Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/pIcPL0xVMGfbZp3ySADLcXmoV2U.roa
File: pIcPL0xVMGfbZp3ySADLcXmoV2U.roa (raw, json)
Hash identifier: I45yUURl6+DobBuXbEDbWDLdoODg1monacbKrlx9+d0=
Subject key identifier: A4:87:0F:2F:4C:55:30:67:DB:66:9D:F2:48:00:CB:71:79:A8:57:65
Certificate issuer: /CN=bf88849a2eb5e9dd571a8e743bed7b9513d7a121
Certificate serial: 01987A697AA687734BD94C42AC29CAEEFD7F
Authority key identifier: BF:88:84:9A:2E:B5:E9:DD:57:1A:8E:74:3B:ED:7B:95:13:D7:A1:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/pIcPL0xVMGfbZp3ySADLcXmoV2U.roa
Signing time: Tue 05 Aug 2025 13:26:29 +0000
ROA not before: Tue 05 Aug 2025 13:26:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35485
IP address blocks: 93.94.32.0/21 maxlen: 24
93.94.32.0/24 maxlen: 24
93.94.33.0/24 maxlen: 24
93.94.34.0/24 maxlen: 24
93.94.35.0/24 maxlen: 24
93.94.37.0/24 maxlen: 24
93.94.38.0/24 maxlen: 24
93.174.64.0/21 maxlen: 24
158.58.136.0/21 maxlen: 24
185.84.176.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.mft
rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 12 Aug 2025 04:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:7a:69:7a:a6:87:73:4b:d9:4c:42:ac:29:ca:ee:fd:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf88849a2eb5e9dd571a8e743bed7b9513d7a121
Validity
Not Before: Aug 5 13:26:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a4870f2f4c553067db669df24800cb7179a85765
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:91:dc:bc:6b:43:c0:25:5c:85:ee:25:66:dc:
5d:2e:4d:ab:d6:ff:08:28:65:87:23:81:d5:49:71:
e1:87:08:93:c4:63:69:b2:f7:2b:dd:21:75:c1:66:
f8:0f:bd:f6:c9:4a:a3:ce:23:79:ea:d1:ec:80:f2:
cf:29:7d:99:b1:80:e9:94:13:40:e8:ea:7f:15:03:
cf:c4:b4:1d:14:98:07:f9:8b:ce:20:5c:e7:c2:38:
2e:06:cb:70:1f:ae:a7:26:44:d3:25:80:b0:94:36:
91:78:15:ac:86:c1:fc:09:3b:90:a5:83:aa:16:b5:
0e:f6:8b:2e:1b:99:28:46:36:3b:89:9e:48:4d:c0:
bc:6c:fc:6f:8b:d3:62:8f:ef:22:0f:0c:51:b2:65:
c4:32:bf:35:01:b8:7b:de:1e:17:cd:51:63:73:c1:
04:2a:d3:00:e4:c7:92:01:c6:c0:7a:ff:80:53:58:
1d:0e:8d:e0:b3:19:13:7a:f9:f7:f7:cd:02:ad:77:
7a:a5:1e:bb:f5:01:97:7a:46:13:2b:77:e3:24:a2:
10:cf:cd:95:68:fb:0e:57:c3:80:4f:06:12:ed:40:
10:37:8c:c4:0c:71:c3:6b:9b:5a:94:28:68:18:b8:
65:d4:83:18:7b:21:22:03:37:e9:ca:3d:03:63:31:
cc:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:87:0F:2F:4C:55:30:67:DB:66:9D:F2:48:00:CB:71:79:A8:57:65
X509v3 Authority Key Identifier:
keyid:BF:88:84:9A:2E:B5:E9:DD:57:1A:8E:74:3B:ED:7B:95:13:D7:A1:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/pIcPL0xVMGfbZp3ySADLcXmoV2U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.94.32.0/21
