Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/Ldu8n54C9B8B8Wt49KChsByoqAA.roa
File: Ldu8n54C9B8B8Wt49KChsByoqAA.roa (raw, json)
Hash identifier: 9Bo0XFNwzOCG1aXQe+ZW1KylJOUm4nJ5O0zxj8c2Lzk=
Subject key identifier: 2D:DB:BC:9F:9E:02:F4:1F:01:F1:6B:78:F4:A0:A1:B0:1C:A8:A8:00
Certificate issuer: /CN=e61c07c951488f04cb3b0fd338af84d77e46bf52
Certificate serial: 019883B51680EDED47A2D13529B22B2D79E1
Authority key identifier: E6:1C:07:C9:51:48:8F:04:CB:3B:0F:D3:38:AF:84:D7:7E:46:BF:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5hwHyVFIjwTLOw_TOK-E135Gv1I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/Ldu8n54C9B8B8Wt49KChsByoqAA.roa
Signing time: Thu 07 Aug 2025 08:45:39 +0000
ROA not before: Thu 07 Aug 2025 08:45:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39603
IP address blocks: 5.173.0.0/17 maxlen: 17
5.173.128.0/18 maxlen: 18
5.173.192.0/19 maxlen: 19
31.174.0.0/15 maxlen: 15
46.112.0.0/16 maxlen: 16
46.113.0.0/16 maxlen: 16
89.108.192.0/18 maxlen: 18
89.108.200.0/21 maxlen: 21
89.108.208.0/21 maxlen: 21
94.254.128.0/17 maxlen: 17
94.254.128.0/19 maxlen: 19
94.254.128.0/20 maxlen: 20
94.254.144.0/20 maxlen: 20
94.254.160.0/19 maxlen: 19
94.254.160.0/20 maxlen: 20
94.254.192.0/19 maxlen: 19
94.254.192.0/20 maxlen: 20
94.254.208.0/20 maxlen: 20
94.254.224.0/19 maxlen: 19
94.254.224.0/20 maxlen: 20
109.243.0.0/16 maxlen: 16
109.243.128.0/17 maxlen: 17
109.243.192.0/18 maxlen: 18
164.126.0.0/15 maxlen: 15
2a00:1981::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/5hwHyVFIjwTLOw_TOK-E135Gv1I.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/5hwHyVFIjwTLOw_TOK-E135Gv1I.mft
rsync://rpki.ripe.net/repository/DEFAULT/5hwHyVFIjwTLOw_TOK-E135Gv1I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 08:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:83:b5:16:80:ed:ed:47:a2:d1:35:29:b2:2b:2d:79:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e61c07c951488f04cb3b0fd338af84d77e46bf52
Validity
Not Before: Aug 7 08:45:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2ddbbc9f9e02f41f01f16b78f4a0a1b01ca8a800
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:a4:4f:c5:21:88:84:b6:fd:1a:be:f4:20:81:
49:e2:08:87:19:92:39:53:c7:99:a0:56:64:c9:0a:
f2:19:fb:7d:a8:d0:27:cb:75:01:61:12:09:0e:58:
eb:c2:d8:f7:29:c5:57:ca:af:96:76:56:eb:f8:37:
17:54:af:fe:47:03:30:ce:09:ce:67:66:9f:c3:58:
ce:b9:c9:2e:74:5d:2e:71:df:5d:a3:eb:a2:96:70:
f6:18:fd:3b:9b:8a:5e:5b:ac:42:23:f1:b6:51:81:
ee:31:8a:f6:83:ff:02:aa:16:0a:68:38:b3:1d:1f:
d0:85:25:ae:c1:5e:8f:01:cf:48:61:5c:69:4e:3d:
6a:42:eb:28:6b:3f:9d:54:b9:38:58:8d:7e:38:1e:
59:5f:ab:ce:d4:65:83:c9:6a:58:e0:f2:1d:50:f9:
22:ed:f5:71:97:2d:4c:a8:5c:d9:50:95:78:91:26:
45:ac:e2:c5:16:e2:06:1a:80:b0:c5:2d:4e:55:ac:
5c:d5:94:e8:3d:f5:20:37:33:9e:ec:e1:6e:2e:59:
07:c0:fc:d4:51:a1:a4:cc:8f:16:74:6a:3d:99:e1:
2b:a2:d5:92:3d:1f:0c:f0:ca:b5:93:46:c0:30:79:
a2:00:e3:69:81:c4:27:4a:f9:d1:78:f1:53:8b:5b:
22:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:DB:BC:9F:9E:02:F4:1F:01:F1:6B:78:F4:A0:A1:B0:1C:A8:A8:00
X509v3 Authority Key Identifier:
