Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/KM2VT3L9ZMXwTHPYv5ODDxzONBw.roa
File: KM2VT3L9ZMXwTHPYv5ODDxzONBw.roa (raw, json)
Hash identifier: bksDGAxzNsshB1aRuaWU81TLlTV46EhoUgnARWy0HJA=
Subject key identifier: 28:CD:95:4F:72:FD:64:C5:F0:4C:73:D8:BF:93:83:0F:1C:CE:34:1C
Certificate issuer: /CN=20b830833878b6c861269a0e2a45837aa9485be1
Certificate serial: 0198369859000BA1841A443A23ADFCA1E7E8
Authority key identifier: 20:B8:30:83:38:78:B6:C8:61:26:9A:0E:2A:45:83:7A:A9:48:5B:E1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ILgwgzh4tshhJpoOKkWDeqlIW-E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/KM2VT3L9ZMXwTHPYv5ODDxzONBw.roa
Signing time: Wed 23 Jul 2025 09:23:30 +0000
ROA not before: Wed 23 Jul 2025 09:23:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60987
IP address blocks: 5.183.161.0/24 maxlen: 24
185.198.184.0/22 maxlen: 22
185.198.184.0/24 maxlen: 24
185.198.185.0/24 maxlen: 24
185.198.186.0/24 maxlen: 24
185.198.187.0/24 maxlen: 24
193.238.175.0/24 maxlen: 24
2a0a:8d40::/29 maxlen: 29
2a11:880::/29 maxlen: 29
2a13:a040::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/ILgwgzh4tshhJpoOKkWDeqlIW-E.crl
rsync://rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/ILgwgzh4tshhJpoOKkWDeqlIW-E.mft
rsync://rpki.ripe.net/repository/DEFAULT/ILgwgzh4tshhJpoOKkWDeqlIW-E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 Aug 2025 23:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:36:98:59:00:0b:a1:84:1a:44:3a:23:ad:fc:a1:e7:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=20b830833878b6c861269a0e2a45837aa9485be1
Validity
Not Before: Jul 23 09:23:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=28cd954f72fd64c5f04c73d8bf93830f1cce341c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:6d:ef:0d:3e:6a:be:21:d1:5a:b0:ee:b3:91:
b2:14:1b:c4:cf:b9:a8:f9:69:3e:e7:db:5c:3b:09:
97:6c:a7:91:1c:57:9e:62:86:ff:8b:a8:4a:16:5a:
2e:bc:b8:d5:b9:5a:b8:47:2f:b7:de:6b:b0:bf:c4:
84:d5:9d:1e:33:24:6c:9e:6b:88:ad:f5:91:80:81:
da:de:62:6e:58:01:dc:dd:54:bc:76:4e:98:d4:f0:
30:f8:0f:7e:de:a8:ee:0c:33:2e:22:fa:32:00:8c:
bf:af:36:57:4d:19:45:6e:50:33:a6:4c:cb:50:08:
af:b8:ed:0e:1a:a5:83:08:1f:7f:8f:10:98:7a:d9:
5e:4f:19:57:9a:76:95:b9:ec:8b:af:e7:e7:34:55:
d0:12:ca:bd:6a:ee:4d:d4:45:47:5a:0d:92:44:5c:
ee:dc:b1:d6:ed:6d:1f:c5:29:c7:3b:40:71:2d:96:
80:3a:f0:c5:61:7b:74:44:16:79:39:3f:06:3b:2b:
54:1b:77:94:25:66:6f:15:a4:bd:f6:56:e9:97:62:
d6:e8:5b:4b:7f:35:08:0d:48:b9:1d:95:40:6a:ac:
68:2d:c0:75:87:0b:c1:18:40:66:e0:ee:1a:c4:a7:
71:70:f5:5e:a3:2d:24:a6:a2:21:62:80:32:31:ea:
e7:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:CD:95:4F:72:FD:64:C5:F0:4C:73:D8:BF:93:83:0F:1C:CE:34:1C
X509v3 Authority Key Identifier:
keyid:20:B8:30:83:38:78:B6:C8:61:26:9A:0E:2A:45:83:7A:A9:48:5B:E1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ILgwgzh4tshhJpoOKkWDeqlIW-E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/KM2VT3L9ZMXwTHPYv5ODDxzONBw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/64ff0f-e356-48b3-830f-156497bfe93f/1/ILgwgzh4tshhJpoOKkWDeqlIW-E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.183.161.0/24
185.198.184.0/22
193.238.175.0/24
IPv6:
2a0a:8d40::/29
2a11:880::/29
2a13:a040::/29
Signature Algorithm: sha256WithRSAEncryption
46:7a:c6:5c:95:44:f1:fc:89:7d:dd:f2:36:ec:1b:dc:20:fa:
75:47:fe:95:b5:3e:10:0e:05:02:35:81:e5:4b:a0:8d:b3:6a:
1a:b0:a8:62:67:cd:37:9c:bd:18:64:2a:62:e5:01:78:5a:2d:
9d:c1:f8:b3:da:35:45:85:7c:3e:89:73:b9:1a:f1:4c:56:2d:
82:c1:11:3e:0a:15:04:14:c7:d7:44:a6:f6:93:ec:b1:43:df:
3c:e5:63:97:63:48:ad:4b:2b:0d:3b:42:c2:be:f1:03:80:26:
bf:f6:77:a4:66:8a:7f:6a:8b:3e:b4:51:a9:ca:2c:b9:ae:34:
6a:3c:ac:00:95:b6:7b:aa:e3:ff:54:8a:fc:9a:a9:34:50:2a:
59:c9:1f:d1:3b:16:6f:a5:6a:f1:bc:25:9c:b4:51:8d:b8:d9:
5d:ba:17:52:de:19:b5:3d:dd:5f:70:27:70:ba:59:a9:5b:02:
74:11:1b:39:04:10:ba:e7:2e:76:82:cf:cc:90:a6:32:16:6c:
c3:cb:64:54:87:a2:61:dc:90:81:c0:aa:04:0a:77:86:92:09:
d1:47:df:9f:42:ba:dc:41:c4:0c:ee:17:3a:54:68:41:df:cc:
d9:16:df:3c:79:b3:fa:c6:a2:01:bb:46:de:ed:47:6b:69:c7:
b4:f4:b3:3d
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZg2mFkAC6GEGkQ6I638oefoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYjgzMDgzMzg3OGI2Yzg2MTI2OWEwZTJhNDU4MzdhYTk0
ODViZTEwHhcNMjUwNzIzMDkyMzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGNkOTU0ZjcyZmQ2NGM1ZjA0YzczZDhiZjkzODMwZjFjY2UzNDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArG3vDT5qviHRWrDus5GyFBvEz7mo
+Wk+59tcOwmXbKeRHFeeYob/i6hKFlouvLjVuVq4Ry+33muwv8SE1Z0eMyRsnmuI
rfWRgIHa3mJuWAHc3VS8dk6Y1PAw+A9+3qjuDDMuIvoyAIy/rzZXTRlFblAzpkzL
UAivuO0OGqWDCB9/jxCYetleTxlXmnaVueyLr+fnNFXQEsq9au5N1EVHWg2SRFzu
3LHW7W0fxSnHO0BxLZaAOvDFYXt0RBZ5OT8GOytUG3eUJWZvFaS99lbpl2LW6FtL
fzUIDUi5HZVAaqxoLcB1hwvBGEBm4O4axKdxcPVeoy0kpqIhYoAyMernrQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFCjNlU9y/WTF8Exz2L+Tgw8czjQcMB8GA1UdIwQY
MBaAFCC4MIM4eLbIYSaaDipFg3qpSFvhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUxnd2d6aDR0c2hoSnBvT0trV0RlcWxJVy1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82NGZmMGYtZTM1Ni00OGIzLTgzMGYt
MTU2NDk3YmZlOTNmLzEvS00yVlQzTDlaTVh3VEhQWXY1T0REeHpPTkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82NGZmMGYtZTM1Ni00OGIzLTgzMGYtMTU2NDk3YmZlOTNm
LzEvSUxnd2d6aDR0c2hoSnBvT0trV0RlcWxJVy1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAYBAIAATASAwQABbehAwQC
uca4AwQAwe6vMBsEAgACMBUDBQMqCo1AAwUDKhEIgAMFAyoToEAwDQYJKoZIhvcN
AQELBQADggEBAEZ6xlyVRPH8iX3d8jbsG9wg+nVH/pW1PhAOBQI1geVLoI2zahqw
qGJnzTecvRhkKmLlAXhaLZ3B+LPaNUWFfD6Jc7ka8UxWLYLBET4KFQQUx9dEpvaT
7LFD3zzlY5djSK1LKw07QsK+8QOAJr/2d6Rmin9qiz60UanKLLmuNGo8rACVtnuq
4/9UivyaqTRQKlnJH9E7Fm+lavG8JZy0UY242V26F1LeGbU93V9wJ3C6WalbAnQR
GzkEELrnLnaCz8yQpjIWbMPLZFSHomHckIHAqgQKd4aSCdFH359CutxBxAzuFzpU
aEHfzNkW3zx5s/rGogG7Rt7tR2tpx7T0sz0=
-----END CERTIFICATE-----
Generated at Wed Aug 13 08:46:25 2025 by rpki-client