Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/ujQDG3VgRwepwoNtLrD2tcEZ4jU.roa
File: ujQDG3VgRwepwoNtLrD2tcEZ4jU.roa (raw, json)
Hash identifier: 7YDxNcqLFt8ODygsXYaRPA4VdqPHb87Z3n4DnYrIpiI=
Subject key identifier: BA:34:03:1B:75:60:47:07:A9:C2:83:6D:2E:B0:F6:B5:C1:19:E2:35
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 0198AE7FBFD42E663A557A783B09F9772E56
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/ujQDG3VgRwepwoNtLrD2tcEZ4jU.roa
Signing time: Fri 15 Aug 2025 16:11:04 +0000
ROA not before: Fri 15 Aug 2025 16:11:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 89.249.192.0/21 maxlen: 24
89.249.200.0/24 maxlen: 24
89.249.206.0/23 maxlen: 24
212.42.192.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ae:7f:bf:d4:2e:66:3a:55:7a:78:3b:09:f9:77:2e:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Aug 15 16:11:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ba34031b75604707a9c2836d2eb0f6b5c119e235
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:17:c3:27:8f:ed:a1:f8:bc:00:83:8f:a0:7f:
bd:ea:c3:29:23:f8:b5:51:42:16:f9:7b:a7:b5:a9:
93:84:ab:c7:02:96:4c:ef:5d:9b:e7:90:71:ec:06:
f5:b8:51:9c:99:8c:8a:16:c9:7c:51:3a:33:19:da:
ba:cd:86:79:c0:3b:44:87:03:8f:f9:59:47:f9:7b:
f1:aa:d7:8d:dd:a6:ba:4b:79:02:4f:24:b4:73:ce:
2a:fb:32:c5:0a:84:ef:ce:3e:2e:94:e4:1e:89:df:
c0:cd:cf:9f:35:58:98:bc:a8:33:b1:8d:5e:60:c5:
b8:b2:b3:2a:e4:ca:1a:ac:52:18:9f:ee:6b:b0:f0:
e8:e0:ba:5c:2e:7c:c9:10:94:70:4b:ef:e0:1e:35:
be:1d:1f:70:8d:1d:1e:bf:cf:3c:e1:fb:b2:3f:60:
c0:55:26:4b:cd:27:fa:5d:82:70:0f:e2:c0:68:2f:
34:c2:e5:5f:45:d2:c8:e1:86:3f:db:2e:53:76:7a:
fd:2d:ec:65:46:39:b6:d1:53:09:bf:d6:09:f0:78:
05:b9:be:aa:c3:d9:3e:59:62:c1:90:2c:1d:6d:53:
7f:3a:56:7e:96:17:b5:44:8e:cd:b5:f3:3a:e7:1f:
c2:9a:25:eb:a8:06:64:6c:51:71:dc:fe:a8:3c:91:
5c:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:34:03:1B:75:60:47:07:A9:C2:83:6D:2E:B0:F6:B5:C1:19:E2:35
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/ujQDG3VgRwepwoNtLrD2tcEZ4jU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0-89.249.200.255
89.249.206.0/23
212.42.192.0/20
Signature Algorithm: sha256WithRSAEncryption
d2:fc:05:81:65:d0:fe:df:46:83:e8:5f:3a:2d:07:48:01:3d:
88:0b:39:43:c1:0f:74:07:48:69:b7:7b:51:59:6d:72:df:5d:
59:e6:3a:3e:43:57:b9:83:25:12:b2:5e:a9:af:24:12:27:f3:
16:23:4d:82:64:61:96:cf:6f:7c:52:dc:6a:b4:c4:e9:cc:e4:
70:6e:c8:96:c7:e4:63:f4:0f:91:0b:46:bb:f7:ad:df:36:d4:
d0:ba:b6:3c:a3:04:06:f1:75:06:96:7a:9d:ea:ea:af:35:14:
06:74:db:11:44:f3:98:89:a1:6f:6b:b0:2d:f3:48:67:74:b4:
a9:64:c1:32:fe:c2:fd:dd:f9:8d:3f:8a:b8:21:dd:50:30:a2:
0f:58:2a:24:fa:fb:9b:10:91:45:60:24:78:12:09:b3:f0:a0:
f7:cc:15:98:ee:5f:46:ab:4d:7f:ab:83:a4:05:ee:aa:c9:57:
4b:31:66:bc:1f:08:1b:21:25:a4:ed:c4:21:46:66:74:af:97:
8e:98:3d:3d:ee:66:45:34:50:ae:9b:3d:19:53:79:b1:16:90:
f9:a9:63:98:ab:40:52:84:f2:ad:ad:35:57:95:e0:a2:80:7b:
2f:aa:18:4c:01:cf:ea:6b:86:27:5d:97:4f:ed:1c:ba:3a:44:
56:1c:44:c8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZiuf7/ULmY6VXp4Own5dy5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwODE1MTYxMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTM0MDMxYjc1NjA0NzA3YTljMjgzNmQyZWIwZjZiNWMxMTllMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hfDJ4/tofi8AIOPoH+96sMpI/i1
UUIW+XuntamThKvHApZM712b55Bx7Ab1uFGcmYyKFsl8UTozGdq6zYZ5wDtEhwOP
+VlH+XvxqteN3aa6S3kCTyS0c84q+zLFCoTvzj4ulOQeid/Azc+fNViYvKgzsY1e
YMW4srMq5MoarFIYn+5rsPDo4LpcLnzJEJRwS+/gHjW+HR9wjR0ev8884fuyP2DA
VSZLzSf6XYJwD+LAaC80wuVfRdLI4YY/2y5Tdnr9LexlRjm20VMJv9YJ8HgFub6q
w9k+WWLBkCwdbVN/OlZ+lhe1RI7NtfM65x/CmiXrqAZkbFFx3P6oPJFc9QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFLo0Axt1YEcHqcKDbS6w9rXBGeI1MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvdWpRREczVmdSd2Vwd29OdExyRDJ0Y0VaNGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAZZ+cAD
BABZ+cgDBAFZ+c4DBATUKsAwDQYJKoZIhvcNAQELBQADggEBANL8BYFl0P7fRoPo
XzotB0gBPYgLOUPBD3QHSGm3e1FZbXLfXVnmOj5DV7mDJRKyXqmvJBIn8xYjTYJk
YZbPb3xS3Gq0xOnM5HBuyJbH5GP0D5ELRrv3rd821NC6tjyjBAbxdQaWep3q6q81
FAZ02xFE85iJoW9rsC3zSGd0tKlkwTL+wv3d+Y0/irgh3VAwog9YKiT6+5sQkUVg
JHgSCbPwoPfMFZjuX0arTX+rg6QF7qrJV0sxZrwfCBshJaTtxCFGZnSvl46YPT3u
ZkU0UK6bPRlTebEWkPmpY5irQFKE8q2tNVeV4KKAey+qGEwBz+prhiddl0/tHLo6
RFYcRMg=
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:21:32 2025 by rpki-client