Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/32680d-03d9-4afa-9416-8d6fc010523d/1/HrH3DyFGiBEMYeiK4JQtPCMBdds.roa
File: HrH3DyFGiBEMYeiK4JQtPCMBdds.roa (raw, json)
Hash identifier: 7Qo4VPKeUbi86BxMP/IbODYzoRV/6QGbnBfiLkZFcUU=
Subject key identifier: 1E:B1:F7:0F:21:46:88:11:0C:61:E8:8A:E0:94:2D:3C:23:01:75:DB
Certificate issuer: /CN=d6923df4dae91950cf00d235fe39e00eea3816d2
Certificate serial: 0197A0E220614499C97CD49F782C2172ED97
Authority key identifier: D6:92:3D:F4:DA:E9:19:50:CF:00:D2:35:FE:39:E0:0E:EA:38:16:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1pI99NrpGVDPANI1_jngDuo4FtI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/32680d-03d9-4afa-9416-8d6fc010523d/1/HrH3DyFGiBEMYeiK4JQtPCMBdds.roa
Signing time: Tue 24 Jun 2025 07:41:03 +0000
ROA not before: Tue 24 Jun 2025 07:41:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15614
IP address blocks: 31.41.200.0/21 maxlen: 21
78.110.208.0/20 maxlen: 20
178.209.128.0/19 maxlen: 19
185.24.20.0/22 maxlen: 22
213.168.176.0/20 maxlen: 20
2a02:13b8::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a5/32680d-03d9-4afa-9416-8d6fc010523d/1/1pI99NrpGVDPANI1_jngDuo4FtI.crl
rsync://rpki.ripe.net/repository/DEFAULT/a5/32680d-03d9-4afa-9416-8d6fc010523d/1/1pI99NrpGVDPANI1_jngDuo4FtI.mft
rsync://rpki.ripe.net/repository/DEFAULT/1pI99NrpGVDPANI1_jngDuo4FtI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 00:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:a0:e2:20:61:44:99:c9:7c:d4:9f:78:2c:21:72:ed:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d6923df4dae91950cf00d235fe39e00eea3816d2
Validity
Not Before: Jun 24 07:41:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1eb1f70f214688110c61e88ae0942d3c230175db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:90:6a:b8:24:bc:b9:84:77:90:e2:c9:30:aa:
09:65:27:e0:b4:4c:45:b1:a8:ab:fd:f0:67:d4:a3:
fd:91:86:ef:1d:aa:62:2e:ac:9c:06:fa:c8:6d:37:
2c:99:60:b3:a0:af:d7:60:9d:45:cc:13:27:04:c5:
2c:ba:6e:57:0c:60:13:8a:f7:12:75:7f:9e:1f:d7:
b3:2b:1a:20:bf:31:ad:aa:61:4e:27:e1:4b:76:0c:
f5:d1:25:88:f1:73:3e:35:9a:e2:45:79:8d:5e:c9:
f6:a8:e4:f1:ae:d5:3c:0c:f3:85:12:0f:98:b5:82:
b1:76:02:79:2c:36:a7:06:73:21:33:df:5f:af:64:
ad:16:3d:68:ab:fa:86:c2:01:3d:87:6e:b2:85:b6:
c3:2e:07:e2:50:33:65:b2:f4:04:ae:27:89:3e:16:
8f:0c:33:e5:5a:8e:5a:14:d4:45:d1:85:68:ad:c5:
04:a0:77:0e:7b:53:72:b4:7e:a2:e6:b7:e1:e7:a3:
ae:82:67:36:62:73:7b:87:af:29:9e:e9:21:89:bf:
05:04:6b:68:61:ad:dc:38:dc:5a:00:52:52:69:bf:
53:cf:1e:88:57:19:d3:ae:12:ff:22:f7:1a:8f:b8:
89:5b:78:7c:53:04:94:c1:81:fd:da:1a:7f:57:11:
91:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:B1:F7:0F:21:46:88:11:0C:61:E8:8A:E0:94:2D:3C:23:01:75:DB
X509v3 Authority Key Identifier:
keyid:D6:92:3D:F4:DA:E9:19:50:CF:00:D2:35:FE:39:E0:0E:EA:38:16:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1pI99NrpGVDPANI1_jngDuo4FtI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/32680d-03d9-4afa-9416-8d6fc010523d/1/HrH3DyFGiBEMYeiK4JQtPCMBdds.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/32680d-03d9-4afa-9416-8d6fc010523d/1/1pI99NrpGVDPANI1_jngDuo4FtI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.41.200.0/21
78.110.208.0/20
178.209.128.0/19
185.24.20.0/22
213.168.176.0/20
IPv6:
2a02:13b8::/29
Signature Algorithm: sha256WithRSAEncryption
0a:ff:08:f2:3c:82:58:3a:96:c5:89:fb:26:12:d5:3c:5a:84:
7a:5d:22:2a:b6:4a:93:fa:e9:f9:e9:72:51:e0:15:9b:55:3e:
f5:66:84:cb:cb:80:d8:c4:3e:05:8d:d2:a8:75:7a:0e:dc:45:
1a:7f:d7:82:8c:29:c9:01:59:13:91:d9:c6:c7:57:57:95:e7:
d3:6b:ce:7e:69:77:13:d4:ac:b7:2a:9f:9e:7a:ab:b5:3b:ba:
62:10:1f:04:77:e8:45:d6:a0:68:b7:42:95:ed:7c:84:37:5b:
ec:a7:a3:6f:cc:2d:7b:17:2d:31:ca:21:e1:5d:e0:42:9d:bb:
66:bb:88:6e:f9:d3:d0:26:7b:ab:91:6c:9f:45:9f:69:14:b0:
14:02:7c:2d:25:95:19:e9:95:6f:74:65:97:50:d9:cd:ba:37:
c3:c2:fd:7a:99:df:5d:87:04:8f:6f:09:26:8b:20:65:88:34:
ec:91:01:60:4f:a9:d9:5e:52:ac:73:51:51:81:4a:d9:da:0c:
b7:2c:03:57:32:da:e9:f5:2d:2d:91:a7:87:5f:c8:55:ee:80:
8e:82:b7:4e:ed:f7:b4:ce:65:c5:81:10:a8:e9:e4:c5:22:e5:
c8:4f:63:ae:27:3c:dc:c1:b7:8c:79:77:62:7f:e3:be:db:91:
a9:c3:4e:51
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZeg4iBhRJnJfNSfeCwhcu2XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2OTIzZGY0ZGFlOTE5NTBjZjAwZDIzNWZlMzllMDBlZWEz
ODE2ZDIwHhcNMjUwNjI0MDc0MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWIxZjcwZjIxNDY4ODExMGM2MWU4OGFlMDk0MmQzYzIzMDE3NWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJBquCS8uYR3kOLJMKoJZSfgtExF
sair/fBn1KP9kYbvHapiLqycBvrIbTcsmWCzoK/XYJ1FzBMnBMUsum5XDGATivcS
dX+eH9ezKxogvzGtqmFOJ+FLdgz10SWI8XM+NZriRXmNXsn2qOTxrtU8DPOFEg+Y
tYKxdgJ5LDanBnMhM99fr2StFj1oq/qGwgE9h26yhbbDLgfiUDNlsvQErieJPhaP
DDPlWo5aFNRF0YVorcUEoHcOe1NytH6i5rfh56Ougmc2YnN7h68pnukhib8FBGto
Ya3cONxaAFJSab9Tzx6IVxnTrhL/Ivcaj7iJW3h8UwSUwYH92hp/VxGRTQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFB6x9w8hRogRDGHoiuCULTwjAXXbMB8GA1UdIwQY
MBaAFNaSPfTa6RlQzwDSNf454A7qOBbSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXBJOTlOcnBHVkRQQU5JMV9qbmdEdW80RnRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zMjY4MGQtMDNkOS00YWZhLTk0MTYt
OGQ2ZmMwMTA1MjNkLzEvSHJIM0R5RkdpQkVNWWVpSzRKUXRQQ01CZGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zMjY4MGQtMDNkOS00YWZhLTk0MTYtOGQ2ZmMwMTA1MjNk
LzEvMXBJOTlOcnBHVkRQQU5JMV9qbmdEdW80RnRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDHynIAwQE
Tm7QAwQFstGAAwQCuRgUAwQE1aiwMA0EAgACMAcDBQMqAhO4MA0GCSqGSIb3DQEB
CwUAA4IBAQAK/wjyPIJYOpbFifsmEtU8WoR6XSIqtkqT+un56XJR4BWbVT71ZoTL
y4DYxD4FjdKodXoO3EUaf9eCjCnJAVkTkdnGx1dXlefTa85+aXcT1Ky3Kp+eequ1
O7piEB8Ed+hF1qBot0KV7XyEN1vsp6NvzC17Fy0xyiHhXeBCnbtmu4hu+dPQJnur
kWyfRZ9pFLAUAnwtJZUZ6ZVvdGWXUNnNujfDwv16md9dhwSPbwkmiyBliDTskQFg
T6nZXlKsc1FRgUrZ2gy3LANXMtrp9S0tkaeHX8hV7oCOgrdO7fe0zmXFgRCo6eTF
IuXIT2OuJzzcwbeMeXdif+O+25Gpw05R
-----END CERTIFICATE-----
Generated at Sun Jun 29 06:02:44 2025 by rpki-client