Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e49bc5-68c5-4ce2-a9b9-03c6feaf1d9f/1/O6yhVl-p8zPN_CcTQWHTkGKQoq0.roa
File: O6yhVl-p8zPN_CcTQWHTkGKQoq0.roa (raw, json)
Hash identifier: HphO2Xf8amyd/7vc+hBrhD7m5RPblIsLscX8rs+h9y4=
Subject key identifier: 3B:AC:A1:56:5F:A9:F3:33:CD:FC:27:13:41:61:D3:90:62:90:A2:AD
Certificate issuer: /CN=64ef98adbf42d5bacd24cadb0adf092c4576daf3
Certificate serial: 01983670FD02093BCBC558809FC75C7C0A0C
Authority key identifier: 64:EF:98:AD:BF:42:D5:BA:CD:24:CA:DB:0A:DF:09:2C:45:76:DA:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZO-Yrb9C1brNJMrbCt8JLEV22vM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/e49bc5-68c5-4ce2-a9b9-03c6feaf1d9f/1/O6yhVl-p8zPN_CcTQWHTkGKQoq0.roa
Signing time: Wed 23 Jul 2025 08:40:31 +0000
ROA not before: Wed 23 Jul 2025 08:40:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205806
IP address blocks: 149.249.160.0/19 maxlen: 22
149.249.192.0/19 maxlen: 22
149.249.224.0/20 maxlen: 20
149.249.240.0/22 maxlen: 22
185.147.168.0/22 maxlen: 22
185.178.24.0/22 maxlen: 22
185.206.44.0/22 maxlen: 22
213.208.40.0/21 maxlen: 22
213.208.40.0/22 maxlen: 22
213.208.44.0/22 maxlen: 22
213.208.48.0/22 maxlen: 22
2a11:d480::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b7/e49bc5-68c5-4ce2-a9b9-03c6feaf1d9f/1/ZO-Yrb9C1brNJMrbCt8JLEV22vM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b7/e49bc5-68c5-4ce2-a9b9-03c6feaf1d9f/1/ZO-Yrb9C1brNJMrbCt8JLEV22vM.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZO-Yrb9C1brNJMrbCt8JLEV22vM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 Aug 2025 07:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:36:70:fd:02:09:3b:cb:c5:58:80:9f:c7:5c:7c:0a:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=64ef98adbf42d5bacd24cadb0adf092c4576daf3
Validity
Not Before: Jul 23 08:40:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3baca1565fa9f333cdfc27134161d3906290a2ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:fa:86:b2:06:1b:79:f2:6f:b6:c7:f6:bb:ed:
62:af:57:8d:8d:e9:26:42:66:17:d0:27:3d:69:46:
01:23:7c:1f:cc:5f:d6:ca:2b:b6:c6:fb:14:33:76:
ef:b7:f7:44:6e:23:d3:c8:cd:fd:fc:f4:b5:cb:b0:
b6:7a:c5:b8:c5:fd:4d:29:25:14:24:7d:15:97:a1:
90:fd:8d:68:47:7a:2c:e7:c5:07:10:1e:11:e3:73:
c3:3b:ee:7d:11:5e:bf:54:06:4d:cc:21:c7:9f:d4:
db:34:c9:29:2d:e2:fb:a4:86:7c:2c:93:38:0a:4a:
bd:cd:c7:0a:00:29:c2:7e:33:0d:3a:7d:b5:98:4d:
ca:3e:2f:0c:31:10:5f:15:ef:34:f3:65:71:37:f7:
0a:70:8e:e2:37:8c:cf:a6:ec:ed:19:0d:59:77:3d:
4c:90:2c:94:43:93:92:3b:31:77:a3:58:36:bc:c9:
a4:d8:a7:a1:d6:f2:38:36:e6:7a:09:ad:fe:10:92:
fb:5d:c1:19:0f:78:76:0d:0c:cd:42:6e:56:5c:1a:
e3:e6:9f:ca:0d:e7:cc:94:6f:86:ba:10:f2:a0:1d:
fd:91:aa:95:59:50:c3:93:79:4e:8e:46:0e:63:60:
8c:d8:c6:da:4c:ff:ab:d3:cf:8a:74:12:9c:63:8c:
5c:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:AC:A1:56:5F:A9:F3:33:CD:FC:27:13:41:61:D3:90:62:90:A2:AD
X509v3 Authority Key Identifier:
