Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/HKmCldk2JvctbCf-Lf1HKb1B2ao.roa
File: HKmCldk2JvctbCf-Lf1HKb1B2ao.roa (raw, json)
Hash identifier: r4Utp2/KefC9nB/6PktJWRnuca95ABpQ1Alu/XpMThk=
Subject key identifier: 1C:A9:82:95:D9:36:26:F7:2D:6C:27:FE:2D:FD:47:29:BD:41:D9:AA
Certificate issuer: /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial: 0199B40A08F8E1E425629F283657DF5D7EAE
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/HKmCldk2JvctbCf-Lf1HKb1B2ao.roa
Signing time: Sun 05 Oct 2025 11:03:00 +0000
ROA not before: Sun 05 Oct 2025 11:03:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59441
IP address blocks: 62.60.128.0/21 maxlen: 24
62.60.164.0/22 maxlen: 24
62.60.200.0/22 maxlen: 24
62.60.204.0/22 maxlen: 24
62.60.209.0/24 maxlen: 24
62.60.210.0/23 maxlen: 24
62.60.210.0/24 maxlen: 24
62.60.211.0/24 maxlen: 24
62.60.212.0/22 maxlen: 24
213.176.28.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:b4:0a:08:f8:e1:e4:25:62:9f:28:36:57:df:5d:7e:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
Validity
Not Before: Oct 5 11:03:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1ca98295d93626f72d6c27fe2dfd4729bd41d9aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:12:0e:1a:d7:77:1e:74:b7:22:4c:a9:ad:02:
d6:b7:aa:76:5a:76:b5:cc:64:ba:c8:c3:5c:35:c1:
48:f7:c9:64:f4:a2:00:08:0e:c1:b2:a4:de:82:85:
29:6e:8f:10:41:20:0e:84:fb:8f:d9:9c:ef:d4:9d:
89:26:c2:4d:25:93:aa:65:90:5c:2f:8c:e1:fb:94:
47:97:5e:41:f5:68:91:17:f3:f1:32:a2:8c:e0:79:
5a:08:bd:c4:70:34:02:ce:f4:be:19:8b:5e:33:35:
b1:fe:82:b1:f5:98:db:ae:d2:b2:c2:a5:98:e2:ab:
25:9b:d0:5d:ac:bf:80:cd:b3:55:77:76:6e:99:bb:
2c:e2:8c:38:9c:20:28:94:e8:36:08:a5:9c:6f:70:
63:67:69:7f:09:a3:e0:bc:ad:13:23:49:6d:08:e5:
ac:bf:f1:bf:a9:18:d7:f7:db:23:a9:28:0f:32:62:
5d:ff:72:7b:77:ea:82:71:ad:5c:c8:39:eb:f0:84:
7b:e1:c9:ba:9a:66:38:b5:4c:72:c4:00:7b:77:01:
ef:46:57:0f:ad:76:e8:12:f9:0a:ca:ec:e1:6e:ae:
70:20:74:12:7e:26:e2:b5:87:d5:5d:c4:27:a5:7c:
a6:23:62:2e:b1:a2:24:57:26:a3:22:b5:88:b1:5b:
bd:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:A9:82:95:D9:36:26:F7:2D:6C:27:FE:2D:FD:47:29:BD:41:D9:AA
X509v3 Authority Key Identifier:
keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/HKmCldk2JvctbCf-Lf1HKb1B2ao.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.60.128.0/21
62.60.164.0/22
62.60.200.0/21
62.60.209.0-62.60.215.255
213.176.28.0/22
Signature Algorithm: sha256WithRSAEncryption
45:cb:af:23:96:34:11:28:4c:f9:7d:5f:2e:df:98:59:5f:b5:
8f:02:14:c2:e6:80:66:89:17:c5:38:74:db:6a:22:2b:72:8e:
a9:cb:6e:32:44:18:98:ee:2b:85:b4:09:2c:e4:1b:c9:c3:4e:
ab:00:30:42:e4:22:b3:aa:9f:5f:2b:a8:59:f6:9b:93:e6:6e:
b3:03:e0:a0:7c:17:21:ec:5a:38:ed:99:b3:f8:28:d4:47:07:
57:5a:0f:3b:b1:a6:c6:10:dc:69:fd:cf:c5:1b:ec:0f:2b:ca:
42:c1:e9:cd:c6:a6:fc:86:b8:98:ad:4b:93:68:f7:f8:a0:bf:
77:70:41:aa:13:93:72:b8:82:5e:26:cc:a9:14:48:db:e4:a8:
05:13:f7:f8:32:15:4b:4b:2e:df:67:de:3d:93:dc:86:48:23:
85:0d:ef:4c:47:cb:b3:5c:fe:62:7e:5e:58:2b:22:32:b9:65:
41:b7:4d:d0:a9:c8:87:66:83:7b:7d:7f:32:c6:02:fa:de:56:
5a:de:90:7b:63:4a:e9:c4:3e:b9:23:a9:d9:fe:ab:fb:67:3d:
fb:6b:5a:42:ea:0a:95:4c:bf:d1:f7:35:84:0d:a3:95:21:63:
36:3a:8d:f3:d0:b7:c4:44:8e:4f:b9:86:43:c4:b0:2b:ef:13:
5a:d1:c3:de
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZm0Cgj44eQlYp8oNlffXX6uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUxMDA1MTEwMzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2E5ODI5NWQ5MzYyNmY3MmQ2YzI3ZmUyZGZkNDcyOWJkNDFkOWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBIOGtd3HnS3IkyprQLWt6p2Wna1
zGS6yMNcNcFI98lk9KIACA7BsqTegoUpbo8QQSAOhPuP2Zzv1J2JJsJNJZOqZZBc
L4zh+5RHl15B9WiRF/PxMqKM4HlaCL3EcDQCzvS+GYteMzWx/oKx9ZjbrtKywqWY
4qslm9BdrL+AzbNVd3Zumbss4ow4nCAolOg2CKWcb3BjZ2l/CaPgvK0TI0ltCOWs
v/G/qRjX99sjqSgPMmJd/3J7d+qCca1cyDnr8IR74cm6mmY4tUxyxAB7dwHvRlcP
rXboEvkKyuzhbq5wIHQSfibitYfVXcQnpXymI2IusaIkVyajIrWIsVu9/QIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFBypgpXZNib3LWwn/i39Rym9QdmqMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvSEttQ2xkazJKdmN0YkNmLUxmMUhLYjFCMmFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQDPjyAAwQC
PjykAwQDPjzIMAwDBAA+PNEDBAM+PNADBALVsBwwDQYJKoZIhvcNAQELBQADggEB
AEXLryOWNBEoTPl9Xy7fmFlftY8CFMLmgGaJF8U4dNtqIityjqnLbjJEGJjuK4W0
CSzkG8nDTqsAMELkIrOqn18rqFn2m5PmbrMD4KB8FyHsWjjtmbP4KNRHB1daDzux
psYQ3Gn9z8Ub7A8rykLB6c3GpvyGuJitS5No9/igv3dwQaoTk3K4gl4mzKkUSNvk
qAUT9/gyFUtLLt9n3j2T3IZII4UN70xHy7Nc/mJ+XlgrIjK5ZUG3TdCpyIdmg3t9
fzLGAvreVlrekHtjSunEPrkjqdn+q/tnPftrWkLqCpVMv9H3NYQNo5UhYzY6jfPQ
t8REjk+5hkPEsCvvE1rRw94=
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:09:33 2025 by rpki-client