Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/kH0g5rPWqjBkfuLE1LApLEjDCjc.roa
File: kH0g5rPWqjBkfuLE1LApLEjDCjc.roa (raw, json)
Hash identifier: shigvA4lT14D9eXfZ63hvEDmPyYkSuSNsvcpZeYP/tA=
Subject key identifier: 90:7D:20:E6:B3:D6:AA:30:64:7E:E2:C4:D4:B0:29:2C:48:C3:0A:37
Certificate issuer: /CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Certificate serial: 0198A2B1E6E496F775DD8DB95E0D94A3679C
Authority key identifier: AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/kH0g5rPWqjBkfuLE1LApLEjDCjc.roa
Signing time: Wed 13 Aug 2025 09:10:24 +0000
ROA not before: Wed 13 Aug 2025 09:10:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202870
IP address blocks: 5.152.128.0/22 maxlen: 24
45.3.56.0/22 maxlen: 24
45.133.154.0/23 maxlen: 24
103.129.61.0/24 maxlen: 24
104.167.28.0/22 maxlen: 24
185.55.208.0/22 maxlen: 24
185.152.44.0/22 maxlen: 24
2a07:7e80::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.mft
rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a2:b1:e6:e4:96:f7:75:dd:8d:b9:5e:0d:94:a3:67:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Validity
Not Before: Aug 13 09:10:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=907d20e6b3d6aa30647ee2c4d4b0292c48c30a37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:2d:51:68:b9:1f:c8:ea:0d:a5:1b:cb:8a:1e:
ce:ae:1c:eb:ad:fd:d9:7c:b9:e7:a4:a6:a4:b3:69:
ec:3c:dc:6f:41:a1:14:76:b0:62:01:cb:55:f5:cd:
44:3a:5a:e5:c4:95:ac:20:11:9b:4f:3b:5b:82:79:
ec:65:80:f6:d8:bd:a5:ed:fe:73:31:5b:30:57:70:
79:78:f6:e3:ee:d5:e7:37:94:1e:79:0b:6f:81:98:
0e:ac:d8:61:69:b9:24:c7:53:46:4c:8b:ec:0d:2b:
7f:77:06:e4:f1:cd:e5:47:8c:20:0a:1b:ec:05:17:
b5:49:c1:01:0b:f1:99:48:be:23:99:7c:d9:53:f5:
42:c8:79:aa:91:c2:df:a5:7c:bd:f7:84:a5:6c:e8:
6d:e0:12:a7:4b:ce:66:3c:5f:b7:ea:c1:14:88:30:
6c:69:8b:4e:6c:c9:ed:db:db:f6:78:93:03:b0:97:
79:6b:75:e8:7c:29:85:19:2b:9b:94:28:72:2b:83:
a7:5a:1a:95:4f:65:fe:a7:20:f7:44:c4:a7:8c:ea:
68:b9:ed:9d:d2:29:45:c3:ce:e0:1f:00:9d:e8:9a:
c8:54:88:22:a2:18:d2:6c:4a:2e:c9:a1:85:56:7a:
61:c5:2e:e7:9f:c0:8b:02:d2:aa:67:82:f0:fb:49:
cb:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:7D:20:E6:B3:D6:AA:30:64:7E:E2:C4:D4:B0:29:2C:48:C3:0A:37
X509v3 Authority Key Identifier:
keyid:AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/kH0g5rPWqjBkfuLE1LApLEjDCjc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.152.128.0/22
45.3.56.0/22
45.133.154.0/23
103.129.61.0/24
104.167.28.0/22
185.55.208.0/22
185.152.44.0/22
