Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/bpiD9ucTecBBE3TJJ9Iit8XyfKI.roa
File: bpiD9ucTecBBE3TJJ9Iit8XyfKI.roa (raw, json)
Hash identifier: a30fF/e1NIb5BTw9GaFbOi6f9wpsiPjnGgIJtIOyQak=
Subject key identifier: 6E:98:83:F6:E7:13:79:C0:41:13:74:C9:27:D2:22:B7:C5:F2:7C:A2
Certificate issuer: /CN=54a31ab033cfd2dee6852fa9d8bf5a4a0e352414
Certificate serial: 0197629D2F05BD68E95D5C86D21E02A1A411
Authority key identifier: 54:A3:1A:B0:33:CF:D2:DE:E6:85:2F:A9:D8:BF:5A:4A:0E:35:24:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VKMasDPP0t7mhS-p2L9aSg41JBQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/bpiD9ucTecBBE3TJJ9Iit8XyfKI.roa
Signing time: Thu 12 Jun 2025 05:29:17 +0000
ROA not before: Thu 12 Jun 2025 05:29:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19905
IP address blocks: 87.121.171.0/24 maxlen: 24
87.121.172.0/24 maxlen: 24
87.121.173.0/24 maxlen: 24
87.121.174.0/24 maxlen: 24
87.121.175.0/24 maxlen: 24
185.64.24.0/24 maxlen: 24
185.64.25.0/24 maxlen: 24
185.64.26.0/24 maxlen: 24
185.64.27.0/24 maxlen: 24
193.203.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/VKMasDPP0t7mhS-p2L9aSg41JBQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/VKMasDPP0t7mhS-p2L9aSg41JBQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/VKMasDPP0t7mhS-p2L9aSg41JBQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 16 Jun 2025 13:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:62:9d:2f:05:bd:68:e9:5d:5c:86:d2:1e:02:a1:a4:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=54a31ab033cfd2dee6852fa9d8bf5a4a0e352414
Validity
Not Before: Jun 12 05:29:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6e9883f6e71379c0411374c927d222b7c5f27ca2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:0c:c6:d3:20:33:d1:76:19:7e:7a:af:2d:b7:
b8:68:f8:37:38:e9:db:cd:4e:cf:20:4f:32:9b:14:
0a:7e:7f:7c:e8:85:4f:59:87:3c:02:40:d5:ce:ba:
90:4b:04:64:67:db:f9:33:81:bc:44:3c:46:6d:85:
e5:71:71:40:12:7e:8c:5f:d0:67:5c:9e:59:fa:09:
54:0c:04:cc:8f:48:68:fc:8d:ae:c7:3c:c0:cd:ea:
86:4e:48:b9:b8:6b:19:7b:1a:cc:3e:2d:16:9b:70:
34:02:5b:7b:1b:a3:2d:01:68:d8:d7:59:30:c3:42:
03:86:18:4d:44:c0:e3:98:b6:04:d8:a3:ac:a2:ea:
85:95:a9:7a:e8:04:84:af:fc:78:06:ee:ca:fb:e1:
5e:05:40:33:58:5f:a7:ff:da:51:fe:d7:18:4d:cb:
eb:18:73:55:ee:79:de:51:79:56:34:a1:9e:56:72:
1a:55:f4:e6:ff:df:c1:d3:b4:7b:94:c9:8e:65:3e:
f8:fe:ca:f2:4d:00:3e:e1:fb:18:87:49:47:5f:62:
45:f4:46:da:6e:d4:46:45:0e:6d:9b:c9:65:40:78:
ab:89:fe:85:a9:83:39:f8:78:af:6c:d7:3b:1b:65:
a4:41:aa:77:c2:66:a2:1c:3a:c8:c2:1d:7f:8b:07:
21:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:98:83:F6:E7:13:79:C0:41:13:74:C9:27:D2:22:B7:C5:F2:7C:A2
X509v3 Authority Key Identifier:
