Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/kF-CXYhPs4TYflqMBcCGyzwLA7o.roa
File: kF-CXYhPs4TYflqMBcCGyzwLA7o.roa (raw, json)
Hash identifier: gnSWn3nUIqjsFFoH6d5rK0RwdbfhLh+8DTBzXarX5Wg=
Subject key identifier: 90:5F:82:5D:88:4F:B3:84:D8:7E:5A:8C:05:C0:86:CB:3C:0B:03:BA
Certificate issuer: /CN=edeb4424abd86d6ef48db9e7646f539c6d10c886
Certificate serial: 019778C1719509DE3932EB3908D252975707
Authority key identifier: ED:EB:44:24:AB:D8:6D:6E:F4:8D:B9:E7:64:6F:53:9C:6D:10:C8:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7etEJKvYbW70jbnnZG9TnG0QyIY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/kF-CXYhPs4TYflqMBcCGyzwLA7o.roa
Signing time: Mon 16 Jun 2025 12:40:32 +0000
ROA not before: Mon 16 Jun 2025 12:40:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15663
IP address blocks: 185.203.76.0/22 maxlen: 22
185.203.79.0/24 maxlen: 24
212.39.0.0/19 maxlen: 24
212.39.0.0/20 maxlen: 20
212.39.16.0/20 maxlen: 20
2a00:aa00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/7etEJKvYbW70jbnnZG9TnG0QyIY.crl
rsync://rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/7etEJKvYbW70jbnnZG9TnG0QyIY.mft
rsync://rpki.ripe.net/repository/DEFAULT/7etEJKvYbW70jbnnZG9TnG0QyIY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 01 Jul 2025 19:02:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:78:c1:71:95:09:de:39:32:eb:39:08:d2:52:97:57:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=edeb4424abd86d6ef48db9e7646f539c6d10c886
Validity
Not Before: Jun 16 12:40:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=905f825d884fb384d87e5a8c05c086cb3c0b03ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:9e:0a:4a:1f:b3:bd:e1:55:98:d8:4b:be:92:
7c:9a:52:ad:9e:2f:8e:e8:09:46:3b:59:98:17:bc:
a7:21:c0:25:2e:65:c0:58:d0:39:25:c5:14:bf:8b:
95:8f:94:3a:1a:01:17:42:96:f6:26:70:23:41:e7:
19:79:5b:80:7b:dd:ee:d4:4d:c7:e0:29:b2:ea:4b:
29:31:28:c9:9f:f3:94:4d:7e:e5:32:2c:7a:80:ca:
12:0b:43:52:43:0b:b0:6d:63:cc:e9:10:a2:ac:40:
af:28:17:7d:6b:de:c0:f9:b6:59:7b:11:9a:5c:25:
02:b0:d1:e3:a9:06:9b:f4:0f:8d:28:c7:2e:6a:3c:
7c:e7:b2:b6:08:f0:c1:d3:b3:ce:f9:d6:0d:41:2e:
3e:8c:de:04:0e:3f:1e:82:85:47:7b:42:93:d4:dd:
82:a3:05:c8:c7:4f:0a:9b:bf:76:8c:d9:f8:60:29:
94:9f:c7:b5:ad:66:cf:ec:65:bb:9d:71:7d:0d:fd:
05:b2:a5:56:b0:7f:73:ad:5b:25:76:f7:7c:3d:89:
7a:3a:59:79:2c:97:5b:7c:60:74:64:be:f9:6d:d9:
d3:55:d8:df:a1:48:a8:67:f6:98:00:76:cb:b7:2b:
b2:86:07:83:67:03:86:4b:ee:af:c2:50:26:f6:90:
06:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:5F:82:5D:88:4F:B3:84:D8:7E:5A:8C:05:C0:86:CB:3C:0B:03:BA
X509v3 Authority Key Identifier:
keyid:ED:EB:44:24:AB:D8:6D:6E:F4:8D:B9:E7:64:6F:53:9C:6D:10:C8:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7etEJKvYbW70jbnnZG9TnG0QyIY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/kF-CXYhPs4TYflqMBcCGyzwLA7o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/7etEJKvYbW70jbnnZG9TnG0QyIY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.203.76.0/22
