Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VCtYF8UeJqlUSiaM8vju-lwbJeE.roa
File: VCtYF8UeJqlUSiaM8vju-lwbJeE.roa (raw, json)
Hash identifier: vLoIUuC5XSA317xVJPyN4UCfqYICwbdvxPv45oRvefE=
Subject key identifier: 54:2B:58:17:C5:1E:26:A9:54:4A:26:8C:F2:F8:EE:FA:5C:1B:25:E1
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0197998A8E40B2A0896FF61DFFD11457DA4E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VCtYF8UeJqlUSiaM8vju-lwbJeE.roa
Signing time: Sun 22 Jun 2025 21:28:03 +0000
ROA not before: Sun 22 Jun 2025 21:28:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 80.240.88.0/21 maxlen: 24
82.152.174.0/23 maxlen: 23
82.153.208.0/22 maxlen: 22
82.163.24.0/21 maxlen: 24
89.213.58.0/24 maxlen: 24
89.213.60.0/23 maxlen: 24
89.213.147.0/24 maxlen: 24
89.213.198.0/23 maxlen: 24
89.213.200.0/23 maxlen: 24
89.213.202.0/23 maxlen: 24
89.213.204.0/23 maxlen: 24
89.213.228.0/24 maxlen: 24
89.213.249.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 02 Jul 2025 07:53:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:99:8a:8e:40:b2:a0:89:6f:f6:1d:ff:d1:14:57:da:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 22 21:28:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=542b5817c51e26a9544a268cf2f8eefa5c1b25e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:18:03:03:07:40:c0:9a:35:df:5e:58:d0:36:
e4:15:08:e0:6e:66:9c:d5:d0:65:35:1f:89:62:05:
c5:39:50:5b:69:56:7e:11:be:42:0f:68:b4:9b:08:
5a:35:0f:de:88:c9:b3:d9:6c:92:5a:40:ed:b3:38:
29:2e:75:db:61:41:50:2e:b9:59:dc:d9:cd:58:e6:
fb:f8:35:2a:51:05:1d:88:2d:64:61:8d:14:4d:b0:
94:16:83:04:cc:c8:6e:aa:1c:6a:e9:60:fe:16:17:
37:3a:99:aa:38:03:fc:df:e3:66:f9:a8:75:20:b8:
72:e2:4d:86:88:c1:f5:c1:7a:a4:52:55:86:85:39:
35:84:6e:c8:c1:70:a8:a7:e4:c7:e5:64:c1:75:81:
a4:ef:47:52:c8:1a:29:16:ae:df:3c:90:84:23:03:
3f:1c:42:c0:c7:dc:7c:31:69:b6:4d:3c:ef:63:82:
53:a0:d2:a4:36:6d:b1:b0:b3:1b:cc:2d:3e:0a:49:
f0:f5:b8:cb:dd:df:2b:55:77:5d:3a:b6:bd:34:4c:
00:32:04:de:c6:17:90:74:e2:d7:78:d7:a2:53:19:
bd:3f:52:8d:ca:3c:a4:a0:6e:fb:2c:cd:66:e4:e3:
86:0f:68:5b:3e:97:1d:45:7d:80:50:8e:83:b5:89:
52:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:2B:58:17:C5:1E:26:A9:54:4A:26:8C:F2:F8:EE:FA:5C:1B:25:E1
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VCtYF8UeJqlUSiaM8vju-lwbJeE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.240.88.0/21
82.152.174.0/23
