Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/LP9-87x2sFdExSVGnQl66ksWebM.roa
File: LP9-87x2sFdExSVGnQl66ksWebM.roa (raw, json)
Hash identifier: FCz58YZkBtrnj9bFMj0dGjpjaE2bGxIe0P3tBukrHxo=
Subject key identifier: 2C:FF:7E:F3:BC:76:B0:57:44:C5:25:46:9D:09:7A:EA:4B:16:79:B3
Certificate issuer: /CN=d8672105752b982174d1040c103817570b8d34d6
Certificate serial: 01979C54A8F43FFE720282572131FDC1322C
Authority key identifier: D8:67:21:05:75:2B:98:21:74:D1:04:0C:10:38:17:57:0B:8D:34:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2GchBXUrmCF00QQMEDgXVwuNNNY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/LP9-87x2sFdExSVGnQl66ksWebM.roa
Signing time: Mon 23 Jun 2025 10:28:03 +0000
ROA not before: Mon 23 Jun 2025 10:28:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50489
IP address blocks: 91.240.47.0/24 maxlen: 24
185.35.68.0/22 maxlen: 24
185.35.68.0/24 maxlen: 24
185.35.69.0/24 maxlen: 24
185.35.70.0/24 maxlen: 24
192.153.60.0/22 maxlen: 24
192.153.60.0/24 maxlen: 24
192.153.61.0/24 maxlen: 24
2a0c:c640::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/2GchBXUrmCF00QQMEDgXVwuNNNY.crl
rsync://rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/2GchBXUrmCF00QQMEDgXVwuNNNY.mft
rsync://rpki.ripe.net/repository/DEFAULT/2GchBXUrmCF00QQMEDgXVwuNNNY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:9c:54:a8:f4:3f:fe:72:02:82:57:21:31:fd:c1:32:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8672105752b982174d1040c103817570b8d34d6
Validity
Not Before: Jun 23 10:28:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2cff7ef3bc76b05744c525469d097aea4b1679b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:24:98:2f:c9:f3:86:1f:70:b5:ac:1d:1b:ea:
6f:ae:e4:ae:34:65:7b:48:76:1f:51:1f:ae:62:44:
2d:1c:1a:87:0d:f7:f2:3d:26:31:03:bb:d3:35:01:
7b:f6:ff:6a:b4:1b:d6:ce:98:6b:22:84:eb:ab:c0:
33:b1:ce:2a:e0:07:2e:e1:47:ed:e5:b7:6c:58:f8:
b5:c1:1e:84:79:5e:c1:42:4b:0d:ae:73:8b:5a:5a:
93:14:86:6e:c7:c0:04:9b:3d:68:1c:53:17:e1:83:
1d:76:26:8e:8a:10:61:47:0b:87:7e:21:81:8b:f2:
73:e2:a4:d9:07:81:c2:2f:b5:1a:eb:52:4e:83:94:
11:5c:1c:bc:48:bc:ae:01:a8:9d:2a:29:22:a2:9a:
a3:ef:ac:b9:9a:91:c3:64:e3:5d:fd:99:ba:72:d7:
52:28:b1:62:21:ea:7d:f8:50:b5:3a:8c:ec:f3:81:
d0:fd:12:90:1a:be:bb:c5:ac:48:98:2d:c0:ef:76:
21:94:75:ad:2a:83:bf:dc:2d:85:6e:28:92:e6:42:
90:ec:e2:02:39:04:27:7b:c7:cc:b0:92:e0:8a:91:
24:2b:45:4c:11:b9:ff:2b:51:6c:92:6d:9f:77:78:
90:ce:07:dc:7c:3f:4b:2f:a4:ea:87:37:85:19:52:
fd:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:FF:7E:F3:BC:76:B0:57:44:C5:25:46:9D:09:7A:EA:4B:16:79:B3
X509v3 Authority Key Identifier:
keyid:D8:67:21:05:75:2B:98:21:74:D1:04:0C:10:38:17:57:0B:8D:34:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2GchBXUrmCF00QQMEDgXVwuNNNY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/LP9-87x2sFdExSVGnQl66ksWebM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/2GchBXUrmCF00QQMEDgXVwuNNNY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.240.47.0/24
