Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/A_iHhKALil4lTEQzAUwPF3mIEBw.roa
File: A_iHhKALil4lTEQzAUwPF3mIEBw.roa (raw, json)
Hash identifier: foFKLdP+k5Z9u1b7IqZhZYmzZ2C3HRJY7iqeg2B9yu0=
Subject key identifier: 03:F8:87:84:A0:0B:8A:5E:25:4C:44:33:01:4C:0F:17:79:88:10:1C
Certificate issuer: /CN=6ad38bd4c0d0e9f3028021984cd83556047f6398
Certificate serial: 019951B0581EC0EB34D9093DC16FFF5518A6
Authority key identifier: 6A:D3:8B:D4:C0:D0:E9:F3:02:80:21:98:4C:D8:35:56:04:7F:63:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/A_iHhKALil4lTEQzAUwPF3mIEBw.roa
Signing time: Tue 16 Sep 2025 08:42:15 +0000
ROA not before: Tue 16 Sep 2025 08:42:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 18701
IP address blocks: 138.32.24.0/22 maxlen: 22
138.32.24.0/24 maxlen: 24
138.32.25.0/24 maxlen: 24
138.32.26.0/24 maxlen: 24
138.32.168.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.crl
rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.mft
rsync://rpki.ripe.net/repository/DEFAULT/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:51:b0:58:1e:c0:eb:34:d9:09:3d:c1:6f:ff:55:18:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ad38bd4c0d0e9f3028021984cd83556047f6398
Validity
Not Before: Sep 16 08:42:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=03f88784a00b8a5e254c4433014c0f177988101c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:a1:6f:57:b4:68:69:23:6c:ba:6d:7c:43:74:
ba:51:ad:2b:c9:78:b9:71:ae:d4:08:ea:e4:8e:b8:
74:d8:d7:bc:fc:b0:65:da:68:04:e6:f0:a2:d9:26:
55:60:0e:df:39:31:94:fd:3c:87:3f:20:c6:77:5e:
92:8d:e3:57:15:62:99:c9:ee:d1:2e:00:58:56:fc:
c9:52:85:f4:9c:f9:2d:d1:ac:47:2f:c2:5e:22:53:
46:67:2a:0e:d5:70:82:91:c7:92:73:64:34:8d:da:
3f:c2:3a:6f:e7:4c:84:c3:d3:ea:1a:8a:1c:6d:89:
42:e6:e5:27:aa:52:f9:e1:d8:cc:39:5a:c2:48:9e:
3b:9e:60:53:7f:7a:2a:c6:c2:65:a1:20:d6:c7:0c:
71:c2:e8:1c:c9:87:8b:7e:ca:4a:ff:ac:50:2c:c6:
d8:13:ef:16:2a:5a:f2:4e:3e:92:18:b1:ed:4d:6b:
94:04:91:23:06:f5:2e:32:71:a3:28:cf:c2:e2:77:
15:f7:58:40:72:42:31:59:15:6d:04:ce:77:7e:b0:
41:d3:38:38:09:4e:b1:bb:59:34:90:84:9d:2e:28:
92:a3:99:c6:b2:89:99:57:63:3c:8d:dc:ef:ab:90:
66:b6:70:37:d8:fd:a5:60:db:3a:57:b3:62:d9:b6:
94:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:F8:87:84:A0:0B:8A:5E:25:4C:44:33:01:4C:0F:17:79:88:10:1C
X509v3 Authority Key Identifier:
keyid:6A:D3:8B:D4:C0:D0:E9:F3:02:80:21:98:4C:D8:35:56:04:7F:63:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/A_iHhKALil4lTEQzAUwPF3mIEBw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.32.24.0/22
138.32.168.0/22
