Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/AkMS-iAvF8l_hYlFHsDgyF1r47Y.roa
File: AkMS-iAvF8l_hYlFHsDgyF1r47Y.roa (raw, json)
Hash identifier: z49J3x0lXnfTs1kvEwe7qfMAHETuk8h0rGi1wQcPgZg=
Subject key identifier: 02:43:12:FA:20:2F:17:C9:7F:85:89:45:1E:C0:E0:C8:5D:6B:E3:B6
Certificate issuer: /CN=c6c0fdbb65ca491cb83cc085a43e0340596ae873
Certificate serial: 0198613300BCB115EF3A87055583652DF6C4
Authority key identifier: C6:C0:FD:BB:65:CA:49:1C:B8:3C:C0:85:A4:3E:03:40:59:6A:E8:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xsD9u2XKSRy4PMCFpD4DQFlq6HM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/AkMS-iAvF8l_hYlFHsDgyF1r47Y.roa
Signing time: Thu 31 Jul 2025 15:56:28 +0000
ROA not before: Thu 31 Jul 2025 15:56:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5631
IP address blocks: 45.150.140.0/22 maxlen: 22
79.99.88.0/22 maxlen: 22
79.173.128.0/18 maxlen: 18
79.173.128.0/19 maxlen: 19
79.173.128.0/20 maxlen: 20
79.173.128.0/21 maxlen: 21
79.173.136.0/21 maxlen: 21
79.173.144.0/21 maxlen: 21
79.173.152.0/21 maxlen: 21
79.173.160.0/19 maxlen: 19
79.173.160.0/21 maxlen: 21
79.173.168.0/21 maxlen: 21
79.173.176.0/21 maxlen: 21
79.173.184.0/21 maxlen: 21
80.252.120.0/22 maxlen: 22
83.143.224.0/21 maxlen: 21
83.143.224.0/22 maxlen: 22
83.143.228.0/22 maxlen: 22
103.110.208.0/22 maxlen: 22
109.224.248.0/21 maxlen: 21
185.108.168.0/22 maxlen: 22
185.205.172.0/22 maxlen: 22
193.178.54.0/23 maxlen: 23
193.178.112.0/23 maxlen: 23
195.167.128.0/20 maxlen: 20
195.167.128.0/21 maxlen: 21
195.167.136.0/21 maxlen: 21
195.167.138.0/24 maxlen: 24
195.167.176.0/20 maxlen: 20
195.167.176.0/21 maxlen: 21
195.167.181.0/24 maxlen: 24
195.167.182.0/24 maxlen: 24
195.167.184.0/21 maxlen: 21
195.167.184.0/24 maxlen: 24
195.167.186.0/24 maxlen: 24
195.167.187.0/24 maxlen: 24
195.167.189.0/24 maxlen: 24
209.42.4.0/22 maxlen: 22
209.42.8.0/21 maxlen: 21
2a00:5840::/32 maxlen: 32
2a02:890::/32 maxlen: 32
2a06:e40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/xsD9u2XKSRy4PMCFpD4DQFlq6HM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/xsD9u2XKSRy4PMCFpD4DQFlq6HM.mft
rsync://rpki.ripe.net/repository/DEFAULT/xsD9u2XKSRy4PMCFpD4DQFlq6HM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 17:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:61:33:00:bc:b1:15:ef:3a:87:05:55:83:65:2d:f6:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c6c0fdbb65ca491cb83cc085a43e0340596ae873
Validity
Not Before: Jul 31 15:56:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=024312fa202f17c97f8589451ec0e0c85d6be3b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:b1:82:79:4a:7b:ee:d2:ca:42:8a:48:d7:6b:
f6:01:28:65:2e:a6:a8:a0:ac:88:4f:9e:ac:b6:03:
9a:6e:1b:fa:e1:9a:a5:08:da:d6:a1:e2:24:d9:87:
6f:c9:1c:0b:34:b0:9a:19:97:6b:af:ac:20:d9:39:
eb:dd:ec:26:5e:f5:09:50:fe:0d:b7:25:f5:48:e5:
92:a1:c8:56:65:fd:ed:02:de:da:b9:3c:c9:67:6c:
5a:c9:f6:92:40:f5:82:36:ad:07:3a:62:9e:74:ba:
16:7e:0b:2b:4d:0f:28:aa:73:71:71:20:43:f4:e5:
63:f0:07:78:4a:d8:17:26:53:b0:75:51:6e:68:fd:
9c:9d:1d:e4:d7:97:f0:1d:61:bf:f2:ef:9b:a3:0a:
57:b8:11:f9:b6:5b:f8:73:1f:81:6c:4f:6d:63:26:
81:21:6d:34:5f:c8:49:47:7c:b4:c2:b6:1c:0e:4b:
aa:10:89:46:b3:08:80:9d:b6:62:dd:f9:67:26:67:
9e:65:48:07:62:77:03:0a:b9:15:ac:42:9d:7a:32:
ea:81:05:c0:a4:c1:f0:93:5a:08:42:8e:73:47:6c:
8d:13:e9:dc:d5:7a:5d:c4:63:dd:fe:65:7e:e2:f9:
50:91:72:64:e6:67:a2:57:ae:dd:ea:b9:4b:90:b2:
96:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:43:12:FA:20:2F:17:C9:7F:85:89:45:1E:C0:E0:C8:5D:6B:E3:B6
