Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7bed63-406e-405c-a7f0-7cd9c3baba25/1/1-hKq9wb4D_GY_fnZO_c_s4LLEX0.roa
File: 1-hKq9wb4D_GY_fnZO_c_s4LLEX0.roa (raw, json)
Hash identifier: GBxwWVnB/Rc6j+xa3+zoxw/YNpQwaqrDeItK1vr3xY4=
Subject key identifier: FA:12:AA:F7:06:F8:0F:F1:98:FD:F9:D9:3B:F7:3F:B3:82:CB:11:7D
Certificate issuer: /CN=24c96d386d7cf59a990d3994f0df8493dfca49b3
Certificate serial: 01977C854412219D7206ADB92895BF874E53
Authority key identifier: 24:C9:6D:38:6D:7C:F5:9A:99:0D:39:94:F0:DF:84:93:DF:CA:49:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JMltOG189ZqZDTmU8N-Ek9_KSbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/7bed63-406e-405c-a7f0-7cd9c3baba25/1/1-hKq9wb4D_GY_fnZO_c_s4LLEX0.roa
Signing time: Tue 17 Jun 2025 06:13:17 +0000
ROA not before: Tue 17 Jun 2025 06:13:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8193
IP address blocks: 195.158.0.0/19 maxlen: 24
195.158.1.0/24 maxlen: 24
195.158.12.0/24 maxlen: 24
195.158.22.0/24 maxlen: 24
195.158.23.0/24 maxlen: 24
213.230.64.0/18 maxlen: 24
213.230.72.0/23 maxlen: 23
213.230.74.0/23 maxlen: 23
213.230.76.0/23 maxlen: 23
213.230.78.0/23 maxlen: 23
213.230.80.0/23 maxlen: 23
213.230.82.0/23 maxlen: 23
213.230.86.0/23 maxlen: 23
213.230.86.0/24 maxlen: 24
213.230.87.0/24 maxlen: 24
213.230.88.0/23 maxlen: 23
213.230.92.0/23 maxlen: 23
213.230.92.0/24 maxlen: 24
213.230.93.0/24 maxlen: 24
213.230.100.0/23 maxlen: 23
213.230.102.0/23 maxlen: 23
213.230.109.0/24 maxlen: 24
213.230.112.0/23 maxlen: 23
213.230.114.0/23 maxlen: 23
213.230.116.0/23 maxlen: 23
213.230.118.0/23 maxlen: 23
213.230.125.0/24 maxlen: 24
2a05:45c0::/32 maxlen: 32
2a05:45c1::/32 maxlen: 32
2a05:45c1::/48 maxlen: 48
2a05:45c2::/36 maxlen: 36
2a05:45c2:1000::/36 maxlen: 36
2a05:45c2:2000::/36 maxlen: 36
2a05:45c2:3000::/36 maxlen: 36
2a05:45c2:4000::/36 maxlen: 36
2a05:45c2:5000::/36 maxlen: 36
2a05:45c2:6000::/36 maxlen: 36
2a05:45c2:7000::/36 maxlen: 36
2a05:45c2:8000::/36 maxlen: 36
2a05:45c5::/32 maxlen: 32
2a05:45c5:1000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f7/7bed63-406e-405c-a7f0-7cd9c3baba25/1/JMltOG189ZqZDTmU8N-Ek9_KSbM.crl
rsync://rpki.ripe.net/repository/DEFAULT/f7/7bed63-406e-405c-a7f0-7cd9c3baba25/1/JMltOG189ZqZDTmU8N-Ek9_KSbM.mft
rsync://rpki.ripe.net/repository/DEFAULT/JMltOG189ZqZDTmU8N-Ek9_KSbM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 20 Jun 2025 04:09:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:7c:85:44:12:21:9d:72:06:ad:b9:28:95:bf:87:4e:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=24c96d386d7cf59a990d3994f0df8493dfca49b3
Validity
Not Before: Jun 17 06:13:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fa12aaf706f80ff198fdf9d93bf73fb382cb117d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:e4:67:66:aa:5b:7f:54:6a:f2:25:18:db:2c:
4f:87:32:07:9f:11:a3:3d:28:34:8c:53:b0:15:3d:
52:7f:93:32:86:a9:bd:49:10:1c:14:c2:fa:3f:2b:
9d:2f:e9:75:28:d5:cf:4b:c1:64:f7:59:cb:4f:1d:
79:81:9e:a0:f0:4e:5d:5c:1f:79:6e:74:37:77:2a:
48:7a:33:1a:0e:c2:43:8d:08:5b:69:6d:33:ee:5c:
d5:ba:29:ed:0e:0e:01:82:11:24:5c:7d:d4:1d:98:
cb:44:b6:2d:72:a8:4c:0e:ab:ef:52:06:3f:3b:96:
2b:c5:4e:16:d8:a0:3e:d1:9e:71:56:d4:95:97:05:
a9:4f:8f:36:d2:e9:df:fd:35:79:07:88:a8:5b:50:
b7:0c:c9:cd:74:80:f9:92:69:44:2d:4f:14:06:99:
6a:21:a4:9e:8a:a7:97:cc:4d:ac:c7:fc:d2:8d:4f:
84:80:2b:e9:b1:d9:de:43:de:19:2b:5d:d8:69:b4:
c6:65:c0:e8:52:9a:e8:3e:13:f6:24:92:7e:8c:62:
