Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/592cf0-03df-4886-b061-284f7c9622b5/1/gF7OF-sH3XFh2hq8KjpdxJgt63g.roa
File: gF7OF-sH3XFh2hq8KjpdxJgt63g.roa (raw, json)
Hash identifier: EpA0qsYa3m/WYOamet70LyZkiEfTFAk3SQEWKz+UC8w=
Subject key identifier: 80:5E:CE:17:EB:07:DD:71:61:DA:1A:BC:2A:3A:5D:C4:98:2D:EB:78
Certificate issuer: /CN=b13099c38b6477a68c98019ff6e0040808078b90
Certificate serial: 0197A183D266A569010345631AD470F49C95
Authority key identifier: B1:30:99:C3:8B:64:77:A6:8C:98:01:9F:F6:E0:04:08:08:07:8B:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sTCZw4tkd6aMmAGf9uAECAgHi5A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/592cf0-03df-4886-b061-284f7c9622b5/1/gF7OF-sH3XFh2hq8KjpdxJgt63g.roa
Signing time: Tue 24 Jun 2025 10:37:40 +0000
ROA not before: Tue 24 Jun 2025 10:37:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206347
IP address blocks: 37.48.225.0/24 maxlen: 24
37.48.226.0/23 maxlen: 23
37.48.228.0/24 maxlen: 24
37.48.231.0/24 maxlen: 24
138.124.160.0/20 maxlen: 24
138.124.175.0/24 maxlen: 24
185.32.92.0/22 maxlen: 24
185.67.232.0/22 maxlen: 22
185.102.132.0/22 maxlen: 24
185.193.168.0/22 maxlen: 24
2a0b:de40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/07/592cf0-03df-4886-b061-284f7c9622b5/1/sTCZw4tkd6aMmAGf9uAECAgHi5A.crl
rsync://rpki.ripe.net/repository/DEFAULT/07/592cf0-03df-4886-b061-284f7c9622b5/1/sTCZw4tkd6aMmAGf9uAECAgHi5A.mft
rsync://rpki.ripe.net/repository/DEFAULT/sTCZw4tkd6aMmAGf9uAECAgHi5A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 02 Jul 2025 13:02:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:a1:83:d2:66:a5:69:01:03:45:63:1a:d4:70:f4:9c:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b13099c38b6477a68c98019ff6e0040808078b90
Validity
Not Before: Jun 24 10:37:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=805ece17eb07dd7161da1abc2a3a5dc4982deb78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:ef:52:78:67:d1:19:5d:9d:ad:d2:0a:58:ed:
ea:d6:99:54:70:2d:a0:30:79:97:b5:c0:59:5c:37:
21:74:74:be:64:b1:87:f5:ef:18:6c:49:ac:66:1b:
c3:bc:57:e3:11:91:d9:37:a4:c0:fd:3d:6d:4b:5d:
ea:ef:24:20:a0:3e:41:6b:11:da:f2:34:76:1d:65:
7c:18:08:46:e8:31:5a:96:13:0e:7e:50:f8:be:c3:
de:03:58:2f:ea:e0:60:2d:c7:de:a8:81:cc:ca:c8:
9f:51:a7:27:3b:c6:f6:42:55:a8:8b:4f:e9:42:92:
5f:31:ad:f5:a6:95:ff:62:22:19:f2:39:4e:d0:8f:
13:47:60:bf:d3:1b:1c:c2:51:1e:af:78:f9:9b:7a:
d7:de:b3:4b:23:2d:4e:37:58:66:74:a5:8d:43:eb:
89:a2:d9:01:0b:ac:39:2b:7a:c8:71:af:da:12:4e:
a6:58:4c:55:db:93:7c:8c:2e:15:65:10:4e:43:40:
fa:57:3f:a9:df:42:98:ce:cd:53:b9:38:b4:e7:80:
0d:9b:1e:be:d4:4c:2d:52:e6:c1:2c:99:b2:47:17:
50:fc:ec:88:f5:0d:c8:ae:a6:5e:34:fd:2b:e5:ef:
5d:b6:be:43:b6:12:7f:8e:a6:1d:08:49:0a:c7:92:
70:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:5E:CE:17:EB:07:DD:71:61:DA:1A:BC:2A:3A:5D:C4:98:2D:EB:78
X509v3 Authority Key Identifier:
keyid:B1:30:99:C3:8B:64:77:A6:8C:98:01:9F:F6:E0:04:08:08:07:8B:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sTCZw4tkd6aMmAGf9uAECAgHi5A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/592cf0-03df-4886-b061-284f7c9622b5/1/gF7OF-sH3XFh2hq8KjpdxJgt63g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/592cf0-03df-4886-b061-284f7c9622b5/1/sTCZw4tkd6aMmAGf9uAECAgHi5A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.48.225.0-37.48.228.255
37.48.231.0/24
138.124.160.0/20
185.32.92.0/22
185.67.232.0/22
185.102.132.0/22
185.193.168.0/22
IPv6:
2a0b:de40::/29
Signature Algorithm: sha256WithRSAEncryption
57:f5:33:c9:f3:1f:99:39:69:e1:69:3c:85:46:d1:25:2c:bb:
bc:b7:dc:6b:18:e4:2a:86:43:9a:98:01:25:1f:41:ae:6b:bf:
09:ea:6b:3e:e0:5a:42:51:23:ad:db:5b:a1:46:b5:d3:07:49:
9b:87:08:27:27:7b:ad:ca:bc:e3:5b:2b:97:18:0b:91:15:88:
91:67:7b:97:b2:93:f0:0e:7d:a3:96:e3:72:60:bd:66:d2:84:
93:a8:7c:02:c3:0b:83:3b:0e:63:d8:18:6f:86:b1:7d:e3:52:
3c:ad:11:86:c2:a8:d2:d8:43:d4:90:06:ae:28:06:03:5e:10:
40:bb:7f:b4:05:b5:4c:bd:83:03:eb:ae:52:89:ed:de:7c:69:
a2:11:bd:ea:c1:a6:95:39:46:49:21:e2:df:3f:88:13:d7:fd:
7b:6c:dc:e3:52:bc:f8:73:29:af:bd:7b:40:78:8e:c3:55:e8:
0a:fd:68:f8:02:64:da:0e:7b:cf:dd:08:d6:65:85:69:fc:60:
80:cc:5f:1f:09:57:67:a1:35:ae:3e:ca:8f:41:03:fc:fa:af:
dd:32:8a:69:8a:fe:3e:47:f2:75:8f:59:32:a4:18:8c:73:a0:
f4:75:92:ec:e9:9c:a4:7f:c1:ee:66:8f:70:a2:f3:b3:c4:97:
87:c8:d6:dd
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZehg9JmpWkBA0VjGtRw9JyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMzA5OWMzOGI2NDc3YTY4Yzk4MDE5ZmY2ZTAwNDA4MDgw
NzhiOTAwHhcNMjUwNjI0MTAzNzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDVlY2UxN2ViMDdkZDcxNjFkYTFhYmMyYTNhNWRjNDk4MmRlYjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+9SeGfRGV2drdIKWO3q1plUcC2g
MHmXtcBZXDchdHS+ZLGH9e8YbEmsZhvDvFfjEZHZN6TA/T1tS13q7yQgoD5BaxHa
8jR2HWV8GAhG6DFalhMOflD4vsPeA1gv6uBgLcfeqIHMysifUacnO8b2QlWoi0/p
QpJfMa31ppX/YiIZ8jlO0I8TR2C/0xscwlEer3j5m3rX3rNLIy1ON1hmdKWNQ+uJ
otkBC6w5K3rIca/aEk6mWExV25N8jC4VZRBOQ0D6Vz+p30KYzs1TuTi054ANmx6+
1EwtUubBLJmyRxdQ/OyI9Q3IrqZeNP0r5e9dtr5DthJ/jqYdCEkKx5Jw0QIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFIBezhfrB91xYdoavCo6XcSYLet4MB8GA1UdIwQY
MBaAFLEwmcOLZHemjJgBn/bgBAgIB4uQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1RDWnc0dGtkNmFNbUFHZjl1QUVDQWdIaTVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy81OTJjZjAtMDNkZi00ODg2LWIwNjEt
Mjg0ZjdjOTYyMmI1LzEvZ0Y3T0Ytc0gzWEZoMmhxOEtqcGR4Smd0NjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy81OTJjZjAtMDNkZi00ODg2LWIwNjEtMjg0ZjdjOTYyMmI1
LzEvc1RDWnc0dGtkNmFNbUFHZjl1QUVDQWdIaTVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyMAwDBAAlMOED
BAAlMOQDBAAlMOcDBASKfKADBAK5IFwDBAK5Q+gDBAK5ZoQDBAK5wagwDQQCAAIw
BwMFAyoL3kAwDQYJKoZIhvcNAQELBQADggEBAFf1M8nzH5k5aeFpPIVG0SUsu7y3
3GsY5CqGQ5qYASUfQa5rvwnqaz7gWkJRI63bW6FGtdMHSZuHCCcne63KvONbK5cY
C5EViJFne5eyk/AOfaOW43JgvWbShJOofALDC4M7DmPYGG+GsX3jUjytEYbCqNLY
Q9SQBq4oBgNeEEC7f7QFtUy9gwPrrlKJ7d58aaIRverBppU5Rkkh4t8/iBPX/Xts
3ONSvPhzKa+9e0B4jsNV6Ar9aPgCZNoOe8/dCNZlhWn8YIDMXx8JV2ehNa4+yo9B
A/z6r90yimmK/j5H8nWPWTKkGIxzoPR1kuzpnKR/we5mj3Ci87PEl4fI1t0=
-----END CERTIFICATE-----
Generated at Tue Jul 1 20:44:20 2025 by rpki-client