Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/h8jROV5bQoENdkPdOHcG_4qWdVY.roa
File: h8jROV5bQoENdkPdOHcG_4qWdVY.roa (raw, json)
Hash identifier: glJfimln9Noz47bXSrY5ZJrPDNDjmCoZp6sAhb5XR58=
Subject key identifier: 87:C8:D1:39:5E:5B:42:81:0D:76:43:DD:38:77:06:FF:8A:96:75:56
Certificate issuer: /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial: 019837231EF099CB627B41B52D2FDB3FA309
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/h8jROV5bQoENdkPdOHcG_4qWdVY.roa
Signing time: Wed 23 Jul 2025 11:55:05 +0000
ROA not before: Wed 23 Jul 2025 11:55:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8772
IP address blocks: 95.164.15.0/24 maxlen: 24
95.164.40.0/22 maxlen: 22
95.164.49.0/24 maxlen: 24
95.164.50.0/24 maxlen: 24
95.164.56.0/22 maxlen: 22
95.164.72.0/22 maxlen: 22
95.164.76.0/24 maxlen: 24
95.164.80.0/22 maxlen: 22
95.164.120.0/24 maxlen: 24
95.164.121.0/24 maxlen: 24
95.164.170.0/23 maxlen: 23
95.164.172.0/22 maxlen: 22
95.164.248.0/24 maxlen: 24
95.164.249.0/24 maxlen: 24
95.164.251.0/24 maxlen: 24
185.234.254.0/24 maxlen: 24
2a10:eb80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 09 Aug 2025 20:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:37:23:1e:f0:99:cb:62:7b:41:b5:2d:2f:db:3f:a3:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
Validity
Not Before: Jul 23 11:55:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=87c8d1395e5b42810d7643dd387706ff8a967556
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:d7:f2:be:cd:a0:76:bd:68:6d:1c:06:e7:f4:
45:16:a6:a7:35:a3:df:ed:4c:0e:23:e8:70:49:73:
37:ae:90:20:c7:ef:90:41:23:58:65:2c:d7:0d:da:
e6:55:3d:78:6e:6e:91:d6:17:dc:4f:2d:39:02:c3:
e4:2a:83:0a:36:3f:aa:a3:3e:2c:dd:d8:3a:b8:69:
68:6c:f0:52:0e:a4:dc:dd:f1:69:3a:d8:14:23:f7:
36:c0:1f:6b:cb:bc:19:77:c0:ff:ea:d1:09:48:b3:
d0:cc:fd:c4:76:eb:4c:69:49:69:42:0d:84:68:03:
f8:54:26:28:0b:c9:de:46:60:03:b8:7e:c2:de:e3:
72:0c:b7:16:34:68:28:f1:b5:47:c7:ec:07:93:00:
3c:a1:59:bf:be:73:57:da:17:57:0f:de:9c:46:25:
a8:88:c0:9c:0a:51:9d:6e:f6:38:5b:73:e4:6f:dc:
77:9c:06:0d:4b:22:1b:59:75:b9:85:b7:d8:4c:70:
52:12:61:8c:94:ef:1d:26:41:58:5f:97:05:03:e5:
ba:7c:4b:54:ee:92:ca:1c:df:d0:63:89:40:61:eb:
a2:16:6c:7b:b3:3c:16:15:cf:21:e2:90:a5:5b:2d:
cd:1e:67:8b:6d:1c:9d:39:e5:f6:89:4a:2c:bd:00:
9a:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:C8:D1:39:5E:5B:42:81:0D:76:43:DD:38:77:06:FF:8A:96:75:56
X509v3 Authority Key Identifier:
keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/h8jROV5bQoENdkPdOHcG_4qWdVY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.164.15.0/24
