Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/bdkHO-cMRs9yWZFdjBV-qe9nYgE.roa
File: bdkHO-cMRs9yWZFdjBV-qe9nYgE.roa (raw, json)
Hash identifier: qubjkKMt0NactOF0nXU7jk7H1UZ/exx8oL0CEz67yU4=
Subject key identifier: 6D:D9:07:3B:E7:0C:46:CF:72:59:91:5D:8C:15:7E:A9:EF:67:62:01
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 0197AB8EA97BE6EB5CF67CA25C2444641F2E
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/bdkHO-cMRs9yWZFdjBV-qe9nYgE.roa
Signing time: Thu 26 Jun 2025 09:25:42 +0000
ROA not before: Thu 26 Jun 2025 09:25:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19905
IP address blocks: 91.84.0.0/18 maxlen: 24
91.84.128.0/17 maxlen: 24
91.85.32.0/19 maxlen: 24
91.85.64.0/18 maxlen: 24
91.85.128.0/19 maxlen: 24
91.85.192.0/18 maxlen: 24
194.46.36.0/24 maxlen: 24
194.46.37.0/24 maxlen: 24
194.46.39.0/24 maxlen: 24
194.46.40.0/24 maxlen: 24
194.46.41.0/24 maxlen: 24
194.46.43.0/24 maxlen: 24
194.46.44.0/24 maxlen: 24
194.46.45.0/24 maxlen: 24
194.46.46.0/24 maxlen: 24
194.46.48.0/21 maxlen: 21
194.46.56.0/24 maxlen: 24
194.46.61.0/24 maxlen: 24
194.46.64.0/22 maxlen: 24
194.46.68.0/23 maxlen: 24
194.46.72.0/22 maxlen: 24
194.46.76.0/23 maxlen: 24
194.46.78.0/24 maxlen: 24
194.46.80.0/23 maxlen: 24
194.46.81.0/24 maxlen: 24
194.46.82.0/24 maxlen: 24
212.104.129.0/24 maxlen: 24
212.104.130.0/24 maxlen: 24
212.104.132.0/24 maxlen: 24
212.104.136.0/24 maxlen: 24
212.104.143.0/24 maxlen: 24
212.104.149.0/24 maxlen: 24
212.104.150.0/24 maxlen: 24
212.104.152.0/24 maxlen: 24
212.104.155.0/24 maxlen: 24
212.104.156.0/24 maxlen: 24
212.104.159.0/24 maxlen: 24
212.108.80.0/23 maxlen: 24
212.108.84.0/24 maxlen: 24
212.108.88.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.mft
rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 03 Jul 2025 18:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ab:8e:a9:7b:e6:eb:5c:f6:7c:a2:5c:24:44:64:1f:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Jun 26 09:25:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6dd9073be70c46cf7259915d8c157ea9ef676201
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:3c:b2:ab:af:8b:51:d4:bc:c9:6c:a2:32:c7:
c7:17:de:a5:03:06:c5:29:d3:2c:ba:54:76:7e:5b:
ad:b1:d4:ac:2f:c1:a1:09:61:ef:e3:66:80:ed:8d:
d7:46:64:93:c1:83:4f:90:fd:e4:41:02:f5:57:35:
91:60:76:fc:8a:b1:b5:f5:a3:40:61:27:cd:9d:a8:
20:6d:58:f7:89:8b:55:67:13:c1:19:50:6b:45:c5:
7b:e3:a8:bd:d2:1f:15:a5:f2:7e:c7:a4:a1:03:9e:
9d:51:bc:89:5e:51:0b:9a:e8:e9:3c:e5:35:07:06:
35:21:74:3f:92:18:42:3a:b0:2f:00:bf:31:84:aa:
dc:87:68:31:17:f6:9b:90:75:79:81:eb:40:7e:4b:
20:07:e3:74:df:d2:5c:85:fb:2b:95:1b:fa:08:52:
e9:60:de:54:96:18:bf:94:8e:0e:cf:29:72:33:65:
c9:47:7c:71:3e:7f:1d:8e:a5:fd:c3:fc:71:62:74:
e2:50:8d:96:93:9b:80:fd:2e:fe:c2:89:c9:c0:26:
43:1f:ca:ac:7c:8c:02:b0:e8:90:29:46:a9:79:79:
28:0f:68:d5:09:d1:8f:c2:0b:92:f4:8d:95:37:67:
af:7f:b4:4b:51:d2:2f:5c:b0:f5:46:a1:0f:7e:49:
e1:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:D9:07:3B:E7:0C:46:CF:72:59:91:5D:8C:15:7E:A9:EF:67:62:01
