Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/8MKd3VTEWL0s1pZO8n6cvyCKvy0.roa
File: 8MKd3VTEWL0s1pZO8n6cvyCKvy0.roa (raw, json)
Hash identifier: ibfT11EuyvSPHljHc5Ukxkt2NUNR/CsPsg2Qv31ogDQ=
Subject key identifier: F0:C2:9D:DD:54:C4:58:BD:2C:D6:96:4E:F2:7E:9C:BF:20:8A:BF:2D
Certificate issuer: /CN=16ea37a8e73e7679a933d70f7b9c872081024455
Certificate serial: 0197972D620C3974170C64402671CD742777
Authority key identifier: 16:EA:37:A8:E7:3E:76:79:A9:33:D7:0F:7B:9C:87:20:81:02:44:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Fuo3qOc-dnmpM9cPe5yHIIECRFU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/8MKd3VTEWL0s1pZO8n6cvyCKvy0.roa
Signing time: Sun 22 Jun 2025 10:27:03 +0000
ROA not before: Sun 22 Jun 2025 10:27:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201227
IP address blocks: 45.90.72.0/24 maxlen: 24
45.90.73.0/24 maxlen: 24
45.90.74.0/24 maxlen: 24
45.90.75.0/24 maxlen: 24
185.81.96.0/24 maxlen: 24
185.81.97.0/24 maxlen: 24
185.81.99.0/24 maxlen: 24
194.59.170.0/24 maxlen: 24
194.59.171.0/24 maxlen: 24
2a05:8642::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Fuo3qOc-dnmpM9cPe5yHIIECRFU.crl
rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Fuo3qOc-dnmpM9cPe5yHIIECRFU.mft
rsync://rpki.ripe.net/repository/DEFAULT/Fuo3qOc-dnmpM9cPe5yHIIECRFU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 04:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:97:2d:62:0c:39:74:17:0c:64:40:26:71:cd:74:27:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=16ea37a8e73e7679a933d70f7b9c872081024455
Validity
Not Before: Jun 22 10:27:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f0c29ddd54c458bd2cd6964ef27e9cbf208abf2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:fc:98:3d:e7:64:a2:f8:b9:91:19:7f:7a:59:
b7:59:1b:c6:dd:13:38:1a:d1:2e:b0:2a:84:6c:e9:
d4:d9:f2:34:72:d4:76:56:43:6e:25:58:f2:30:90:
3a:a9:29:17:f2:f3:ef:ae:c7:f6:2c:05:a9:22:b5:
26:ee:4c:35:f1:e7:84:03:70:d4:14:38:fa:23:22:
19:6d:39:32:cf:bf:46:b8:ff:10:39:c4:b0:d6:29:
bf:93:1b:02:b2:c3:b0:dc:0a:21:ab:fb:a7:2d:d2:
3f:20:f7:56:ec:69:3a:d9:0e:cd:08:ca:06:69:d6:
92:dc:69:2b:74:5a:bd:d8:cc:88:a6:11:06:ce:09:
49:22:2b:a4:eb:9a:bf:bc:96:4b:90:fe:50:6a:81:
f3:6d:b5:02:21:3f:b5:43:3a:6c:6f:f9:69:3a:1a:
cc:d9:f1:b3:32:8c:bb:3b:3f:c7:0f:84:9b:4f:d5:
32:1a:69:32:1c:66:82:f2:4a:fe:ba:a5:5b:a3:72:
d5:0f:10:a5:b1:79:89:2b:17:c7:b6:26:86:a3:35:
ac:14:c6:e5:46:3a:2e:87:64:cb:71:ba:d7:a4:2d:
50:c8:47:2d:92:01:8a:83:e3:4f:16:b8:2f:1d:e9:
e2:a0:8f:e8:67:c5:22:6e:f5:2e:3b:d3:57:f3:c2:
3b:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:C2:9D:DD:54:C4:58:BD:2C:D6:96:4E:F2:7E:9C:BF:20:8A:BF:2D
X509v3 Authority Key Identifier:
