Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/j1xgO_hIvyN1bDBzOqYS6suNPzQ.roa
File: j1xgO_hIvyN1bDBzOqYS6suNPzQ.roa (raw, json)
Hash identifier: nD3squlase6LCY8dCz/RdkZ25qLuoWJZ9yqzIv/Hk64=
Subject key identifier: 8F:5C:60:3B:F8:48:BF:23:75:6C:30:73:3A:A6:12:EA:CB:8D:3F:34
Certificate issuer: /CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Certificate serial: 0197A97628F97782691FF408B67DBE5E0EAC
Authority key identifier: 9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/j1xgO_hIvyN1bDBzOqYS6suNPzQ.roa
Signing time: Wed 25 Jun 2025 23:39:42 +0000
ROA not before: Wed 25 Jun 2025 23:39:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6204
IP address blocks: 103.246.249.0/24 maxlen: 24
205.237.108.0/24 maxlen: 24
2a12:3200:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.mft
rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 13:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:a9:76:28:f9:77:82:69:1f:f4:08:b6:7d:be:5e:0e:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Validity
Not Before: Jun 25 23:39:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8f5c603bf848bf23756c30733aa612eacb8d3f34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:1d:16:4e:2e:6d:f5:04:a0:68:1a:ca:f6:e4:
27:99:49:42:66:59:bc:95:2a:38:7d:cd:66:35:9b:
de:63:fc:61:04:16:62:f3:f6:ee:fa:28:5e:f8:b4:
85:3b:a1:0d:01:f1:84:cb:cd:02:8b:c8:35:cd:2b:
93:b8:da:d6:15:4f:df:a4:a9:29:f1:f7:4c:b8:ce:
5f:e2:a7:91:9e:e9:83:44:a7:7f:e9:6b:6e:dc:17:
7c:0b:a4:dc:ce:8a:40:c5:8f:ee:87:e8:69:b0:c9:
c4:0b:d9:3a:35:a0:d8:17:33:55:89:eb:3a:34:27:
d8:b1:c6:89:6c:a8:4e:0f:b1:21:0b:5c:bb:2c:3f:
f5:f5:ae:f1:15:83:74:12:68:21:8f:28:8e:f5:b5:
41:ae:5e:d7:e9:18:c8:d0:ea:50:c9:59:73:16:c3:
66:d5:8e:30:76:81:ae:71:ce:e5:c5:09:e5:33:94:
30:64:a7:65:21:94:d6:52:90:10:3a:a6:b2:7d:0c:
8a:3e:ef:25:c1:21:51:00:d6:01:ef:3d:58:f9:1e:
18:6d:a8:b4:75:31:18:28:65:30:ae:67:11:da:a4:
01:90:65:3a:ac:1e:e7:1e:d1:a6:af:26:a4:1c:69:
5f:ac:00:86:a3:04:e7:2b:83:7b:27:be:88:aa:7c:
d7:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:5C:60:3B:F8:48:BF:23:75:6C:30:73:3A:A6:12:EA:CB:8D:3F:34
X509v3 Authority Key Identifier:
keyid:9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/j1xgO_hIvyN1bDBzOqYS6suNPzQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.246.249.0/24
205.237.108.0/24
IPv6:
2a12:3200:f000::/36
Signature Algorithm: sha256WithRSAEncryption
95:8d:83:6d:93:1e:91:7e:0f:e3:54:95:79:56:1f:3c:ae:b2:
be:22:77:c0:90:ea:be:0c:8b:3e:3a:0f:be:bf:e3:41:8f:c0:
3d:3f:bd:79:d9:a1:29:60:af:ad:17:80:7e:3e:4d:40:40:76:
d0:de:7f:27:37:f4:4c:9d:6b:2a:92:9d:5c:bf:de:0d:55:43:
90:b6:ad:2b:ec:e1:6b:22:7a:55:6c:b5:02:f8:cd:aa:97:1a:
ad:8f:40:01:0b:65:4d:8a:62:20:bf:26:35:85:2c:54:6d:8b:
9b:ef:4a:b9:43:05:09:85:22:7d:c8:46:4c:43:33:68:b7:5c:
20:e3:dc:2c:68:ba:f4:0b:be:08:5c:fe:93:28:44:94:f9:a0:
9f:b5:41:85:25:ee:2d:4b:ad:66:c9:d9:9e:90:c0:70:c9:9b:
eb:f1:47:94:bc:ec:2f:64:72:68:73:93:4d:f7:c9:70:30:48:
28:bd:e1:50:bd:25:00:14:05:68:0d:d5:ff:2f:80:e2:65:d7:
97:f3:83:66:f1:34:e3:87:0d:a9:04:fc:29:d3:a0:26:8b:fd:
39:5c:7b:31:83:03:8e:c8:77:38:33:3d:81:2c:e9:29:aa:c1:
c5:c8:fe:a4:9d:75:2a:70:78:47:e9:d6:97:bf:2b:55:87:9c:
54:45:56:ab
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZepdij5d4JpH/QItn2+Xg6sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjUwZTUzODZjODA5YTBmYWU2NTMwYWE1ZThkOTgyNTI1
MWRlZDAwHhcNMjUwNjI1MjMzOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjVjNjAzYmY4NDhiZjIzNzU2YzMwNzMzYWE2MTJlYWNiOGQzZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzh0WTi5t9QSgaBrK9uQnmUlCZlm8
lSo4fc1mNZveY/xhBBZi8/bu+ihe+LSFO6ENAfGEy80Ci8g1zSuTuNrWFU/fpKkp
8fdMuM5f4qeRnumDRKd/6Wtu3Bd8C6TczopAxY/uh+hpsMnEC9k6NaDYFzNVies6
NCfYscaJbKhOD7EhC1y7LD/19a7xFYN0EmghjyiO9bVBrl7X6RjI0OpQyVlzFsNm
1Y4wdoGucc7lxQnlM5QwZKdlIZTWUpAQOqayfQyKPu8lwSFRANYB7z1Y+R4Ybai0
dTEYKGUwrmcR2qQBkGU6rB7nHtGmryakHGlfrACGowTnK4N7J76IqnzXcwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFI9cYDv4SL8jdWwwczqmEurLjT80MB8GA1UdIwQY
MBaAFJ61DlOGyAmg+uZTCqXo2YJSUd7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUt
MWNhZGE2ZThiMWE5LzEvajF4Z09faEl2eU4xYkRCek9xWVM2c3VOUHpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUtMWNhZGE2ZThiMWE5
LzEvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQAZ/b5AwQA
ze1sMA4EAgACMAgDBgQqEjIA8DANBgkqhkiG9w0BAQsFAAOCAQEAlY2DbZMekX4P
41SVeVYfPK6yviJ3wJDqvgyLPjoPvr/jQY/APT+9edmhKWCvrReAfj5NQEB20N5/
Jzf0TJ1rKpKdXL/eDVVDkLatK+zhayJ6VWy1AvjNqpcarY9AAQtlTYpiIL8mNYUs
VG2Lm+9KuUMFCYUifchGTEMzaLdcIOPcLGi69Au+CFz+kyhElPmgn7VBhSXuLUut
ZsnZnpDAcMmb6/FHlLzsL2RyaHOTTffJcDBIKL3hUL0lABQFaA3V/y+A4mXXl/OD
ZvE044cNqQT8KdOgJov9OVx7MYMDjsh3ODM9gSzpKarBxcj+pJ11KnB4R+nWl78r
VYecVEVWqw==
-----END CERTIFICATE-----
Generated at Sun Jun 29 18:29:17 2025 by rpki-client