Signature Algorithm: sha256WithRSAEncryption
23:5d:c5:64:67:b9:80:3b:fc:af:fd:30:12:b1:42:46:37:9e:
50:7b:4f:d7:f8:a5:a3:83:8a:98:4d:14:55:5e:0d:36:a6:71:
3f:d0:53:71:72:d0:62:4e:7f:18:57:b7:a6:cd:ce:33:d4:1d:
a7:71:5c:30:33:a4:2b:0a:fa:07:fb:1f:53:e5:19:44:04:e0:
75:da:ff:ae:e4:f7:44:67:fc:17:5f:fb:83:ee:de:bf:79:6c:
7a:49:54:30:67:c0:ee:da:ae:0e:82:3c:bb:f7:79:9c:7a:a9:
46:94:06:66:6a:1a:21:cb:a0:38:dc:ed:0a:3a:03:0f:8d:0f:
e9:52:1b:ff:cf:51:48:73:ee:1f:1a:05:f8:04:fa:97:4b:27:
8d:0b:1a:b4:0e:0b:4f:58:30:ce:02:fc:5f:c1:91:fe:8c:4e:
a2:e5:f2:00:76:f8:6d:9b:d9:3b:d8:86:d9:e4:c9:3f:43:1f:
be:2f:8c:4d:1e:18:da:28:e6:ac:72:d9:bf:1d:72:1d:42:82:
f7:31:b5:77:16:68:3c:31:6c:1c:9e:56:84:52:82:15:32:50:
10:db:b7:e9:6f:ef:51:88:03:31:b1:1c:6a:b1:53:66:4a:18:
57:ed:47:28:42:63:f4:71:65:e5:4e:ae:e3:8c:27:24:9f:30:
c0:9c:e7:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlRsFgewOs02Qk9wW//VRimMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZDM4YmQ0YzBkMGU5ZjMwMjgwMjE5ODRjZDgzNTU2MDQ3
ZjYzOTgwHhcNMjUwOTE2MDg0MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2Y4ODc4NGEwMGI4YTVlMjU0YzQ0MzMwMTRjMGYxNzc5ODgxMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7KFvV7RoaSNsum18Q3S6Ua0ryXi5
ca7UCOrkjrh02Ne8/LBl2mgE5vCi2SZVYA7fOTGU/TyHPyDGd16SjeNXFWKZye7R
LgBYVvzJUoX0nPkt0axHL8JeIlNGZyoO1XCCkceSc2Q0jdo/wjpv50yEw9PqGooc
bYlC5uUnqlL54djMOVrCSJ47nmBTf3oqxsJloSDWxwxxwugcyYeLfspK/6xQLMbY
E+8WKlryTj6SGLHtTWuUBJEjBvUuMnGjKM/C4ncV91hAckIxWRVtBM53frBB0zg4
CU6xu1k0kISdLiiSo5nGsomZV2M8jdzvq5BmtnA32P2lYNs6V7Ni2baU+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAP4h4SgC4peJUxEMwFMDxd5iBAcMB8GA1UdIwQY
MBaAFGrTi9TA0OnzAoAhmEzYNVYEf2OYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXRPTDFNRFE2Zk1DZ0NHWVROZzFWZ1JfWTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS85Mjg2MTgtMmE2OS00ZmJmLTk2Yzkt
Y2U3MDAwNzRhN2ZjLzEvQV9pSGhLQUxpbDRsVEVRekFVd1BGM21JRUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS85Mjg2MTgtMmE2OS00ZmJmLTk2YzktY2U3MDAwNzRhN2Zj
LzEvYXRPTDFNRFE2Zk1DZ0NHWVROZzFWZ1JfWTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCiiAYAwQC
iiCoMA0GCSqGSIb3DQEBCwUAA4IBAQAjXcVkZ7mAO/yv/TASsUJGN55Qe0/X+KWj
g4qYTRRVXg02pnE/0FNxctBiTn8YV7emzc4z1B2ncVwwM6QrCvoH+x9T5RlEBOB1
2v+u5PdEZ/wXX/uD7t6/eWx6SVQwZ8Du2q4Ogjy793mceqlGlAZmahohy6A43O0K
OgMPjQ/pUhv/z1FIc+4fGgX4BPqXSyeNCxq0DgtPWDDOAvxfwZH+jE6i5fIAdvht
m9k72IbZ5Mk/Qx++L4xNHhjaKOasctm/HXIdQoL3MbV3Fmg8MWwcnlaEUoIVMlAQ
27fpb+9RiAMxsRxqsVNmShhX7UcoQmP0cWXlTq7jjCcknzDAnOfb
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:41 2025 by rpki-client