be:38:f0:48:c6:9b:61:09:42:d0:56:26:65:df:32:
a1:08:19:bf:88:eb:9e:11:8a:81:00:4c:df:a1:12:
1d:75:e9:df:24:8b:fe:c5:90:ae:9b:aa:bc:5b:ea:
82:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:12:AA:F7:06:F8:0F:F1:98:FD:F9:D9:3B:F7:3F:B3:82:CB:11:7D
X509v3 Authority Key Identifier:
keyid:24:C9:6D:38:6D:7C:F5:9A:99:0D:39:94:F0:DF:84:93:DF:CA:49:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JMltOG189ZqZDTmU8N-Ek9_KSbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7bed63-406e-405c-a7f0-7cd9c3baba25/1/1-hKq9wb4D_GY_fnZO_c_s4LLEX0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7bed63-406e-405c-a7f0-7cd9c3baba25/1/JMltOG189ZqZDTmU8N-Ek9_KSbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.158.0.0/19
213.230.64.0/18
IPv6:
2a05:45c0::-2a05:45c2:8fff:ffff:ffff:ffff:ffff:ffff
2a05:45c5::/32
Signature Algorithm: sha256WithRSAEncryption
8e:ea:cd:7f:7d:b9:e8:89:fa:f1:c6:f7:d1:c3:91:db:6f:2e:
7d:c0:76:11:6d:49:71:cc:e2:e4:e8:db:93:65:87:14:b1:1b:
e1:91:34:05:fc:d0:dc:59:d9:d8:46:72:53:01:c5:19:9e:6b:
fc:b9:93:73:7e:28:24:13:9e:94:94:fc:8a:fa:db:76:0b:9a:
97:25:02:8e:48:6b:48:ee:83:fd:b9:f3:18:41:61:41:64:56:
55:de:03:12:96:e4:89:c7:13:de:e6:7d:08:42:64:71:f7:a1:
38:27:b4:1f:28:c3:62:63:5a:19:93:05:43:97:18:59:fd:83:
5f:b3:69:e4:22:e0:99:62:96:46:8e:0e:0e:d6:f0:53:fd:35:
ce:17:37:f4:4f:98:93:8d:51:38:ba:8b:f1:40:e5:83:79:6c:
4f:fb:2f:bf:61:0e:db:53:ed:94:d4:60:3d:cb:42:3e:90:4a:
37:b0:df:22:20:fd:dc:f2:37:b7:b1:f2:43:73:ab:dd:96:43:
e9:7f:40:88:3e:e0:21:90:e7:18:59:24:00:38:fb:d7:20:d2:
4b:61:a1:2d:65:b0:5d:2a:d6:5d:cd:92:68:08:29:6d:8a:7a:
3b:ab:3c:91:d3:d6:a4:82:c6:24:c3:12:2f:88:8c:fd:4f:7b:
3b:48:17:0e
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZd8hUQSIZ1yBq25KJW/h05TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0Yzk2ZDM4NmQ3Y2Y1OWE5OTBkMzk5NGYwZGY4NDkzZGZj
YTQ5YjMwHhcNMjUwNjE3MDYxMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTEyYWFmNzA2ZjgwZmYxOThmZGY5ZDkzYmY3M2ZiMzgyY2IxMTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzORnZqpbf1Rq8iUY2yxPhzIHnxGj
PSg0jFOwFT1Sf5Myhqm9SRAcFML6PyudL+l1KNXPS8Fk91nLTx15gZ6g8E5dXB95
bnQ3dypIejMaDsJDjQhbaW0z7lzVuintDg4BghEkXH3UHZjLRLYtcqhMDqvvUgY/
O5YrxU4W2KA+0Z5xVtSVlwWpT4820unf/TV5B4ioW1C3DMnNdID5kmlELU8UBplq
IaSeiqeXzE2sx/zSjU+EgCvpsdneQ94ZK13YabTGZcDoUproPhP2JJJ+jGK+OPBI
xpthCULQViZl3zKhCBm/iOueEYqBAEzfoRIddenfJIv+xZCum6q8W+qCOwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFPoSqvcG+A/xmP352Tv3P7OCyxF9MB8GA1UdIwQY
MBaAFCTJbThtfPWamQ05lPDfhJPfykmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk1sdE9HMTg5WnFaRFRtVThOLUVrOV9LU2JNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83YmVkNjMtNDA2ZS00MDVjLWE3ZjAt
N2NkOWMzYmFiYTI1LzEvMS1oS3E5d2I0RF9HWV9mblpPX2NfczRMTEVYMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjcvN2JlZDYzLTQwNmUtNDA1Yy1hN2YwLTdjZDljM2JhYmEy
NS8xL0pNbHRPRzE4OVpxWkRUbVU4Ti1FazlfS1NiTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBFBggrBgEFBQcBBwEB/wQ2MDQwEgQCAAEwDAMEBcOeAAME
BtXmQDAeBAIAAjAYMA8DBQYqBUXAAwYEKgVFwoADBQAqBUXFMA0GCSqGSIb3DQEB
CwUAA4IBAQCO6s1/fbnoifrxxvfRw5Hbby59wHYRbUlxzOLk6NuTZYcUsRvhkTQF
/NDcWdnYRnJTAcUZnmv8uZNzfigkE56UlPyK+tt2C5qXJQKOSGtI7oP9ufMYQWFB
ZFZV3gMSluSJxxPe5n0IQmRx96E4J7QfKMNiY1oZkwVDlxhZ/YNfs2nkIuCZYpZG
jg4O1vBT/TXOFzf0T5iTjVE4uovxQOWDeWxP+y+/YQ7bU+2U1GA9y0I+kEo3sN8i
IP3c8je3sfJDc6vdlkPpf0CIPuAhkOcYWSQAOPvXINJLYaEtZbBdKtZdzZJoCClt
ino7qzyR09akgsYkwxIviIz9T3s7SBcO
-----END CERTIFICATE-----
Generated at Thu Jun 19 12:33:27 2025 by rpki-client