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/bdkHO-cMRs9yWZFdjBV-qe9nYgE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.84.0.0/18
91.84.128.0/17
91.85.32.0-91.85.159.255
91.85.192.0/18
194.46.36.0/23
194.46.39.0-194.46.41.255
194.46.43.0-194.46.46.255
194.46.48.0-194.46.56.255
194.46.61.0/24
194.46.64.0-194.46.69.255
194.46.72.0-194.46.78.255
194.46.80.0-194.46.82.255
212.104.129.0-212.104.130.255
212.104.132.0/24
212.104.136.0/24
212.104.143.0/24
212.104.149.0-212.104.150.255
212.104.152.0/24
212.104.155.0-212.104.156.255
212.104.159.0/24
212.108.80.0/23
212.108.84.0/24
212.108.88.0/23
Signature Algorithm: sha256WithRSAEncryption
48:3b:ce:4a:a7:b8:d2:12:c4:5b:1d:0a:75:f6:72:e3:1b:63:
08:cf:ca:5a:ba:cd:a3:6f:9a:d4:77:dd:92:2d:4a:b4:18:a5:
e2:f0:ca:f7:57:b4:54:8c:7e:4d:28:d5:52:42:c5:59:23:8b:
1b:00:a2:19:53:37:35:e3:d8:a4:39:2b:1d:e4:39:d4:5e:25:
80:6b:be:cc:08:3c:f7:6d:f2:fd:cd:d7:7c:9b:09:ad:59:20:
55:b2:ad:e1:ec:4f:14:b5:af:9e:3e:7e:e8:27:86:40:82:f2:
05:5e:f8:7e:2f:7f:58:2f:17:18:0f:14:de:a4:91:2e:3a:9d:
07:25:e8:6a:ae:46:86:ff:7a:b5:48:f0:c3:cc:cc:cf:72:3f:
b1:9d:38:8f:24:60:b9:7e:4e:6d:7b:2c:79:d8:a1:29:c7:87:
61:09:95:f8:8c:de:31:a6:12:e3:37:a8:bd:c8:1b:c3:4f:b6:
28:05:8d:f5:a0:35:a6:82:12:f2:8f:66:43:f9:09:7e:1d:f3:
46:b6:25:12:d2:d9:ea:5e:cd:ae:24:0f:96:78:cf:a5:e9:10:
68:ec:06:e5:de:b9:3e:39:3d:88:59:f2:08:69:5c:1f:11:3b:
3e:2f:d8:69:6f:8e:44:ea:2a:a7:14:ab:a9:2d:94:1f:58:1f:
d3:7a:68:de
-----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgISAZerjql75utc9nyiXCREZB8uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjUwNjI2MDkyNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQ5MDczYmU3MGM0NmNmNzI1OTkxNWQ4YzE1N2VhOWVmNjc2MjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjyyq6+LUdS8yWyiMsfHF96lAwbF
KdMsulR2flutsdSsL8GhCWHv42aA7Y3XRmSTwYNPkP3kQQL1VzWRYHb8irG19aNA
YSfNnaggbVj3iYtVZxPBGVBrRcV746i90h8VpfJ+x6ShA56dUbyJXlELmujpPOU1
BwY1IXQ/khhCOrAvAL8xhKrch2gxF/abkHV5getAfksgB+N039JchfsrlRv6CFLp
YN5Ulhi/lI4OzylyM2XJR3xxPn8djqX9w/xxYnTiUI2Wk5uA/S7+wonJwCZDH8qs
fIwCsOiQKUapeXkoD2jVCdGPwguS9I2VN2evf7RLUdIvXLD1RqEPfknhNwIDAQAB
o4IC4jCCAt4wHQYDVR0OBBYEFG3ZBzvnDEbPclmRXYwVfqnvZ2IBMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvYmRrSE8tY01Sczl5V1pGZGpCVi1xZTluWWdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH3BggrBgEFBQcBBwEB/wSB5zCB5DCB4QQCAAEwgdoDBAZb
VAADBAdbVIAwDAMEBVtVIAMEBVtVgAMEBltVwAMEAcIuJDAMAwQAwi4nAwQBwi4o
MAwDBADCLisDBADCLi4wDAMEBMIuMAMEAMIuOAMEAMIuPTAMAwQGwi5AAwQBwi5E
MAwDBAPCLkgDBADCLk4wDAMEBMIuUAMEAMIuUjAMAwQA1GiBAwQA1GiCAwQA1GiE
AwQA1GiIAwQA1GiPMAwDBADUaJUDBADUaJYDBADUaJgwDAMEANRomwMEANRonAME
ANRonwMEAdRsUAMEANRsVAMEAdRsWDANBgkqhkiG9w0BAQsFAAOCAQEASDvOSqe4
0hLEWx0KdfZy4xtjCM/KWrrNo2+a1Hfdki1KtBil4vDK91e0VIx+TSjVUkLFWSOL
GwCiGVM3NePYpDkrHeQ51F4lgGu+zAg8923y/c3XfJsJrVkgVbKt4exPFLWvnj5+
6CeGQILyBV74fi9/WC8XGA8U3qSRLjqdByXoaq5Ghv96tUjww8zMz3I/sZ04jyRg
uX5ObXssedihKceHYQmV+IzeMaYS4zeovcgbw0+2KAWN9aA1poIS8o9mQ/kJfh3z
RrYlEtLZ6l7NriQPlnjPpekQaOwG5d65Pjk9iFnyCGlcHxE7Pi/YaW+OROoqpxSr
qS2UH1gf03po3g==
-----END CERTIFICATE-----
Generated at Wed Jul 2 22:45:16 2025 by rpki-client