93.174.64.0/21
158.58.136.0/21
185.84.176.0/22
Signature Algorithm: sha256WithRSAEncryption
76:aa:90:84:21:d4:2d:2b:1f:24:cb:74:69:05:27:20:d4:98:
81:00:97:fa:c7:69:f5:6c:67:d0:86:8d:e6:ce:53:af:f2:8a:
66:00:56:b6:6a:de:76:2a:38:4e:0b:24:ac:2b:9c:42:01:e5:
5f:79:68:a8:26:d5:24:3c:69:a6:7f:2e:6e:70:92:6b:09:d0:
c4:74:ee:c8:f2:6f:7a:83:b1:08:cf:53:99:ac:d8:26:af:9b:
17:15:29:64:f2:b0:af:e5:41:9c:dd:45:45:95:f3:1e:8c:79:
aa:24:1b:72:13:fe:6f:64:05:0e:e6:88:01:d6:61:1b:a2:31:
2b:8a:70:2e:26:a2:de:a1:c4:39:29:aa:b9:6a:03:1a:a4:a2:
6c:5a:4f:20:50:24:97:46:ea:a9:6b:2d:34:d0:55:10:51:15:
70:b6:92:9d:34:37:fc:fb:33:77:51:6b:f8:83:8d:3e:b9:7b:
26:c0:e3:06:57:34:79:0b:8f:84:78:13:14:b4:57:23:35:7c:
0d:9f:bf:28:a1:26:32:d5:4c:5c:9e:ba:93:8c:af:26:3d:71:
ab:36:2b:7d:87:e6:fd:30:30:ae:f8:68:58:82:54:0b:dd:43:
75:32:70:e5:76:4c:9f:e2:7e:bb:eb:1c:80:5f:41:cc:dd:45:
38:90:62:40
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZh6aXqmh3NL2UxCrCnK7v1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODg4NDlhMmViNWU5ZGQ1NzFhOGU3NDNiZWQ3Yjk1MTNk
N2ExMjEwHhcNMjUwODA1MTMyNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDg3MGYyZjRjNTUzMDY3ZGI2NjlkZjI0ODAwY2I3MTc5YTg1NzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5HcvGtDwCVche4lZtxdLk2r1v8I
KGWHI4HVSXHhhwiTxGNpsvcr3SF1wWb4D732yUqjziN56tHsgPLPKX2ZsYDplBNA
6Op/FQPPxLQdFJgH+YvOIFznwjguBstwH66nJkTTJYCwlDaReBWshsH8CTuQpYOq
FrUO9osuG5koRjY7iZ5ITcC8bPxvi9Nij+8iDwxRsmXEMr81Abh73h4XzVFjc8EE
KtMA5MeSAcbAev+AU1gdDo3gsxkTevn3980CrXd6pR679QGXekYTK3fjJKIQz82V
aPsOV8OATwYS7UAQN4zEDHHDa5talChoGLhl1IMYeyEiAzfpyj0DYzHMrwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKSHDy9MVTBn22ad8kgAy3F5qFdlMB8GA1UdIwQY
MBaAFL+IhJoutendVxqOdDvte5UT16EhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRpRW1pNjE2ZDFYR281ME8tMTdsUlBYb1NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kYmM1OGUtMDI3Yi00YWFjLTlkZTYt
MjM3MzliNWZkODRjLzEvcEljUEwweFZNR2ZiWnAzeVNBRExjWG1vVjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kYmM1OGUtMDI3Yi00YWFjLTlkZTYtMjM3MzliNWZkODRj
LzEvdjRpRW1pNjE2ZDFYR281ME8tMTdsUlBYb1NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDXV4gAwQD
Xa5AAwQDnjqIAwQCuVSwMA0GCSqGSIb3DQEBCwUAA4IBAQB2qpCEIdQtKx8ky3Rp
BScg1JiBAJf6x2n1bGfQho3mzlOv8opmAFa2at52KjhOCySsK5xCAeVfeWioJtUk
PGmmfy5ucJJrCdDEdO7I8m96g7EIz1OZrNgmr5sXFSlk8rCv5UGc3UVFlfMejHmq
JBtyE/5vZAUO5ogB1mEbojErinAuJqLeocQ5Kaq5agMapKJsWk8gUCSXRuqpay00
0FUQURVwtpKdNDf8+zN3UWv4g40+uXsmwOMGVzR5C4+EeBMUtFcjNXwNn78ooSYy
1UxcnrqTjK8mPXGrNit9h+b9MDCu+GhYglQL3UN1MnDldkyf4n676xyAX0HM3UU4
kGJA
-----END CERTIFICATE-----
Generated at Mon Aug 11 12:48:36 2025 by rpki-client