Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/lHRKfyePPGvimrfRqcUctBsZ3t0.roa
File: lHRKfyePPGvimrfRqcUctBsZ3t0.roa (raw, json)
Hash identifier: jCxCLfT0tg6McLe0kWrq+Xn6320LZnpTRBq+E4YwsmE=
Subject key identifier: 94:74:4A:7F:27:8F:3C:6B:E2:9A:B7:D1:A9:C5:1C:B4:1B:19:DE:DD
Certificate issuer: /CN=11a3864558bf42892bf9e5359bdb13f03b2527a9
Certificate serial: 0199453B9014628693C093A507A06D9A231A
Authority key identifier: 11:A3:86:45:58:BF:42:89:2B:F9:E5:35:9B:DB:13:F0:3B:25:27:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EaOGRVi_Qokr-eU1m9sT8DslJ6k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/lHRKfyePPGvimrfRqcUctBsZ3t0.roa
Signing time: Sat 13 Sep 2025 22:39:15 +0000
ROA not before: Sat 13 Sep 2025 22:39:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6823
IP address blocks: 37.202.48.0/21 maxlen: 21
37.202.48.0/24 maxlen: 24
37.202.49.0/24 maxlen: 24
37.202.50.0/24 maxlen: 24
37.202.51.0/24 maxlen: 24
37.202.52.0/24 maxlen: 24
37.202.53.0/24 maxlen: 24
37.202.54.0/24 maxlen: 24
37.202.55.0/24 maxlen: 24
178.251.40.0/21 maxlen: 21
178.251.40.0/24 maxlen: 24
178.251.41.0/24 maxlen: 24
178.251.42.0/24 maxlen: 24
178.251.43.0/24 maxlen: 24
178.251.44.0/24 maxlen: 24
178.251.45.0/24 maxlen: 24
178.251.46.0/24 maxlen: 24
178.251.47.0/24 maxlen: 24
2a01:6be0::/32 maxlen: 38
2a01:6be0::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/EaOGRVi_Qokr-eU1m9sT8DslJ6k.crl
rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/EaOGRVi_Qokr-eU1m9sT8DslJ6k.mft
rsync://rpki.ripe.net/repository/DEFAULT/EaOGRVi_Qokr-eU1m9sT8DslJ6k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 07:01:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:45:3b:90:14:62:86:93:c0:93:a5:07:a0:6d:9a:23:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11a3864558bf42892bf9e5359bdb13f03b2527a9
Validity
Not Before: Sep 13 22:39:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=94744a7f278f3c6be29ab7d1a9c51cb41b19dedd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:db:f0:88:09:fe:ad:69:e6:88:ce:70:78:27:
e3:90:c7:4c:5e:c3:65:ea:88:73:0b:17:cb:eb:d5:
2a:70:48:89:e0:0f:12:02:8c:0c:67:db:55:55:d1:
c5:64:ad:c4:25:08:8b:dd:bc:55:8c:e1:55:35:90:
10:b0:e6:ef:34:3f:db:58:27:9a:97:67:9c:29:b7:
44:13:bb:fd:bd:d9:5f:82:0f:6a:d3:02:72:f9:5c:
86:3e:c5:a8:8c:39:6c:16:28:e0:f0:d9:d1:e9:58:
41:8a:b4:0d:53:88:dd:18:cb:e7:18:8c:8b:49:e0:
d3:d9:3b:08:cf:60:b5:b2:1c:4c:57:47:06:6a:64:
97:32:e2:b7:40:ee:9d:87:13:ef:92:a8:46:a9:93:
de:cf:57:f0:98:5f:11:5d:df:c0:93:57:2f:54:ab:
10:e0:b4:6e:76:01:c0:f8:2b:14:e1:5f:d2:91:e4:
7a:ef:5c:52:9d:9b:ac:8a:37:b5:a6:f1:ae:09:5b:
1c:3f:ee:8a:c7:b7:5e:d1:cd:be:b6:ba:e9:43:58:
68:54:c9:b5:d2:70:02:c7:e2:2c:5d:9d:50:3a:d4:
2e:83:99:71:a9:a0:62:a2:b2:e6:20:46:a0:23:18:
e5:9f:05:b4:d4:25:09:cc:cc:1c:92:68:28:39:9d:
a8:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:74:4A:7F:27:8F:3C:6B:E2:9A:B7:D1:A9:C5:1C:B4:1B:19:DE:DD
X509v3 Authority Key Identifier:
keyid:11:A3:86:45:58:BF:42:89:2B:F9:E5:35:9B:DB:13:F0:3B:25:27:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaOGRVi_Qokr-eU1m9sT8DslJ6k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/lHRKfyePPGvimrfRqcUctBsZ3t0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/acd34b-357f-4307-83c0-0857e3ec03e0/1/EaOGRVi_Qokr-eU1m9sT8DslJ6k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.48.0/21
178.251.40.0/21
IPv6:
2a01:6be0::/32
Signature Algorithm: sha256WithRSAEncryption
0d:a4:95:f3:aa:28:5f:7d:49:65:8c:b5:b6:e8:1d:db:52:ab:
a6:f5:8c:51:f3:b5:7c:f1:de:21:9f:e6:a7:99:cf:ea:96:4f:
58:67:0d:b9:0d:3c:77:dd:92:81:ab:55:a4:0f:34:2a:ba:84:
d3:ad:fd:c4:78:57:14:ba:3d:bc:0c:11:f0:de:71:9b:1e:5b:
ec:2c:6c:bd:fd:0f:d1:bf:21:e5:01:e6:d2:34:3b:e2:14:34:
11:56:2c:f3:e0:4b:ea:c4:e6:08:29:81:66:3f:b1:4b:84:83:
50:01:60:94:0b:3d:dc:93:c2:d5:04:fa:38:76:cf:a8:b2:d2:
40:3e:21:c7:d7:64:27:a9:d2:20:10:f9:ab:c4:5a:b7:12:91:
e3:25:96:50:76:cb:d7:26:f3:83:81:13:f9:05:b2:20:3d:88:
b8:7d:f6:4e:56:24:85:57:7d:50:71:98:e1:87:56:b2:39:85:
7a:4c:ca:a9:2e:7b:4b:e4:8f:8e:b5:42:f9:67:3b:14:88:df:
8e:b5:8c:20:42:6a:94:57:f6:6e:ab:95:39:c6:72:47:5d:cd:
cf:69:cc:8c:79:c1:40:67:54:16:7b:ea:57:93:4a:1d:49:83:
f1:1e:2a:5f:f1:f5:f4:9f:95:22:bd:9b:9a:b7:22:ea:e2:62:
ae:1a:3d:69
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZlFO5AUYoaTwJOlB6BtmiMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTM4NjQ1NThiZjQyODkyYmY5ZTUzNTliZGIxM2YwM2Iy
NTI3YTkwHhcNMjUwOTEzMjIzOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDc0NGE3ZjI3OGYzYzZiZTI5YWI3ZDFhOWM1MWNiNDFiMTlkZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdvwiAn+rWnmiM5weCfjkMdMXsNl
6ohzCxfL69UqcEiJ4A8SAowMZ9tVVdHFZK3EJQiL3bxVjOFVNZAQsObvND/bWCea
l2ecKbdEE7v9vdlfgg9q0wJy+VyGPsWojDlsFijg8NnR6VhBirQNU4jdGMvnGIyL
SeDT2TsIz2C1shxMV0cGamSXMuK3QO6dhxPvkqhGqZPez1fwmF8RXd/Ak1cvVKsQ
4LRudgHA+CsU4V/SkeR671xSnZusije1pvGuCVscP+6Kx7de0c2+trrpQ1hoVMm1
0nACx+IsXZ1QOtQug5lxqaBiorLmIEagIxjlnwW01CUJzMwckmgoOZ2oBQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJR0Sn8njzxr4pq30anFHLQbGd7dMB8GA1UdIwQY
MBaAFBGjhkVYv0KJK/nlNZvbE/A7JSepMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFPR1JWaV9Rb2tyLWVVMW05c1Q4RHNsSjZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9hY2QzNGItMzU3Zi00MzA3LTgzYzAt
MDg1N2UzZWMwM2UwLzEvbEhSS2Z5ZVBQR3ZpbXJmUnFjVWN0QnNaM3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9hY2QzNGItMzU3Zi00MzA3LTgzYzAtMDg1N2UzZWMwM2Uw
LzEvRWFPR1JWaV9Rb2tyLWVVMW05c1Q4RHNsSjZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDJcowAwQD
svsoMA0EAgACMAcDBQAqAWvgMA0GCSqGSIb3DQEBCwUAA4IBAQANpJXzqihffUll
jLW26B3bUqum9YxR87V88d4hn+anmc/qlk9YZw25DTx33ZKBq1WkDzQquoTTrf3E
eFcUuj28DBHw3nGbHlvsLGy9/Q/RvyHlAebSNDviFDQRVizz4EvqxOYIKYFmP7FL
hINQAWCUCz3ck8LVBPo4ds+ostJAPiHH12QnqdIgEPmrxFq3EpHjJZZQdsvXJvOD
gRP5BbIgPYi4ffZOViSFV31QcZjhh1ayOYV6TMqpLntL5I+OtUL5ZzsUiN+OtYwg
QmqUV/Zuq5U5xnJHXc3PacyMecFAZ1QWe+pXk0odSYPxHipf8fX0n5UivZuatyLq
4mKuGj1p
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:13:49 2025 by rpki-client