82.153.208.0/22
82.163.24.0/21
89.213.58.0/24
89.213.60.0/23
89.213.147.0/24
89.213.198.0-89.213.205.255
89.213.228.0/24
89.213.249.0/24
Signature Algorithm: sha256WithRSAEncryption
21:26:f8:bb:a6:6c:bb:06:53:c1:c7:e6:d8:c9:80:97:32:8f:
a2:3f:ad:92:48:cf:1a:7c:e0:70:ef:89:fa:fb:1b:5a:87:72:
b6:d8:48:fd:f2:4d:f4:70:a0:3c:b6:ed:f1:8c:05:a8:d8:e8:
f3:4f:7b:d0:d1:d7:50:63:a5:62:13:b6:63:4b:53:0e:44:a5:
dd:65:64:b9:a1:5e:a1:1e:72:fc:24:68:ab:4a:11:3f:a0:82:
f7:b9:11:68:5c:28:4e:6e:b7:91:ea:d7:7d:2e:a4:30:29:2e:
3d:5a:63:34:0b:70:06:3d:db:13:2b:bc:1f:f3:e5:ce:5b:d0:
93:64:b7:d2:1f:c2:60:09:8c:37:f0:6d:cf:6b:b1:a0:b0:38:
22:1b:d0:d7:df:54:3e:c4:9b:a1:26:7c:a5:e0:f7:a6:b0:7b:
bd:74:05:5b:40:93:91:a8:2b:28:cc:8d:59:55:17:87:2e:b3:
3a:d1:c9:45:d1:83:3a:ba:3b:06:0c:b0:e4:86:46:2d:db:c4:
15:8e:c6:b0:91:2d:c7:3a:c7:26:28:f5:48:ec:0f:5a:e8:7d:
2a:5b:b1:94:18:bb:46:03:ed:f4:10:7d:ba:3e:1e:18:6e:99:
eb:3b:a5:56:f6:e1:d0:08:22:55:85:0f:3e:e5:39:dc:62:53:
b9:0c:ab:a8
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZeZio5AsqCJb/Yd/9EUV9pOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNjIyMjEyODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDJiNTgxN2M1MWUyNmE5NTQ0YTI2OGNmMmY4ZWVmYTVjMWIyNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhgDAwdAwJo1315Y0DbkFQjgbmac
1dBlNR+JYgXFOVBbaVZ+Eb5CD2i0mwhaNQ/eiMmz2WySWkDtszgpLnXbYUFQLrlZ
3NnNWOb7+DUqUQUdiC1kYY0UTbCUFoMEzMhuqhxq6WD+Fhc3OpmqOAP83+Nm+ah1
ILhy4k2GiMH1wXqkUlWGhTk1hG7IwXCop+TH5WTBdYGk70dSyBopFq7fPJCEIwM/
HELAx9x8MWm2TTzvY4JToNKkNm2xsLMbzC0+Cknw9bjL3d8rVXddOra9NEwAMgTe
xheQdOLXeNeiUxm9P1KNyjykoG77LM1m5OOGD2hbPpcdRX2AUI6DtYlSjQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFFQrWBfFHiapVEomjPL47vpcGyXhMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVkN0WUY4VWVKcWxVU2lhTTh2anUtbHdiSmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDUPBYAwQB
UpiuAwQCUpnQAwQDUqMYAwQAWdU6AwQBWdU8AwQAWdWTMAwDBAFZ1cYDBAFZ1cwD
BABZ1eQDBABZ1fkwDQYJKoZIhvcNAQELBQADggEBACEm+LumbLsGU8HH5tjJgJcy
j6I/rZJIzxp84HDvifr7G1qHcrbYSP3yTfRwoDy27fGMBajY6PNPe9DR11BjpWIT
tmNLUw5Epd1lZLmhXqEecvwkaKtKET+ggve5EWhcKE5ut5Hq130upDApLj1aYzQL
cAY92xMrvB/z5c5b0JNkt9IfwmAJjDfwbc9rsaCwOCIb0NffVD7Em6EmfKXg96aw
e710BVtAk5GoKyjMjVlVF4cuszrRyUXRgzq6OwYMsOSGRi3bxBWOxrCRLcc6xyYo
9UjsD1rofSpbsZQYu0YD7fQQfbo+Hhhumes7pVb24dAIIlWFDz7lOdxiU7kMq6g=
-----END CERTIFICATE-----
Generated at Tue Jul 1 10:16:11 2025 by rpki-client