Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/gphbKzpx6tWGj_zsNbx2el-xjBw.roa
File: gphbKzpx6tWGj_zsNbx2el-xjBw.roa (raw, json)
Hash identifier: EGV6JtWjWAcUe3P+wNKh2PddbSFnyVdKJ948XnlhOEI=
Subject key identifier: 82:98:5B:2B:3A:71:EA:D5:86:8F:FC:EC:35:BC:76:7A:5F:B1:8C:1C
Certificate issuer: /CN=bc8a3bc47d13c83f7d1cf72a137e0066f83d0608
Certificate serial: 019754214C3DA956A916BBE2B517422DD407
Authority key identifier: BC:8A:3B:C4:7D:13:C8:3F:7D:1C:F7:2A:13:7E:00:66:F8:3D:06:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vIo7xH0TyD99HPcqE34AZvg9Bgg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/gphbKzpx6tWGj_zsNbx2el-xjBw.roa
Signing time: Mon 09 Jun 2025 09:59:17 +0000
ROA not before: Mon 09 Jun 2025 09:59:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9076
IP address blocks: 212.104.1.0/24 maxlen: 24
212.104.10.0/24 maxlen: 24
212.104.14.0/24 maxlen: 24
212.104.43.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/vIo7xH0TyD99HPcqE34AZvg9Bgg.crl
rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/vIo7xH0TyD99HPcqE34AZvg9Bgg.mft
rsync://rpki.ripe.net/repository/DEFAULT/vIo7xH0TyD99HPcqE34AZvg9Bgg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:54:21:4c:3d:a9:56:a9:16:bb:e2:b5:17:42:2d:d4:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bc8a3bc47d13c83f7d1cf72a137e0066f83d0608
Validity
Not Before: Jun 9 09:59:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=82985b2b3a71ead5868ffcec35bc767a5fb18c1c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:67:0c:c5:53:55:b0:51:c1:ba:be:58:e4:6d:
af:5d:eb:01:79:db:4e:c2:b7:db:50:9c:6f:2c:6b:
7d:22:d5:9b:fb:5d:9d:7e:59:c5:6a:5f:59:0a:f9:
c0:0a:e4:85:76:89:1b:1f:dc:56:5b:24:b5:c4:dd:
38:17:4b:65:13:74:5c:a2:57:ac:ff:1b:1c:f1:27:
7a:00:ec:4e:94:04:67:76:74:83:b2:3f:85:9c:1f:
f5:94:3a:b0:8d:8d:62:e5:42:70:1a:df:15:79:7b:
d8:eb:b4:39:26:f3:8d:92:a0:26:23:a7:c5:6b:13:
ec:48:83:8f:96:5b:99:d6:49:74:4f:a1:b5:92:a3:
9e:d1:c5:a5:cc:34:17:47:b0:59:8b:6f:dc:19:e0:
e4:76:3f:41:86:b0:46:68:9a:7d:97:a0:69:ab:54:
20:fc:db:ae:7b:2c:a3:19:59:56:74:76:9c:0d:97:
1c:5f:39:01:bc:df:8c:68:4e:dc:da:d0:c6:4d:09:
a5:7c:6f:ea:fc:84:bd:3e:3f:54:1e:d4:e7:a2:60:
be:42:a4:ac:55:97:bf:26:5a:c1:15:f0:de:56:32:
77:0e:86:02:6c:d7:3d:b7:aa:1f:19:a2:08:90:6f:
28:19:d0:8c:f4:32:46:69:78:b1:09:2e:95:33:7c:
35:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:98:5B:2B:3A:71:EA:D5:86:8F:FC:EC:35:BC:76:7A:5F:B1:8C:1C
X509v3 Authority Key Identifier:
keyid:BC:8A:3B:C4:7D:13:C8:3F:7D:1C:F7:2A:13:7E:00:66:F8:3D:06:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vIo7xH0TyD99HPcqE34AZvg9Bgg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/gphbKzpx6tWGj_zsNbx2el-xjBw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0ee921-a721-4f09-80f2-7113fc1b865b/1/vIo7xH0TyD99HPcqE34AZvg9Bgg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.104.1.0/24
