Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/Ex7Mch12NOvcmxXbqckMkUp1BGY.roa
File: Ex7Mch12NOvcmxXbqckMkUp1BGY.roa (raw, json)
Hash identifier: y3WSoYjG8azQeh2/ujI0bli2tl/55+iUCdei7rNkLgg=
Subject key identifier: 13:1E:CC:72:1D:76:34:EB:DC:9B:15:DB:A9:C9:0C:91:4A:75:04:66
Certificate issuer: /CN=bf88849a2eb5e9dd571a8e743bed7b9513d7a121
Certificate serial: 01987A697970D5958FA8A8A45DACFC4718CE
Authority key identifier: BF:88:84:9A:2E:B5:E9:DD:57:1A:8E:74:3B:ED:7B:95:13:D7:A1:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/Ex7Mch12NOvcmxXbqckMkUp1BGY.roa
Signing time: Tue 05 Aug 2025 13:26:29 +0000
ROA not before: Tue 05 Aug 2025 13:26:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8075
IP address blocks: 93.94.32.0/21 maxlen: 24
93.94.32.0/24 maxlen: 24
93.94.33.0/24 maxlen: 24
93.94.34.0/24 maxlen: 24
93.94.35.0/24 maxlen: 24
93.94.37.0/24 maxlen: 24
93.94.38.0/24 maxlen: 24
93.174.64.0/21 maxlen: 24
158.58.136.0/21 maxlen: 24
185.84.176.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.mft
rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:7a:69:79:70:d5:95:8f:a8:a8:a4:5d:ac:fc:47:18:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf88849a2eb5e9dd571a8e743bed7b9513d7a121
Validity
Not Before: Aug 5 13:26:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=131ecc721d7634ebdc9b15dba9c90c914a750466
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:3e:fe:23:0e:65:0c:cf:a8:4b:3d:bb:3a:fb:
37:19:7a:46:9c:ee:e4:67:29:10:f6:bb:99:08:58:
cb:89:fe:48:4d:13:19:de:f4:6c:f6:02:da:8e:bd:
82:3f:a6:3a:da:a5:24:df:1a:ed:84:65:8a:3b:62:
2f:bb:61:4d:5c:ba:d6:38:5f:36:92:53:fb:cc:7e:
d9:70:2f:d1:ee:3b:e0:8a:7e:ae:b5:63:76:37:b0:
6c:e8:b5:82:78:e3:45:8c:2a:e1:1f:f8:b0:df:c6:
f8:91:ef:c3:a9:d2:d4:bf:e9:2b:be:a1:6d:ae:04:
29:ff:01:db:2e:45:c9:b9:ce:4d:27:de:00:58:15:
a8:9b:68:0c:db:e2:3a:f4:c3:d2:09:25:05:a7:0c:
57:74:50:48:b6:6b:bb:b6:63:5a:6c:fd:64:3f:4c:
68:6b:29:5a:b3:8a:bd:a6:92:a1:b4:2f:6d:d6:92:
f8:17:a4:21:0e:fb:6d:7a:f1:28:5e:15:78:71:de:
61:ea:95:9a:54:db:81:b4:10:2e:c3:33:9c:bd:7b:
5c:03:1d:c8:00:d7:14:fb:b5:11:79:42:d8:e5:f9:
16:84:05:d8:28:7a:4d:35:cc:77:fe:bd:1a:9a:ab:
0f:15:d5:93:b3:de:88:a4:30:3c:9c:19:57:2b:c6:
e5:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:1E:CC:72:1D:76:34:EB:DC:9B:15:DB:A9:C9:0C:91:4A:75:04:66
X509v3 Authority Key Identifier:
keyid:BF:88:84:9A:2E:B5:E9:DD:57:1A:8E:74:3B:ED:7B:95:13:D7:A1:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/Ex7Mch12NOvcmxXbqckMkUp1BGY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.94.32.0/21
93.174.64.0/21
158.58.136.0/21
