Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/BWZ8TffzeheUILd5O5vwxA8ANgs.roa
File: BWZ8TffzeheUILd5O5vwxA8ANgs.roa (raw, json)
Hash identifier: 9mVvCij2ArMXMv49a46m8ltBnU+gbtg05+eZlvNEdYk=
Subject key identifier: 05:66:7C:4D:F7:F3:7A:17:94:20:B7:79:3B:9B:F0:C4:0F:00:36:0B
Certificate issuer: /CN=60acd7d96b956de5db03673cd1d1e3a37b8dd9dd
Certificate serial: 0198488EA73E10DFC55D6B958BE9C9B2559F
Authority key identifier: 60:AC:D7:D9:6B:95:6D:E5:DB:03:67:3C:D1:D1:E3:A3:7B:8D:D9:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YKzX2WuVbeXbA2c80dHjo3uN2d0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/BWZ8TffzeheUILd5O5vwxA8ANgs.roa
Signing time: Sat 26 Jul 2025 21:06:05 +0000
ROA not before: Sat 26 Jul 2025 21:06:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215633
IP address blocks: 194.107.116.0/24 maxlen: 24
2a0c:6e00::/32 maxlen: 32
2a0c:6e00::/48 maxlen: 48
2a0c:6e00:1::/48 maxlen: 48
2a0c:6e00:2::/48 maxlen: 48
2a0c:6e00:3::/48 maxlen: 48
2a0c:6e00:4::/48 maxlen: 48
2a0c:6e00:5::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/YKzX2WuVbeXbA2c80dHjo3uN2d0.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/YKzX2WuVbeXbA2c80dHjo3uN2d0.mft
rsync://rpki.ripe.net/repository/DEFAULT/YKzX2WuVbeXbA2c80dHjo3uN2d0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 23:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:48:8e:a7:3e:10:df:c5:5d:6b:95:8b:e9:c9:b2:55:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60acd7d96b956de5db03673cd1d1e3a37b8dd9dd
Validity
Not Before: Jul 26 21:06:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=05667c4df7f37a179420b7793b9bf0c40f00360b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:24:62:b8:c6:83:ae:87:13:ba:72:68:00:6e:
8a:d5:a7:3e:74:da:e9:0b:5f:f0:66:7e:70:0c:39:
12:aa:93:83:53:9a:81:f5:e4:a4:4d:50:f3:58:71:
61:f8:46:c7:91:0f:c2:e7:f7:6d:cb:d1:bc:e0:9e:
80:59:d5:85:b5:be:91:66:1d:5a:83:87:b6:5f:de:
33:6e:90:bd:a1:cf:c0:94:df:53:82:13:01:f9:bb:
60:e2:41:de:97:30:d0:01:48:a9:0a:95:21:a1:70:
84:0c:04:8c:f2:62:40:18:ac:98:0f:51:80:6a:f5:
92:86:f4:17:50:fc:c0:e7:ce:91:6e:0f:2b:e3:e8:
67:9a:45:f9:01:57:b4:b8:71:c7:fb:18:6a:09:ac:
1b:af:25:e6:d1:f0:7f:5c:56:15:58:80:75:c5:79:
ec:a3:db:d2:95:7a:de:76:1d:c1:75:4e:f0:9e:6f:
bd:1b:4b:f0:58:03:eb:3f:c5:58:fb:fd:ce:73:74:
68:ca:62:78:0f:13:3a:24:13:e5:c5:94:8a:c8:01:
24:43:8f:5a:42:63:c2:6a:d7:85:b4:27:84:73:4f:
22:37:d2:4a:34:69:e8:ac:9d:cf:8d:02:75:c4:d1:
f0:40:d0:bd:63:3b:bf:1d:03:b3:b2:7f:5d:84:3c:
1f:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:66:7C:4D:F7:F3:7A:17:94:20:B7:79:3B:9B:F0:C4:0F:00:36:0B
X509v3 Authority Key Identifier:
keyid:60:AC:D7:D9:6B:95:6D:E5:DB:03:67:3C:D1:D1:E3:A3:7B:8D:D9:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YKzX2WuVbeXbA2c80dHjo3uN2d0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/BWZ8TffzeheUILd5O5vwxA8ANgs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f377bd-8e42-4875-a124-3abfafe74aa9/1/YKzX2WuVbeXbA2c80dHjo3uN2d0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.107.116.0/24
IPv6:
2a0c:6e00::/32
Signature Algorithm: sha256WithRSAEncryption
dd:e9:1f:42:d1:a5:fc:9c:08:fa:76:95:2a:cc:d9:7b:1a:cf:
32:53:21:c6:c5:d2:e2:e9:0a:7d:32:31:92:70:3f:43:e3:02:
fc:8b:69:b0:92:5e:18:10:8d:34:00:b1:8c:c7:22:60:23:e2:
3b:3b:52:06:08:98:02:f1:f2:8a:78:98:b2:a7:99:1b:75:af:
0a:63:46:cd:b5:5f:2c:43:58:73:1b:70:76:61:f0:7f:f2:c7:
61:66:ab:5d:90:9b:07:6f:9c:a4:f3:9c:2e:66:fb:d4:07:c9:
ec:df:fe:07:bb:8b:3a:51:bd:7a:9f:b6:9b:29:7f:be:7d:a5:
34:29:1e:1f:47:65:1d:fe:0e:6a:88:14:3e:0d:34:df:bf:69:
36:d6:c8:1f:03:72:88:46:51:a9:e0:b1:52:0b:e0:0e:de:a9:
3b:6c:4b:d7:04:04:c0:96:3d:18:92:68:9e:88:67:7c:37:57:
9d:08:1a:3a:f3:9d:28:4a:b3:f0:8f:f1:5a:7b:8f:45:5d:b0:
98:99:0b:12:d2:60:49:22:82:14:de:40:6e:52:a3:08:c5:99:
c2:f2:cc:b3:7a:da:bf:45:6d:23:0f:bc:51:a0:88:0d:f0:4b:
58:4f:21:44:31:05:b2:35:2d:26:df:36:bc:77:1d:7d:27:08:
76:5c:f9:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZhIjqc+EN/FXWuVi+nJslWfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYWNkN2Q5NmI5NTZkZTVkYjAzNjczY2QxZDFlM2EzN2I4
ZGQ5ZGQwHhcNMjUwNzI2MjEwNjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTY2N2M0ZGY3ZjM3YTE3OTQyMGI3NzkzYjliZjBjNDBmMDAzNjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8iRiuMaDrocTunJoAG6K1ac+dNrp
C1/wZn5wDDkSqpODU5qB9eSkTVDzWHFh+EbHkQ/C5/dty9G84J6AWdWFtb6RZh1a
g4e2X94zbpC9oc/AlN9TghMB+btg4kHelzDQAUipCpUhoXCEDASM8mJAGKyYD1GA
avWShvQXUPzA586Rbg8r4+hnmkX5AVe0uHHH+xhqCawbryXm0fB/XFYVWIB1xXns
o9vSlXredh3BdU7wnm+9G0vwWAPrP8VY+/3Oc3RoymJ4DxM6JBPlxZSKyAEkQ49a
QmPCateFtCeEc08iN9JKNGnorJ3PjQJ1xNHwQNC9Yzu/HQOzsn9dhDwfQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAVmfE3383oXlCC3eTub8MQPADYLMB8GA1UdIwQY
MBaAFGCs19lrlW3l2wNnPNHR46N7jdndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUt6WDJXdVZiZVhiQTJjODBkSGpvM3VOMmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMzc3YmQtOGU0Mi00ODc1LWExMjQt
M2FiZmFmZTc0YWE5LzEvQldaOFRmZnplaGVVSUxkNU81dnd4QThBTmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMzc3YmQtOGU0Mi00ODc1LWExMjQtM2FiZmFmZTc0YWE5
LzEvWUt6WDJXdVZiZVhiQTJjODBkSGpvM3VOMmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwmt0MA0E
AgACMAcDBQAqDG4AMA0GCSqGSIb3DQEBCwUAA4IBAQDd6R9C0aX8nAj6dpUqzNl7
Gs8yUyHGxdLi6Qp9MjGScD9D4wL8i2mwkl4YEI00ALGMxyJgI+I7O1IGCJgC8fKK
eJiyp5kbda8KY0bNtV8sQ1hzG3B2YfB/8sdhZqtdkJsHb5yk85wuZvvUB8ns3/4H
u4s6Ub16n7abKX++faU0KR4fR2Ud/g5qiBQ+DTTfv2k21sgfA3KIRlGp4LFSC+AO
3qk7bEvXBATAlj0YkmieiGd8N1edCBo6850oSrPwj/Fae49FXbCYmQsS0mBJIoIU
3kBuUqMIxZnC8syzetq/RW0jD7xRoIgN8EtYTyFEMQWyNS0m3za8dx19Jwh2XPnL
-----END CERTIFICATE-----
Generated at Sun Aug 10 04:59:32 2025 by rpki-client