Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/2etQgypEbAtXePjS8z8cfKj7aJ0.roa
File: 2etQgypEbAtXePjS8z8cfKj7aJ0.roa (raw, json)
Hash identifier: 7GXw+lqNccCeSIvWKD3qILpJweH0CVGSlBQfGkrhr6k=
Subject key identifier: D9:EB:50:83:2A:44:6C:0B:57:78:F8:D2:F3:3F:1C:7C:A8:FB:68:9D
Certificate issuer: /CN=baaa64cd29c94ccde14448f61a172c763b1e4050
Certificate serial: 0197775B3E4D2851444EDDDD9E5723567B79
Authority key identifier: BA:AA:64:CD:29:C9:4C:CD:E1:44:48:F6:1A:17:2C:76:3B:1E:40:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/2etQgypEbAtXePjS8z8cfKj7aJ0.roa
Signing time: Mon 16 Jun 2025 06:09:17 +0000
ROA not before: Mon 16 Jun 2025 06:09:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30815
IP address blocks: 88.209.128.0/22 maxlen: 22
88.209.128.0/24 maxlen: 24
88.209.129.0/24 maxlen: 24
88.209.130.0/24 maxlen: 24
88.209.132.0/22 maxlen: 22
88.209.132.0/24 maxlen: 24
88.209.135.0/24 maxlen: 24
88.209.136.0/24 maxlen: 24
88.209.137.0/24 maxlen: 24
88.209.138.0/24 maxlen: 24
88.209.139.0/24 maxlen: 24
88.209.160.0/21 maxlen: 21
88.209.160.0/22 maxlen: 22
88.209.160.0/24 maxlen: 24
88.209.161.0/24 maxlen: 24
88.209.162.0/24 maxlen: 24
88.209.163.0/24 maxlen: 24
88.209.164.0/22 maxlen: 22
88.209.164.0/23 maxlen: 23
88.209.164.0/24 maxlen: 24
88.209.165.0/24 maxlen: 24
88.209.166.0/24 maxlen: 24
88.209.167.0/24 maxlen: 24
88.209.190.0/24 maxlen: 24
88.209.191.0/24 maxlen: 24
93.189.96.0/21 maxlen: 21
93.189.96.0/23 maxlen: 23
93.189.96.0/24 maxlen: 24
93.189.97.0/24 maxlen: 24
93.189.98.0/23 maxlen: 23
93.189.98.0/24 maxlen: 24
93.189.99.0/24 maxlen: 24
93.189.100.0/23 maxlen: 23
93.189.100.0/24 maxlen: 24
93.189.101.0/24 maxlen: 24
93.189.102.0/23 maxlen: 23
93.189.102.0/24 maxlen: 24
93.189.103.0/24 maxlen: 24
185.63.232.0/22 maxlen: 22
185.63.232.0/23 maxlen: 23
185.63.232.0/24 maxlen: 24
185.63.233.0/24 maxlen: 24
185.63.234.0/24 maxlen: 24
185.63.235.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.crl
rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.mft
rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 04 Jul 2025 17:39:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:77:5b:3e:4d:28:51:44:4e:dd:dd:9e:57:23:56:7b:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=baaa64cd29c94ccde14448f61a172c763b1e4050
Validity
Not Before: Jun 16 06:09:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9eb50832a446c0b5778f8d2f33f1c7ca8fb689d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:5b:be:00:6b:51:09:40:04:0e:68:ad:88:66:
21:47:af:79:40:b3:c6:7b:e4:01:6b:8f:ad:61:55:
13:86:4a:ea:6d:a0:15:e2:82:8a:7c:94:b0:9e:d8:
82:e9:62:ac:49:c7:d4:ea:95:36:51:b4:4a:04:fc:
2f:5f:e3:3c:c7:ae:82:c2:50:4f:5a:c1:b2:07:1c:
cf:e2:27:42:e7:2d:32:63:b7:43:46:76:48:cc:9e:
85:1b:fa:3b:a5:df:27:38:45:7c:e1:0d:5b:d8:24:
ec:fe:73:6e:a9:a9:91:1f:ce:4e:2f:5c:78:ad:4c:
db:fb:59:db:99:85:b8:90:87:f0:00:a6:2b:30:00:
ba:dd:c5:f6:77:d5:70:53:c8:d1:13:7a:30:1b:9a:
e2:77:7b:15:16:80:10:cb:a2:e4:9a:09:2d:95:c9:
83:ba:0f:78:81:cc:1c:da:9c:e2:4b:ba:2c:d5:df:
05:78:f6:25:fc:2b:37:f7:5f:c6:24:8e:3b:17:27:
41:87:cb:c8:ee:f0:b0:24:f6:bd:83:ff:81:e1:32:
