Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/xgmEPbd6Erl0P2cg9GA6Hpc-sIY.roa
File: xgmEPbd6Erl0P2cg9GA6Hpc-sIY.roa (raw, json)
Hash identifier: Df5MgydRQAWg+E2C9ZXlqeRShyVyaJ+Xvr3L3v9otYs=
Subject key identifier: C6:09:84:3D:B7:7A:12:B9:74:3F:67:20:F4:60:3A:1E:97:3E:B0:86
Certificate issuer: /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial: 01989E8666124DA7A17DC62EE248D3BB13B8
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/xgmEPbd6Erl0P2cg9GA6Hpc-sIY.roa
Signing time: Tue 12 Aug 2025 13:44:24 +0000
ROA not before: Tue 12 Aug 2025 13:44:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6762
IP address blocks: 14.102.16.0/22 maxlen: 24
46.244.111.0/24 maxlen: 24
103.138.79.0/24 maxlen: 24
107.150.168.0/24 maxlen: 24
107.150.172.0/24 maxlen: 24
162.218.176.0/24 maxlen: 24
162.218.179.0/24 maxlen: 24
167.160.0.0/24 maxlen: 24
167.160.3.0/24 maxlen: 24
185.192.212.0/24 maxlen: 24
185.192.215.0/24 maxlen: 24
185.203.148.0/24 maxlen: 24
185.203.151.0/24 maxlen: 24
185.212.172.0/24 maxlen: 24
185.212.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 07:01:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:9e:86:66:12:4d:a7:a1:7d:c6:2e:e2:48:d3:bb:13:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
Validity
Not Before: Aug 12 13:44:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c609843db77a12b9743f6720f4603a1e973eb086
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:6c:bd:b3:4e:12:0a:a0:7c:69:f7:04:81:34:
96:c6:7c:60:51:32:59:d6:07:82:6c:a0:b9:0e:22:
71:64:68:18:0a:ea:d5:09:6d:9a:1b:11:c1:0c:42:
b6:ef:3a:7c:af:d2:46:e7:b7:5e:fb:c8:79:9d:e3:
a0:fa:1d:3b:84:08:8c:9f:1e:b1:2f:5c:2b:93:d6:
ca:0e:ff:77:39:62:67:2f:d2:e1:fd:cf:81:65:24:
53:01:0b:c0:f7:c8:60:5a:dd:e1:1b:c6:cf:de:ce:
ac:53:86:26:69:d2:34:f8:a5:92:2e:f9:3c:68:fc:
f4:4d:5e:8d:28:7d:b6:e3:06:f2:4f:e9:1f:fc:e7:
02:25:b9:8b:4f:e1:ec:58:db:e7:9f:37:72:93:0f:
75:b4:43:41:7e:46:85:3d:7c:79:90:88:81:fd:c7:
7a:f3:8b:e6:51:08:c7:13:bc:94:9d:53:cf:42:67:
1b:25:87:3a:3f:d8:08:d5:cd:26:6a:b3:67:96:69:
4b:12:ab:99:ab:67:a9:02:69:64:cd:dc:dc:1c:54:
e0:7c:42:5b:83:3e:23:ba:20:8b:28:23:6e:12:fa:
db:0f:87:36:01:75:bd:71:8f:a2:f2:32:00:23:92:
c8:24:75:5f:2d:d2:f1:99:89:fe:44:65:fe:9b:e7:
2d:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:09:84:3D:B7:7A:12:B9:74:3F:67:20:F4:60:3A:1E:97:3E:B0:86
X509v3 Authority Key Identifier:
keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/xgmEPbd6Erl0P2cg9GA6Hpc-sIY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
14.102.16.0/22
