Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ceYgg225RXTcdX-AoUKMjzHwBpQ.roa
File: ceYgg225RXTcdX-AoUKMjzHwBpQ.roa (raw, json)
Hash identifier: TzyREWwVU3H3wKyo2coGcQvoqtWj32t1eVkf6O6daD0=
Subject key identifier: 71:E6:20:83:6D:B9:45:74:DC:75:7F:80:A1:42:8C:8F:31:F0:06:94
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 01989EAAFFFC3F5F21A7A87AF57F3A76623A
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ceYgg225RXTcdX-AoUKMjzHwBpQ.roa
Signing time: Tue 12 Aug 2025 14:24:23 +0000
ROA not before: Tue 12 Aug 2025 14:24:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7922
IP address blocks: 45.150.168.0/22 maxlen: 22
45.151.196.0/22 maxlen: 22
193.31.104.0/22 maxlen: 22
195.138.109.0/24 maxlen: 24
195.138.110.0/24 maxlen: 24
195.138.113.0/24 maxlen: 24
195.138.115.0/24 maxlen: 24
195.138.124.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 13:02:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:9e:aa:ff:fc:3f:5f:21:a7:a8:7a:f5:7f:3a:76:62:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Aug 12 14:24:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=71e620836db94574dc757f80a1428c8f31f00694
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:19:62:9f:c5:86:d7:01:8b:c6:34:9b:de:ab:
bd:c2:19:14:82:bf:69:6c:94:42:53:ad:79:02:92:
bf:df:4c:cc:0f:62:9b:c2:45:59:68:88:83:9d:6c:
4f:57:c7:72:f4:48:f4:9b:6a:3a:9d:4c:75:51:f7:
85:2b:47:5e:95:86:48:23:ad:b9:19:af:c0:c6:73:
4b:28:36:bc:ba:29:7c:49:a6:8c:44:e6:3c:d4:8d:
24:1c:d7:53:c4:32:7a:5f:d2:73:33:99:a3:08:cc:
27:d3:7f:7c:5a:ed:5c:48:b5:31:41:1f:0a:80:43:
54:5b:e9:6f:18:8d:30:fa:3f:f1:66:25:70:15:cf:
77:2d:56:93:78:f1:7a:8f:4a:af:e9:8d:eb:93:60:
13:05:8f:7a:ae:9c:09:62:9d:96:bf:5e:80:72:fc:
51:33:a3:6a:78:08:81:5a:be:1a:85:a2:ae:38:aa:
f6:e2:a2:f4:41:30:25:bf:8f:0e:13:0c:ab:c5:02:
b2:a8:f6:7c:98:eb:c5:0a:29:ef:7e:42:73:5f:94:
d9:78:61:cf:1d:69:4d:45:c1:21:50:e1:3d:20:c1:
67:84:08:7f:f8:7d:69:8b:29:54:d7:7b:c4:f6:74:
b2:f2:62:68:f7:ca:16:5b:ab:93:19:e0:24:57:c8:
6f:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:E6:20:83:6D:B9:45:74:DC:75:7F:80:A1:42:8C:8F:31:F0:06:94
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ceYgg225RXTcdX-AoUKMjzHwBpQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.168.0/22
45.151.196.0/22
193.31.104.0/22
195.138.109.0-195.138.110.255
195.138.113.0/24
195.138.115.0/24
195.138.124.0/22
Signature Algorithm: sha256WithRSAEncryption
03:35:29:0d:b5:8c:d6:e7:d7:95:51:ea:56:bd:07:4d:83:32:
30:ef:67:68:2f:62:b7:6c:7e:3a:78:6d:b3:20:fb:b7:15:fc:
55:42:b5:ea:dd:42:8b:f8:99:17:fa:6d:d5:d6:0d:6d:10:68:
98:08:4f:69:8d:8d:44:fc:7d:dc:92:14:dc:4f:b6:2c:41:ab:
cf:08:5f:85:85:5d:61:be:89:cd:9f:91:e9:19:1d:84:6e:65:
c2:21:e0:b8:9a:a2:d7:04:1f:63:16:e5:66:b4:f7:39:57:f9:
48:97:5c:78:d4:e6:c7:be:a1:93:74:1f:63:84:8d:22:41:c9:
69:b0:f8:30:41:6a:ed:ba:44:bb:35:c4:a6:dd:64:14:05:2a:
8a:ac:0c:32:51:e5:f8:e5:83:5c:b6:4f:22:d9:26:42:a7:ec:
7f:21:04:b2:fa:be:1e:85:da:16:9e:c2:23:e1:95:4b:82:80:
8b:27:69:cd:8c:f8:c7:a1:96:11:f0:24:b4:a0:35:c4:56:34:
41:db:35:2a:b5:7d:49:b9:47:02:95:40:b5:a4:08:fc:8e:81:
8f:73:4d:0b:3d:45:21:77:19:64:16:cb:1d:b0:99:ca:8c:ef:
2f:05:37:c5:4c:32:0a:4a:a8:e9:d2:08:c6:d8:1f:59:6d:91:
d7:04:e7:3e
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZieqv/8P18hp6h69X86dmI6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwODEyMTQyNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWU2MjA4MzZkYjk0NTc0ZGM3NTdmODBhMTQyOGM4ZjMxZjAwNjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBlin8WG1wGLxjSb3qu9whkUgr9p
bJRCU615ApK/30zMD2KbwkVZaIiDnWxPV8dy9Ej0m2o6nUx1UfeFK0delYZII625
Ga/AxnNLKDa8uil8SaaMROY81I0kHNdTxDJ6X9JzM5mjCMwn0398Wu1cSLUxQR8K
gENUW+lvGI0w+j/xZiVwFc93LVaTePF6j0qv6Y3rk2ATBY96rpwJYp2Wv16AcvxR
M6NqeAiBWr4ahaKuOKr24qL0QTAlv48OEwyrxQKyqPZ8mOvFCinvfkJzX5TZeGHP
HWlNRcEhUOE9IMFnhAh/+H1piylU13vE9nSy8mJo98oWW6uTGeAkV8hvUwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFHHmIINtuUV03HV/gKFCjI8x8AaUMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvY2VZZ2cyMjVSWFRjZFgtQW9VS01qekh3QnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCLZaoAwQC
LZfEAwQCwR9oMAwDBADDim0DBADDim4DBADDinEDBADDinMDBALDinwwDQYJKoZI
hvcNAQELBQADggEBAAM1KQ21jNbn15VR6la9B02DMjDvZ2gvYrdsfjp4bbMg+7cV
/FVCterdQov4mRf6bdXWDW0QaJgIT2mNjUT8fdySFNxPtixBq88IX4WFXWG+ic2f
kekZHYRuZcIh4LiaotcEH2MW5Wa09zlX+UiXXHjU5se+oZN0H2OEjSJByWmw+DBB
au26RLs1xKbdZBQFKoqsDDJR5fjlg1y2TyLZJkKn7H8hBLL6vh6F2haewiPhlUuC
gIsnac2M+MehlhHwJLSgNcRWNEHbNSq1fUm5RwKVQLWkCPyOgY9zTQs9RSF3GWQW
yx2wmcqM7y8FN8VMMgpKqOnSCMbYH1ltkdcE5z4=
-----END CERTIFICATE-----
Generated at Sat Aug 23 20:08:47 2025 by rpki-client