54:a2:90:02:80:6d:9f:93:57:b3:6e:41:b5:bc:d7:
49:36:15:d0:3f:0f:f5:b2:4d:8e:f2:15:45:86:ae:
cc:30:bd:c8:3d:10:d7:1b:39:d4:a9:ce:51:67:8f:
df:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:EB:50:83:2A:44:6C:0B:57:78:F8:D2:F3:3F:1C:7C:A8:FB:68:9D
X509v3 Authority Key Identifier:
keyid:BA:AA:64:CD:29:C9:4C:CD:E1:44:48:F6:1A:17:2C:76:3B:1E:40:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/2etQgypEbAtXePjS8z8cfKj7aJ0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.128.0-88.209.139.255
88.209.160.0/21
88.209.190.0/23
93.189.96.0/21
185.63.232.0/22
Signature Algorithm: sha256WithRSAEncryption
1c:85:61:27:dd:a9:0e:65:d2:be:1c:80:c3:57:7e:b3:59:7c:
fb:bc:44:82:57:bc:45:d0:3c:09:3b:d2:69:c4:67:ea:ec:59:
97:a9:f6:af:a9:13:ac:5f:2c:0d:a6:71:9f:0c:45:89:bf:8e:
60:48:8f:36:55:4b:73:3a:38:6d:7b:62:90:cc:10:6a:b9:36:
30:76:87:cf:20:27:3c:62:f0:e8:19:5a:4d:6e:c5:3d:d0:bd:
1d:6d:3d:11:a0:98:8f:15:c3:75:6a:6b:d8:b2:0d:a6:a5:10:
19:9c:93:79:f6:27:83:67:04:2b:63:da:cc:01:6b:97:24:a2:
1e:68:e1:7f:85:93:67:08:df:7b:67:56:22:c2:17:fb:1d:d3:
6a:e6:26:3c:39:61:50:3a:09:51:92:d9:5a:86:99:a2:e6:e9:
05:be:9e:45:69:b1:73:db:c4:55:2b:f3:7b:9d:1c:e6:10:39:
ab:1d:7d:2b:e7:8d:f8:72:1d:a7:99:0b:f9:36:04:41:fc:d4:
a1:c0:e0:73:d2:8f:e4:7b:db:34:9e:cb:c4:30:a5:65:db:f7:
59:bd:3e:98:7b:a2:07:de:f1:bf:f4:c2:29:fd:a0:cb:7d:00:
bc:c1:27:8b:89:01:cf:3a:e3:ad:a6:a7:02:2e:92:a1:06:59:
44:22:4a:41
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZd3Wz5NKFFETt3dnlcjVnt5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYWE2NGNkMjljOTRjY2RlMTQ0NDhmNjFhMTcyYzc2M2Ix
ZTQwNTAwHhcNMjUwNjE2MDYwOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWViNTA4MzJhNDQ2YzBiNTc3OGY4ZDJmMzNmMWM3Y2E4ZmI2ODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylu+AGtRCUAEDmitiGYhR695QLPG
e+QBa4+tYVUThkrqbaAV4oKKfJSwntiC6WKsScfU6pU2UbRKBPwvX+M8x66CwlBP
WsGyBxzP4idC5y0yY7dDRnZIzJ6FG/o7pd8nOEV84Q1b2CTs/nNuqamRH85OL1x4
rUzb+1nbmYW4kIfwAKYrMAC63cX2d9VwU8jRE3owG5rid3sVFoAQy6LkmgktlcmD
ug94gcwc2pziS7os1d8FePYl/Cs391/GJI47FydBh8vI7vCwJPa9g/+B4TJUopAC
gG2fk1ezbkG1vNdJNhXQPw/1sk2O8hVFhq7MML3IPRDXGznUqc5RZ4/fZQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFNnrUIMqRGwLV3j40vM/HHyo+2idMB8GA1UdIwQY
MBaAFLqqZM0pyUzN4URI9hoXLHY7HkBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFwa3pTbkpUTTNoUkVqMkdoY3NkanNlUUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83MWY0MzktMmIxYi00ZWYwLWI2YTUt
OGZjYWE2OTM2YzZjLzEvMmV0UWd5cEViQXRYZVBqUzh6OGNmS2o3YUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83MWY0MzktMmIxYi00ZWYwLWI2YTUtOGZjYWE2OTM2YzZj
LzEvdXFwa3pTbkpUTTNoUkVqMkdoY3NkanNlUUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBAdY0YAD
BAJY0YgDBANY0aADBAFY0b4DBANdvWADBAK5P+gwDQYJKoZIhvcNAQELBQADggEB
AByFYSfdqQ5l0r4cgMNXfrNZfPu8RIJXvEXQPAk70mnEZ+rsWZep9q+pE6xfLA2m
cZ8MRYm/jmBIjzZVS3M6OG17YpDMEGq5NjB2h88gJzxi8OgZWk1uxT3QvR1tPRGg
mI8Vw3Vqa9iyDaalEBmck3n2J4NnBCtj2swBa5ckoh5o4X+Fk2cI33tnViLCF/sd
02rmJjw5YVA6CVGS2VqGmaLm6QW+nkVpsXPbxFUr83udHOYQOasdfSvnjfhyHaeZ
C/k2BEH81KHA4HPSj+R72zSey8QwpWXb91m9Pph7ogfe8b/0win9oMt9ALzBJ4uJ
Ac86462mpwIukqEGWUQiSkE=
-----END CERTIFICATE-----
Generated at Fri Jul 4 02:02:33 2025 by rpki-client