212.39.0.0/19
IPv6:
2a00:aa00::/32
Signature Algorithm: sha256WithRSAEncryption
2d:64:d5:2b:98:f5:44:04:ea:66:be:d1:88:30:fc:90:9e:ad:
d4:85:8d:03:99:3d:cf:59:23:9a:e2:38:77:f2:e4:89:73:1c:
95:e6:17:2d:7c:7b:d9:7c:4c:06:28:09:78:1d:b7:8e:e4:c4:
51:42:a1:a2:85:3d:31:2e:2e:f5:9c:9b:c8:4c:41:fa:e8:6a:
3b:e2:7d:f7:64:fa:4e:d5:d2:6b:e7:ca:15:2a:cd:7b:2a:d2:
8c:d9:29:31:b4:de:b9:18:f6:a0:0b:8a:74:94:54:fb:72:5c:
70:a1:ee:47:48:c0:5a:7d:54:57:0e:8e:7f:26:f3:05:92:76:
28:8f:3e:70:34:75:72:6f:c5:ce:63:45:4f:c0:64:47:17:47:
63:fc:0d:59:be:30:72:33:c6:6f:a2:b6:4d:15:65:63:19:23:
93:d8:26:9f:52:73:77:59:a7:c9:3b:60:bb:a2:4f:bd:ee:fa:
42:8d:71:56:cc:5c:61:a0:b2:0f:64:f9:78:2e:87:87:44:f7:
f6:91:0d:e8:11:34:c3:5b:ea:7c:04:30:f0:d4:5a:7b:46:d1:
49:4e:4d:41:22:00:56:f1:15:8a:88:4b:90:d7:8d:2d:14:9f:
48:68:ba:f2:07:a9:1f:3e:b0:05:83:81:8f:8d:b1:ac:a9:bb:
a3:4b:6e:cb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZd4wXGVCd45Mus5CNJSl1cHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZWI0NDI0YWJkODZkNmVmNDhkYjllNzY0NmY1MzljNmQx
MGM4ODYwHhcNMjUwNjE2MTI0MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDVmODI1ZDg4NGZiMzg0ZDg3ZTVhOGMwNWMwODZjYjNjMGIwM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAup4KSh+zveFVmNhLvpJ8mlKtni+O
6AlGO1mYF7ynIcAlLmXAWNA5JcUUv4uVj5Q6GgEXQpb2JnAjQecZeVuAe93u1E3H
4Cmy6kspMSjJn/OUTX7lMix6gMoSC0NSQwuwbWPM6RCirECvKBd9a97A+bZZexGa
XCUCsNHjqQab9A+NKMcuajx857K2CPDB07PO+dYNQS4+jN4EDj8egoVHe0KT1N2C
owXIx08Km792jNn4YCmUn8e1rWbP7GW7nXF9Df0FsqVWsH9zrVsldvd8PYl6Oll5
LJdbfGB0ZL75bdnTVdjfoUioZ/aYAHbLtyuyhgeDZwOGS+6vwlAm9pAGqQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJBfgl2IT7OE2H5ajAXAhss8CwO6MB8GA1UdIwQY
MBaAFO3rRCSr2G1u9I2552RvU5xtEMiGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2V0RUpLdlliVzcwamJublpHOVRuRzBReUlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi81MWIzMWEtN2U1MC00YTFlLTlmNjkt
MTZkM2EwZWE0OWFlLzEva0YtQ1hZaFBzNFRZZmxxTUJjQ0d5endMQTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi81MWIzMWEtN2U1MC00YTFlLTlmNjktMTZkM2EwZWE0OWFl
LzEvN2V0RUpLdlliVzcwamJublpHOVRuRzBReUlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuctMAwQF
1CcAMA0EAgACMAcDBQAqAKoAMA0GCSqGSIb3DQEBCwUAA4IBAQAtZNUrmPVEBOpm
vtGIMPyQnq3UhY0DmT3PWSOa4jh38uSJcxyV5hctfHvZfEwGKAl4HbeO5MRRQqGi
hT0xLi71nJvITEH66Go74n33ZPpO1dJr58oVKs17KtKM2SkxtN65GPagC4p0lFT7
clxwoe5HSMBafVRXDo5/JvMFknYojz5wNHVyb8XOY0VPwGRHF0dj/A1ZvjByM8Zv
orZNFWVjGSOT2CafUnN3WafJO2C7ok+97vpCjXFWzFxhoLIPZPl4LoeHRPf2kQ3o
ETTDW+p8BDDw1Fp7RtFJTk1BIgBW8RWKiEuQ140tFJ9IaLryB6kfPrAFg4GPjbGs
qbujS27L
-----END CERTIFICATE-----
Generated at Tue Jul 1 03:55:59 2025 by rpki-client