keyid:64:EF:98:AD:BF:42:D5:BA:CD:24:CA:DB:0A:DF:09:2C:45:76:DA:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZO-Yrb9C1brNJMrbCt8JLEV22vM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e49bc5-68c5-4ce2-a9b9-03c6feaf1d9f/1/O6yhVl-p8zPN_CcTQWHTkGKQoq0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e49bc5-68c5-4ce2-a9b9-03c6feaf1d9f/1/ZO-Yrb9C1brNJMrbCt8JLEV22vM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.249.160.0-149.249.243.255
185.147.168.0/22
185.178.24.0/22
185.206.44.0/22
213.208.40.0-213.208.51.255
IPv6:
2a11:d480::/29
Signature Algorithm: sha256WithRSAEncryption
04:36:81:46:fa:8d:18:7a:cc:d4:64:e7:0f:b6:ae:ac:e9:96:
e4:ec:88:a9:d2:01:aa:ea:0d:ff:57:74:1e:40:8f:a5:bc:3e:
a1:ac:d9:ac:f1:17:9b:6b:57:a4:0c:5c:ba:1d:7f:a8:79:37:
9f:d8:47:99:7f:4c:65:09:2c:ca:9f:75:b2:52:11:8b:02:87:
3e:6d:0c:c2:a8:8c:d8:48:06:bc:f3:57:56:7a:be:fc:fa:b7:
c4:37:5a:c7:ec:d7:ce:35:45:38:10:27:6e:36:2a:b6:c4:03:
1d:cc:a2:dc:74:7d:6f:01:8c:20:9f:c9:2b:4d:c5:9b:1c:d3:
57:40:9d:b6:60:3e:f5:2e:ec:51:c3:ae:ee:8b:98:b2:8f:05:
8a:3c:53:c2:ed:43:17:69:5d:76:36:5f:0f:1a:52:18:31:5c:
ee:48:8d:12:d0:57:33:35:27:8f:28:d8:8d:f6:a1:f8:0b:f2:
21:8a:dd:c6:59:02:c1:10:3c:15:62:fc:17:80:49:69:9c:e4:
d1:e9:22:03:fb:16:f5:8e:9e:f7:87:4a:43:b0:cc:e2:cf:df:
fc:82:08:04:d5:0d:1d:34:69:3a:4f:7f:22:5d:bf:91:0c:3d:
3b:e2:c8:2b:f6:16:fa:5e:92:23:06:52:03:f6:4b:a4:ea:f2:
ee:22:c9:f5
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAZg2cP0CCTvLxViAn8dcfAoMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZWY5OGFkYmY0MmQ1YmFjZDI0Y2FkYjBhZGYwOTJjNDU3
NmRhZjMwHhcNMjUwNzIzMDg0MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmFjYTE1NjVmYTlmMzMzY2RmYzI3MTM0MTYxZDM5MDYyOTBhMmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PqGsgYbefJvtsf2u+1ir1eNjekm
QmYX0Cc9aUYBI3wfzF/Wyiu2xvsUM3bvt/dEbiPTyM39/PS1y7C2esW4xf1NKSUU
JH0Vl6GQ/Y1oR3os58UHEB4R43PDO+59EV6/VAZNzCHHn9TbNMkpLeL7pIZ8LJM4
Ckq9zccKACnCfjMNOn21mE3KPi8MMRBfFe8082VxN/cKcI7iN4zPpuztGQ1Zdz1M
kCyUQ5OSOzF3o1g2vMmk2Keh1vI4NuZ6Ca3+EJL7XcEZD3h2DQzNQm5WXBrj5p/K
DefMlG+GuhDyoB39kaqVWVDDk3lOjkYOY2CM2MbaTP+r08+KdBKcY4xctwIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFDusoVZfqfMzzfwnE0Fh05BikKKtMB8GA1UdIwQY
MBaAFGTvmK2/QtW6zSTK2wrfCSxFdtrzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk8tWXJiOUMxYnJOSk1yYkN0OEpMRVYyMnZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lNDliYzUtNjhjNS00Y2UyLWE5Yjkt
MDNjNmZlYWYxZDlmLzEvTzZ5aFZsLXA4elBOX0NjVFFXSFRrR0tRb3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lNDliYzUtNjhjNS00Y2UyLWE5YjktMDNjNmZlYWYxZDlm
LzEvWk8tWXJiOUMxYnJOSk1yYkN0OEpMRVYyMnZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTA0BAIAATAuMAwDBAWV+aAD
BAKV+fADBAK5k6gDBAK5shgDBAK5ziwwDAMEA9XQKAMEAtXQMDANBAIAAjAHAwUD
KhHUgDANBgkqhkiG9w0BAQsFAAOCAQEABDaBRvqNGHrM1GTnD7aurOmW5OyIqdIB
quoN/1d0HkCPpbw+oazZrPEXm2tXpAxcuh1/qHk3n9hHmX9MZQksyp91slIRiwKH
Pm0MwqiM2EgGvPNXVnq+/Pq3xDdax+zXzjVFOBAnbjYqtsQDHcyi3HR9bwGMIJ/J
K03FmxzTV0CdtmA+9S7sUcOu7ouYso8FijxTwu1DF2lddjZfDxpSGDFc7kiNEtBX
MzUnjyjYjfah+AvyIYrdxlkCwRA8FWL8F4BJaZzk0ekiA/sW9Y6e94dKQ7DM4s/f
/IIIBNUNHTRpOk9/Il2/kQw9O+LIK/YW+l6SIwZSA/ZLpOry7iLJ9Q==
-----END CERTIFICATE-----
Generated at Wed Aug 13 14:26:25 2025 by rpki-client