Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/xYF8GskQRTruWnq0Q7-vo_GqfiQ.roa
File: xYF8GskQRTruWnq0Q7-vo_GqfiQ.roa (raw, json)
Hash identifier: cnwhIOGst+6jb701ygWNYFM0wdy5cssALvw1jcPBdd8=
Subject key identifier: C5:81:7C:1A:C9:10:45:3A:EE:5A:7A:B4:43:BF:AF:A3:F1:AA:7E:24
Certificate issuer: /CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
Certificate serial: 019879C76B769069014DFE503AAEA19610D6
Authority key identifier: 0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/xYF8GskQRTruWnq0Q7-vo_GqfiQ.roa
Signing time: Tue 05 Aug 2025 10:29:29 +0000
ROA not before: Tue 05 Aug 2025 10:29:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25311
IP address blocks: 86.105.206.0/23 maxlen: 24
89.34.180.0/22 maxlen: 24
89.47.208.0/20 maxlen: 24
94.176.200.0/21 maxlen: 24
188.209.96.0/20 maxlen: 24
195.182.220.0/23 maxlen: 24
2a01:4700:8000::/33 maxlen: 48
2a03:9c20:2002::/48 maxlen: 56
2a03:9c20:3000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl
rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.mft
rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 07:01:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:79:c7:6b:76:90:69:01:4d:fe:50:3a:ae:a1:96:10:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
Validity
Not Before: Aug 5 10:29:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c5817c1ac910453aee5a7ab443bfafa3f1aa7e24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:d1:8f:6e:a8:89:52:61:30:59:13:ad:80:97:
60:7f:19:16:88:7f:9e:9c:06:02:07:c4:78:05:11:
61:da:c9:53:17:d1:38:78:b8:b7:0d:38:d6:a5:7a:
ba:de:94:8e:3f:bd:c8:65:d9:3f:4c:15:fd:5e:61:
74:d4:0d:d8:10:f8:17:be:2a:97:fa:32:6f:76:ab:
35:98:a3:7a:81:64:58:03:8c:f9:6c:42:c7:ae:8d:
83:09:5f:ff:6a:63:cf:2d:81:a5:ed:73:98:e7:30:
c3:24:7b:35:45:6f:f2:29:9f:9b:14:33:14:d7:fd:
f0:cb:c4:95:d5:4f:27:3f:3b:b0:45:2e:c3:c2:2b:
69:85:0d:b9:56:1c:71:5a:7b:25:63:64:e5:b8:fa:
79:c7:e4:33:69:a1:cb:b5:41:aa:5c:81:06:f1:c4:
ca:2c:a9:c0:0d:87:ed:f7:bb:ee:e2:08:0e:be:d1:
a9:d6:a9:05:fe:fb:14:09:81:5e:18:60:7c:67:ab:
cc:5b:f1:d9:1e:f3:03:72:af:b6:62:6e:f4:c3:af:
a7:c3:ea:8f:47:30:55:31:67:42:44:12:e3:be:d2:
36:e2:1b:d1:5a:d7:02:0b:95:0c:e2:ee:80:21:47:
9a:0f:93:c1:17:f5:d4:6c:cc:d0:c4:ea:ef:cf:52:
ab:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:81:7C:1A:C9:10:45:3A:EE:5A:7A:B4:43:BF:AF:A3:F1:AA:7E:24
X509v3 Authority Key Identifier:
keyid:0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/xYF8GskQRTruWnq0Q7-vo_GqfiQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.105.206.0/23
89.34.180.0/22
89.47.208.0/20
94.176.200.0/21
