Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/990ca9-6d4c-4946-b7f3-748d6173b6a1/1/APIgDsnaEPtRZmojgJDBrwJxNxg.roa
File: APIgDsnaEPtRZmojgJDBrwJxNxg.roa (raw, json)
Hash identifier: kuf57je/MXSnFoUck2JQ4XhadEJjZ+cKgly33aku8dk=
Subject key identifier: 00:F2:20:0E:C9:DA:10:FB:51:66:6A:23:80:90:C1:AF:02:71:37:18
Certificate issuer: /CN=ef3ee31d2f0ef103296ddec3c66b07a3f442ac98
Certificate serial: 01983D97AFA4A6A542C73FDD556D52714DCB
Authority key identifier: EF:3E:E3:1D:2F:0E:F1:03:29:6D:DE:C3:C6:6B:07:A3:F4:42:AC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7z7jHS8O8QMpbd7DxmsHo_RCrJg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/990ca9-6d4c-4946-b7f3-748d6173b6a1/1/APIgDsnaEPtRZmojgJDBrwJxNxg.roa
Signing time: Thu 24 Jul 2025 18:00:07 +0000
ROA not before: Thu 24 Jul 2025 18:00:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212286
IP address blocks: 45.87.128.0/23 maxlen: 23
45.91.73.0/24 maxlen: 24
45.128.80.0/22 maxlen: 22
45.131.216.0/22 maxlen: 22
45.132.164.0/22 maxlen: 22
45.138.248.0/22 maxlen: 22
45.145.136.0/22 maxlen: 22
45.153.36.0/22 maxlen: 22
45.154.148.0/22 maxlen: 22
193.17.224.0/24 maxlen: 24
193.17.231.0/24 maxlen: 24
193.17.253.0/24 maxlen: 24
193.17.255.0/24 maxlen: 24
212.102.124.0/24 maxlen: 24
2a0e:fc80::/29 maxlen: 29
2a0e:fc87:fffe::/47 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/990ca9-6d4c-4946-b7f3-748d6173b6a1/1/7z7jHS8O8QMpbd7DxmsHo_RCrJg.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/990ca9-6d4c-4946-b7f3-748d6173b6a1/1/7z7jHS8O8QMpbd7DxmsHo_RCrJg.mft
rsync://rpki.ripe.net/repository/DEFAULT/7z7jHS8O8QMpbd7DxmsHo_RCrJg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 14:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:3d:97:af:a4:a6:a5:42:c7:3f:dd:55:6d:52:71:4d:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef3ee31d2f0ef103296ddec3c66b07a3f442ac98
Validity
Not Before: Jul 24 18:00:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=00f2200ec9da10fb51666a238090c1af02713718
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:46:4c:cd:ca:16:a0:8c:10:c0:0d:48:51:c7:
15:31:51:76:7e:0e:44:3b:1d:27:da:fe:1e:a6:76:
14:bf:4a:d1:d1:ae:f5:8b:41:87:d5:df:cf:33:4a:
f7:56:44:5a:2b:9b:a0:8d:e1:c8:67:d9:3c:6e:7f:
96:24:47:0e:ed:06:69:6b:b8:c6:b7:cd:21:dc:6a:
da:4e:2d:dc:60:02:fe:e4:a4:86:51:9c:8e:9b:2d:
cb:38:b9:89:ea:7f:6f:ee:65:c2:20:d0:e7:01:a1:
db:f4:27:e7:d4:92:4c:fe:f2:35:af:0b:e3:1a:98:
f2:ed:dc:f6:8e:0c:1c:00:91:92:7d:16:98:78:cd:
51:69:d7:f1:c8:08:37:bf:67:6e:c6:ea:7f:18:0b:
fa:9d:e5:66:ce:9c:3a:6f:7c:52:f4:5a:b1:d9:89:
aa:c9:68:6a:9a:b5:18:60:95:50:aa:68:d9:58:11:
81:d9:9e:d9:98:bc:1d:b3:8e:c3:60:01:bf:3b:50:
38:c4:2f:24:ea:be:3e:15:d5:b7:ec:8a:65:29:9c:
22:23:90:eb:84:99:c4:ec:42:2a:c5:c0:eb:0e:de:
61:a7:59:c0:dd:d2:6a:29:2f:1b:9e:c7:e6:e2:88:
73:e8:1a:5c:53:62:b0:10:ce:0f:85:5f:99:56:67:
03:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:F2:20:0E:C9:DA:10:FB:51:66:6A:23:80:90:C1:AF:02:71:37:18
X509v3 Authority Key Identifier:
keyid:EF:3E:E3:1D:2F:0E:F1:03:29:6D:DE:C3:C6:6B:07:A3:F4:42:AC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z7jHS8O8QMpbd7DxmsHo_RCrJg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/990ca9-6d4c-4946-b7f3-748d6173b6a1/1/APIgDsnaEPtRZmojgJDBrwJxNxg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/990ca9-6d4c-4946-b7f3-748d6173b6a1/1/7z7jHS8O8QMpbd7DxmsHo_RCrJg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.128.0/23
45.91.73.0/24
45.128.80.0/22
45.131.216.0/22
45.132.164.0/22
45.138.248.0/22
45.145.136.0/22
45.153.36.0/22
45.154.148.0/22
193.17.224.0/24
193.17.231.0/24
193.17.253.0/24
193.17.255.0/24
212.102.124.0/24
IPv6:
2a0e:fc80::/29
Signature Algorithm: sha256WithRSAEncryption
13:a0:2a:1f:fb:aa:b4:fc:aa:18:c9:07:7f:cb:0b:df:6a:81:
c3:37:eb:ae:55:13:f8:f1:10:b6:32:ca:ba:d8:a7:0a:4d:0d:
af:76:df:80:3d:83:27:17:ed:5f:b1:88:9d:d0:dc:b9:2d:d7:
4f:d6:2e:02:8b:71:e2:c7:ff:13:44:81:8d:3c:4c:ad:bc:5c:
de:e8:2e:a2:46:42:8d:a7:24:24:e8:52:b2:fe:9c:22:fd:76:
bc:17:6c:9d:d1:9a:d9:d6:8b:4f:d1:05:b4:0f:a2:f3:7a:57:
aa:2c:20:ad:60:4d:b8:93:30:53:b1:1e:8f:a9:1a:90:14:48:
bc:3a:23:c0:0e:b2:d9:ff:53:e7:e1:46:e8:43:aa:0f:a5:70:
1d:23:69:ad:11:37:11:0f:35:ae:cf:ff:5d:e4:5c:42:2b:da:
1a:8d:f5:d3:f5:98:d6:29:7d:41:71:09:d1:a0:86:ba:4e:4d:
3a:cc:55:68:ae:e9:36:6a:8a:52:2f:ba:01:d1:c1:05:b3:32:
40:07:8e:98:8d:63:1e:5e:c7:61:7d:6a:54:23:97:2b:5c:1f:
ca:f6:c0:80:10:6e:e7:c1:92:28:37:cb:4e:1d:c0:be:1a:41:
ca:f9:07:4f:bd:51:14:f9:e4:b5:65:5b:9c:2a:10:5f:1d:f5:
fc:c9:55:91
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAZg9l6+kpqVCxz/dVW1ScU3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2VlMzFkMmYwZWYxMDMyOTZkZGVjM2M2NmIwN2EzZjQ0
MmFjOTgwHhcNMjUwNzI0MTgwMDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGYyMjAwZWM5ZGExMGZiNTE2NjZhMjM4MDkwYzFhZjAyNzEzNzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEZMzcoWoIwQwA1IUccVMVF2fg5E
Ox0n2v4epnYUv0rR0a71i0GH1d/PM0r3VkRaK5ugjeHIZ9k8bn+WJEcO7QZpa7jG
t80h3GraTi3cYAL+5KSGUZyOmy3LOLmJ6n9v7mXCINDnAaHb9Cfn1JJM/vI1rwvj
Gpjy7dz2jgwcAJGSfRaYeM1RadfxyAg3v2duxup/GAv6neVmzpw6b3xS9Fqx2Ymq
yWhqmrUYYJVQqmjZWBGB2Z7ZmLwds47DYAG/O1A4xC8k6r4+FdW37IplKZwiI5Dr
hJnE7EIqxcDrDt5hp1nA3dJqKS8bnsfm4ohz6BpcU2KwEM4PhV+ZVmcDrwIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFADyIA7J2hD7UWZqI4CQwa8CcTcYMB8GA1UdIwQY
MBaAFO8+4x0vDvEDKW3ew8ZrB6P0QqyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o3akhTOE84UU1wYmQ3RHhtc0hvX1JDckpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS85OTBjYTktNmQ0Yy00OTQ2LWI3ZjMt
NzQ4ZDYxNzNiNmExLzEvQVBJZ0RzbmFFUHRSWm1vamdKREJyd0p4TnhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS85OTBjYTktNmQ0Yy00OTQ2LWI3ZjMtNzQ4ZDYxNzNiNmEx
LzEvN3o3akhTOE84UU1wYmQ3RHhtc0hvX1JDckpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQBLVeAAwQA
LVtJAwQCLYBQAwQCLYPYAwQCLYSkAwQCLYr4AwQCLZGIAwQCLZkkAwQCLZqUAwQA
wRHgAwQAwRHnAwQAwRH9AwQAwRH/AwQA1GZ8MA0EAgACMAcDBQMqDvyAMA0GCSqG
SIb3DQEBCwUAA4IBAQAToCof+6q0/KoYyQd/ywvfaoHDN+uuVRP48RC2Msq62KcK
TQ2vdt+APYMnF+1fsYid0Ny5LddP1i4Ci3Hix/8TRIGNPEytvFze6C6iRkKNpyQk
6FKy/pwi/Xa8F2yd0ZrZ1otP0QW0D6LzeleqLCCtYE24kzBTsR6PqRqQFEi8OiPA
DrLZ/1Pn4UboQ6oPpXAdI2mtETcRDzWuz/9d5FxCK9oajfXT9ZjWKX1BcQnRoIa6
Tk06zFVoruk2aopSL7oB0cEFszJAB46YjWMeXsdhfWpUI5crXB/K9sCAEG7nwZIo
N8tOHcC+GkHK+QdPvVEU+eS1ZVucKhBfHfX8yVWR
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:41:39 2025 by rpki-client