Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/OvxdZUL7-yIQWzcFYUnAa1c12II.roa
File: OvxdZUL7-yIQWzcFYUnAa1c12II.roa (raw, json)
Hash identifier: mxKl5svIy2E+onAWkycoeHXKh2w+Zk+8kzX+IQMshAU=
Subject key identifier: 3A:FC:5D:65:42:FB:FB:22:10:5B:37:05:61:49:C0:6B:57:35:D8:82
Certificate issuer: /CN=02b610cd43bafced91480fabfdcaae82049fbf71
Certificate serial: 019883D521407F2C008A9B64A8023D12C3F4
Authority key identifier: 02:B6:10:CD:43:BA:FC:ED:91:48:0F:AB:FD:CA:AE:82:04:9F:BF:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ArYQzUO6_O2RSA-r_cquggSfv3E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/OvxdZUL7-yIQWzcFYUnAa1c12II.roa
Signing time: Thu 07 Aug 2025 09:20:39 +0000
ROA not before: Thu 07 Aug 2025 09:20:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197068
IP address blocks: 45.152.114.0/24 maxlen: 24
45.152.115.0/24 maxlen: 24
193.23.55.0/24 maxlen: 24
193.43.79.0/24 maxlen: 24
193.43.91.0/24 maxlen: 24
193.43.94.0/24 maxlen: 24
195.43.92.0/23 maxlen: 24
2a03:70c1::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/ArYQzUO6_O2RSA-r_cquggSfv3E.crl
rsync://rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/ArYQzUO6_O2RSA-r_cquggSfv3E.mft
rsync://rpki.ripe.net/repository/DEFAULT/ArYQzUO6_O2RSA-r_cquggSfv3E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 03:02:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:83:d5:21:40:7f:2c:00:8a:9b:64:a8:02:3d:12:c3:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02b610cd43bafced91480fabfdcaae82049fbf71
Validity
Not Before: Aug 7 09:20:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3afc5d6542fbfb22105b37056149c06b5735d882
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:8b:54:a9:5d:92:ae:61:f4:40:44:0f:37:97:
0a:ce:9f:6d:c0:c7:60:f4:a6:34:e9:d5:d9:6d:94:
a0:e1:a6:dc:46:f7:ab:88:a4:52:4d:50:dd:fb:46:
16:4a:59:e6:90:39:4e:76:0f:25:69:b5:01:3c:4e:
75:0b:3e:ec:a2:46:00:47:dc:7d:ec:e4:65:5a:b5:
71:44:7a:f5:ec:db:4f:08:30:07:9f:46:5c:e3:f0:
5c:be:c8:6c:f7:23:e8:9a:30:b1:60:c5:f0:cf:4b:
15:cc:09:d2:ff:90:e1:0f:60:98:d7:49:f8:f6:31:
61:0a:e2:10:7a:a9:10:1a:87:0b:dd:4d:30:27:af:
99:83:85:ee:91:97:c7:9c:fb:99:a1:77:69:cf:8c:
44:e7:8d:88:29:13:5e:04:0e:a2:b6:7f:7f:c0:40:
4a:f6:fd:15:15:11:0f:cb:08:6c:ce:00:51:ed:34:
3a:d7:08:e5:7d:21:a6:db:cd:c7:82:b5:86:9d:18:
d9:40:15:e6:e5:ef:10:95:e4:73:44:ee:3d:fb:88:
3c:59:e4:7a:35:76:5e:6e:d5:d7:8a:93:8d:f9:9b:
88:ce:92:76:4d:37:4e:57:4a:c7:66:40:73:3c:9d:
d6:cc:76:c2:5f:6f:68:30:c7:dd:4e:c5:24:32:e7:
6f:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:FC:5D:65:42:FB:FB:22:10:5B:37:05:61:49:C0:6B:57:35:D8:82
X509v3 Authority Key Identifier:
keyid:02:B6:10:CD:43:BA:FC:ED:91:48:0F:AB:FD:CA:AE:82:04:9F:BF:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArYQzUO6_O2RSA-r_cquggSfv3E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/OvxdZUL7-yIQWzcFYUnAa1c12II.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/e3decc-3ef7-4cb2-81d1-9013ca996b16/1/ArYQzUO6_O2RSA-r_cquggSfv3E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.152.114.0/23
