Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/kfp0pk6rT7KzEgPpeNsP3WrJZ6E.roa
File: kfp0pk6rT7KzEgPpeNsP3WrJZ6E.roa (raw, json)
Hash identifier: ou9w6LX17ZfBGKa+aA56CHgkOdgzWRAn9XUt36rvoyw=
Subject key identifier: 91:FA:74:A6:4E:AB:4F:B2:B3:12:03:E9:78:DB:0F:DD:6A:C9:67:A1
Certificate issuer: /CN=b467367967dc763349fd0b50e31f75b823028590
Certificate serial: 01986585DFDD5A67511B9670E94A1C4998B2
Authority key identifier: B4:67:36:79:67:DC:76:33:49:FD:0B:50:E3:1F:75:B8:23:02:85:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tGc2eWfcdjNJ_QtQ4x91uCMChZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/kfp0pk6rT7KzEgPpeNsP3WrJZ6E.roa
Signing time: Fri 01 Aug 2025 12:05:29 +0000
ROA not before: Fri 01 Aug 2025 12:05:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201178
IP address blocks: 37.75.8.0/21 maxlen: 24
185.28.0.0/22 maxlen: 24
185.28.0.0/24 maxlen: 24
185.81.236.0/22 maxlen: 24
185.81.236.0/24 maxlen: 24
185.81.237.0/24 maxlen: 24
185.81.238.0/24 maxlen: 24
185.81.239.0/24 maxlen: 24
185.153.248.0/22 maxlen: 24
185.155.148.0/22 maxlen: 24
185.155.148.0/24 maxlen: 24
185.155.149.0/24 maxlen: 24
185.155.150.0/24 maxlen: 24
185.155.151.0/24 maxlen: 24
195.142.0.0/22 maxlen: 24
195.142.104.0/21 maxlen: 24
195.142.105.0/24 maxlen: 24
195.142.108.0/24 maxlen: 24
195.142.132.0/22 maxlen: 24
2a05:8a00::/29 maxlen: 48
2a05:8a00:6::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/tGc2eWfcdjNJ_QtQ4x91uCMChZA.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/tGc2eWfcdjNJ_QtQ4x91uCMChZA.mft
rsync://rpki.ripe.net/repository/DEFAULT/tGc2eWfcdjNJ_QtQ4x91uCMChZA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 07 Aug 2025 00:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:65:85:df:dd:5a:67:51:1b:96:70:e9:4a:1c:49:98:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b467367967dc763349fd0b50e31f75b823028590
Validity
Not Before: Aug 1 12:05:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=91fa74a64eab4fb2b31203e978db0fdd6ac967a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:11:8e:cc:be:1e:26:a9:2f:20:3d:0a:f1:7e:
b0:ca:4a:c7:ce:9d:25:8d:ae:f6:57:55:b0:55:43:
9a:03:0c:c2:e9:83:96:5f:8e:29:92:c0:5b:1c:e7:
8a:63:cf:d0:a8:92:89:71:5a:18:2a:11:2c:1e:02:
76:41:06:6a:89:60:84:84:6d:2e:86:41:76:c3:cb:
0a:40:86:77:89:31:94:c2:74:d3:5d:cd:ca:df:b8:
86:8f:13:50:56:df:20:17:e7:ea:0c:80:64:a3:79:
bf:b8:cd:1d:19:db:98:35:4c:68:ce:91:ab:7f:ed:
97:7a:31:a3:2b:05:dc:62:42:ab:b6:db:d2:bc:95:
10:62:09:5e:91:22:8a:84:69:36:77:dd:1b:d7:a2:
74:f6:73:7c:5f:30:57:f3:0b:19:0b:64:85:a3:1a:
e2:b5:c5:b9:7e:3b:93:d6:e3:59:5c:b1:ec:27:33:
81:2a:d7:50:88:af:d3:81:fe:39:6e:03:93:bc:09:
30:02:1e:6e:34:d7:79:f2:1a:b3:09:53:34:e7:12:
35:73:c1:15:94:1c:2d:5b:ae:8c:cc:b3:43:59:03:
ac:10:af:7e:9f:9b:a1:02:dc:aa:c1:cd:9e:16:43:
49:ef:48:c5:2f:7b:2c:bc:d9:07:1f:b1:7d:89:8c:
19:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:FA:74:A6:4E:AB:4F:B2:B3:12:03:E9:78:DB:0F:DD:6A:C9:67:A1
X509v3 Authority Key Identifier:
keyid:B4:67:36:79:67:DC:76:33:49:FD:0B:50:E3:1F:75:B8:23:02:85:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGc2eWfcdjNJ_QtQ4x91uCMChZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/kfp0pk6rT7KzEgPpeNsP3WrJZ6E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/tGc2eWfcdjNJ_QtQ4x91uCMChZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.75.8.0/21
185.28.0.0/22
185.81.236.0/22
185.153.248.0/22
185.155.148.0/22
195.142.0.0/22
195.142.104.0/21
195.142.132.0/22
IPv6:
2a05:8a00::/29
Signature Algorithm: sha256WithRSAEncryption
60:8e:65:47:4f:43:28:ce:63:39:5e:35:26:14:e6:5d:ae:5d:
98:8b:10:6d:bd:44:5c:5a:8c:59:54:5a:11:8d:3b:9b:15:d4:
1a:d2:ce:34:a5:68:3c:35:c5:37:ca:85:b8:16:fd:49:42:aa:
93:7f:4c:e1:84:00:a1:a8:6b:ee:a2:46:8e:97:fd:59:c6:64:
2e:a2:ec:b5:f4:1b:ad:bd:79:03:7f:cd:1d:d5:8b:3e:8e:e7:
a9:d2:f5:6a:0e:34:c6:49:84:5a:c8:0d:ca:0b:65:41:7a:54:
71:f7:e7:18:dd:39:6e:14:a4:23:4a:c6:52:20:8c:20:39:2f:
7e:d8:77:5b:f0:5a:37:1d:e3:e8:ce:b7:be:cb:68:77:c8:07:
25:26:4b:1c:39:55:da:12:86:52:fb:3a:94:5a:4a:74:b8:04:
07:14:7b:db:eb:a6:c4:3c:8a:bd:83:f2:e7:41:93:aa:1d:84:
b3:18:d4:e7:a6:47:07:7e:45:e5:73:68:15:bf:db:13:17:c3:
62:19:0f:76:ff:30:90:ee:ca:1d:ba:49:d6:91:af:b7:1d:53:
11:d5:d4:e1:1d:d4:3e:78:b0:a0:ef:55:7d:98:b0:59:93:d4:
86:cb:6c:5c:af:11:91:32:fe:b4:56:61:bb:d2:f2:7c:1b:60:
50:56:9b:29
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZhlhd/dWmdRG5Zw6UocSZiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjczNjc5NjdkYzc2MzM0OWZkMGI1MGUzMWY3NWI4MjMw
Mjg1OTAwHhcNMjUwODAxMTIwNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWZhNzRhNjRlYWI0ZmIyYjMxMjAzZTk3OGRiMGZkZDZhYzk2N2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRGOzL4eJqkvID0K8X6wykrHzp0l
ja72V1WwVUOaAwzC6YOWX44pksBbHOeKY8/QqJKJcVoYKhEsHgJ2QQZqiWCEhG0u
hkF2w8sKQIZ3iTGUwnTTXc3K37iGjxNQVt8gF+fqDIBko3m/uM0dGduYNUxozpGr
f+2XejGjKwXcYkKrttvSvJUQYglekSKKhGk2d90b16J09nN8XzBX8wsZC2SFoxri
tcW5fjuT1uNZXLHsJzOBKtdQiK/Tgf45bgOTvAkwAh5uNNd58hqzCVM05xI1c8EV
lBwtW66MzLNDWQOsEK9+n5uhAtyqwc2eFkNJ70jFL3ssvNkHH7F9iYwZ5QIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFJH6dKZOq0+ysxID6XjbD91qyWehMB8GA1UdIwQY
MBaAFLRnNnln3HYzSf0LUOMfdbgjAoWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdjMmVXZmNkak5KX1F0UTR4OTF1Q01DaFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kZmM0ZjItZWQ3ZC00NjEwLTg2MGMt
YjgxMzczYzQwZGM5LzEva2ZwMHBrNnJUN0t6RWdQcGVOc1AzV3JKWjZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kZmM0ZjItZWQ3ZC00NjEwLTg2MGMtYjgxMzczYzQwZGM5
LzEvdEdjMmVXZmNkak5KX1F0UTR4OTF1Q01DaFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDJUsIAwQC
uRwAAwQCuVHsAwQCuZn4AwQCuZuUAwQCw44AAwQDw45oAwQCw46EMA0EAgACMAcD
BQMqBYoAMA0GCSqGSIb3DQEBCwUAA4IBAQBgjmVHT0MozmM5XjUmFOZdrl2YixBt
vURcWoxZVFoRjTubFdQa0s40pWg8NcU3yoW4Fv1JQqqTf0zhhAChqGvuokaOl/1Z
xmQuouy19ButvXkDf80d1Ys+juep0vVqDjTGSYRayA3KC2VBelRx9+cY3TluFKQj
SsZSIIwgOS9+2Hdb8Fo3HePozre+y2h3yAclJkscOVXaEoZS+zqUWkp0uAQHFHvb
66bEPIq9g/LnQZOqHYSzGNTnpkcHfkXlc2gVv9sTF8NiGQ92/zCQ7soduknWka+3
HVMR1dThHdQ+eLCg71V9mLBZk9SGy2xcrxGRMv60VmG70vJ8G2BQVpsp
-----END CERTIFICATE-----
Generated at Wed Aug 6 11:22:36 2025 by rpki-client