Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/d6327f-803e-47fc-8e25-44311f9cb856/1/IbWAiMp66FrrjCqKdb7PL52gYqc.roa
File: IbWAiMp66FrrjCqKdb7PL52gYqc.roa (raw, json)
Hash identifier: ZvFHwkqxl1Y1UkoOepo0AdZCTZvXFwyowt6Ue0U0AQc=
Subject key identifier: 21:B5:80:88:CA:7A:E8:5A:EB:8C:2A:8A:75:BE:CF:2F:9D:A0:62:A7
Certificate issuer: /CN=dd189621d2fa872166e6a05ee47a7d756243e919
Certificate serial: 0197F49276886363061FBFB36154A11EFDC9
Authority key identifier: DD:18:96:21:D2:FA:87:21:66:E6:A0:5E:E4:7A:7D:75:62:43:E9:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3RiWIdL6hyFm5qBe5Hp9dWJD6Rk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/53/d6327f-803e-47fc-8e25-44311f9cb856/1/IbWAiMp66FrrjCqKdb7PL52gYqc.roa
Signing time: Thu 10 Jul 2025 13:42:08 +0000
ROA not before: Thu 10 Jul 2025 13:42:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15751
IP address blocks: 109.125.0.0/18 maxlen: 18
185.51.72.0/22 maxlen: 23
212.129.64.0/24 maxlen: 24
212.129.66.0/23 maxlen: 23
212.129.68.0/22 maxlen: 22
212.129.72.0/21 maxlen: 21
212.129.80.0/20 maxlen: 20
2a01:b340::/29 maxlen: 32
2a01:b340::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/53/d6327f-803e-47fc-8e25-44311f9cb856/1/3RiWIdL6hyFm5qBe5Hp9dWJD6Rk.crl
rsync://rpki.ripe.net/repository/DEFAULT/53/d6327f-803e-47fc-8e25-44311f9cb856/1/3RiWIdL6hyFm5qBe5Hp9dWJD6Rk.mft
rsync://rpki.ripe.net/repository/DEFAULT/3RiWIdL6hyFm5qBe5Hp9dWJD6Rk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 10:02:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f4:92:76:88:63:63:06:1f:bf:b3:61:54:a1:1e:fd:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd189621d2fa872166e6a05ee47a7d756243e919
Validity
Not Before: Jul 10 13:42:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=21b58088ca7ae85aeb8c2a8a75becf2f9da062a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:a5:f2:4a:84:9d:36:43:5a:39:d2:0e:ed:37:
fd:f3:0a:80:ed:c3:ac:d2:a8:90:41:e0:b4:7f:ca:
9f:d1:d8:43:e4:d2:40:99:06:71:97:c8:ca:3b:b2:
09:9b:5c:bc:ba:ac:44:10:39:7a:03:2b:01:6e:6d:
7c:6d:1a:4e:9f:21:a2:42:de:4c:7e:cf:cb:ca:8c:
52:26:6e:07:48:c9:72:7c:04:2d:bd:7d:df:6c:12:
d0:f3:a0:01:c9:1e:72:cb:29:b8:46:9c:6f:30:54:
64:31:b6:57:68:9d:3f:16:cc:b8:f0:71:8c:d3:35:
2b:5d:75:0b:98:00:4a:01:d3:9b:2b:84:e3:56:b3:
57:7d:e1:66:8a:41:05:64:26:b8:82:e4:c3:f9:d7:
e1:6c:45:b7:10:b1:20:fe:eb:07:38:dc:f0:7c:90:
2a:b5:b9:f2:0f:59:22:04:1f:06:75:c9:84:42:9c:
59:b6:01:b5:b5:4b:a1:17:4f:ea:27:c6:df:6d:35:
f9:f6:66:97:a0:47:03:2f:06:90:e2:d1:ce:f4:eb:
f5:06:27:78:6b:c3:78:0c:02:75:5a:99:a2:51:dc:
f4:e9:04:d7:4f:27:dc:4c:06:82:5e:73:9f:7d:77:
84:11:a4:04:e8:f6:fb:3f:59:ea:df:e3:bb:e6:c2:
23:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:B5:80:88:CA:7A:E8:5A:EB:8C:2A:8A:75:BE:CF:2F:9D:A0:62:A7
X509v3 Authority Key Identifier:
keyid:DD:18:96:21:D2:FA:87:21:66:E6:A0:5E:E4:7A:7D:75:62:43:E9:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3RiWIdL6hyFm5qBe5Hp9dWJD6Rk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/d6327f-803e-47fc-8e25-44311f9cb856/1/IbWAiMp66FrrjCqKdb7PL52gYqc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/53/d6327f-803e-47fc-8e25-44311f9cb856/1/3RiWIdL6hyFm5qBe5Hp9dWJD6Rk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.125.0.0/18
185.51.72.0/22
212.129.64.0/24
212.129.66.0-212.129.95.255
IPv6:
2a01:b340::/29
Signature Algorithm: sha256WithRSAEncryption
15:91:72:25:9d:e9:8f:1f:e0:90:3c:46:e6:a6:0b:a1:4b:5c:
e1:72:3b:31:c1:df:51:46:81:bd:a3:40:ee:81:e9:23:2c:2e:
14:b0:ee:d3:84:4f:8f:92:de:9b:eb:af:f3:71:e5:12:60:7e:
32:ac:58:4a:04:62:e6:7a:64:f2:46:de:67:2c:f2:8c:ba:15:
72:3d:6d:4c:49:ea:08:b9:6d:b2:ba:95:54:50:87:b5:06:9f:
02:ec:8b:5d:65:c8:90:cc:e6:1b:56:15:c8:7c:2b:45:32:4a:
8e:01:0f:b8:6b:5b:90:80:b2:8c:bd:6c:08:58:27:2a:4b:45:
73:7f:e3:0d:5d:89:ad:b1:83:c9:9e:de:7c:a1:b4:00:16:08:
d1:e5:bc:9e:c9:ed:0b:20:d4:45:fb:36:63:68:4b:8d:ed:2f:
0b:6a:59:74:96:84:81:87:e2:b9:1b:13:be:24:a6:8d:1a:8a:
47:45:f7:06:8a:a2:cc:90:62:18:01:6f:e6:75:43:73:3d:5a:
ac:d5:a4:19:42:5d:4f:69:1a:5d:12:cc:be:0a:5c:ed:ce:49:
90:e0:6c:9e:63:25:04:cf:92:00:2e:e4:a1:95:eb:f9:99:a9:
5c:28:2a:a5:93:9e:58:00:e1:ee:a6:26:e7:4c:bd:ea:5f:fc:
92:8f:c7:d7
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZf0knaIY2MGH7+zYVShHv3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMTg5NjIxZDJmYTg3MjE2NmU2YTA1ZWU0N2E3ZDc1NjI0
M2U5MTkwHhcNMjUwNzEwMTM0MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWI1ODA4OGNhN2FlODVhZWI4YzJhOGE3NWJlY2YyZjlkYTA2MmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKXySoSdNkNaOdIO7Tf98wqA7cOs
0qiQQeC0f8qf0dhD5NJAmQZxl8jKO7IJm1y8uqxEEDl6AysBbm18bRpOnyGiQt5M
fs/LyoxSJm4HSMlyfAQtvX3fbBLQ86AByR5yyym4RpxvMFRkMbZXaJ0/Fsy48HGM
0zUrXXULmABKAdObK4TjVrNXfeFmikEFZCa4guTD+dfhbEW3ELEg/usHONzwfJAq
tbnyD1kiBB8GdcmEQpxZtgG1tUuhF0/qJ8bfbTX59maXoEcDLwaQ4tHO9Ov1Bid4
a8N4DAJ1WpmiUdz06QTXTyfcTAaCXnOffXeEEaQE6Pb7P1nq3+O75sIjOwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFCG1gIjKeuha64wqinW+zy+doGKnMB8GA1UdIwQY
MBaAFN0YliHS+ochZuagXuR6fXViQ+kZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1JpV0lkTDZoeUZtNXFCZTVIcDlkV0pENlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9kNjMyN2YtODAzZS00N2ZjLThlMjUt
NDQzMTFmOWNiODU2LzEvSWJXQWlNcDY2RnJyakNxS2RiN1BMNTJnWXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9kNjMyN2YtODAzZS00N2ZjLThlMjUtNDQzMTFmOWNiODU2
LzEvM1JpV0lkTDZoeUZtNXFCZTVIcDlkV0pENlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQGbX0AAwQC
uTNIAwQA1IFAMAwDBAHUgUIDBAXUgUAwDQQCAAIwBwMFAyoBs0AwDQYJKoZIhvcN
AQELBQADggEBABWRciWd6Y8f4JA8RuamC6FLXOFyOzHB31FGgb2jQO6B6SMsLhSw
7tOET4+S3pvrr/Nx5RJgfjKsWEoEYuZ6ZPJG3mcs8oy6FXI9bUxJ6gi5bbK6lVRQ
h7UGnwLsi11lyJDM5htWFch8K0UySo4BD7hrW5CAsoy9bAhYJypLRXN/4w1dia2x
g8me3nyhtAAWCNHlvJ7J7Qsg1EX7NmNoS43tLwtqWXSWhIGH4rkbE74kpo0aikdF
9waKosyQYhgBb+Z1Q3M9WqzVpBlCXU9pGl0SzL4KXO3OSZDgbJ5jJQTPkgAu5KGV
6/mZqVwoKqWTnlgA4e6mJudMvepf/JKPx9c=
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:35:56 2025 by rpki-client