Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/b1a75d-b791-40b4-bda7-e9ddbe3efbe3/1/0YQNQfPH4Cu72DoID5FMdAcNaLI.roa
File: 0YQNQfPH4Cu72DoID5FMdAcNaLI.roa (raw, json)
Hash identifier: spBps2jYr/x0LCQGlcWxdN+sgAztOxCYMMvfbn6x0Mw=
Subject key identifier: D1:84:0D:41:F3:C7:E0:2B:BB:D8:3A:08:0F:91:4C:74:07:0D:68:B2
Certificate issuer: /CN=b1241f129dbfc4a1651fecdba03108fcd2cc1df2
Certificate serial: 0198729F2334A3D1E1BC7B6117BD7676424D
Authority key identifier: B1:24:1F:12:9D:BF:C4:A1:65:1F:EC:DB:A0:31:08:FC:D2:CC:1D:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sSQfEp2_xKFlH-zboDEI_NLMHfI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/b1a75d-b791-40b4-bda7-e9ddbe3efbe3/1/0YQNQfPH4Cu72DoID5FMdAcNaLI.roa
Signing time: Mon 04 Aug 2025 01:08:08 +0000
ROA not before: Mon 04 Aug 2025 01:08:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42742
IP address blocks: 91.189.232.0/21 maxlen: 21
92.118.140.0/24 maxlen: 24
92.118.141.0/24 maxlen: 24
92.118.142.0/24 maxlen: 24
194.79.4.0/22 maxlen: 22
195.211.64.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e0/b1a75d-b791-40b4-bda7-e9ddbe3efbe3/1/sSQfEp2_xKFlH-zboDEI_NLMHfI.crl
rsync://rpki.ripe.net/repository/DEFAULT/e0/b1a75d-b791-40b4-bda7-e9ddbe3efbe3/1/sSQfEp2_xKFlH-zboDEI_NLMHfI.mft
rsync://rpki.ripe.net/repository/DEFAULT/sSQfEp2_xKFlH-zboDEI_NLMHfI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 10:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:72:9f:23:34:a3:d1:e1:bc:7b:61:17:bd:76:76:42:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1241f129dbfc4a1651fecdba03108fcd2cc1df2
Validity
Not Before: Aug 4 01:08:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d1840d41f3c7e02bbbd83a080f914c74070d68b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:e0:05:77:f1:6f:53:22:2f:34:ba:fe:d8:a5:
29:3a:87:b7:88:d4:af:ec:88:0f:18:fe:9d:93:17:
ce:2a:e9:c6:69:10:fd:47:f6:4c:ed:b1:0b:a4:29:
37:63:de:a6:60:50:73:ea:24:45:90:66:30:96:86:
cc:ea:55:ed:95:1a:4b:1f:0a:eb:1f:85:08:a6:dd:
6b:40:94:54:f6:77:cd:62:e6:39:d0:21:02:0f:a0:
d5:c8:e1:31:bb:32:cd:ef:b1:ce:b6:d6:c8:fb:d6:
f6:ef:96:28:77:5b:a0:f8:90:ff:4e:f7:ee:9d:e5:
e1:0c:9f:10:7f:df:57:b3:5a:0a:31:87:bc:b8:be:
78:a1:da:f8:1c:76:d5:2e:5c:f0:3e:16:a1:1a:97:
e3:3a:d7:35:13:a7:ca:80:a9:82:d0:92:eb:b8:6d:
58:22:05:fe:5a:b4:da:b0:b8:d4:df:e1:b1:01:36:
a1:c3:b3:41:7d:52:36:8a:f3:47:25:68:14:85:26:
84:3d:df:3d:a8:18:c7:5a:56:cb:07:21:e5:92:c3:
fc:63:fc:24:21:3b:8b:c7:43:5c:8e:6d:af:da:d7:
66:5a:24:f7:96:b2:1e:1e:91:47:80:2c:dd:fd:9c:
c7:74:a8:eb:38:23:33:9f:9b:93:1e:b4:54:cd:1a:
fb:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:84:0D:41:F3:C7:E0:2B:BB:D8:3A:08:0F:91:4C:74:07:0D:68:B2
X509v3 Authority Key Identifier:
