Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/oqbSDVyffYW6POB_Swdu2RDuL0U.roa
File: oqbSDVyffYW6POB_Swdu2RDuL0U.roa (raw, json)
Hash identifier: sIzz4Hddo5JRH5QoMZorIpCfLRHXcarNIkRS1cu9s/g=
Subject key identifier: A2:A6:D2:0D:5C:9F:7D:85:BA:3C:E0:7F:4B:07:6E:D9:10:EE:2F:45
Certificate issuer: /CN=45b9854b044594e6cf0846fb41de7b0908fb5f72
Certificate serial: 0198C46B038212F45DE78CFF4F9BDC40AB18
Authority key identifier: 45:B9:85:4B:04:45:94:E6:CF:08:46:FB:41:DE:7B:09:08:FB:5F:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RbmFSwRFlObPCEb7Qd57CQj7X3I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/oqbSDVyffYW6POB_Swdu2RDuL0U.roa
Signing time: Tue 19 Aug 2025 22:20:04 +0000
ROA not before: Tue 19 Aug 2025 22:20:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24679
IP address blocks: 81.3.0.0/18 maxlen: 24
83.246.0.0/17 maxlen: 24
185.148.168.0/22 maxlen: 24
193.201.52.0/22 maxlen: 24
193.238.228.0/22 maxlen: 24
195.47.229.0/24 maxlen: 24
195.158.238.0/23 maxlen: 24
195.158.238.0/24 maxlen: 24
195.158.239.0/24 maxlen: 24
217.175.224.0/19 maxlen: 24
217.195.32.0/20 maxlen: 24
2a02:790::/32 maxlen: 48
2a07:60c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/RbmFSwRFlObPCEb7Qd57CQj7X3I.crl
rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/RbmFSwRFlObPCEb7Qd57CQj7X3I.mft
rsync://rpki.ripe.net/repository/DEFAULT/RbmFSwRFlObPCEb7Qd57CQj7X3I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 14:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c4:6b:03:82:12:f4:5d:e7:8c:ff:4f:9b:dc:40:ab:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=45b9854b044594e6cf0846fb41de7b0908fb5f72
Validity
Not Before: Aug 19 22:20:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a2a6d20d5c9f7d85ba3ce07f4b076ed910ee2f45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:c9:56:67:c6:aa:ae:c0:41:93:f7:8f:44:b6:
b2:72:4d:78:3d:6f:da:79:64:04:75:65:36:14:af:
c4:a0:b1:11:5a:ad:b2:cd:b7:db:e8:3e:20:72:70:
b9:d7:12:8d:20:86:bd:ca:cd:de:81:c9:43:18:01:
9a:ab:5c:20:fd:7f:ec:c2:87:58:66:f8:c9:f5:b2:
9e:c5:e0:5f:86:dd:ea:f6:69:0a:b0:85:51:03:89:
1c:ab:af:f4:ff:08:f8:53:f7:73:bd:f3:4a:ba:d5:
e4:22:a5:57:08:70:ff:d5:68:b1:d5:cb:4e:29:52:
f5:ca:f1:b7:ae:55:22:dc:48:c4:4f:4b:3b:6b:87:
e4:bc:64:29:70:5a:62:e2:7e:42:09:0e:03:cd:59:
16:b5:c6:83:8f:b7:38:c7:88:63:62:90:e5:44:7d:
85:d3:ce:d1:3a:8e:23:25:a3:10:1e:d1:7e:ad:e4:
ea:11:1e:12:12:6b:5f:1e:b3:a1:a5:09:3c:4d:ab:
9a:82:58:4c:c0:de:fb:6d:e9:d6:82:5e:21:2f:62:
26:ff:d3:73:7d:ac:9b:5c:4e:07:8d:98:de:2f:ff:
a2:dd:a0:36:96:d6:fa:05:95:3e:f1:0d:8b:12:1f:
00:3e:db:d9:e1:2b:13:dc:4e:cc:d4:22:ad:88:82:
f1:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:A6:D2:0D:5C:9F:7D:85:BA:3C:E0:7F:4B:07:6E:D9:10:EE:2F:45
X509v3 Authority Key Identifier:
keyid:45:B9:85:4B:04:45:94:E6:CF:08:46:FB:41:DE:7B:09:08:FB:5F:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RbmFSwRFlObPCEb7Qd57CQj7X3I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/oqbSDVyffYW6POB_Swdu2RDuL0U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/RbmFSwRFlObPCEb7Qd57CQj7X3I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.3.0.0/18