188.209.96.0/20
195.182.220.0/23
IPv6:
2a01:4700:8000::/33
2a03:9c20:2002::/48
2a03:9c20:3000::/36
Signature Algorithm: sha256WithRSAEncryption
63:d0:2f:74:fa:22:61:dd:d0:f2:da:93:87:b5:25:cd:5b:a2:
e6:44:07:d5:d9:af:b9:bc:63:0c:c0:03:3e:59:ba:2e:b8:0f:
82:8e:84:ff:7e:7f:2f:89:ea:aa:d5:bf:5f:01:ab:4d:0a:85:
3f:5b:f0:17:42:22:a4:27:24:34:5e:04:c5:cf:8d:6e:6e:ca:
b5:ec:26:eb:21:9d:fd:13:1b:76:8a:ae:41:fc:01:6d:c3:a0:
ae:08:eb:66:df:ad:c7:0a:f3:48:28:fa:0b:42:c9:ac:b6:17:
cc:f2:e5:2b:79:ac:7e:2d:e6:e5:54:45:e4:3b:7a:7b:98:6d:
0c:0f:9d:8b:59:fe:c6:bb:47:af:29:60:c9:1b:b2:85:8e:f8:
32:09:fb:c3:02:0b:a5:15:57:d3:1e:ab:b5:07:48:e3:0f:f9:
d1:af:35:6a:5b:a7:b3:02:cd:c6:cf:c3:f3:70:67:76:fa:8d:
98:08:d7:d5:4f:b3:b3:93:87:d7:8d:b5:8a:fa:6d:a7:c1:32:
e2:7e:2e:c1:27:74:8e:fd:9c:b5:fd:44:91:81:58:50:f5:ed:
0a:d2:3a:70:29:23:3e:fb:2f:cb:86:24:a6:a3:a8:27:35:31:
60:ed:3c:07:f0:0b:06:66:bd:48:50:69:97:2d:e2:79:db:62:
1d:21:3d:07
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZh5x2t2kGkBTf5QOq6hlhDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNTU2YWNiNWYzYjk2MWI1Y2MyNGEyOTk1ZjM0ZWU5MWY3
OWRjMTYwHhcNMjUwODA1MTAyOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTgxN2MxYWM5MTA0NTNhZWU1YTdhYjQ0M2JmYWZhM2YxYWE3ZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9GPbqiJUmEwWROtgJdgfxkWiH+e
nAYCB8R4BRFh2slTF9E4eLi3DTjWpXq63pSOP73IZdk/TBX9XmF01A3YEPgXviqX
+jJvdqs1mKN6gWRYA4z5bELHro2DCV//amPPLYGl7XOY5zDDJHs1RW/yKZ+bFDMU
1/3wy8SV1U8nPzuwRS7DwitphQ25VhxxWnslY2TluPp5x+QzaaHLtUGqXIEG8cTK
LKnADYft97vu4ggOvtGp1qkF/vsUCYFeGGB8Z6vMW/HZHvMDcq+2Ym70w6+nw+qP
RzBVMWdCRBLjvtI24hvRWtcCC5UM4u6AIUeaD5PBF/XUbMzQxOrvz1KrewIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFMWBfBrJEEU67lp6tEO/r6Pxqn4kMB8GA1UdIwQY
MBaAFAtVastfO5YbXMJKKZXzTukfedwWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEt
ZDJiYmYzN2RhYmI0LzEveFlGOEdza1FSVHJ1V25xMFE3LXZvX0dxZmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEtZDJiYmYzN2RhYmI0
LzEvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTAqBAIAATAkAwQBVmnOAwQC
WSK0AwQEWS/QAwQDXrDIAwQEvNFgAwQBw7bcMB8EAgACMBkDBgcqAUcAgAMHACoD
nCAgAgMGBCoDnCAwMA0GCSqGSIb3DQEBCwUAA4IBAQBj0C90+iJh3dDy2pOHtSXN
W6LmRAfV2a+5vGMMwAM+WbouuA+CjoT/fn8vieqq1b9fAatNCoU/W/AXQiKkJyQ0
XgTFz41ubsq17CbrIZ39Ext2iq5B/AFtw6CuCOtm363HCvNIKPoLQsmsthfM8uUr
eax+LeblVEXkO3p7mG0MD52LWf7Gu0evKWDJG7KFjvgyCfvDAgulFVfTHqu1B0jj
D/nRrzVqW6ezAs3Gz8PzcGd2+o2YCNfVT7Ozk4fXjbWK+m2nwTLifi7BJ3SO/Zy1
/USRgVhQ9e0K0jpwKSM++y/LhiSmo6gnNTFg7TwH8AsGZr1IUGmXLeJ522IdIT0H
-----END CERTIFICATE-----
Generated at Sun Aug 10 16:07:36 2025 by rpki-client