Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/IK01XRjBPLd-6jbRM6WX3KlYFaU.roa
File: IK01XRjBPLd-6jbRM6WX3KlYFaU.roa (raw, json)
Hash identifier: hpMtGTgtQBn7QaBbprX3PlSpi2a4sNEtbAx00Rc21hI=
Subject key identifier: 20:AD:35:5D:18:C1:3C:B7:7E:EA:36:D1:33:A5:97:DC:A9:58:15:A5
Certificate issuer: /CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
Certificate serial: 019851C5F72EFF7180002C8C8361F1E8E88F
Authority key identifier: 1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/IK01XRjBPLd-6jbRM6WX3KlYFaU.roa
Signing time: Mon 28 Jul 2025 16:03:04 +0000
ROA not before: Mon 28 Jul 2025 16:03:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39728
IP address blocks: 91.217.4.0/23 maxlen: 24
176.113.224.0/19 maxlen: 19
178.214.160.0/19 maxlen: 19
178.216.232.0/21 maxlen: 21
185.149.196.0/22 maxlen: 22
185.178.245.0/24 maxlen: 24
194.31.152.0/22 maxlen: 24
195.8.56.0/23 maxlen: 23
2a07:6900::/48 maxlen: 48
2a07:6900:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.mft
rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 09 Aug 2025 02:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:51:c5:f7:2e:ff:71:80:00:2c:8c:83:61:f1:e8:e8:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
Validity
Not Before: Jul 28 16:03:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=20ad355d18c13cb77eea36d133a597dca95815a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:af:2d:67:64:37:40:f5:15:77:e6:58:a6:22:
c5:16:0b:a7:f3:d4:5a:36:85:57:72:84:4b:c4:ca:
fa:9e:9f:e4:4a:f2:ce:0b:01:26:c7:c5:1b:76:67:
64:de:44:82:39:5d:aa:d7:04:3a:cb:92:56:fa:75:
8d:5f:52:6e:80:d5:af:b6:62:99:d4:ea:53:0c:2f:
25:30:f7:e2:1a:b0:88:fd:a8:de:82:38:f4:49:c2:
1f:ad:9f:16:b3:f0:d0:9c:d5:65:cd:0c:56:60:91:
70:8f:66:a4:85:2a:9d:45:0d:79:c1:0c:e6:83:2d:
8a:c5:b1:4c:23:dc:73:14:0a:62:ad:02:52:5f:71:
a6:f6:2c:b2:03:19:35:a3:0d:b2:ca:b5:fc:6a:ba:
30:19:5c:eb:c3:b6:68:54:7e:f6:cd:5a:9a:6b:97:
98:cc:00:6a:29:1a:96:b8:73:64:56:91:96:7d:04:
fb:4a:fd:50:72:e0:e8:03:58:e8:13:d6:dc:55:ab:
0b:c2:19:ed:28:c4:52:1b:ce:23:f2:b0:72:d1:0a:
1a:ac:58:db:1f:33:84:ef:5c:e1:af:ef:5a:45:b6:
76:06:82:58:28:e4:30:7b:de:3f:b5:95:d8:4c:65:
a5:d2:14:a1:44:3d:c8:1c:b4:48:ea:58:d8:44:a5:
bc:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:AD:35:5D:18:C1:3C:B7:7E:EA:36:D1:33:A5:97:DC:A9:58:15:A5
X509v3 Authority Key Identifier:
keyid:1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/IK01XRjBPLd-6jbRM6WX3KlYFaU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.217.4.0/23
176.113.224.0/19
178.214.160.0/19
178.216.232.0/21
