Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/7zcAil_LUdheYnXQGsQL8-GE-qI.roa
File: 7zcAil_LUdheYnXQGsQL8-GE-qI.roa (raw, json)
Hash identifier: rj4mS77o/JoUJXYfSLaZkkJ2kPX9MDMtqB2tizVMUrE=
Subject key identifier: EF:37:00:8A:5F:CB:51:D8:5E:62:75:D0:1A:C4:0B:F3:E1:84:FA:A2
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 0197783C782BE4DA6AEF2A89F5F9BD7FA752
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/7zcAil_LUdheYnXQGsQL8-GE-qI.roa
Signing time: Mon 16 Jun 2025 10:15:18 +0000
ROA not before: Mon 16 Jun 2025 10:15:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.86.6.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
185.254.31.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:78:3c:78:2b:e4:da:6a:ef:2a:89:f5:f9:bd:7f:a7:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jun 16 10:15:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ef37008a5fcb51d85e6275d01ac40bf3e184faa2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:24:5e:a1:0d:59:25:16:ed:89:c8:5b:63:e1:
95:d9:4b:6f:09:17:55:41:41:5d:3e:eb:ac:0e:fb:
67:e6:4f:6e:d7:fa:a7:0b:67:47:24:1f:9f:d4:56:
e6:b1:79:ce:00:79:b1:97:bb:37:18:33:95:6c:2c:
09:2b:d6:e1:13:7a:b1:8b:87:1d:10:f4:ff:d5:33:
71:12:5c:07:09:e4:d0:ee:16:56:a2:15:2b:e8:6f:
c1:e2:6f:8f:c0:cf:c9:42:ba:18:a0:46:25:da:31:
62:5f:0a:d9:c2:3d:bf:fa:5f:51:55:f3:6b:e6:7e:
d4:ea:a7:dc:03:1d:f7:73:8d:a6:c2:25:ca:c1:c1:
84:e7:db:e8:b6:43:f2:44:61:11:40:7f:54:81:0f:
aa:6f:a8:e5:31:e4:9c:67:03:c3:b6:9f:48:e1:76:
f0:ca:da:7f:9c:f2:82:07:fc:f9:64:fd:2b:0d:ff:
68:3e:b5:3b:f9:b9:dd:1c:8d:31:a0:71:6f:d6:a0:
c6:ac:88:99:56:f2:47:05:a8:e3:da:e4:2d:69:49:
3b:c2:a7:ed:82:b3:23:50:f3:9c:60:90:9e:32:df:
86:5a:6e:46:f0:b1:6f:e2:bc:55:10:05:a2:30:d1:
76:0c:5c:a4:b8:18:cb:ab:e3:01:75:1a:bf:d0:3f:
5a:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:37:00:8A:5F:CB:51:D8:5E:62:75:D0:1A:C4:0B:F3:E1:84:FA:A2
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/7zcAil_LUdheYnXQGsQL8-GE-qI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.86.6.0/24
185.254.28.0/23
185.254.31.0/24
193.35.152.0/24
Signature Algorithm: sha256WithRSAEncryption
b3:f0:b4:6b:4f:a5:67:b2:8c:bd:e6:70:50:fb:c3:7f:14:24:
78:62:10:65:74:f0:1d:ca:70:9b:62:01:e1:21:6f:c3:b5:aa:
22:ba:a0:24:2f:e0:8a:b2:b3:48:e6:c6:bb:b0:f9:73:e5:4d:
54:b0:4b:d0:6a:60:67:42:c4:ac:85:19:83:c5:05:c6:d9:11:
c1:64:8d:e5:82:96:d0:40:eb:72:74:8f:25:f6:15:15:c8:e0:
21:cb:5d:21:87:af:02:d4:c2:89:06:55:4c:e4:31:e9:32:41:
2e:68:24:ca:8c:27:c5:80:ec:9b:0a:82:ed:72:03:c9:0e:11:
74:65:ba:31:81:89:be:49:aa:92:a9:c2:5e:85:ef:09:55:b1:
d6:11:ce:76:55:30:f3:6c:95:e0:7d:6b:de:af:d9:a3:36:bf:
73:6b:5a:7f:97:e6:d8:90:3d:cf:97:c6:11:f1:53:f8:82:a2:
9f:60:af:34:35:22:ea:e7:76:e3:68:42:62:ea:66:92:17:5a:
a0:ef:16:77:15:d9:4a:cd:34:b9:97:d0:d5:d8:7f:c6:d8:25:
05:c3:7f:72:5b:c5:c3:14:2d:92:39:68:16:fd:a0:7e:78:7b:
9a:17:85:1a:2b:1b:7f:84:06:2d:fc:26:f8:d5:fd:da:cf:cc:
bf:df:09:c8
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZd4PHgr5Npq7yqJ9fm9f6dSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNjE2MTAxNTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjM3MDA4YTVmY2I1MWQ4NWU2Mjc1ZDAxYWM0MGJmM2UxODRmYWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CReoQ1ZJRbtichbY+GV2UtvCRdV
QUFdPuusDvtn5k9u1/qnC2dHJB+f1FbmsXnOAHmxl7s3GDOVbCwJK9bhE3qxi4cd
EPT/1TNxElwHCeTQ7hZWohUr6G/B4m+PwM/JQroYoEYl2jFiXwrZwj2/+l9RVfNr
5n7U6qfcAx33c42mwiXKwcGE59votkPyRGERQH9UgQ+qb6jlMeScZwPDtp9I4Xbw
ytp/nPKCB/z5ZP0rDf9oPrU7+bndHI0xoHFv1qDGrIiZVvJHBajj2uQtaUk7wqft
grMjUPOcYJCeMt+GWm5G8LFv4rxVEAWiMNF2DFykuBjLq+MBdRq/0D9aDQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFO83AIpfy1HYXmJ10BrEC/PhhPqiMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvN3pjQWlsX0xVZGhlWW5YUUdzUUw4LUdFLXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBABt7DED
BAJt7DADBAC5VgYDBAG5/hwDBAC5/h8DBADBI5gwDQYJKoZIhvcNAQELBQADggEB
ALPwtGtPpWeyjL3mcFD7w38UJHhiEGV08B3KcJtiAeEhb8O1qiK6oCQv4Iqys0jm
xruw+XPlTVSwS9BqYGdCxKyFGYPFBcbZEcFkjeWCltBA63J0jyX2FRXI4CHLXSGH
rwLUwokGVUzkMekyQS5oJMqMJ8WA7JsKgu1yA8kOEXRlujGBib5JqpKpwl6F7wlV
sdYRznZVMPNsleB9a96v2aM2v3NrWn+X5tiQPc+XxhHxU/iCop9grzQ1IurnduNo
QmLqZpIXWqDvFncV2UrNNLmX0NXYf8bYJQXDf3JbxcMULZI5aBb9oH54e5oXhRor
G3+EBi38JvjV/drPzL/fCcg=
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:52:37 2025 by rpki-client