Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UhzVhw54CMqjNz7xp-xvBE81m-4.roa
File: UhzVhw54CMqjNz7xp-xvBE81m-4.roa (raw, json)
Hash identifier: owjMTuwg9zNZaFooQiqDTbz5mntr5OJJLDFUJXINqWs=
Subject key identifier: 52:1C:D5:87:0E:78:08:CA:A3:37:3E:F1:A7:EC:6F:04:4F:35:9B:EE
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01988DC3539ECF685C219D3078A88BF9E81F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UhzVhw54CMqjNz7xp-xvBE81m-4.roa
Signing time: Sat 09 Aug 2025 07:37:25 +0000
ROA not before: Sat 09 Aug 2025 07:37:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43641
IP address blocks: 192.124.173.0/24 maxlen: 24
194.87.153.0/24 maxlen: 24
195.58.57.0/24 maxlen: 24
212.193.16.0/24 maxlen: 24
212.193.17.0/24 maxlen: 24
212.193.19.0/24 maxlen: 24
212.193.21.0/24 maxlen: 24
212.193.22.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 09:01:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:8d:c3:53:9e:cf:68:5c:21:9d:30:78:a8:8b:f9:e8:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Aug 9 07:37:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=521cd5870e7808caa3373ef1a7ec6f044f359bee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:4b:49:b9:f7:44:18:db:e7:db:6d:99:fd:54:
7e:00:97:40:a7:11:5d:cf:4e:8d:16:c1:59:31:fb:
d1:06:ad:e5:15:56:c0:d2:f3:f8:23:d8:5e:ae:7d:
7e:2b:dc:cb:d9:b1:d1:81:27:a1:19:ae:3f:1f:b9:
03:60:d5:00:75:bb:e7:63:ab:07:bd:8c:18:07:bc:
f3:db:1b:e6:f1:cc:4d:b9:63:f4:4e:05:0c:e5:f5:
ac:15:d2:95:40:85:38:aa:df:f5:b4:73:8d:ef:67:
d8:ad:0e:f6:c8:14:b1:3a:70:53:44:63:3e:aa:33:
d0:44:e3:68:cf:ed:3d:4a:44:65:fd:88:99:33:2e:
bd:7e:3d:5f:ed:ff:34:c8:84:5e:c3:12:af:cd:3b:
fc:c9:ec:78:a3:05:43:7e:bb:48:56:9d:80:4d:93:
e3:32:7e:7d:7e:30:17:36:18:7f:4d:30:a2:8e:fd:
b9:9a:22:b5:41:15:ce:d2:be:08:ae:0c:e5:4d:56:
37:b9:39:93:46:dc:e8:7b:d4:16:59:6a:8b:c5:33:
06:39:f5:7a:82:20:fb:86:f7:ae:5b:59:1d:63:a6:
72:b1:5f:02:f9:3f:aa:c5:b0:01:94:cd:ab:90:a2:
36:05:a5:0a:55:5c:ac:f2:da:0a:95:4e:e5:bd:8f:
60:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:1C:D5:87:0E:78:08:CA:A3:37:3E:F1:A7:EC:6F:04:4F:35:9B:EE
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UhzVhw54CMqjNz7xp-xvBE81m-4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.173.0/24
194.87.153.0/24
195.58.57.0/24
212.193.16.0/23
212.193.19.0/24
212.193.21.0-212.193.22.255
Signature Algorithm: sha256WithRSAEncryption
87:7a:01:ea:01:2a:30:9a:90:6d:0b:f1:80:94:30:09:68:4e:
9e:e7:c3:42:b6:98:da:7d:ba:03:48:36:e5:19:48:47:b9:4c:
17:d5:47:5b:a1:55:cb:aa:b8:5d:6b:63:79:8f:cd:b1:79:71:
14:c0:94:cd:c5:fb:58:52:f7:d7:76:3f:fb:fa:c8:e4:8f:d9:
c2:4b:bf:31:73:65:4b:78:20:50:55:1c:e8:14:86:27:69:f6:
a3:6c:da:dc:9e:c7:78:9d:f6:c7:71:9d:da:ef:23:ae:12:52:
58:5e:20:55:d3:d5:b8:b3:1e:42:de:cf:ae:d1:d2:77:82:0c:
a7:16:3f:19:7c:05:cf:a5:cd:cf:86:fa:c7:12:fc:8c:4a:1b:
4f:74:87:9a:31:ea:85:46:8b:eb:89:b7:8a:47:2b:d0:51:cf:
c8:08:15:82:f6:a2:ec:7f:17:7d:02:7b:a1:35:7a:29:39:55:
6c:2a:87:c0:cf:45:64:cd:6d:6f:18:18:10:80:46:01:02:7c:
42:a1:4d:75:7e:bf:0e:4b:02:a1:20:e2:26:1e:d6:f4:5b:df:
6d:fa:5c:bf:1e:1e:4a:b1:da:6d:48:3c:ff:0c:2c:ac:2d:e2:
52:96:a0:3b:f5:5a:ae:9a:37:a2:f3:59:fe:4c:c1:3a:8e:f3:
37:f8:3b:8f
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZiNw1Oez2hcIZ0weKiL+egfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwODA5MDczNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjFjZDU4NzBlNzgwOGNhYTMzNzNlZjFhN2VjNmYwNDRmMzU5YmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjktJufdEGNvn222Z/VR+AJdApxFd
z06NFsFZMfvRBq3lFVbA0vP4I9hern1+K9zL2bHRgSehGa4/H7kDYNUAdbvnY6sH
vYwYB7zz2xvm8cxNuWP0TgUM5fWsFdKVQIU4qt/1tHON72fYrQ72yBSxOnBTRGM+
qjPQRONoz+09SkRl/YiZMy69fj1f7f80yIRewxKvzTv8yex4owVDfrtIVp2ATZPj
Mn59fjAXNhh/TTCijv25miK1QRXO0r4IrgzlTVY3uTmTRtzoe9QWWWqLxTMGOfV6
giD7hveuW1kdY6ZysV8C+T+qxbABlM2rkKI2BaUKVVys8toKlU7lvY9gqwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFFIc1YcOeAjKozc+8afsbwRPNZvuMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVWh6Vmh3NTRDTXFqTno3eHAteHZCRTgxbS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAwHytAwQA
wleZAwQAwzo5AwQB1MEQAwQA1METMAwDBADUwRUDBADUwRYwDQYJKoZIhvcNAQEL
BQADggEBAId6AeoBKjCakG0L8YCUMAloTp7nw0K2mNp9ugNINuUZSEe5TBfVR1uh
VcuquF1rY3mPzbF5cRTAlM3F+1hS99d2P/v6yOSP2cJLvzFzZUt4IFBVHOgUhidp
9qNs2tyex3id9sdxndrvI64SUlheIFXT1bizHkLez67R0neCDKcWPxl8Bc+lzc+G
+scS/IxKG090h5ox6oVGi+uJt4pHK9BRz8gIFYL2oux/F30Ce6E1eik5VWwqh8DP
RWTNbW8YGBCARgECfEKhTXV+vw5LAqEg4iYe1vRb3236XL8eHkqx2m1IPP8MLKwt
4lKWoDv1Wq6aN6LzWf5MwTqO8zf4O48=
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:08:49 2025 by rpki-client