Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/iKe81R-d7NpY31TD5bcPHVmsY2g.roa
File: iKe81R-d7NpY31TD5bcPHVmsY2g.roa (raw, json)
Hash identifier: NrmL4rDM8Soz+h7m5cCsCbBdg9SwqLhYZsJEc4odfCg=
Subject key identifier: 88:A7:BC:D5:1F:9D:EC:DA:58:DF:54:C3:E5:B7:0F:1D:59:AC:63:68
Certificate issuer: /CN=9367965e2834f1893cfa8631a484071e6a2d45b7
Certificate serial: 01988514EB8C6E15D126E4AFB8BE37E5BBDF
Authority key identifier: 93:67:96:5E:28:34:F1:89:3C:FA:86:31:A4:84:07:1E:6A:2D:45:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/k2eWXig08Yk8-oYxpIQHHmotRbc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/iKe81R-d7NpY31TD5bcPHVmsY2g.roa
Signing time: Thu 07 Aug 2025 15:09:57 +0000
ROA not before: Thu 07 Aug 2025 15:09:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 28709
IP address blocks: 95.142.201.0/24 maxlen: 24
95.142.202.0/24 maxlen: 24
95.142.203.0/24 maxlen: 24
185.32.249.0/24 maxlen: 24
185.32.251.0/24 maxlen: 24
2a00:bdc0:e003::/48 maxlen: 48
2a00:bdc0:e004::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/k2eWXig08Yk8-oYxpIQHHmotRbc.crl
rsync://rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/k2eWXig08Yk8-oYxpIQHHmotRbc.mft
rsync://rpki.ripe.net/repository/DEFAULT/k2eWXig08Yk8-oYxpIQHHmotRbc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 09:01:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:85:14:eb:8c:6e:15:d1:26:e4:af:b8:be:37:e5:bb:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9367965e2834f1893cfa8631a484071e6a2d45b7
Validity
Not Before: Aug 7 15:09:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=88a7bcd51f9decda58df54c3e5b70f1d59ac6368
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:88:d0:00:b0:ab:f2:4b:9c:28:86:b4:a0:57:
21:1b:df:07:45:5e:b7:1c:eb:4b:f1:74:d3:79:3e:
f4:3f:f4:3a:db:02:0e:8b:fa:f4:ae:19:b9:26:40:
0f:eb:2d:81:9f:9f:bc:90:fd:7b:29:f3:31:83:4f:
69:92:90:cf:21:d8:f5:68:51:e4:45:e2:ae:4e:bf:
f2:1e:13:60:c7:e6:a3:6b:c3:6b:25:0c:40:47:fd:
9e:99:7a:a4:5b:66:5f:88:70:0d:53:76:68:40:22:
91:9b:0e:16:62:d1:79:d3:f9:46:90:de:c3:f9:d1:
42:0e:be:0c:5e:0f:76:72:8c:5b:29:f2:ed:91:ce:
29:ce:7d:8a:98:0a:fe:40:d6:fe:b7:36:82:4d:cb:
a5:e9:00:4b:f1:e3:7f:6e:a3:57:53:66:42:69:f3:
80:79:fb:4f:41:3e:c9:1b:34:46:0e:20:b9:09:23:
27:4b:da:10:a7:a8:f6:ac:0e:1e:37:19:d5:fc:8d:
79:08:a5:08:db:16:0a:87:d3:64:b7:8a:dd:20:3b:
da:9c:73:d2:95:8c:49:26:c5:ca:cf:26:4d:6e:99:
f9:54:48:8f:95:97:ff:2d:f0:a6:ae:ad:9a:83:64:
4d:ab:6c:af:0c:25:3f:7d:a6:91:dd:d4:31:2b:13:
46:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:A7:BC:D5:1F:9D:EC:DA:58:DF:54:C3:E5:B7:0F:1D:59:AC:63:68
X509v3 Authority Key Identifier:
keyid:93:67:96:5E:28:34:F1:89:3C:FA:86:31:A4:84:07:1E:6A:2D:45:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2eWXig08Yk8-oYxpIQHHmotRbc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/iKe81R-d7NpY31TD5bcPHVmsY2g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/k2eWXig08Yk8-oYxpIQHHmotRbc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.142.201.0-95.142.203.255