X509v3 Authority Key Identifier:
keyid:C6:C0:FD:BB:65:CA:49:1C:B8:3C:C0:85:A4:3E:03:40:59:6A:E8:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xsD9u2XKSRy4PMCFpD4DQFlq6HM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/AkMS-iAvF8l_hYlFHsDgyF1r47Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6669bb-1f62-42a3-9e8d-49a6545786e6/1/xsD9u2XKSRy4PMCFpD4DQFlq6HM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.140.0/22
79.99.88.0/22
79.173.128.0/18
80.252.120.0/22
83.143.224.0/21
103.110.208.0/22
109.224.248.0/21
185.108.168.0/22
185.205.172.0/22
193.178.54.0/23
193.178.112.0/23
195.167.128.0/20
195.167.176.0/20
209.42.4.0-209.42.15.255
IPv6:
2a00:5840::/32
2a02:890::/32
2a06:e40::/29
Signature Algorithm: sha256WithRSAEncryption
2a:34:8a:29:d9:af:d9:bc:20:3e:da:43:41:9f:a5:0c:05:83:
36:a9:28:09:02:95:b1:e5:93:70:1d:21:09:4e:17:63:8f:2e:
19:f5:96:8b:db:24:b4:04:34:30:54:d5:ff:41:ce:b4:1c:40:
fd:a5:b8:93:49:8b:ff:32:cf:50:d2:63:a3:fb:60:b8:8e:a2:
29:0c:22:9e:36:76:74:39:04:eb:62:88:0f:a6:3f:ff:2a:4b:
fa:c2:41:cd:1c:8e:ab:0b:23:ca:39:93:4b:f9:b8:96:f4:64:
8f:e2:b8:44:7a:dd:6c:fc:7c:34:05:6c:8d:2d:fe:db:75:8a:
19:50:fd:1b:52:e9:47:7a:24:69:4e:e9:0d:fc:16:11:ab:40:
cf:97:32:32:3d:95:9b:08:de:7f:bb:d2:44:29:3a:45:a9:4b:
b2:cf:7e:7a:74:f8:b8:2e:cc:a8:f9:37:fe:a1:c9:65:a5:5e:
c6:09:a8:16:2e:9c:ec:17:4c:65:fc:61:e0:98:be:46:10:40:
4b:8d:04:ed:c6:69:d5:74:6b:13:74:07:a0:12:da:9c:a9:19:
0a:51:c8:f6:4c:9c:27:d0:1d:ce:60:90:34:56:01:ae:f1:25:
69:dc:ea:78:72:22:15:9c:63:95:06:da:d7:51:03:11:65:5d:
71:c5:71:f2
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZhhMwC8sRXvOocFVYNlLfbEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YzBmZGJiNjVjYTQ5MWNiODNjYzA4NWE0M2UwMzQwNTk2
YWU4NzMwHhcNMjUwNzMxMTU1NjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjQzMTJmYTIwMmYxN2M5N2Y4NTg5NDUxZWMwZTBjODVkNmJlM2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrGCeUp77tLKQopI12v2AShlLqao
oKyIT56stgOabhv64ZqlCNrWoeIk2YdvyRwLNLCaGZdrr6wg2Tnr3ewmXvUJUP4N
tyX1SOWSochWZf3tAt7auTzJZ2xayfaSQPWCNq0HOmKedLoWfgsrTQ8oqnNxcSBD
9OVj8Ad4StgXJlOwdVFuaP2cnR3k15fwHWG/8u+bowpXuBH5tlv4cx+BbE9tYyaB
IW00X8hJR3y0wrYcDkuqEIlGswiAnbZi3flnJmeeZUgHYncDCrkVrEKdejLqgQXA
pMHwk1oIQo5zR2yNE+nc1XpdxGPd/mV+4vlQkXJk5meiV67d6rlLkLKWoQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFAJDEvogLxfJf4WJRR7A4Mhda+O2MB8GA1UdIwQY
MBaAFMbA/btlykkcuDzAhaQ+A0BZauhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHNEOXUyWEtTUnk0UE1DRnBENERRRmxxNkhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82NjY5YmItMWY2Mi00MmEzLTllOGQt
NDlhNjU0NTc4NmU2LzEvQWtNUy1pQXZGOGxfaFlsRkhzRGd5RjFyNDdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82NjY5YmItMWY2Mi00MmEzLTllOGQtNDlhNjU0NTc4NmU2
LzEveHNEOXUyWEtTUnk0UE1DRnBENERRRmxxNkhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGUBggrBgEFBQcBBwEB/wSBhDCBgTBiBAIAATBcAwQCLZaM
AwQCT2NYAwQGT62AAwQCUPx4AwQDU4/gAwQCZ27QAwQDbeD4AwQCuWyoAwQCuc2s
AwQBwbI2AwQBwbJwAwQEw6eAAwQEw6ewMAwDBALRKgQDBATRKgAwGwQCAAIwFQMF
ACoAWEADBQAqAgiQAwUDKgYOQDANBgkqhkiG9w0BAQsFAAOCAQEAKjSKKdmv2bwg
PtpDQZ+lDAWDNqkoCQKVseWTcB0hCU4XY48uGfWWi9sktAQ0MFTV/0HOtBxA/aW4
k0mL/zLPUNJjo/tguI6iKQwinjZ2dDkE62KID6Y//ypL+sJBzRyOqwsjyjmTS/m4
lvRkj+K4RHrdbPx8NAVsjS3+23WKGVD9G1LpR3okaU7pDfwWEatAz5cyMj2Vmwje
f7vSRCk6RalLss9+enT4uC7MqPk3/qHJZaVexgmoFi6c7BdMZfxh4Ji+RhBAS40E
7cZp1XRrE3QHoBLanKkZClHI9kycJ9AdzmCQNFYBrvEladzqeHIiFZxjlQba11ED
EWVdccVx8g==
-----END CERTIFICATE-----
Generated at Sun Aug 10 19:51:41 2025 by rpki-client