IPv6:
2a07:7e80::/29
Signature Algorithm: sha256WithRSAEncryption
76:9c:a1:84:dd:44:14:50:dd:6a:37:60:4e:44:f6:a5:c8:93:
14:9f:17:f3:b4:85:be:89:ea:eb:17:19:ff:48:22:bd:08:25:
ab:81:a4:43:1a:74:c1:cb:bd:9a:f7:bf:07:e1:f0:6f:b3:f8:
78:70:41:74:21:0a:1c:92:00:19:ce:d2:95:fb:6a:f4:e8:4e:
fc:d1:f0:9f:59:c4:f0:27:da:a5:2b:1e:72:b1:db:59:b6:28:
bb:80:d9:ac:49:c2:fd:23:2a:96:34:0f:d0:a6:50:56:6d:c4:
48:35:fa:8e:10:e4:4b:21:bc:9c:ff:d6:a6:bc:75:3f:d4:d0:
70:6b:79:1a:42:03:e6:cc:ce:67:f0:de:32:4b:70:d5:80:2e:
61:83:6c:72:44:42:49:8b:9f:93:0f:0a:95:c1:9f:60:98:55:
71:22:f0:c5:44:8a:f7:27:a7:33:ef:42:f7:54:c3:ab:34:89:
68:ae:30:3c:a4:6e:61:e2:48:49:80:c4:cc:41:38:86:a1:32:
a3:0a:45:5a:ab:67:d9:ca:f3:7d:a4:34:0a:11:bc:9d:dd:49:
7a:d6:c6:d3:e4:66:6e:57:ae:ac:b8:86:2f:28:7f:bb:11:fd:
c6:9a:8f:69:b5:1e:8f:d0:f2:09:7c:3f:1f:84:70:27:67:79:
4b:16:08:6c
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZiisebklvd13Y25Xg2Uo2ecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMjdlZDFjZWE0MzIxYzQ5YzNjYTEwZjNhZmZhZmRiZGFk
NTMyYzIwHhcNMjUwODEzMDkxMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDdkMjBlNmIzZDZhYTMwNjQ3ZWUyYzRkNGIwMjkyYzQ4YzMwYTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5C1RaLkfyOoNpRvLih7Orhzrrf3Z
fLnnpKaks2nsPNxvQaEUdrBiActV9c1EOlrlxJWsIBGbTztbgnnsZYD22L2l7f5z
MVswV3B5ePbj7tXnN5QeeQtvgZgOrNhhabkkx1NGTIvsDSt/dwbk8c3lR4wgChvs
BRe1ScEBC/GZSL4jmXzZU/VCyHmqkcLfpXy994SlbOht4BKnS85mPF+36sEUiDBs
aYtObMnt29v2eJMDsJd5a3XofCmFGSublChyK4OnWhqVT2X+pyD3RMSnjOpoue2d
0ilFw87gHwCd6JrIVIgiohjSbEouyaGFVnphxS7nn8CLAtKqZ4Lw+0nL0QIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFJB9IOaz1qowZH7ixNSwKSxIwwo3MB8GA1UdIwQY
MBaAFKsn7RzqQyHEnDyhDzr/r9va1TLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQt
MWQwYmY1MjA4ZjkwLzEva0gwZzVyUFdxakJrZnVMRTFMQXBMRWpEQ2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQtMWQwYmY1MjA4Zjkw
LzEvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCBZiAAwQC
LQM4AwQBLYWaAwQAZ4E9AwQCaKccAwQCuTfQAwQCuZgsMA0EAgACMAcDBQMqB36A
MA0GCSqGSIb3DQEBCwUAA4IBAQB2nKGE3UQUUN1qN2BORPalyJMUnxfztIW+ierr
Fxn/SCK9CCWrgaRDGnTBy72a978H4fBvs/h4cEF0IQockgAZztKV+2r06E780fCf
WcTwJ9qlKx5ysdtZtii7gNmsScL9IyqWNA/QplBWbcRINfqOEORLIbyc/9amvHU/
1NBwa3kaQgPmzM5n8N4yS3DVgC5hg2xyREJJi5+TDwqVwZ9gmFVxIvDFRIr3J6cz
70L3VMOrNIlorjA8pG5h4khJgMTMQTiGoTKjCkVaq2fZyvN9pDQKEbyd3Ul61sbT
5GZuV66suIYvKH+7Ef3Gmo9ptR6P0PIJfD8fhHAnZ3lLFghs
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:42:21 2025 by rpki-client