193.23.55.0/24
193.43.79.0/24
193.43.91.0/24
193.43.94.0/24
195.43.92.0/23
IPv6:
2a03:70c1::/32
Signature Algorithm: sha256WithRSAEncryption
3c:ff:e4:75:bf:76:db:40:d1:5e:ca:1c:c5:ed:d8:38:68:6c:
e7:af:d0:12:89:8e:25:82:c9:66:a1:4b:a4:5b:22:d7:42:08:
99:9f:19:db:8a:61:24:38:5d:78:e4:f3:0b:ce:62:14:28:16:
83:e6:9e:bf:aa:75:1f:7e:72:d1:a7:c0:61:93:e1:97:7e:49:
63:49:10:fe:59:f0:bd:5b:cd:41:46:82:73:f1:6d:48:ae:8f:
23:ed:00:81:be:52:9e:ab:5b:a6:70:dc:17:c2:8a:ab:f2:91:
53:c5:15:f1:7e:be:62:c3:76:9b:36:77:07:aa:74:97:fd:d3:
e0:c7:8f:a8:7e:a6:72:9e:c4:6b:f1:7f:c4:cb:7f:56:2c:ba:
9b:88:ef:2f:e8:9c:9a:ac:06:ae:41:c7:d0:4a:44:cb:b6:0c:
8c:bf:f9:75:94:b2:03:d3:d3:ca:80:4e:dd:41:74:9b:58:f2:
34:0f:61:f1:6b:35:60:02:26:c0:75:66:68:ae:3b:1d:b2:fc:
4f:3e:69:51:12:54:e6:6a:a0:33:de:66:72:df:04:51:d2:38:
aa:6d:35:d8:44:70:24:40:40:9f:8f:67:b8:b2:ea:5a:f3:ba:
03:6c:fe:86:ad:31:a9:a7:17:fe:fb:41:02:0b:c1:ec:6a:8a:
8a:e5:40:ce
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZiD1SFAfywAiptkqAI9EsP0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYjYxMGNkNDNiYWZjZWQ5MTQ4MGZhYmZkY2FhZTgyMDQ5
ZmJmNzEwHhcNMjUwODA3MDkyMDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWZjNWQ2NTQyZmJmYjIyMTA1YjM3MDU2MTQ5YzA2YjU3MzVkODgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApotUqV2SrmH0QEQPN5cKzp9twMdg
9KY06dXZbZSg4abcRveriKRSTVDd+0YWSlnmkDlOdg8labUBPE51Cz7sokYAR9x9
7ORlWrVxRHr17NtPCDAHn0Zc4/Bcvshs9yPomjCxYMXwz0sVzAnS/5DhD2CY10n4
9jFhCuIQeqkQGocL3U0wJ6+Zg4XukZfHnPuZoXdpz4xE542IKRNeBA6itn9/wEBK
9v0VFREPywhszgBR7TQ61wjlfSGm283HgrWGnRjZQBXm5e8QleRzRO49+4g8WeR6
NXZebtXXipON+ZuIzpJ2TTdOV0rHZkBzPJ3WzHbCX29oMMfdTsUkMudvhwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDr8XWVC+/siEFs3BWFJwGtXNdiCMB8GA1UdIwQY
MBaAFAK2EM1DuvztkUgPq/3KroIEn79xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJZUXpVTzZfTzJSU0Etcl9jcXVnZ1NmdjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lM2RlY2MtM2VmNy00Y2IyLTgxZDEt
OTAxM2NhOTk2YjE2LzEvT3Z4ZFpVTDcteUlRV3pjRllVbkFhMWMxMklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lM2RlY2MtM2VmNy00Y2IyLTgxZDEtOTAxM2NhOTk2YjE2
LzEvQXJZUXpVTzZfTzJSU0Etcl9jcXVnZ1NmdjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQBLZhyAwQA
wRc3AwQAwStPAwQAwStbAwQAwSteAwQBwytcMA0EAgACMAcDBQAqA3DBMA0GCSqG
SIb3DQEBCwUAA4IBAQA8/+R1v3bbQNFeyhzF7dg4aGznr9ASiY4lgslmoUukWyLX
QgiZnxnbimEkOF145PMLzmIUKBaD5p6/qnUffnLRp8Bhk+GXfkljSRD+WfC9W81B
RoJz8W1Iro8j7QCBvlKeq1umcNwXwoqr8pFTxRXxfr5iw3abNncHqnSX/dPgx4+o
fqZynsRr8X/Ey39WLLqbiO8v6JyarAauQcfQSkTLtgyMv/l1lLID09PKgE7dQXSb
WPI0D2HxazVgAibAdWZorjsdsvxPPmlRElTmaqAz3mZy3wRR0jiqbTXYRHAkQECf
j2e4supa87oDbP6GrTGppxf++0ECC8HsaoqK5UDO
-----END CERTIFICATE-----
Generated at Sat Aug 23 13:17:12 2025 by rpki-client