Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/d-hrh1vUeLOY7U3kjW0I7g-GU8w.roa
File: d-hrh1vUeLOY7U3kjW0I7g-GU8w.roa (raw, json)
Hash identifier: Y/cX56/Qn9APSgO+9XrU6NbdQMlq0ISTF7taZqp4egQ=
Subject key identifier: 77:E8:6B:87:5B:D4:78:B3:98:ED:4D:E4:8D:6D:08:EE:0F:86:53:CC
Certificate issuer: /CN=ef678469574acc03d782e63281ff44faaab3f847
Certificate serial: 019934291C4ADC9C1C3F567342F949EE6A09
Authority key identifier: EF:67:84:69:57:4A:CC:03:D7:82:E6:32:81:FF:44:FA:AA:B3:F8:47
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/d-hrh1vUeLOY7U3kjW0I7g-GU8w.roa
Signing time: Wed 10 Sep 2025 15:05:33 +0000
ROA not before: Wed 10 Sep 2025 15:05:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209231
IP address blocks: 2.56.140.0/22 maxlen: 24
86.110.204.0/22 maxlen: 24
89.232.174.0/23 maxlen: 24
185.161.236.0/22 maxlen: 24
2a09:c540::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.mft
rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:34:29:1c:4a:dc:9c:1c:3f:56:73:42:f9:49:ee:6a:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef678469574acc03d782e63281ff44faaab3f847
Validity
Not Before: Sep 10 15:05:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=77e86b875bd478b398ed4de48d6d08ee0f8653cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:a5:20:fb:2f:e1:74:24:16:3a:32:20:76:dd:
33:13:44:6d:09:44:98:aa:97:77:55:ee:32:d6:42:
c9:59:bf:d4:d7:f3:84:6e:5a:60:cf:11:92:fa:f1:
f0:00:62:ef:ae:4d:12:0a:3f:ba:3b:ad:bd:7f:d0:
6e:bd:f4:55:9e:44:ae:e3:18:f0:f0:76:d4:6a:94:
5a:7a:87:4f:73:7d:df:71:4c:f9:eb:f2:8c:56:ac:
6e:d3:4d:56:1e:9a:b7:fe:82:9f:95:88:bd:b3:4f:
c2:1e:b0:7e:5f:e0:ac:e6:01:a3:36:bb:09:53:b5:
d2:1a:ba:68:98:94:a6:eb:26:d0:a6:99:43:24:05:
b7:2d:36:c5:d2:38:ae:51:13:70:27:f7:27:3d:98:
50:83:07:68:b1:b2:f7:53:a1:17:1a:59:11:84:8f:
bd:1a:70:34:84:b6:70:79:79:8b:e6:8e:5d:fc:ae:
40:63:f3:e0:79:56:fb:b4:cf:ab:1b:d2:ca:6b:c1:
15:8a:e3:72:1b:ae:3a:57:dc:95:20:e6:a4:f6:3d:
fa:b7:58:7b:e9:36:f3:3e:c6:5e:6a:d9:45:ac:0b:
b8:21:43:81:1b:ee:88:16:29:0c:22:0a:9f:60:e8:
14:44:83:fc:04:75:da:33:9a:3f:27:88:e4:ce:31:
f9:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:E8:6B:87:5B:D4:78:B3:98:ED:4D:E4:8D:6D:08:EE:0F:86:53:CC
X509v3 Authority Key Identifier:
keyid:EF:67:84:69:57:4A:CC:03:D7:82:E6:32:81:FF:44:FA:AA:B3:F8:47
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/72eEaVdKzAPXguYygf9E-qqz-Ec.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/d-hrh1vUeLOY7U3kjW0I7g-GU8w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b4673b-210b-4e5a-876a-dc059e69b1d0/1/72eEaVdKzAPXguYygf9E-qqz-Ec.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.140.0/22
86.110.204.0/22