95.164.40.0/22
95.164.49.0-95.164.50.255
95.164.56.0/22
95.164.72.0-95.164.76.255
95.164.80.0/22
95.164.120.0/23
95.164.170.0-95.164.175.255
95.164.248.0/23
95.164.251.0/24
185.234.254.0/24
IPv6:
2a10:eb80::/29
Signature Algorithm: sha256WithRSAEncryption
90:5d:df:59:8c:82:06:46:9a:f0:69:8b:4f:0f:9a:42:e6:0c:
31:0d:42:a0:8d:dc:d4:46:e0:5a:ec:97:fd:d2:4d:79:2d:8b:
06:9d:2b:7b:25:30:20:f8:a3:0c:52:29:4d:d3:d4:d3:ed:13:
3e:87:fd:09:5d:b6:52:b3:a1:7c:8d:1a:5e:82:a9:b3:ad:31:
e8:bb:67:97:28:f5:01:83:41:36:38:e1:9a:5a:ab:4e:ee:a3:
09:ed:c4:15:eb:22:8a:3d:0f:c8:ac:2c:94:5c:e8:0b:c9:64:
8b:81:ee:c3:a9:6e:c7:00:aa:73:7f:83:a3:1b:2f:76:32:56:
68:b7:42:43:c8:83:dc:cb:69:65:62:68:ee:39:34:0a:74:56:
fc:2a:85:cc:2d:fc:11:12:bb:5e:b9:c1:a0:28:26:f0:9c:52:
51:ca:a2:34:36:40:9b:8a:f1:10:8c:34:cf:f1:ae:ff:0a:d0:
89:c4:9b:0f:0f:d5:39:70:3d:a4:1c:89:d1:ba:86:5f:26:3a:
30:12:ae:f4:04:a5:ae:a6:73:17:c0:04:39:ca:a9:7e:a3:93:
92:59:30:c2:aa:a4:93:af:82:e2:77:d3:1a:83:73:af:ba:b8:
17:7b:9e:19:e9:81:85:ef:8d:7a:ef:1c:43:64:86:85:46:1f:
c7:34:f6:db
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZg3Ix7wmctie0G1LS/bP6MJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwNzIzMTE1NTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2M4ZDEzOTVlNWI0MjgxMGQ3NjQzZGQzODc3MDZmZjhhOTY3NTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9fyvs2gdr1obRwG5/RFFqanNaPf
7UwOI+hwSXM3rpAgx++QQSNYZSzXDdrmVT14bm6R1hfcTy05AsPkKoMKNj+qoz4s
3dg6uGlobPBSDqTc3fFpOtgUI/c2wB9ry7wZd8D/6tEJSLPQzP3EdutMaUlpQg2E
aAP4VCYoC8neRmADuH7C3uNyDLcWNGgo8bVHx+wHkwA8oVm/vnNX2hdXD96cRiWo
iMCcClGdbvY4W3Pkb9x3nAYNSyIbWXW5hbfYTHBSEmGMlO8dJkFYX5cFA+W6fEtU
7pLKHN/QY4lAYeuiFmx7szwWFc8h4pClWy3NHmeLbRydOeX2iUosvQCakQIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFIfI0TleW0KBDXZD3Th3Bv+KlnVWMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvaDhqUk9WNWJRb0VOZGtQZE9IY0dfNHFXZFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWgMEAF+kDwME
Al+kKDAMAwQAX6QxAwQAX6QyAwQCX6Q4MAwDBANfpEgDBABfpEwDBAJfpFADBAFf
pHgwDAMEAV+kqgMEBF+koAMEAV+k+AMEAF+k+wMEALnq/jANBAIAAjAHAwUDKhDr
gDANBgkqhkiG9w0BAQsFAAOCAQEAkF3fWYyCBkaa8GmLTw+aQuYMMQ1CoI3c1Ebg
WuyX/dJNeS2LBp0reyUwIPijDFIpTdPU0+0TPof9CV22UrOhfI0aXoKps60x6Ltn
lyj1AYNBNjjhmlqrTu6jCe3EFesiij0PyKwslFzoC8lki4Huw6luxwCqc3+Doxsv
djJWaLdCQ8iD3MtpZWJo7jk0CnRW/CqFzC38ERK7XrnBoCgm8JxSUcqiNDZAm4rx
EIw0z/Gu/wrQicSbDw/VOXA9pByJ0bqGXyY6MBKu9ASlrqZzF8AEOcqpfqOTklkw
wqqkk6+C4nfTGoNzr7q4F3ueGemBhe+Neu8cQ2SGhUYfxzT22w==
-----END CERTIFICATE-----
Generated at Sat Aug 9 02:49:35 2025 by rpki-client