keyid:E6:1C:07:C9:51:48:8F:04:CB:3B:0F:D3:38:AF:84:D7:7E:46:BF:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hwHyVFIjwTLOw_TOK-E135Gv1I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/Ldu8n54C9B8B8Wt49KChsByoqAA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/5hwHyVFIjwTLOw_TOK-E135Gv1I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.173.0.0-5.173.223.255
31.174.0.0/15
46.112.0.0/15
89.108.192.0/18
94.254.128.0/17
109.243.0.0/16
164.126.0.0/15
IPv6:
2a00:1981::/32
Signature Algorithm: sha256WithRSAEncryption
ac:37:3c:98:35:0f:c3:92:fd:9b:e7:c0:a4:48:a6:02:8b:fd:
d8:b2:f7:5f:9a:b4:93:2a:30:07:2f:58:f3:e4:13:0f:a3:f2:
13:d8:69:04:15:b0:78:9b:1b:3f:43:27:22:8f:97:6a:48:c5:
89:fe:0a:57:0f:de:cf:c1:f2:ab:f7:22:b0:13:28:23:9e:0d:
0b:d6:fa:a1:78:13:09:97:c8:52:37:90:ff:ad:c9:0b:3c:a0:
c1:44:c5:30:52:79:41:44:51:4f:7d:e1:29:6c:fb:ea:3d:87:
b6:04:0b:28:cc:1f:84:55:31:42:a6:b6:e4:ad:16:98:4f:e1:
42:ee:c7:cf:3d:86:67:53:24:a1:eb:5c:29:2f:c4:ce:9c:dd:
06:a7:02:37:d4:28:35:6d:48:e6:70:29:a4:6e:3b:01:cc:36:
ef:60:58:35:c1:b9:c7:a9:81:72:46:19:b0:20:c0:3c:91:f8:
b6:7a:ac:67:9a:2c:9a:b9:23:af:2c:0b:15:b8:87:99:88:b9:
90:fe:69:31:b3:4d:2b:70:84:f0:f8:b2:72:79:47:a3:aa:0a:
3e:29:c2:50:ff:a3:04:ef:52:3a:db:58:84:82:ee:b5:7a:f8:
49:76:ba:3c:50:5b:83:fe:85:16:6e:db:c8:01:8b:2a:c0:31:
e4:18:87:f8
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZiDtRaA7e1HotE1KbIrLXnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MWMwN2M5NTE0ODhmMDRjYjNiMGZkMzM4YWY4NGQ3N2U0
NmJmNTIwHhcNMjUwODA3MDg0NTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGRiYmM5ZjllMDJmNDFmMDFmMTZiNzhmNGEwYTFiMDFjYThhODAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKRPxSGIhLb9Gr70IIFJ4giHGZI5
U8eZoFZkyQryGft9qNAny3UBYRIJDljrwtj3KcVXyq+Wdlbr+DcXVK/+RwMwzgnO
Z2afw1jOuckudF0ucd9do+uilnD2GP07m4peW6xCI/G2UYHuMYr2g/8CqhYKaDiz
HR/QhSWuwV6PAc9IYVxpTj1qQusoaz+dVLk4WI1+OB5ZX6vO1GWDyWpY4PIdUPki
7fVxly1MqFzZUJV4kSZFrOLFFuIGGoCwxS1OVaxc1ZToPfUgNzOe7OFuLlkHwPzU
UaGkzI8WdGo9meErotWSPR8M8Mq1k0bAMHmiAONpgcQnSvnRePFTi1siAQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFC3bvJ+eAvQfAfFrePSgobAcqKgAMB8GA1UdIwQY
MBaAFOYcB8lRSI8EyzsP0zivhNd+Rr9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWh3SHlWRklqd1RMT3dfVE9LLUUxMzVHdjFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8yZGJhNWMtOWE5MC00MDUyLWExZWIt
NmE4NDc3Y2I2YzJhLzEvTGR1OG41NEM5QjhCOFd0NDlLQ2hzQnlvcUFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8yZGJhNWMtOWE5MC00MDUyLWExZWItNmE4NDc3Y2I2YzJh
LzEvNWh3SHlWRklqd1RMT3dfVE9LLUUxMzVHdjFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAzBAIAATAtMAsDAwAFrQME
BQWtwAMDAR+uAwMBLnADBAZZbMADBAde/oADAwBt8wMDAaR+MA0EAgACMAcDBQAq
ABmBMA0GCSqGSIb3DQEBCwUAA4IBAQCsNzyYNQ/Dkv2b58CkSKYCi/3YsvdfmrST
KjAHL1jz5BMPo/IT2GkEFbB4mxs/Qycij5dqSMWJ/gpXD97PwfKr9yKwEygjng0L
1vqheBMJl8hSN5D/rckLPKDBRMUwUnlBRFFPfeEpbPvqPYe2BAsozB+EVTFCprbk
rRaYT+FC7sfPPYZnUySh61wpL8TOnN0GpwI31Cg1bUjmcCmkbjsBzDbvYFg1wbnH
qYFyRhmwIMA8kfi2eqxnmiyauSOvLAsVuIeZiLmQ/mkxs00rcITw+LJyeUejqgo+
KcJQ/6ME71I621iEgu61evhJdro8UFuD/oUWbtvIAYsqwDHkGIf4
-----END CERTIFICATE-----
Generated at Sun Aug 10 15:56:49 2025 by rpki-client