keyid:54:A3:1A:B0:33:CF:D2:DE:E6:85:2F:A9:D8:BF:5A:4A:0E:35:24:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VKMasDPP0t7mhS-p2L9aSg41JBQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/bpiD9ucTecBBE3TJJ9Iit8XyfKI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/VKMasDPP0t7mhS-p2L9aSg41JBQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.171.0-87.121.175.255
185.64.24.0/22
193.203.254.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:3e:19:43:af:7f:a9:10:fe:1e:37:9b:9f:49:b7:e2:84:39:
c2:c0:92:4c:c7:c4:cc:6e:3d:f0:24:a5:28:10:fb:9c:2f:bb:
a0:eb:fd:c2:27:cd:39:c1:62:fd:58:9d:77:5d:30:a0:f1:c7:
a7:4b:51:1f:aa:44:3c:39:89:e7:df:d2:a9:f3:c8:9b:c9:7d:
27:93:ab:55:8d:2f:64:29:b1:f7:de:3d:2a:62:d5:02:05:51:
f2:15:45:19:99:3e:a4:78:5e:2f:32:fe:b4:e9:27:49:32:bc:
c2:93:69:70:1d:13:b7:e4:19:6c:bb:18:0e:87:78:52:5f:f3:
63:6e:03:04:d1:85:e2:9c:51:74:be:f2:15:56:33:38:66:1d:
73:52:8d:20:3d:5e:62:26:74:25:64:b1:7b:f0:45:1f:e4:d3:
70:70:db:98:cb:70:b2:79:76:e6:b3:cf:ca:27:66:1b:05:b8:
02:a9:86:63:a2:ee:f8:2e:82:0b:17:1e:6f:04:a6:c0:0e:98:
56:a7:09:a0:18:45:b3:99:48:a2:35:20:d3:ff:e5:96:92:c1:
79:48:2a:39:d7:9d:f5:c3:8a:32:b9:78:48:70:c6:ef:7b:dc:
05:d3:16:3d:66:e9:6f:25:a5:01:16:e5:01:0f:19:4c:ea:4e:
7b:2e:71:1c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZdinS8FvWjpXVyG0h4CoaQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YTMxYWIwMzNjZmQyZGVlNjg1MmZhOWQ4YmY1YTRhMGUz
NTI0MTQwHhcNMjUwNjEyMDUyOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTk4ODNmNmU3MTM3OWMwNDExMzc0YzkyN2QyMjJiN2M1ZjI3Y2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwzG0yAz0XYZfnqvLbe4aPg3OOnb
zU7PIE8ymxQKfn986IVPWYc8AkDVzrqQSwRkZ9v5M4G8RDxGbYXlcXFAEn6MX9Bn
XJ5Z+glUDATMj0ho/I2uxzzAzeqGTki5uGsZexrMPi0Wm3A0Alt7G6MtAWjY11kw
w0IDhhhNRMDjmLYE2KOsouqFlal66ASEr/x4Bu7K++FeBUAzWF+n/9pR/tcYTcvr
GHNV7nneUXlWNKGeVnIaVfTm/9/B07R7lMmOZT74/sryTQA+4fsYh0lHX2JF9Eba
btRGRQ5tm8llQHirif6FqYM5+HivbNc7G2WkQap3wmaiHDrIwh1/iwchgQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFG6Yg/bnE3nAQRN0ySfSIrfF8nyiMB8GA1UdIwQY
MBaAFFSjGrAzz9Le5oUvqdi/WkoONSQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVktNYXNEUFAwdDdtaFMtcDJMOWFTZzQxSkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wODAzNjEtMWJiZS00NzYzLTgwMGIt
NjE5YzI2MTk0MTY4LzEvYnBpRDl1Y1RlY0JCRTNUSko5SWl0OFh5ZktJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wODAzNjEtMWJiZS00NzYzLTgwMGItNjE5YzI2MTk0MTY4
LzEvVktNYXNEUFAwdDdtaFMtcDJMOWFTZzQxSkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBABXeasD
BARXeaADBAK5QBgDBADBy/4wDQYJKoZIhvcNAQELBQADggEBAF4+GUOvf6kQ/h43
m59Jt+KEOcLAkkzHxMxuPfAkpSgQ+5wvu6Dr/cInzTnBYv1YnXddMKDxx6dLUR+q
RDw5ieff0qnzyJvJfSeTq1WNL2QpsffePSpi1QIFUfIVRRmZPqR4Xi8y/rTpJ0ky
vMKTaXAdE7fkGWy7GA6HeFJf82NuAwTRheKcUXS+8hVWMzhmHXNSjSA9XmImdCVk
sXvwRR/k03Bw25jLcLJ5duazz8onZhsFuAKphmOi7vguggsXHm8EpsAOmFanCaAY
RbOZSKI1INP/5ZaSwXlIKjnXnfXDijK5eEhwxu973AXTFj1m6W8lpQEW5QEPGUzq
TnsucRw=
-----END CERTIFICATE-----
Generated at Sun Jun 15 20:04:07 2025 by rpki-client