Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/PxmoIHn8jTXCAByjL6621IFPMzY.roa
File: PxmoIHn8jTXCAByjL6621IFPMzY.roa (raw, json)
Hash identifier: HnlPWXRJdtsVWQ/mMLShC6h9nFgcIse2oc0qd7n91sE=
Subject key identifier: 3F:19:A8:20:79:FC:8D:35:C2:00:1C:A3:2F:AE:B6:D4:81:4F:33:36
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 01989FB65A186ABA1F0DDD97373F45D78E84
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/PxmoIHn8jTXCAByjL6621IFPMzY.roa
Signing time: Tue 12 Aug 2025 19:16:24 +0000
ROA not before: Tue 12 Aug 2025 19:16:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51765
IP address blocks: 170.168.28.0/24 maxlen: 24
170.168.29.0/24 maxlen: 24
170.168.30.0/24 maxlen: 24
170.168.31.0/24 maxlen: 24
170.168.96.0/24 maxlen: 24
170.168.97.0/24 maxlen: 24
170.168.98.0/24 maxlen: 24
170.168.99.0/24 maxlen: 24
170.168.172.0/24 maxlen: 24
170.168.173.0/24 maxlen: 24
170.168.174.0/24 maxlen: 24
170.168.175.0/24 maxlen: 24
170.168.240.0/24 maxlen: 24
170.168.241.0/24 maxlen: 24
170.168.242.0/24 maxlen: 24
170.168.243.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 11:02:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:9f:b6:5a:18:6a:ba:1f:0d:dd:97:37:3f:45:d7:8e:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Aug 12 19:16:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f19a82079fc8d35c2001ca32faeb6d4814f3336
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:c2:db:cf:b9:30:02:61:eb:93:9c:9b:b5:63:
38:fa:96:14:a6:ce:54:54:c3:3b:6d:db:91:aa:f4:
88:5b:df:ff:87:e3:d9:99:e0:1c:b3:b8:27:3c:18:
49:4c:84:98:11:bd:61:ef:64:d1:d7:01:ba:6d:5d:
0f:06:23:7e:71:f1:85:32:d7:d1:0a:a1:83:d5:59:
af:b6:c3:f4:13:5e:94:79:70:cc:a1:48:dd:e4:1c:
1e:33:7b:f4:06:38:e6:d5:e0:66:98:d4:1e:83:a8:
31:ad:c5:11:d7:ca:8e:34:ef:2b:8b:b4:94:91:e7:
97:ad:37:74:3c:5b:22:26:68:75:5b:bb:2b:ec:41:
7c:1a:ca:0d:b2:d8:5c:db:43:d6:d4:2e:34:6e:af:
b8:33:cb:a4:3e:29:79:46:d9:05:36:89:76:af:f4:
5f:9e:88:49:fc:7d:ac:7d:b2:bf:a6:cc:59:08:e0:
c7:e6:27:1b:ea:c7:81:f4:e6:79:b9:63:f1:cd:08:
ae:e3:63:07:98:69:1a:4d:dd:3e:50:8b:78:eb:36:
d3:52:ae:3b:52:e4:89:f6:db:b3:e6:72:0c:d5:a1:
7e:e4:ac:15:e5:58:e9:dd:09:69:63:0c:8d:0e:a6:
d2:40:86:3f:25:c8:7d:ff:e4:3d:c1:98:e8:87:6e:
b4:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:19:A8:20:79:FC:8D:35:C2:00:1C:A3:2F:AE:B6:D4:81:4F:33:36
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/PxmoIHn8jTXCAByjL6621IFPMzY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
170.168.28.0/22
170.168.96.0/22
170.168.172.0/22
170.168.240.0/22
Signature Algorithm: sha256WithRSAEncryption
4a:b1:21:93:a3:3a:a1:04:56:21:51:40:8b:85:6b:34:8f:24:
1d:8c:09:f6:5a:a9:28:68:7a:53:f0:f5:78:fa:cc:1f:a4:49:
1a:4b:b4:1a:8c:ff:14:2c:eb:19:e5:36:81:a7:3b:88:9d:7d:
6e:74:83:15:97:19:ae:e8:7d:13:95:d2:29:83:6a:67:c3:36:
d7:62:d8:30:98:69:42:03:c7:bc:74:c2:52:d8:39:92:3a:56:
d8:20:ab:38:50:ff:b0:84:66:02:d6:12:3d:3b:12:9c:37:b7:
66:c4:b9:c3:d9:60:85:69:6d:16:2d:9f:cf:9e:7e:ea:26:37:
80:01:27:3d:9a:4f:28:40:ee:e8:f4:b7:21:8c:94:cb:02:c3:
e5:7b:ca:d7:3c:e1:30:68:05:f6:83:85:6e:63:c8:62:a3:e9:
ae:85:50:48:99:5f:ed:bf:86:10:21:7f:d9:e3:b9:d7:16:27:
db:5f:f5:e2:9d:af:05:ea:de:3d:d9:25:74:4b:b5:d0:d2:bb:
96:d9:97:ee:b2:04:9c:b9:de:40:22:59:e1:db:63:02:31:bf:
1d:6f:dd:c9:05:17:78:94:7e:3e:5d:b7:64:18:ef:e6:76:d9:
66:ab:5c:42:f9:b3:15:68:3c:88:2f:25:79:39:e9:56:6a:bd:
6d:3c:cc:1d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZiftloYarofDd2XNz9F146EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODEyMTkxNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjE5YTgyMDc5ZmM4ZDM1YzIwMDFjYTMyZmFlYjZkNDgxNGYzMzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8Lbz7kwAmHrk5ybtWM4+pYUps5U
VMM7bduRqvSIW9//h+PZmeAcs7gnPBhJTISYEb1h72TR1wG6bV0PBiN+cfGFMtfR
CqGD1VmvtsP0E16UeXDMoUjd5BweM3v0Bjjm1eBmmNQeg6gxrcUR18qONO8ri7SU
keeXrTd0PFsiJmh1W7sr7EF8GsoNsthc20PW1C40bq+4M8ukPil5RtkFNol2r/Rf
nohJ/H2sfbK/psxZCODH5icb6seB9OZ5uWPxzQiu42MHmGkaTd0+UIt46zbTUq47
UuSJ9tuz5nIM1aF+5KwV5Vjp3QlpYwyNDqbSQIY/Jch9/+Q9wZjoh260ZQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFD8ZqCB5/I01wgAcoy+uttSBTzM2MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvUHhtb0lIbjhqVFhDQUJ5akw2NjIxSUZQTXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCqqgcAwQC
qqhgAwQCqqisAwQCqqjwMA0GCSqGSIb3DQEBCwUAA4IBAQBKsSGTozqhBFYhUUCL
hWs0jyQdjAn2WqkoaHpT8PV4+swfpEkaS7QajP8ULOsZ5TaBpzuInX1udIMVlxmu
6H0TldIpg2pnwzbXYtgwmGlCA8e8dMJS2DmSOlbYIKs4UP+whGYC1hI9OxKcN7dm
xLnD2WCFaW0WLZ/Pnn7qJjeAASc9mk8oQO7o9LchjJTLAsPle8rXPOEwaAX2g4Vu
Y8hio+muhVBImV/tv4YQIX/Z47nXFifbX/Xina8F6t492SV0S7XQ0ruW2ZfusgSc
ud5AIlnh22MCMb8db93JBRd4lH4+XbdkGO/mdtlmq1xC+bMVaDyILyV5OelWar1t
PMwd
-----END CERTIFICATE-----
Generated at Sat Aug 23 19:31:01 2025 by rpki-client