Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/5b3w5WcrIXEeKH5XOut46ipTc4w.roa
File: 5b3w5WcrIXEeKH5XOut46ipTc4w.roa (raw, json)
Hash identifier: wSQolPimhjlX9rU+wv9xFVShzU/9tCapeIVqocnoaew=
Subject key identifier: E5:BD:F0:E5:67:2B:21:71:1E:28:7E:57:3A:EB:78:EA:2A:53:73:8C
Certificate issuer: /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial: 01975E9F75468EC840677CA2895EE4CDB5C0
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/5b3w5WcrIXEeKH5XOut46ipTc4w.roa
Signing time: Wed 11 Jun 2025 10:53:17 +0000
ROA not before: Wed 11 Jun 2025 10:53:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62454
IP address blocks: 176.100.38.0/24 maxlen: 24
176.100.39.0/24 maxlen: 24
185.14.92.0/24 maxlen: 24
185.14.93.0/24 maxlen: 24
2a00:ccc7::/32 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 07:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5e:9f:75:46:8e:c8:40:67:7c:a2:89:5e:e4:cd:b5:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Validity
Not Before: Jun 11 10:53:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e5bdf0e5672b21711e287e573aeb78ea2a53738c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:6a:dd:15:f6:d4:45:a6:48:f8:81:e6:c5:90:
e4:30:17:23:ef:45:03:73:92:a4:b0:80:2a:89:cf:
49:d8:50:84:35:12:a3:96:57:49:f8:db:bf:28:7f:
d8:23:bd:c1:2e:24:fa:5a:08:c8:51:91:8d:2c:2a:
ab:3d:c6:23:5d:eb:c3:ea:b5:f5:15:c5:7a:2c:22:
da:b6:6e:3c:12:73:9f:40:ee:46:40:9b:68:df:92:
03:2f:41:4e:8b:16:36:63:ce:a5:8f:1c:96:83:39:
82:1c:a2:a1:36:00:7f:6c:29:80:6a:3b:b8:1e:cc:
e6:5c:7c:85:1b:62:4c:0d:ff:ae:53:7a:65:1b:8f:
37:9e:9a:a7:f1:71:a8:63:9a:39:7e:19:67:f7:e3:
4b:44:08:94:da:a5:ad:d7:64:da:65:3a:56:c4:0c:
0e:ea:8d:a4:47:f4:3c:7a:21:c5:c2:dc:64:5c:99:
a2:7b:ce:70:da:fe:6b:98:5e:59:e2:7c:44:8c:26:
5b:c8:c4:ff:a3:1a:0f:aa:b6:36:d2:c5:c2:1f:73:
55:43:10:2c:88:5f:78:e6:a8:59:eb:b4:f2:c4:99:
71:af:d7:7b:62:ae:2b:36:46:f8:33:e6:80:a0:76:
7d:a3:83:d1:40:92:cd:fc:63:08:f0:78:82:13:5a:
01:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:BD:F0:E5:67:2B:21:71:1E:28:7E:57:3A:EB:78:EA:2A:53:73:8C
X509v3 Authority Key Identifier:
keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/5b3w5WcrIXEeKH5XOut46ipTc4w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.100.38.0/23
185.14.92.0/23
IPv6:
2a00:ccc7::/32
Signature Algorithm: sha256WithRSAEncryption
53:d6:ea:c3:71:e6:18:ca:32:b3:ae:79:a8:2e:c3:3a:42:40:
e2:56:cd:68:05:e9:a6:11:59:ca:39:88:5b:e2:fe:a2:fe:d2:
24:87:87:5c:9f:d3:40:f5:01:ea:74:e6:32:4b:94:be:b3:6a:
b5:19:72:97:ca:58:cd:5a:7a:ff:10:f9:bb:50:12:40:af:02:
44:7d:f0:03:f3:50:db:ab:62:03:0e:77:bd:7e:5a:2b:d2:f5:
e5:8e:7f:4f:8c:5f:9c:ae:ce:a1:46:9b:ba:7b:64:88:b8:02:
30:53:55:64:3f:88:a1:f4:f7:6d:a2:1a:a3:c0:a5:7f:de:a2:
53:29:0a:26:a6:d4:f3:db:04:73:4d:2e:ce:5f:8b:83:27:be:
8b:11:17:44:3b:90:9f:2c:d4:86:ce:45:32:a5:46:53:97:63:
48:73:9c:67:9d:62:3e:ec:aa:2a:78:7d:76:7e:d2:54:03:91:
9d:88:d0:5d:6a:19:ea:2f:2c:c3:83:c2:57:67:44:02:1b:7a:
03:f0:bd:28:28:63:e4:94:1a:6d:b9:6b:c6:81:cb:a8:19:ad:
0b:06:19:b5:ab:6a:55:1e:89:07:ad:27:0e:48:c4:73:a1:f4:
b5:19:d0:b0:cf:86:b0:e8:ff:f3:9b:00:c5:b5:6e:b4:b1:16:
2c:7f:d9:f3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZden3VGjshAZ3yiiV7kzbXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjUwNjExMTA1MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWJkZjBlNTY3MmIyMTcxMWUyODdlNTczYWViNzhlYTJhNTM3MzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2rdFfbURaZI+IHmxZDkMBcj70UD
c5KksIAqic9J2FCENRKjlldJ+Nu/KH/YI73BLiT6WgjIUZGNLCqrPcYjXevD6rX1
FcV6LCLatm48EnOfQO5GQJto35IDL0FOixY2Y86ljxyWgzmCHKKhNgB/bCmAaju4
HszmXHyFG2JMDf+uU3plG483npqn8XGoY5o5fhln9+NLRAiU2qWt12TaZTpWxAwO
6o2kR/Q8eiHFwtxkXJmie85w2v5rmF5Z4nxEjCZbyMT/oxoPqrY20sXCH3NVQxAs
iF945qhZ67TyxJlxr9d7Yq4rNkb4M+aAoHZ9o4PRQJLN/GMI8HiCE1oBKQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOW98OVnKyFxHih+VzrreOoqU3OMMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvNWIzdzVXY3JJWEVlS0g1WE91dDQ2aXBUYzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBsGQmAwQB
uQ5cMA0EAgACMAcDBQAqAMzHMA0GCSqGSIb3DQEBCwUAA4IBAQBT1urDceYYyjKz
rnmoLsM6QkDiVs1oBemmEVnKOYhb4v6i/tIkh4dcn9NA9QHqdOYyS5S+s2q1GXKX
yljNWnr/EPm7UBJArwJEffAD81Dbq2IDDne9flor0vXljn9PjF+crs6hRpu6e2SI
uAIwU1VkP4ih9PdtohqjwKV/3qJTKQomptTz2wRzTS7OX4uDJ76LERdEO5CfLNSG
zkUypUZTl2NIc5xnnWI+7KoqeH12ftJUA5GdiNBdahnqLyzDg8JXZ0QCG3oD8L0o
KGPklBptuWvGgcuoGa0LBhm1q2pVHokHrScOSMRzofS1GdCwz4aw6P/zmwDFtW60
sRYsf9nz
-----END CERTIFICATE-----
Generated at Mon Jun 16 10:40:45 2025 by rpki-client