212.104.10.0/24
212.104.14.0/24
212.104.43.0/24
Signature Algorithm: sha256WithRSAEncryption
a5:5a:13:ef:1a:b8:66:1e:86:11:da:4c:64:cc:f3:18:a6:5c:
a5:e1:32:3d:09:f7:0d:75:11:8e:9e:de:9d:d5:85:97:ce:29:
56:ca:25:e7:c5:d9:d1:aa:4d:c2:e0:27:a2:96:eb:42:16:43:
e0:7f:fe:88:5f:98:07:ef:49:63:c3:ea:bb:ce:81:08:d2:68:
14:82:7a:a9:81:24:7f:cc:ff:d1:40:20:d5:90:7d:05:02:59:
af:2e:d6:64:79:ef:6b:5c:bd:e0:b0:e7:16:50:f8:4e:74:1c:
25:30:dc:fe:c1:59:4e:38:59:8a:07:2b:8b:91:ad:f2:c2:f0:
fc:a1:4c:bf:53:34:ab:e4:93:99:8c:56:3f:df:a8:33:57:62:
35:ba:c2:62:b8:d9:d2:a3:e5:76:10:66:cb:51:fb:e4:af:a9:
12:93:6b:b2:f7:35:e1:36:53:da:5e:45:6f:b7:d5:85:0e:2a:
ee:8c:8d:dd:d2:a7:7d:e9:be:48:db:6d:8b:24:5c:38:f5:69:
ed:62:49:52:b2:b0:ed:1f:4b:05:b8:25:15:3c:cc:0a:9e:13:
43:9d:f3:a7:78:0f:6f:5a:e1:00:1b:1c:10:23:27:c1:b5:d9:
ba:b3:dd:31:42:18:96:be:53:56:ed:fb:ef:30:45:f3:61:5a:
0b:24:c5:30
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZdUIUw9qVapFrvitRdCLdQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOGEzYmM0N2QxM2M4M2Y3ZDFjZjcyYTEzN2UwMDY2Zjgz
ZDA2MDgwHhcNMjUwNjA5MDk1OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjk4NWIyYjNhNzFlYWQ1ODY4ZmZjZWMzNWJjNzY3YTVmYjE4YzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2cMxVNVsFHBur5Y5G2vXesBedtO
wrfbUJxvLGt9ItWb+12dflnFal9ZCvnACuSFdokbH9xWWyS1xN04F0tlE3Rcoles
/xsc8Sd6AOxOlARndnSDsj+FnB/1lDqwjY1i5UJwGt8VeXvY67Q5JvONkqAmI6fF
axPsSIOPlluZ1kl0T6G1kqOe0cWlzDQXR7BZi2/cGeDkdj9BhrBGaJp9l6Bpq1Qg
/NuueyyjGVlWdHacDZccXzkBvN+MaE7c2tDGTQmlfG/q/IS9Pj9UHtTnomC+QqSs
VZe/JlrBFfDeVjJ3DoYCbNc9t6ofGaIIkG8oGdCM9DJGaXixCS6VM3w1MQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIKYWys6cerVho/87DW8dnpfsYwcMB8GA1UdIwQY
MBaAFLyKO8R9E8g/fRz3KhN+AGb4PQYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdklvN3hIMFR5RDk5SFBjcUUzNEFadmc5QmdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8wZWU5MjEtYTcyMS00ZjA5LTgwZjIt
NzExM2ZjMWI4NjViLzEvZ3BoYkt6cHg2dFdHal96c05ieDJlbC14akJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8wZWU5MjEtYTcyMS00ZjA5LTgwZjItNzExM2ZjMWI4NjVi
LzEvdklvN3hIMFR5RDk5SFBjcUUzNEFadmc5QmdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQA1GgBAwQA
1GgKAwQA1GgOAwQA1GgrMA0GCSqGSIb3DQEBCwUAA4IBAQClWhPvGrhmHoYR2kxk
zPMYplyl4TI9CfcNdRGOnt6d1YWXzilWyiXnxdnRqk3C4CeilutCFkPgf/6IX5gH
70ljw+q7zoEI0mgUgnqpgSR/zP/RQCDVkH0FAlmvLtZkee9rXL3gsOcWUPhOdBwl
MNz+wVlOOFmKByuLka3ywvD8oUy/UzSr5JOZjFY/36gzV2I1usJiuNnSo+V2EGbL
Ufvkr6kSk2uy9zXhNlPaXkVvt9WFDirujI3d0qd96b5I222LJFw49WntYklSsrDt
H0sFuCUVPMwKnhNDnfOneA9vWuEAGxwQIyfBtdm6s90xQhiWvlNW7fvvMEXzYVoL
JMUw
-----END CERTIFICATE-----
Generated at Sat Jun 14 12:18:20 2025 by rpki-client