keyid:16:EA:37:A8:E7:3E:76:79:A9:33:D7:0F:7B:9C:87:20:81:02:44:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fuo3qOc-dnmpM9cPe5yHIIECRFU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/8MKd3VTEWL0s1pZO8n6cvyCKvy0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Fuo3qOc-dnmpM9cPe5yHIIECRFU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.90.72.0/22
185.81.96.0/23
185.81.99.0/24
194.59.170.0/23
IPv6:
2a05:8642::/32
Signature Algorithm: sha256WithRSAEncryption
64:ef:bd:54:9b:7a:e2:32:a3:a0:61:06:e7:e3:98:6f:00:10:
4d:7d:d4:98:4c:84:04:b8:c8:c3:90:71:86:73:2f:3e:ce:75:
3c:bb:12:95:9b:70:3d:16:9b:86:79:ec:b4:d2:a8:41:6f:7c:
f9:c2:66:fe:a3:8f:3e:e9:c4:b1:79:e3:fb:95:12:c3:28:e1:
71:49:15:76:8e:c6:d3:02:b9:34:ae:1c:53:5a:c1:11:c7:06:
a0:23:c8:f1:f9:0b:94:30:5d:f4:d9:d6:37:5a:ca:82:e4:ab:
86:3a:7b:03:ad:3e:74:84:8b:b6:fd:80:6c:45:1f:76:d7:f1:
79:c4:ca:fc:de:13:7e:65:73:3a:fe:85:c1:30:cf:f0:6a:1d:
21:2b:f1:6b:cf:eb:9b:19:7b:37:61:e8:5f:0d:b7:8c:ec:d8:
66:29:67:bc:71:18:47:09:3d:e7:d8:e8:5d:83:ee:b0:a3:b8:
a9:de:c7:14:af:66:63:82:96:fe:cb:e6:03:97:af:4d:80:1f:
a4:70:40:e0:35:88:32:30:e3:3e:30:bd:76:fe:84:c8:37:d3:
d4:5f:49:c2:74:0f:55:61:a5:5d:f2:02:cd:3b:d1:9a:7b:a0:
70:97:56:e2:4b:2b:c9:47:43:eb:ee:e2:dc:a1:53:11:a7:bc:
de:85:59:7a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZeXLWIMOXQXDGRAJnHNdCd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZWEzN2E4ZTczZTc2NzlhOTMzZDcwZjdiOWM4NzIwODEw
MjQ0NTUwHhcNMjUwNjIyMTAyNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGMyOWRkZDU0YzQ1OGJkMmNkNjk2NGVmMjdlOWNiZjIwOGFiZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfyYPedkovi5kRl/elm3WRvG3RM4
GtEusCqEbOnU2fI0ctR2VkNuJVjyMJA6qSkX8vPvrsf2LAWpIrUm7kw18eeEA3DU
FDj6IyIZbTkyz79GuP8QOcSw1im/kxsCssOw3Aohq/unLdI/IPdW7Gk62Q7NCMoG
adaS3GkrdFq92MyIphEGzglJIiuk65q/vJZLkP5QaoHzbbUCIT+1Qzpsb/lpOhrM
2fGzMoy7Oz/HD4SbT9UyGmkyHGaC8kr+uqVbo3LVDxClsXmJKxfHtiaGozWsFMbl
Rjouh2TLcbrXpC1QyEctkgGKg+NPFrgvHenioI/oZ8UibvUuO9NX88I7VwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFPDCnd1UxFi9LNaWTvJ+nL8gir8tMB8GA1UdIwQY
MBaAFBbqN6jnPnZ5qTPXD3uchyCBAkRVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnVvM3FPYy1kbm1wTTljUGU1eUhJSUVDUkZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My81MWNkOTQtYTA1NS00M2VlLWEwOWIt
NDcyYjBkMDcyZTgzLzEvOE1LZDNWVEVXTDBzMXBaTzhuNmN2eUNLdnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My81MWNkOTQtYTA1NS00M2VlLWEwOWItNDcyYjBkMDcyZTgz
LzEvRnVvM3FPYy1kbm1wTTljUGU1eUhJSUVDUkZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCLVpIAwQB
uVFgAwQAuVFjAwQBwjuqMA0EAgACMAcDBQAqBYZCMA0GCSqGSIb3DQEBCwUAA4IB
AQBk771Um3riMqOgYQbn45hvABBNfdSYTIQEuMjDkHGGcy8+znU8uxKVm3A9FpuG
eey00qhBb3z5wmb+o48+6cSxeeP7lRLDKOFxSRV2jsbTArk0rhxTWsERxwagI8jx
+QuUMF302dY3WsqC5KuGOnsDrT50hIu2/YBsRR921/F5xMr83hN+ZXM6/oXBMM/w
ah0hK/Frz+ubGXs3YehfDbeM7NhmKWe8cRhHCT3n2Ohdg+6wo7ip3scUr2Zjgpb+
y+YDl69NgB+kcEDgNYgyMOM+ML12/oTIN9PUX0nCdA9VYaVd8gLNO9Gae6Bwl1bi
SyvJR0Pr7uLcoVMRp7zehVl6
-----END CERTIFICATE-----
Generated at Sun Jun 29 09:30:08 2025 by rpki-client