185.149.196.0/22
185.178.245.0/24
194.31.152.0/22
195.8.56.0/23
IPv6:
2a07:6900::/47
Signature Algorithm: sha256WithRSAEncryption
06:57:70:bf:73:d4:fc:00:62:91:0b:56:75:c2:af:eb:c1:ae:
ef:8e:1e:09:59:2d:60:34:35:bb:d0:04:43:e4:aa:12:11:82:
cc:bc:d0:c2:28:e4:6b:e8:52:c2:65:bd:93:4b:53:85:d8:c8:
53:4f:bf:88:44:62:eb:7b:75:78:a0:b3:a5:a0:52:dd:f4:21:
2f:78:1d:95:eb:76:53:a3:d4:7d:7e:21:ed:f9:25:58:22:7b:
92:e8:97:08:79:5f:5d:cc:92:d0:d7:7b:9a:28:25:70:5d:b6:
ca:f0:85:49:65:a6:78:42:b0:85:0e:5a:6f:a8:0d:a6:a9:6a:
0e:cc:f5:53:05:b5:1e:24:f4:15:97:59:d5:f9:38:d3:4e:50:
fe:0e:24:fd:16:ef:c0:27:69:f0:ae:ef:3b:e6:a6:1c:26:5e:
ff:bd:a0:13:eb:e2:c9:e2:9f:7c:00:0a:82:d1:cb:74:95:45:
cd:04:94:d3:66:69:a7:b0:90:82:d1:21:f2:1c:40:b5:ec:ee:
d5:c2:c1:d9:14:25:3a:dc:69:82:d6:d9:55:d0:c2:fd:2e:e5:
c8:b9:04:fb:a3:3d:ef:34:b2:ac:d9:e0:5f:d1:f3:23:32:e7:
99:53:c7:c6:2f:df:0f:48:a6:2f:90:8b:1e:65:22:b8:a8:71:
11:cd:7d:ff
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZhRxfcu/3GAACyMg2Hx6OiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOTVhMDY5NjY5ZWQ1YTc2NmVlZThlYmRjMzJlMzlmYjE0
ODQxMGIwHhcNMjUwNzI4MTYwMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGFkMzU1ZDE4YzEzY2I3N2VlYTM2ZDEzM2E1OTdkY2E5NTgxNWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr68tZ2Q3QPUVd+ZYpiLFFgun89Ra
NoVXcoRLxMr6np/kSvLOCwEmx8Ubdmdk3kSCOV2q1wQ6y5JW+nWNX1JugNWvtmKZ
1OpTDC8lMPfiGrCI/ajegjj0ScIfrZ8Ws/DQnNVlzQxWYJFwj2akhSqdRQ15wQzm
gy2KxbFMI9xzFApirQJSX3Gm9iyyAxk1ow2yyrX8arowGVzrw7ZoVH72zVqaa5eY
zABqKRqWuHNkVpGWfQT7Sv1QcuDoA1joE9bcVasLwhntKMRSG84j8rBy0QoarFjb
HzOE71zhr+9aRbZ2BoJYKOQwe94/tZXYTGWl0hShRD3IHLRI6ljYRKW8lwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFCCtNV0YwTy3fuo20TOll9ypWBWlMB8GA1UdIwQY
MBaAFB6VoGlmntWnZu7o69wy45+xSEELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAt
OTMzYmZhNTkyYjFkLzEvSUswMVhSakJQTGQtNmpiUk02V1gzS2xZRmFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAtOTMzYmZhNTkyYjFk
LzEvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA2BAIAATAwAwQBW9kEAwQF
sHHgAwQFstagAwQDstjoAwQCuZXEAwQAubL1AwQCwh+YAwQBwwg4MA8EAgACMAkD
BwEqB2kAAAAwDQYJKoZIhvcNAQELBQADggEBAAZXcL9z1PwAYpELVnXCr+vBru+O
HglZLWA0NbvQBEPkqhIRgsy80MIo5GvoUsJlvZNLU4XYyFNPv4hEYut7dXigs6Wg
Ut30IS94HZXrdlOj1H1+Ie35JVgie5Lolwh5X13MktDXe5ooJXBdtsrwhUllpnhC
sIUOWm+oDaapag7M9VMFtR4k9BWXWdX5ONNOUP4OJP0W78AnafCu7zvmphwmXv+9
oBPr4snin3wACoLRy3SVRc0ElNNmaaewkILRIfIcQLXs7tXCwdkUJTrcaYLW2VXQ
wv0u5ci5BPujPe80sqzZ4F/R8yMy55lTx8Yv3w9Ipi+Qix5lIriocRHNff8=
-----END CERTIFICATE-----
Generated at Fri Aug 8 10:27:12 2025 by rpki-client