185.84.176.0/22
Signature Algorithm: sha256WithRSAEncryption
15:96:35:b1:bb:a9:61:80:d2:b0:27:3a:cc:b3:44:18:93:23:
f0:5a:34:2b:14:75:b5:c8:71:56:d8:c4:58:2f:91:26:6b:72:
43:9d:23:34:a1:b9:36:c8:5c:4a:44:5a:bb:47:1f:2c:2e:01:
23:67:c3:a0:92:aa:d4:df:6a:b3:ba:85:81:6b:c1:63:2f:8b:
c0:b7:03:2a:d6:02:dc:0c:01:32:20:44:1c:68:3c:4e:da:7f:
c0:98:ac:7b:84:6b:9d:9d:29:89:54:08:49:d2:09:9c:31:1f:
e8:8d:10:f7:f7:6d:78:b3:9e:a1:9f:5f:8b:99:30:5d:21:99:
20:47:93:6d:08:32:54:c5:14:7f:f7:02:8c:5f:c7:50:9b:a6:
b8:bd:d2:b9:0d:ea:60:35:5d:00:a8:20:7b:1d:09:a6:36:05:
fe:6f:6f:f9:28:27:61:3d:b3:86:ff:78:0d:93:89:ef:a7:c8:
d2:d4:b5:a7:5f:27:ca:21:34:bf:90:cb:15:a4:f6:7e:9d:84:
a6:63:e2:64:02:f3:a8:26:58:9d:35:b5:66:cb:9b:83:60:48:
67:aa:b5:65:26:c3:1b:46:24:1c:26:f1:26:62:91:03:55:bb:
13:93:04:b9:a3:c6:62:bf:97:11:53:76:86:d7:55:82:a1:40:
8e:41:5f:95
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZh6aXlw1ZWPqKikXaz8RxjOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODg4NDlhMmViNWU5ZGQ1NzFhOGU3NDNiZWQ3Yjk1MTNk
N2ExMjEwHhcNMjUwODA1MTMyNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzFlY2M3MjFkNzYzNGViZGM5YjE1ZGJhOWM5MGM5MTRhNzUwNDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4z7+Iw5lDM+oSz27Ovs3GXpGnO7k
ZykQ9ruZCFjLif5ITRMZ3vRs9gLajr2CP6Y62qUk3xrthGWKO2Ivu2FNXLrWOF82
klP7zH7ZcC/R7jvgin6utWN2N7Bs6LWCeONFjCrhH/iw38b4ke/DqdLUv+krvqFt
rgQp/wHbLkXJuc5NJ94AWBWom2gM2+I69MPSCSUFpwxXdFBItmu7tmNabP1kP0xo
aylas4q9ppKhtC9t1pL4F6QhDvttevEoXhV4cd5h6pWaVNuBtBAuwzOcvXtcAx3I
ANcU+7UReULY5fkWhAXYKHpNNcx3/r0amqsPFdWTs96IpDA8nBlXK8bl2QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBMezHIddjTr3JsV26nJDJFKdQRmMB8GA1UdIwQY
MBaAFL+IhJoutendVxqOdDvte5UT16EhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRpRW1pNjE2ZDFYR281ME8tMTdsUlBYb1NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kYmM1OGUtMDI3Yi00YWFjLTlkZTYt
MjM3MzliNWZkODRjLzEvRXg3TWNoMTJOT3ZjbXhYYnFja01rVXAxQkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kYmM1OGUtMDI3Yi00YWFjLTlkZTYtMjM3MzliNWZkODRj
LzEvdjRpRW1pNjE2ZDFYR281ME8tMTdsUlBYb1NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDXV4gAwQD
Xa5AAwQDnjqIAwQCuVSwMA0GCSqGSIb3DQEBCwUAA4IBAQAVljWxu6lhgNKwJzrM
s0QYkyPwWjQrFHW1yHFW2MRYL5Ema3JDnSM0obk2yFxKRFq7Rx8sLgEjZ8OgkqrU
32qzuoWBa8FjL4vAtwMq1gLcDAEyIEQcaDxO2n/AmKx7hGudnSmJVAhJ0gmcMR/o
jRD39214s56hn1+LmTBdIZkgR5NtCDJUxRR/9wKMX8dQm6a4vdK5DepgNV0AqCB7
HQmmNgX+b2/5KCdhPbOG/3gNk4nvp8jS1LWnXyfKITS/kMsVpPZ+nYSmY+JkAvOo
JlidNbVmy5uDYEhnqrVlJsMbRiQcJvEmYpEDVbsTkwS5o8Ziv5cRU3aG11WCoUCO
QV+V
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:28:57 2025 by rpki-client