89.232.174.0/23
185.161.236.0/22
IPv6:
2a09:c540::/32
Signature Algorithm: sha256WithRSAEncryption
bb:a3:ab:65:bd:89:af:93:7e:9d:fe:99:31:d2:f6:d4:44:10:
5c:91:6a:e3:05:e7:af:67:1c:6d:6a:5b:f5:08:56:c5:c2:e6:
74:01:6e:57:3c:cb:53:58:a6:02:69:ed:42:90:0d:51:a4:31:
48:93:61:79:62:11:15:23:92:18:ad:96:c9:39:2d:df:3d:d7:
52:19:a4:a1:74:7a:7a:76:47:e8:25:3a:88:10:86:3d:f0:70:
cc:c0:40:c5:cb:82:e2:5f:86:b2:81:ef:1e:e5:e6:11:5c:d3:
72:f0:31:10:85:18:b5:cf:f9:ca:5e:6f:9b:4d:91:30:16:d5:
03:d9:0d:03:8e:d9:0c:9f:11:7b:41:db:ed:f6:42:20:b1:f7:
d5:d6:34:ca:33:ce:8d:ae:d4:7b:85:ed:44:33:01:68:24:19:
a1:5d:be:ef:59:41:8a:7b:f7:2a:69:5e:84:98:4c:7d:67:96:
32:3b:21:2d:a2:b6:21:98:25:9d:17:10:37:5a:bb:c3:38:40:
ef:eb:70:ba:d2:17:d5:7a:d7:e3:66:29:2b:5e:9c:6f:63:ca:
08:8e:aa:98:17:be:56:4d:24:53:94:9f:97:fc:27:ca:5f:d2:
b9:4a:b9:c6:ff:45:79:57:28:ff:7a:31:63:c5:2b:95:60:b0:
54:7a:f0:3a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZk0KRxK3JwcP1ZzQvlJ7moJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNjc4NDY5NTc0YWNjMDNkNzgyZTYzMjgxZmY0NGZhYWFi
M2Y4NDcwHhcNMjUwOTEwMTUwNTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2U4NmI4NzViZDQ3OGIzOThlZDRkZTQ4ZDZkMDhlZTBmODY1M2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6Ug+y/hdCQWOjIgdt0zE0RtCUSY
qpd3Ve4y1kLJWb/U1/OEblpgzxGS+vHwAGLvrk0SCj+6O629f9BuvfRVnkSu4xjw
8HbUapRaeodPc33fcUz56/KMVqxu001WHpq3/oKflYi9s0/CHrB+X+Cs5gGjNrsJ
U7XSGrpomJSm6ybQpplDJAW3LTbF0jiuURNwJ/cnPZhQgwdosbL3U6EXGlkRhI+9
GnA0hLZweXmL5o5d/K5AY/PgeVb7tM+rG9LKa8EViuNyG646V9yVIOak9j36t1h7
6TbzPsZeatlFrAu4IUOBG+6IFikMIgqfYOgURIP8BHXaM5o/J4jkzjH57QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFHfoa4db1HizmO1N5I1tCO4PhlPMMB8GA1UdIwQY
MBaAFO9nhGlXSswD14LmMoH/RPqqs/hHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzJlRWFWZEt6QVBYZ3VZeWdmOUUtcXF6LUVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iNDY3M2ItMjEwYi00ZTVhLTg3NmEt
ZGMwNTllNjliMWQwLzEvZC1ocmgxdlVlTE9ZN1Uza2pXMEk3Zy1HVTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iNDY3M2ItMjEwYi00ZTVhLTg3NmEtZGMwNTllNjliMWQw
LzEvNzJlRWFWZEt6QVBYZ3VZeWdmOUUtcXF6LUVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCAjiMAwQC
Vm7MAwQBWeiuAwQCuaHsMA0EAgACMAcDBQAqCcVAMA0GCSqGSIb3DQEBCwUAA4IB
AQC7o6tlvYmvk36d/pkx0vbURBBckWrjBeevZxxtalv1CFbFwuZ0AW5XPMtTWKYC
ae1CkA1RpDFIk2F5YhEVI5IYrZbJOS3fPddSGaShdHp6dkfoJTqIEIY98HDMwEDF
y4LiX4ayge8e5eYRXNNy8DEQhRi1z/nKXm+bTZEwFtUD2Q0DjtkMnxF7Qdvt9kIg
sffV1jTKM86NrtR7he1EMwFoJBmhXb7vWUGKe/cqaV6EmEx9Z5YyOyEtorYhmCWd
FxA3WrvDOEDv63C60hfVetfjZikrXpxvY8oIjqqYF75WTSRTlJ+X/CfKX9K5SrnG
/0V5Vyj/ejFjxSuVYLBUevA6
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:03:40 2025 by rpki-client