185.32.249.0/24
185.32.251.0/24
IPv6:
2a00:bdc0:e003::-2a00:bdc0:e004:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
30:db:f5:bc:d8:8b:2f:51:15:26:50:7e:1d:82:98:b5:3e:41:
59:17:39:47:16:a3:f4:95:8c:8f:e6:8d:12:6d:96:24:66:9f:
a5:e1:74:51:3d:47:75:8c:92:d1:bc:ea:4a:62:dc:e6:ca:a0:
4a:f9:14:4c:9f:33:ab:0b:2a:27:5b:e1:93:22:61:b3:49:e1:
f7:52:3b:82:e9:94:07:dc:d1:07:ac:2a:9b:cc:a5:79:05:47:
ce:77:a7:fc:a1:eb:14:89:83:ff:60:ff:35:31:77:93:c6:c0:
9b:35:be:49:3a:e4:77:5c:75:61:34:58:f2:60:7a:4d:c2:e7:
de:38:fb:5f:4f:44:21:bd:49:2c:3d:d2:47:2a:fb:59:b6:3e:
74:d1:16:fe:a6:3c:cd:25:0c:59:18:6b:ba:17:c6:7b:01:8f:
ef:0b:f6:a4:d4:4c:3c:fb:c6:fc:71:59:03:01:d9:54:5c:b1:
1c:07:c6:e0:f2:ff:68:aa:5c:07:3d:ef:dd:9f:9d:24:c9:33:
d6:e6:5f:38:ef:fc:64:6d:78:a7:6a:82:3d:05:de:15:a0:de:
1d:7b:ed:1d:5f:88:67:3a:52:0d:b5:79:74:75:af:c7:cd:63:
44:d1:15:28:e1:67:da:4b:3f:3b:99:fd:36:ca:18:54:d1:73:
65:0a:1e:b1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZiFFOuMbhXRJuSvuL435bvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc5NjVlMjgzNGYxODkzY2ZhODYzMWE0ODQwNzFlNmEy
ZDQ1YjcwHhcNMjUwODA3MTUwOTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGE3YmNkNTFmOWRlY2RhNThkZjU0YzNlNWI3MGYxZDU5YWM2MzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnojQALCr8kucKIa0oFchG98HRV63
HOtL8XTTeT70P/Q62wIOi/r0rhm5JkAP6y2Bn5+8kP17KfMxg09pkpDPIdj1aFHk
ReKuTr/yHhNgx+aja8NrJQxAR/2emXqkW2ZfiHANU3ZoQCKRmw4WYtF50/lGkN7D
+dFCDr4MXg92coxbKfLtkc4pzn2KmAr+QNb+tzaCTcul6QBL8eN/bqNXU2ZCafOA
eftPQT7JGzRGDiC5CSMnS9oQp6j2rA4eNxnV/I15CKUI2xYKh9Nkt4rdIDvanHPS
lYxJJsXKzyZNbpn5VEiPlZf/LfCmrq2ag2RNq2yvDCU/faaR3dQxKxNGLQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFIinvNUfnezaWN9Uw+W3Dx1ZrGNoMB8GA1UdIwQY
MBaAFJNnll4oNPGJPPqGMaSEBx5qLUW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJlV1hpZzA4WWs4LW9ZeHBJUUhIbW90UmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xODEzYmEtNTA2ZS00NDRlLTljYTQt
ZjA5M2UxN2IyN2VmLzEvaUtlODFSLWQ3TnBZMzFURDViY1BIVm1zWTJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xODEzYmEtNTA2ZS00NDRlLTljYTQtZjA5M2UxN2IyN2Vm
LzEvazJlV1hpZzA4WWs4LW9ZeHBJUUhIbW90UmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAgBAIAATAaMAwDBABfjskD
BAJfjsgDBAC5IPkDBAC5IPswGgQCAAIwFDASAwcAKgC9wOADAwcAKgC9wOAEMA0G
CSqGSIb3DQEBCwUAA4IBAQAw2/W82IsvURUmUH4dgpi1PkFZFzlHFqP0lYyP5o0S
bZYkZp+l4XRRPUd1jJLRvOpKYtzmyqBK+RRMnzOrCyonW+GTImGzSeH3UjuC6ZQH
3NEHrCqbzKV5BUfOd6f8oesUiYP/YP81MXeTxsCbNb5JOuR3XHVhNFjyYHpNwufe
OPtfT0QhvUksPdJHKvtZtj500Rb+pjzNJQxZGGu6F8Z7AY/vC/ak1Ew8+8b8cVkD
AdlUXLEcB8bg8v9oqlwHPe/dn50kyTPW5l847/xkbXinaoI9Bd4VoN4de+0dX4hn
OlINtXl0da/HzWNE0RUo4WfaSz87mf02yhhU0XNlCh6x
-----END CERTIFICATE-----
Generated at Sat Aug 23 19:45:48 2025 by rpki-client