keyid:B1:24:1F:12:9D:BF:C4:A1:65:1F:EC:DB:A0:31:08:FC:D2:CC:1D:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sSQfEp2_xKFlH-zboDEI_NLMHfI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/b1a75d-b791-40b4-bda7-e9ddbe3efbe3/1/0YQNQfPH4Cu72DoID5FMdAcNaLI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/b1a75d-b791-40b4-bda7-e9ddbe3efbe3/1/sSQfEp2_xKFlH-zboDEI_NLMHfI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.189.232.0/21
92.118.140.0-92.118.142.255
194.79.4.0/22
195.211.64.0/22
Signature Algorithm: sha256WithRSAEncryption
53:c8:82:28:16:ed:e5:61:58:df:2e:fb:23:77:54:93:97:9b:
71:7e:07:01:cb:b7:54:93:a4:1a:ee:c6:0d:fd:2f:e6:c1:6d:
ea:96:fb:c7:f6:cb:6c:84:47:9f:67:ab:46:17:0b:fc:d3:ed:
d9:16:45:44:21:a8:b2:5e:fd:2f:3d:39:36:70:5a:da:97:d1:
8b:53:87:5e:2f:5b:90:42:39:ab:38:82:48:53:fb:01:46:90:
90:d0:6b:7c:5d:2b:7e:6e:1a:8a:fd:8c:0b:35:db:34:91:ae:
77:fd:b7:d8:9f:17:a0:dc:0c:c4:86:3d:19:5d:0c:f3:37:c9:
65:ba:67:5c:4d:9d:92:80:7c:07:24:36:d5:e0:85:a7:e6:eb:
ac:45:47:e2:bb:ac:39:40:57:17:53:1e:79:de:7d:f9:88:be:
d3:9d:ac:82:b0:1a:d5:57:a2:36:10:a8:87:72:de:39:83:76:
86:34:e4:a8:ff:5b:9f:df:ff:d9:31:13:c6:30:4c:12:80:9a:
7f:7f:3d:fc:ec:1a:18:23:8b:b0:b1:88:2b:9c:89:05:24:ac:
ea:e2:e6:27:70:aa:b9:a8:0e:47:d6:97:86:38:1f:67:23:c8:
d6:16:cc:e8:73:3d:b5:ca:5a:c3:7f:18:89:9f:ac:83:54:d0:
db:d1:2c:e8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZhynyM0o9HhvHthF712dkJNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMjQxZjEyOWRiZmM0YTE2NTFmZWNkYmEwMzEwOGZjZDJj
YzFkZjIwHhcNMjUwODA0MDEwODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTg0MGQ0MWYzYzdlMDJiYmJkODNhMDgwZjkxNGM3NDA3MGQ2OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOAFd/FvUyIvNLr+2KUpOoe3iNSv
7IgPGP6dkxfOKunGaRD9R/ZM7bELpCk3Y96mYFBz6iRFkGYwlobM6lXtlRpLHwrr
H4UIpt1rQJRU9nfNYuY50CECD6DVyOExuzLN77HOttbI+9b275Yod1ug+JD/Tvfu
neXhDJ8Qf99Xs1oKMYe8uL54odr4HHbVLlzwPhahGpfjOtc1E6fKgKmC0JLruG1Y
IgX+WrTasLjU3+GxATahw7NBfVI2ivNHJWgUhSaEPd89qBjHWlbLByHlksP8Y/wk
ITuLx0Ncjm2v2tdmWiT3lrIeHpFHgCzd/ZzHdKjrOCMzn5uTHrRUzRr7TwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFNGEDUHzx+Aru9g6CA+RTHQHDWiyMB8GA1UdIwQY
MBaAFLEkHxKdv8ShZR/s26AxCPzSzB3yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1NRZkVwMl94S0ZsSC16Ym9ERUlfTkxNSGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9iMWE3NWQtYjc5MS00MGI0LWJkYTct
ZTlkZGJlM2VmYmUzLzEvMFlRTlFmUEg0Q3U3MkRvSUQ1Rk1kQWNOYUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9iMWE3NWQtYjc5MS00MGI0LWJkYTctZTlkZGJlM2VmYmUz
LzEvc1NRZkVwMl94S0ZsSC16Ym9ERUlfTkxNSGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQDW73oMAwD
BAJcdowDBABcdo4DBALCTwQDBALD00AwDQYJKoZIhvcNAQELBQADggEBAFPIgigW
7eVhWN8u+yN3VJOXm3F+BwHLt1STpBruxg39L+bBbeqW+8f2y2yER59nq0YXC/zT
7dkWRUQhqLJe/S89OTZwWtqX0YtTh14vW5BCOas4gkhT+wFGkJDQa3xdK35uGor9
jAs12zSRrnf9t9ifF6DcDMSGPRldDPM3yWW6Z1xNnZKAfAckNtXghafm66xFR+K7
rDlAVxdTHnneffmIvtOdrIKwGtVXojYQqIdy3jmDdoY05Kj/W5/f/9kxE8YwTBKA
mn9/PfzsGhgji7CxiCuciQUkrOri5idwqrmoDkfWl4Y4H2cjyNYWzOhzPbXKWsN/
GImfrINU0NvRLOg=
-----END CERTIFICATE-----
Generated at Mon Aug 4 13:57:52 2025 by rpki-client