Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/e73f16-45d2-43c1-a4af-5cf9194d1702/1/kPyw78W3vAy4mQl3NXjpt1MepRc.roa
File: kPyw78W3vAy4mQl3NXjpt1MepRc.roa (raw, json)
Hash identifier: u8KAvtGZKGr7dbs+3GKBT4RIYYyEwMSs07RwUnPLdS0=
Subject key identifier: 90:FC:B0:EF:C5:B7:BC:0C:B8:99:09:77:35:78:E9:B7:53:1E:A5:17
Certificate issuer: /CN=8323f49d6cc650cd6d65482348e1d6d0b8fd7eaa
Certificate serial: 019934198E13F4DF9F3B76BEA849B2585DCF
Authority key identifier: 83:23:F4:9D:6C:C6:50:CD:6D:65:48:23:48:E1:D6:D0:B8:FD:7E:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gyP0nWzGUM1tZUgjSOHW0Lj9fqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/e73f16-45d2-43c1-a4af-5cf9194d1702/1/kPyw78W3vAy4mQl3NXjpt1MepRc.roa
Signing time: Wed 10 Sep 2025 14:48:33 +0000
ROA not before: Wed 10 Sep 2025 14:48:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24608
IP address blocks: 2.156.0.0/16 maxlen: 16
2.157.0.0/16 maxlen: 16
2.158.0.0/16 maxlen: 16
2.159.0.0/16 maxlen: 16
5.84.0.0/16 maxlen: 16
5.85.0.0/16 maxlen: 16
5.86.0.0/16 maxlen: 16
5.87.0.0/16 maxlen: 16
31.188.0.0/16 maxlen: 16
31.189.0.0/16 maxlen: 16
37.226.0.0/15 maxlen: 16
37.226.0.0/16 maxlen: 16
37.227.0.0/16 maxlen: 16
62.13.160.0/19 maxlen: 19
185.97.108.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/60/e73f16-45d2-43c1-a4af-5cf9194d1702/1/gyP0nWzGUM1tZUgjSOHW0Lj9fqo.crl
rsync://rpki.ripe.net/repository/DEFAULT/60/e73f16-45d2-43c1-a4af-5cf9194d1702/1/gyP0nWzGUM1tZUgjSOHW0Lj9fqo.mft
rsync://rpki.ripe.net/repository/DEFAULT/gyP0nWzGUM1tZUgjSOHW0Lj9fqo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:34:19:8e:13:f4:df:9f:3b:76:be:a8:49:b2:58:5d:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8323f49d6cc650cd6d65482348e1d6d0b8fd7eaa
Validity
Not Before: Sep 10 14:48:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=90fcb0efc5b7bc0cb89909773578e9b7531ea517
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:b4:35:4e:f3:ac:95:85:fa:77:16:4c:63:f0:
b8:fa:9d:89:5c:8b:29:31:a7:08:3a:29:e0:cf:d2:
18:68:2c:88:79:c0:e2:fd:58:eb:0a:a9:1c:98:96:
42:0a:f5:d2:51:b9:ea:9a:09:72:d6:d7:fb:74:95:
de:dd:ef:51:3b:b6:7c:d8:45:b3:ca:d4:30:39:16:
c8:cc:36:01:f3:90:b1:64:81:7b:c4:eb:18:65:6a:
70:c2:46:30:38:25:70:98:9a:fa:8b:cb:d9:8d:f3:
a7:f3:5d:f2:3d:2a:33:5a:ac:8c:4a:c9:e8:17:f5:
36:1d:ea:c4:47:a3:7a:13:db:a5:d1:e6:5c:f2:21:
a3:4d:cb:0f:a8:18:02:27:38:c7:20:0c:98:bd:5b:
ee:23:4b:d5:90:45:45:02:ed:f2:d0:a9:49:d2:6d:
88:81:df:4f:4f:47:c9:da:e5:6e:0c:37:41:b4:d2:
de:ad:98:43:cc:70:a1:12:db:d0:0a:70:ae:5a:bb:
11:c9:b1:67:1a:94:85:16:71:48:57:4b:99:f3:e0:
6c:8e:c1:d9:ff:3a:31:b1:e4:9b:50:fb:b2:27:5f:
25:a1:d2:31:49:a6:d9:7f:00:d0:57:75:99:24:53:
6d:35:72:81:6f:c7:c7:7a:55:fa:37:a4:31:22:d7:
9b:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:FC:B0:EF:C5:B7:BC:0C:B8:99:09:77:35:78:E9:B7:53:1E:A5:17
X509v3 Authority Key Identifier:
keyid:83:23:F4:9D:6C:C6:50:CD:6D:65:48:23:48:E1:D6:D0:B8:FD:7E:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gyP0nWzGUM1tZUgjSOHW0Lj9fqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/e73f16-45d2-43c1-a4af-5cf9194d1702/1/kPyw78W3vAy4mQl3NXjpt1MepRc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/e73f16-45d2-43c1-a4af-5cf9194d1702/1/gyP0nWzGUM1tZUgjSOHW0Lj9fqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.156.0.0/14
5.84.0.0/14
31.188.0.0/15
37.226.0.0/15
62.13.160.0/19
185.97.108.0/22
Signature Algorithm: sha256WithRSAEncryption
84:9a:76:ec:77:e5:c0:4e:f7:64:a7:65:c5:b4:03:19:2a:50:
03:2f:28:de:11:fb:fe:2f:bb:90:e3:04:83:68:d1:c6:86:6a:
4d:93:36:46:16:5d:ae:3a:fd:35:a3:3e:10:6d:0a:65:5d:ea:
ca:23:f5:04:e4:31:10:da:12:3f:48:53:3f:8a:d0:30:f6:4d:
0f:63:7a:c5:32:f8:0d:09:c3:98:87:75:c4:81:04:67:e9:07:
ed:ab:0e:ed:e6:65:de:c6:d4:f1:46:2d:8e:57:df:0a:83:0d:
60:99:01:61:dd:a1:d2:a1:ca:f6:81:c4:86:2d:cf:66:8f:58:
cd:36:84:8f:ff:35:5e:d4:1d:e3:b5:b5:65:c4:0c:80:7e:de:
4b:f5:f5:a7:3d:63:64:95:d4:e4:8d:05:93:64:45:66:6b:a4:
70:e8:2d:19:52:b9:20:f5:b5:9a:5a:01:08:98:52:d2:5d:73:
31:3b:90:90:68:ab:5c:1e:a6:ec:2b:7b:92:0d:88:32:aa:b4:
3c:e1:79:40:3a:e5:07:9f:a6:18:af:46:e6:f2:33:e0:59:5d:
08:d6:b2:24:b6:7e:28:3e:16:93:05:a8:4a:ad:4b:c6:6f:01:
30:59:c4:7e:87:c5:c8:c0:7a:5a:28:02:92:c8:e9:81:c9:d8:
b8:27:b2:52
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZk0GY4T9N+fO3a+qEmyWF3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMjNmNDlkNmNjNjUwY2Q2ZDY1NDgyMzQ4ZTFkNmQwYjhm
ZDdlYWEwHhcNMjUwOTEwMTQ0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGZjYjBlZmM1YjdiYzBjYjg5OTA5NzczNTc4ZTliNzUzMWVhNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbQ1TvOslYX6dxZMY/C4+p2JXIsp
MacIOingz9IYaCyIecDi/VjrCqkcmJZCCvXSUbnqmgly1tf7dJXe3e9RO7Z82EWz
ytQwORbIzDYB85CxZIF7xOsYZWpwwkYwOCVwmJr6i8vZjfOn813yPSozWqyMSsno
F/U2HerER6N6E9ul0eZc8iGjTcsPqBgCJzjHIAyYvVvuI0vVkEVFAu3y0KlJ0m2I
gd9PT0fJ2uVuDDdBtNLerZhDzHChEtvQCnCuWrsRybFnGpSFFnFIV0uZ8+BsjsHZ
/zoxseSbUPuyJ18lodIxSabZfwDQV3WZJFNtNXKBb8fHelX6N6QxItebfwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJD8sO/Ft7wMuJkJdzV46bdTHqUXMB8GA1UdIwQY
MBaAFIMj9J1sxlDNbWVII0jh1tC4/X6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3lQMG5XekdVTTF0WlVnalNPSFcwTGo5ZnFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lNzNmMTYtNDVkMi00M2MxLWE0YWYt
NWNmOTE5NGQxNzAyLzEva1B5dzc4VzN2QXk0bVFsM05YanB0MU1lcFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lNzNmMTYtNDVkMi00M2MxLWE0YWYtNWNmOTE5NGQxNzAy
LzEvZ3lQMG5XekdVTTF0WlVnalNPSFcwTGo5ZnFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwMCApwDAwIF
VAMDAR+8AwMBJeIDBAU+DaADBAK5YWwwDQYJKoZIhvcNAQELBQADggEBAISadux3
5cBO92SnZcW0AxkqUAMvKN4R+/4vu5DjBINo0caGak2TNkYWXa46/TWjPhBtCmVd
6soj9QTkMRDaEj9IUz+K0DD2TQ9jesUy+A0Jw5iHdcSBBGfpB+2rDu3mZd7G1PFG
LY5X3wqDDWCZAWHdodKhyvaBxIYtz2aPWM02hI//NV7UHeO1tWXEDIB+3kv19ac9
Y2SV1OSNBZNkRWZrpHDoLRlSuSD1tZpaAQiYUtJdczE7kJBoq1wepuwre5INiDKq
tDzheUA65QefphivRubyM+BZXQjWsiS2fig+FpMFqEqtS8ZvATBZxH6HxcjAeloo
ApLI6YHJ2LgnslI=
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:35:35 2025 by rpki-client