Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/arBL0brC96EPXIKY7ELOxOE6FFI.roa
File: arBL0brC96EPXIKY7ELOxOE6FFI.roa (raw, json)
Hash identifier: GkM6RZl9Pvt+iBP05ozFdhE0Bb4/KoZmxF+tQ8IzT8U=
Subject key identifier: 6A:B0:4B:D1:BA:C2:F7:A1:0F:5C:82:98:EC:42:CE:C4:E1:3A:14:52
Certificate issuer: /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial: 0198502E8E29ECE5D8433287564A6B9BAC86
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/arBL0brC96EPXIKY7ELOxOE6FFI.roa
Signing time: Mon 28 Jul 2025 08:38:05 +0000
ROA not before: Mon 28 Jul 2025 08:38:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211522
IP address blocks: 45.134.12.0/24 maxlen: 24
45.134.13.0/24 maxlen: 24
45.134.14.0/24 maxlen: 24
45.134.15.0/24 maxlen: 24
103.71.22.0/24 maxlen: 24
103.71.23.0/24 maxlen: 24
103.249.132.0/24 maxlen: 24
103.249.133.0/24 maxlen: 24
103.249.134.0/24 maxlen: 24
103.249.135.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 05:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:50:2e:8e:29:ec:e5:d8:43:32:87:56:4a:6b:9b:ac:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
Validity
Not Before: Jul 28 08:38:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6ab04bd1bac2f7a10f5c8298ec42cec4e13a1452
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:e5:26:a5:f3:11:0d:f1:8d:fb:35:55:db:9f:
11:77:83:9e:c1:2b:20:e7:1c:3e:fa:ae:4e:04:87:
fd:dc:5c:3d:aa:10:94:a8:a5:d9:e3:2e:20:d5:02:
ae:da:86:a3:25:54:38:27:ac:08:28:d7:08:b9:84:
63:bd:6d:34:e1:0c:dd:6e:a7:69:d5:fc:a8:8f:ad:
0e:b9:20:c6:6b:23:2e:ec:66:71:2d:f5:14:c4:df:
fb:7a:72:b5:9c:5b:4c:3a:d8:c6:4a:1a:5c:53:19:
e3:a7:c9:a8:d6:1d:f6:e8:2e:e1:05:04:25:78:8a:
c1:c5:49:b1:82:66:e9:d3:98:b3:fb:63:52:dd:b0:
4a:ef:b6:2d:5f:03:69:05:7e:77:6d:5a:6f:1e:06:
2b:48:89:6e:28:df:64:13:c9:a6:38:0e:8d:89:4a:
9e:ef:7e:bd:31:3f:80:3b:91:bf:35:e6:a1:bc:a8:
60:ab:29:5d:62:68:b7:9f:ad:48:c3:ac:8b:a2:a8:
6f:c3:d1:bc:66:8f:3b:a5:f0:7a:75:50:10:82:38:
ea:04:34:58:a3:bd:f0:d1:c1:be:99:71:21:33:7f:
e8:11:9b:ed:2b:80:a8:d0:31:d4:37:1d:a4:d3:d7:
6a:a0:e1:19:d6:e4:f6:2c:07:0c:2e:96:d9:b8:14:
97:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:B0:4B:D1:BA:C2:F7:A1:0F:5C:82:98:EC:42:CE:C4:E1:3A:14:52
X509v3 Authority Key Identifier:
keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/arBL0brC96EPXIKY7ELOxOE6FFI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.134.12.0/22
103.71.22.0/23
103.249.132.0/22
Signature Algorithm: sha256WithRSAEncryption
6b:2c:b7:4b:ee:76:40:76:30:91:f8:40:34:3d:90:ef:0a:04:
60:42:fb:9d:df:4a:cc:32:65:43:97:5b:4e:f6:93:64:93:8c:
5a:3b:e7:30:e9:13:aa:d6:88:f3:a3:0a:8c:70:7a:ed:b1:cf:
55:6d:9a:39:59:48:59:43:f7:a1:43:c3:da:73:df:eb:6a:fe:
0e:e5:1e:97:ae:d8:cf:d0:65:ab:8d:e1:69:4e:2c:0c:b9:30:
3b:46:94:b2:e3:6b:e6:2f:66:7f:dc:3f:07:7c:b1:5f:7c:0e:
d2:e4:49:62:06:1b:4f:e1:04:c1:d4:7c:46:9d:5c:74:59:e0:
db:3f:0b:39:59:b2:f0:f7:a3:8f:98:0b:a8:0a:3a:e1:22:69:
58:83:1b:7d:4b:85:2d:c9:ad:5c:c5:66:ca:c8:c9:92:8c:95:
47:63:25:58:47:2c:d3:24:be:8e:14:21:1d:70:0e:d0:1d:b6:
a1:70:39:ad:d8:8f:e3:55:e9:48:72:c1:66:73:c1:76:26:31:
7e:c6:d4:ed:93:72:aa:58:ee:47:4c:cf:71:13:a0:60:11:53:
ed:70:cc:e3:3e:f3:1e:dc:46:08:4e:33:3f:55:4c:32:fe:60:
c0:20:5e:15:a8:ef:14:26:38:13:41:51:83:e5:f3:56:c3:cb:
10:d4:00:93
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhQLo4p7OXYQzKHVkprm6yGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwNzI4MDgzODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWIwNGJkMWJhYzJmN2ExMGY1YzgyOThlYzQyY2VjNGUxM2ExNDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuUmpfMRDfGN+zVV258Rd4OewSsg
5xw++q5OBIf93Fw9qhCUqKXZ4y4g1QKu2oajJVQ4J6wIKNcIuYRjvW004Qzdbqdp
1fyoj60OuSDGayMu7GZxLfUUxN/7enK1nFtMOtjGShpcUxnjp8mo1h326C7hBQQl
eIrBxUmxgmbp05iz+2NS3bBK77YtXwNpBX53bVpvHgYrSIluKN9kE8mmOA6NiUqe
7369MT+AO5G/NeahvKhgqyldYmi3n61Iw6yLoqhvw9G8Zo87pfB6dVAQgjjqBDRY
o73w0cG+mXEhM3/oEZvtK4Co0DHUNx2k09dqoOEZ1uT2LAcMLpbZuBSXHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGqwS9G6wvehD1yCmOxCzsThOhRSMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvYXJCTDBickM5NkVQWElLWTdFTE94T0U2RkZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLYYMAwQB
Z0cWAwQCZ/mEMA0GCSqGSIb3DQEBCwUAA4IBAQBrLLdL7nZAdjCR+EA0PZDvCgRg
Qvud30rMMmVDl1tO9pNkk4xaO+cw6ROq1ojzowqMcHrtsc9VbZo5WUhZQ/ehQ8Pa
c9/rav4O5R6XrtjP0GWrjeFpTiwMuTA7RpSy42vmL2Z/3D8HfLFffA7S5EliBhtP
4QTB1HxGnVx0WeDbPws5WbLw96OPmAuoCjrhImlYgxt9S4Utya1cxWbKyMmSjJVH
YyVYRyzTJL6OFCEdcA7QHbahcDmt2I/jVelIcsFmc8F2JjF+xtTtk3KqWO5HTM9x
E6BgEVPtcMzjPvMe3EYITjM/VUwy/mDAIF4VqO8UJjgTQVGD5fNWw8sQ1ACT
-----END CERTIFICATE-----
Generated at Sat Aug 9 15:13:46 2025 by rpki-client