46.244.111.0/24
103.138.79.0/24
107.150.168.0/24
107.150.172.0/24
162.218.176.0/24
162.218.179.0/24
167.160.0.0/24
167.160.3.0/24
185.192.212.0/24
185.192.215.0/24
185.203.148.0/24
185.203.151.0/24
185.212.172.0/24
185.212.175.0/24
Signature Algorithm: sha256WithRSAEncryption
57:3c:92:53:61:06:4b:40:45:32:e0:60:29:89:10:a3:1f:e4:
b9:ac:7c:a4:c7:ad:b7:51:6e:07:b6:c6:82:fc:4b:1b:ab:8f:
f6:0d:f2:f9:1b:b7:79:bd:3d:35:3f:14:15:5d:3a:db:93:b5:
f6:60:d2:0f:9d:92:18:c2:62:d8:b8:5f:fb:e9:5f:b5:34:b1:
3b:f8:19:fb:19:ec:3f:e2:aa:c4:fd:2b:bb:f6:3a:9f:1f:c6:
d1:b1:54:61:89:96:51:b5:f2:44:1c:d1:f0:71:14:61:24:71:
1e:f7:0f:a3:a1:27:f4:58:13:23:b4:94:a6:e5:87:93:57:6b:
51:f1:ec:e7:2d:28:b6:f2:62:b8:a7:0d:56:40:d1:34:03:de:
c5:c5:c2:75:e6:20:8a:a0:16:3d:49:33:f0:50:8b:2d:7d:78:
ea:f6:b1:c4:10:33:42:d9:8c:55:3b:a2:4b:df:b7:dd:2d:42:
fa:87:35:fe:b7:61:d2:d6:e2:da:93:3e:35:f7:13:2e:c0:d6:
c3:8d:7f:39:ac:cd:45:fa:f1:9c:ea:f9:38:28:ff:f4:cf:38:
09:84:12:f8:27:00:70:66:29:1e:c4:b8:d4:70:e1:fa:f8:30:
8f:73:e1:d3:cd:fe:01:9b:5c:c5:8e:17:28:26:d5:09:73:a1:
1d:37:3a:c2
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZiehmYSTaehfcYu4kjTuxO4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwODEyMTM0NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjA5ODQzZGI3N2ExMmI5NzQzZjY3MjBmNDYwM2ExZTk3M2ViMDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2y9s04SCqB8afcEgTSWxnxgUTJZ
1geCbKC5DiJxZGgYCurVCW2aGxHBDEK27zp8r9JG57de+8h5neOg+h07hAiMnx6x
L1wrk9bKDv93OWJnL9Lh/c+BZSRTAQvA98hgWt3hG8bP3s6sU4YmadI0+KWSLvk8
aPz0TV6NKH224wbyT+kf/OcCJbmLT+HsWNvnnzdykw91tENBfkaFPXx5kIiB/cd6
84vmUQjHE7yUnVPPQmcbJYc6P9gI1c0marNnlmlLEquZq2epAmlkzdzcHFTgfEJb
gz4juiCLKCNuEvrbD4c2AXW9cY+i8jIAI5LIJHVfLdLxmYn+RGX+m+ctiQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFMYJhD23ehK5dD9nIPRgOh6XPrCGMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEveGdtRVBiZDZFcmwwUDJjZzlHQTZIcGMtc0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQCDmYQAwQA
LvRvAwQAZ4pPAwQAa5aoAwQAa5asAwQAotqwAwQAotqzAwQAp6AAAwQAp6ADAwQA
ucDUAwQAucDXAwQAucuUAwQAucuXAwQAudSsAwQAudSvMA0GCSqGSIb3DQEBCwUA
A4IBAQBXPJJTYQZLQEUy4GApiRCjH+S5rHykx623UW4HtsaC/Esbq4/2DfL5G7d5
vT01PxQVXTrbk7X2YNIPnZIYwmLYuF/76V+1NLE7+Bn7Gew/4qrE/Su79jqfH8bR
sVRhiZZRtfJEHNHwcRRhJHEe9w+joSf0WBMjtJSm5YeTV2tR8eznLSi28mK4pw1W
QNE0A97FxcJ15iCKoBY9STPwUIstfXjq9rHEEDNC2YxVO6JL37fdLUL6hzX+t2HS
1uLakz419xMuwNbDjX85rM1F+vGc6vk4KP/0zzgJhBL4JwBwZikexLjUcOH6+DCP
c+HTzf4Bm1zFjhcoJtUJc6EdNzrC
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:01:42 2025 by rpki-client