Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/57cc6e-8b1a-4827-999c-172df6bcd45b/1/l3o0cPreMKkY6Zin7N9ceMUABWg.roa
File: l3o0cPreMKkY6Zin7N9ceMUABWg.roa (raw, json)
Hash identifier: IkZ3DQrsK1OPin+reh8WbUesG/v7qTfWkg1bNypSLzQ=
Subject key identifier: 97:7A:34:70:FA:DE:30:A9:18:E9:98:A7:EC:DF:5C:78:C5:00:05:68
Certificate issuer: /CN=12cd9add16137e8bab98d78e2a3360bc8bd6f0f1
Certificate serial: 01974560BF63F72C6546867AD11446491E19
Authority key identifier: 12:CD:9A:DD:16:13:7E:8B:AB:98:D7:8E:2A:33:60:BC:8B:D6:F0:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Es2a3RYTfourmNeOKjNgvIvW8PE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/57cc6e-8b1a-4827-999c-172df6bcd45b/1/l3o0cPreMKkY6Zin7N9ceMUABWg.roa
Signing time: Fri 06 Jun 2025 13:14:17 +0000
ROA not before: Fri 06 Jun 2025 13:14:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15389
IP address blocks: 81.18.224.0/20 maxlen: 20
88.85.32.0/19 maxlen: 19
178.19.192.0/20 maxlen: 20
185.74.208.0/22 maxlen: 22
193.34.104.0/22 maxlen: 22
193.34.105.0/24 maxlen: 24
198.137.136.0/22 maxlen: 22
212.55.32.0/19 maxlen: 19
217.172.80.0/20 maxlen: 20
217.172.90.0/24 maxlen: 24
2a02:e90::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/83/57cc6e-8b1a-4827-999c-172df6bcd45b/1/Es2a3RYTfourmNeOKjNgvIvW8PE.crl
rsync://rpki.ripe.net/repository/DEFAULT/83/57cc6e-8b1a-4827-999c-172df6bcd45b/1/Es2a3RYTfourmNeOKjNgvIvW8PE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Es2a3RYTfourmNeOKjNgvIvW8PE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 03 Jul 2025 02:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:45:60:bf:63:f7:2c:65:46:86:7a:d1:14:46:49:1e:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=12cd9add16137e8bab98d78e2a3360bc8bd6f0f1
Validity
Not Before: Jun 6 13:14:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=977a3470fade30a918e998a7ecdf5c78c5000568
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:96:7c:96:3e:0a:77:d5:24:70:6d:2a:c1:60:
04:3c:c3:89:05:32:97:61:ce:f9:29:11:20:95:de:
7a:11:c6:38:40:a1:3b:01:f0:54:a0:3c:50:6c:c6:
de:7a:4f:7c:70:7b:ed:7c:22:c1:1f:c4:f4:ef:74:
44:99:de:9b:0d:d9:e2:2b:f0:f1:75:5a:b4:26:b4:
a8:aa:13:8a:6a:84:52:0e:0a:2a:4a:cc:5f:f3:76:
87:3d:44:48:26:84:c3:67:ff:d6:25:b8:f7:37:52:
80:dc:a5:bb:c8:83:f1:9f:07:e5:4f:e7:ad:b0:fd:
64:ff:0f:a6:df:0e:8e:85:b9:48:61:cf:e8:f1:9b:
43:20:eb:b0:04:bc:33:e7:a4:35:c2:05:2b:f9:a8:
65:b8:a2:1a:fd:94:f1:f1:06:ba:d1:72:33:5b:aa:
4c:c5:d2:40:10:1d:e4:51:c1:1e:84:40:73:9d:d1:
53:a5:c9:29:60:66:35:87:5c:a0:84:7d:17:59:1c:
9e:be:f4:c1:78:92:dc:fa:7b:e8:c8:b6:91:8a:b4:
13:b6:c8:ff:d4:79:59:e4:72:a8:a9:a6:a0:70:ca:
55:74:0e:96:5c:2c:b1:2f:6a:18:14:85:bb:85:2c:
47:b3:f6:c0:63:f9:80:f8:06:f0:37:c5:56:6f:82:
bd:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:7A:34:70:FA:DE:30:A9:18:E9:98:A7:EC:DF:5C:78:C5:00:05:68
X509v3 Authority Key Identifier:
keyid:12:CD:9A:DD:16:13:7E:8B:AB:98:D7:8E:2A:33:60:BC:8B:D6:F0:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Es2a3RYTfourmNeOKjNgvIvW8PE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/57cc6e-8b1a-4827-999c-172df6bcd45b/1/l3o0cPreMKkY6Zin7N9ceMUABWg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/57cc6e-8b1a-4827-999c-172df6bcd45b/1/Es2a3RYTfourmNeOKjNgvIvW8PE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.18.224.0/20
88.85.32.0/19
178.19.192.0/20
185.74.208.0/22
193.34.104.0/22
198.137.136.0/22
212.55.32.0/19
217.172.80.0/20
IPv6:
2a02:e90::/32
Signature Algorithm: sha256WithRSAEncryption
2b:fc:15:8a:f3:61:a2:4f:3b:f5:61:c5:95:0a:1d:ef:37:9e:
fb:01:29:64:d8:1d:72:d2:93:0b:30:52:22:a7:08:18:14:5b:
ba:2e:ab:b2:21:cb:ed:e0:82:9e:fc:1a:4e:c6:4c:93:9d:46:
ae:ed:f5:40:81:b9:1d:6b:51:f4:7c:61:00:1f:72:c1:71:fd:
85:5c:b1:6b:be:6d:20:df:23:2d:91:46:89:d3:90:18:89:86:
4b:d7:76:2e:22:02:be:47:1d:b6:15:46:82:f9:73:0b:0a:da:
bc:3f:ef:02:55:63:ea:59:7a:78:cd:10:f0:4b:d1:21:a3:c7:
af:fd:2c:f9:c4:44:74:f4:8e:de:99:4f:45:41:e8:78:b4:e8:
d9:3e:97:69:df:e4:f8:f2:50:66:78:8a:f9:f1:da:54:75:bd:
89:ee:ab:7a:d0:83:27:66:f9:ed:f5:7f:2f:cb:58:2a:fb:6b:
07:29:f1:8c:a6:59:32:7a:07:93:6d:ec:a0:5c:c5:1b:67:8e:
25:5b:d9:d0:c1:46:e2:6d:52:80:5f:33:30:87:69:fd:a6:d4:
b3:d2:b5:65:3f:36:bb:c4:30:50:4d:bd:41:e3:89:7b:25:cf:
ae:5e:00:17:0a:d5:da:4c:dc:6e:9a:9b:7f:78:25:e6:47:b2:
7a:4e:4d:c2
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZdFYL9j9yxlRoZ60RRGSR4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyY2Q5YWRkMTYxMzdlOGJhYjk4ZDc4ZTJhMzM2MGJjOGJk
NmYwZjEwHhcNMjUwNjA2MTMxNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzdhMzQ3MGZhZGUzMGE5MThlOTk4YTdlY2RmNWM3OGM1MDAwNTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypZ8lj4Kd9UkcG0qwWAEPMOJBTKX
Yc75KREgld56EcY4QKE7AfBUoDxQbMbeek98cHvtfCLBH8T073REmd6bDdniK/Dx
dVq0JrSoqhOKaoRSDgoqSsxf83aHPURIJoTDZ//WJbj3N1KA3KW7yIPxnwflT+et
sP1k/w+m3w6OhblIYc/o8ZtDIOuwBLwz56Q1wgUr+ahluKIa/ZTx8Qa60XIzW6pM
xdJAEB3kUcEehEBzndFTpckpYGY1h1yghH0XWRyevvTBeJLc+nvoyLaRirQTtsj/
1HlZ5HKoqaagcMpVdA6WXCyxL2oYFIW7hSxHs/bAY/mA+AbwN8VWb4K9nQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFJd6NHD63jCpGOmYp+zfXHjFAAVoMB8GA1UdIwQY
MBaAFBLNmt0WE36Lq5jXjiozYLyL1vDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXMyYTNSWVRmb3VybU5lT0tqTmd2SXZXOFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My81N2NjNmUtOGIxYS00ODI3LTk5OWMt
MTcyZGY2YmNkNDViLzEvbDNvMGNQcmVNS2tZNlppbjdOOWNlTVVBQldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My81N2NjNmUtOGIxYS00ODI3LTk5OWMtMTcyZGY2YmNkNDVi
LzEvRXMyYTNSWVRmb3VybU5lT0tqTmd2SXZXOFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQEURLgAwQF
WFUgAwQEshPAAwQCuUrQAwQCwSJoAwQCxomIAwQF1DcgAwQE2axQMA0EAgACMAcD
BQAqAg6QMA0GCSqGSIb3DQEBCwUAA4IBAQAr/BWK82GiTzv1YcWVCh3vN577ASlk
2B1y0pMLMFIipwgYFFu6LquyIcvt4IKe/BpOxkyTnUau7fVAgbkda1H0fGEAH3LB
cf2FXLFrvm0g3yMtkUaJ05AYiYZL13YuIgK+Rx22FUaC+XMLCtq8P+8CVWPqWXp4
zRDwS9Eho8ev/Sz5xER09I7emU9FQeh4tOjZPpdp3+T48lBmeIr58dpUdb2J7qt6
0IMnZvnt9X8vy1gq+2sHKfGMplkyegeTbeygXMUbZ44lW9nQwUbibVKAXzMwh2n9
ptSz0rVlPza7xDBQTb1B44l7Jc+uXgAXCtXaTNxumpt/eCXmR7J6Tk3C
-----END CERTIFICATE-----
Generated at Wed Jul 2 11:18:28 2025 by rpki-client