMzE1NThiNWUwMjIx
ZDNjZjkwHhcNMjUwODA2MTkxNjM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjY4NTRkNDZmNzViMGE4OTY1MjFmMTg3ODMwNThmYTE3NjllMTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOsxBzYW5VjeIG53SkdxzV9eSkzB
gypWa+4jmxDf7N0dGDjVkpalT442sIxb2LTAAKjnT5MsBsHKFHYURERTRlt7IvLG
ah1dwWpeXWdhuo3I5qH5jKm+nM+SdqsG2n0zr1ub03CDP3jFvccWrFclyyK0hUG3
5rKsuiMZppnd7nE9BvV/44P71qDWq78JTOEMM+Kyx3joStfVO/OqMTt9Syt1Utbp
DoAighu23zGQTec7TCslnRCQGJI3OjtetHFmQKsch1cgs3XppzLh8KvpUe7RvjbG
X9f0tEx5GFJ5fnRUiLcWgOAxJlS7r2/FLcDG8nPuAp3I1jCjryES7qUbSQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFEtoVNRvdbCollIfGHgwWPoXaeGUMB8GA1UdIwQY
MBaAFPgV4CvaepBxSHg30xVYteAiHTz5MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1CWGdLOXA2a0hGSWVEZlRGVmkxNENJZFBQay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjgvY2Q0NzJjLTQyNTYtNDBmZi05OGUy
LWQ5ODM4NDM5NzkyOS8xL1MyaFUxRzkxc0tpV1VoOFllREJZLWhkcDRaUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjgvY2Q0NzJjLTQyNTYtNDBmZi05OGUyLWQ5ODM4NDM5Nzky
OS8xLzEtQlhnSzlwNmtIRkllRGZURlZpMTRDSWRQUGsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOgYIKwYBBQUHAQcBAf8EKzApMBgEAgABMBIDBADBsCAD
BADCpO8DBADDyBcwDQQCAAIwBwMFAyoUIEAwDQYJKoZIhvcNAQELBQADggEBAHiG
xaB+T+msCWabzHjWe7XkpeOr6hyB5hoZ143hSOmpmUIoSwppzoGeu+kdh490ugj7
bKIDyFZMQWBOFRJBXDkfJU4c8lXE5WKev4/wXEqa5lx5XnBIo7+6nsLGhL3zl4bI
GABt/PvN3J5VAIU3c4TnPV4LmXPk5q5JFcqyePmIN/HkQgKJPsII0JP8d2nZYboW
e5xMxI1xcJjJCauvCzfsKJHTzDaXEyDsv5vkisQdVmfBADsJC6evztwNp5GzxTJO
1ycUprdRlZSKjuWYry/dKaxFm1QGrYPNEeuGRww7Qi8zPgzgeP4euOK4Q1h4odpx
uSuLscFAeUmpzh5/R3I=
-----END CERTIFICATE-----
Generated at Sun Aug 10 21:06:17 2025 by rpki-client