83.246.0.0/17
185.148.168.0/22
193.201.52.0/22
193.238.228.0/22
195.47.229.0/24
195.158.238.0/23
217.175.224.0/19
217.195.32.0/20
IPv6:
2a02:790::/32
2a07:60c0::/29
Signature Algorithm: sha256WithRSAEncryption
88:cd:eb:b8:82:25:f3:dc:ba:1e:f7:a2:a2:e8:ad:65:c1:a0:
49:71:8d:97:e4:e1:b7:43:bd:78:f5:05:59:af:fd:a9:6a:12:
a0:cf:4a:b9:77:15:68:d6:ec:a6:f9:66:7a:e5:a5:03:a8:5f:
a2:0f:5c:2f:56:05:ef:9b:74:28:60:c2:15:06:61:a9:83:80:
cf:70:56:a5:5a:33:8f:75:22:c7:c8:d7:46:48:a6:31:61:fe:
43:7f:32:36:f5:dc:69:66:1c:7b:6e:1c:6a:a6:5d:7b:99:bf:
53:df:9b:41:5a:22:1b:51:f5:97:6d:32:b0:e1:78:42:4c:46:
75:c2:c2:b6:24:70:a3:0b:bd:d6:5d:a2:2a:53:a6:cf:2e:75:
d4:9b:ba:a9:1d:c0:e0:a3:84:0a:f0:89:8c:13:a5:d0:d1:46:
e9:13:ad:e3:11:4a:4c:91:89:6e:ed:13:76:cf:8a:92:3d:8d:
0c:ab:17:19:e0:47:3d:05:6a:4b:07:ef:e6:df:88:96:f1:c8:
c8:60:6d:eb:b3:d2:f6:d7:ba:77:31:83:c7:b0:dd:d9:9b:ad:
b1:42:c8:f6:21:55:43:74:e7:ae:08:65:81:95:d9:28:54:7f:
5f:0a:7c:36:4a:3e:13:ef:b4:44:ff:fc:d8:4e:0d:eb:f4:bd:
3e:2b:82:1e
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZjEawOCEvRd54z/T5vcQKsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1Yjk4NTRiMDQ0NTk0ZTZjZjA4NDZmYjQxZGU3YjA5MDhm
YjVmNzIwHhcNMjUwODE5MjIyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmE2ZDIwZDVjOWY3ZDg1YmEzY2UwN2Y0YjA3NmVkOTEwZWUyZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3slWZ8aqrsBBk/ePRLayck14PW/a
eWQEdWU2FK/EoLERWq2yzbfb6D4gcnC51xKNIIa9ys3egclDGAGaq1wg/X/swodY
ZvjJ9bKexeBfht3q9mkKsIVRA4kcq6/0/wj4U/dzvfNKutXkIqVXCHD/1Wix1ctO
KVL1yvG3rlUi3EjET0s7a4fkvGQpcFpi4n5CCQ4DzVkWtcaDj7c4x4hjYpDlRH2F
087ROo4jJaMQHtF+reTqER4SEmtfHrOhpQk8TauaglhMwN77benWgl4hL2Im/9Nz
faybXE4HjZjeL/+i3aA2ltb6BZU+8Q2LEh8APtvZ4SsT3E7M1CKtiILx2QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFKKm0g1cn32Fujzgf0sHbtkQ7i9FMB8GA1UdIwQY
MBaAFEW5hUsERZTmzwhG+0HeewkI+19yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmJtRlN3UkZsT2JQQ0ViN1FkNTdDUWo3WDNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi81ZTYxMTYtNTZlNi00YzFkLTk2ODMt
NGIyMmZjNTE4NGEyLzEvb3FiU0RWeWZmWVc2UE9CX1N3ZHUyUkR1TDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi81ZTYxMTYtNTZlNi00YzFkLTk2ODMtNGIyMmZjNTE4NGEy
LzEvUmJtRlN3UkZsT2JQQ0ViN1FkNTdDUWo3WDNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQGUQMAAwQH
U/YAAwQCuZSoAwQCwck0AwQCwe7kAwQAwy/lAwQBw57uAwQF2a/gAwQE2cMgMBQE
AgACMA4DBQAqAgeQAwUDKgdgwDANBgkqhkiG9w0BAQsFAAOCAQEAiM3ruIIl89y6
HveiouitZcGgSXGNl+Tht0O9ePUFWa/9qWoSoM9KuXcVaNbspvlmeuWlA6hfog9c
L1YF75t0KGDCFQZhqYOAz3BWpVozj3Uix8jXRkimMWH+Q38yNvXcaWYce24caqZd
e5m/U9+bQVoiG1H1l20ysOF4QkxGdcLCtiRwowu91l2iKlOmzy511Ju6qR3A4KOE
CvCJjBOl0NFG6ROt4xFKTJGJbu0Tds+Kkj2NDKsXGeBHPQVqSwfv5t+IlvHIyGBt
67PS9te6dzGDx7Dd2ZutsULI9iFVQ3TnrghlgZXZKFR/Xwp8Nko+E++0RP/82E4N
6/S9PiuCHg==
-----END CERTIFICATE-----
Generated at Sun Aug 24 00:27:24 2025 by rpki-client