185.35.68.0/22
192.153.60.0/22
IPv6:
2a0c:c640::/29
Signature Algorithm: sha256WithRSAEncryption
39:12:98:4c:3c:be:0b:b8:25:49:38:9f:3f:45:f1:40:e0:70:
fa:43:04:ce:91:7b:91:39:02:c0:3c:17:fd:a5:61:66:e4:c7:
bd:eb:9a:c8:ac:51:fb:ae:7b:c7:79:2b:bf:9a:a6:ce:7a:1e:
56:bb:07:c3:44:94:f2:6a:38:3c:9e:10:8e:95:0d:cd:bc:d8:
3d:0f:34:91:b3:91:4b:5a:ff:7d:d9:19:a0:bf:a3:96:a5:6c:
ce:3f:94:45:39:48:6d:f5:48:18:e6:c2:8b:a8:60:cf:0c:74:
6d:ec:f5:51:a9:93:b9:91:2f:ab:f1:91:a6:ba:9f:34:5c:04:
37:5b:15:de:25:64:8e:19:31:e1:3d:ad:ef:dd:e6:28:ed:75:
24:35:83:db:71:50:ba:e2:2f:8e:31:08:bf:75:a3:0b:73:bd:
f2:f6:e3:b1:08:a7:cc:91:a8:75:a7:47:13:a8:c4:0d:2b:df:
ae:da:1c:8b:0f:9f:64:3d:7b:df:f6:be:26:0b:52:71:ba:c6:
d9:71:24:19:88:18:9a:fe:dc:b5:5e:55:c7:00:f1:6d:af:0c:
a2:b6:12:5e:02:4b:a4:96:8f:51:a0:f3:40:00:7e:23:90:7f:
d6:b8:9f:64:49:c0:67:a3:07:f2:86:b4:55:ba:3b:e1:cd:5d:
90:53:25:b8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZecVKj0P/5yAoJXITH9wTIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NjcyMTA1NzUyYjk4MjE3NGQxMDQwYzEwMzgxNzU3MGI4
ZDM0ZDYwHhcNMjUwNjIzMTAyODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2ZmN2VmM2JjNzZiMDU3NDRjNTI1NDY5ZDA5N2FlYTRiMTY3OWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCSYL8nzhh9wtawdG+pvruSuNGV7
SHYfUR+uYkQtHBqHDffyPSYxA7vTNQF79v9qtBvWzphrIoTrq8Azsc4q4Acu4Uft
5bdsWPi1wR6EeV7BQksNrnOLWlqTFIZux8AEmz1oHFMX4YMddiaOihBhRwuHfiGB
i/Jz4qTZB4HCL7Ua61JOg5QRXBy8SLyuAaidKikiopqj76y5mpHDZONd/Zm6ctdS
KLFiIep9+FC1Oozs84HQ/RKQGr67xaxImC3A73YhlHWtKoO/3C2FbiiS5kKQ7OIC
OQQne8fMsJLgipEkK0VMEbn/K1Fskm2fd3iQzgfcfD9LL6TqhzeFGVL9owIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCz/fvO8drBXRMUlRp0JeupLFnmzMB8GA1UdIwQY
MBaAFNhnIQV1K5ghdNEEDBA4F1cLjTTWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkdjaEJYVXJtQ0YwMFFRTUVEZ1hWd3VOTk5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lNzMyZjQtYmU4NC00MjliLWExOGUt
MTUxOGE3MzNmOTcwLzEvTFA5LTg3eDJzRmRFeFNWR25RbDY2a3NXZWJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lNzMyZjQtYmU4NC00MjliLWExOGUtMTUxOGE3MzNmOTcw
LzEvMkdjaEJYVXJtQ0YwMFFRTUVEZ1hWd3VOTk5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAW/AvAwQC
uSNEAwQCwJk8MA0EAgACMAcDBQMqDMZAMA0GCSqGSIb3DQEBCwUAA4IBAQA5EphM
PL4LuCVJOJ8/RfFA4HD6QwTOkXuROQLAPBf9pWFm5Me965rIrFH7rnvHeSu/mqbO
eh5WuwfDRJTyajg8nhCOlQ3NvNg9DzSRs5FLWv992Rmgv6OWpWzOP5RFOUht9UgY
5sKLqGDPDHRt7PVRqZO5kS+r8ZGmup80XAQ3WxXeJWSOGTHhPa3v3eYo7XUkNYPb
cVC64i+OMQi/daMLc73y9uOxCKfMkah1p0cTqMQNK9+u2hyLD59kPXvf9r4mC1Jx
usbZcSQZiBia/ty1XlXHAPFtrwyithJeAkuklo9RoPNAAH4jkH/WuJ9kScBnowfy
hrRVujvhzV2QUyW4
-----END CERTIFICATE-----
Generated at Sun Jun 29 05:04:57 2025 by rpki-client