Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/IcBXNhcRwC9rqTJrrwBbNq4dyNc.roa
File: IcBXNhcRwC9rqTJrrwBbNq4dyNc.roa (raw, json)
Hash identifier: fLLUYVbljHR6MG/7uXWdqM+yUv/JR8Ck06BiCfj9mCQ=
Subject key identifier: 21:C0:57:36:17:11:C0:2F:6B:A9:32:6B:AF:00:5B:36:AE:1D:C8:D7
Certificate issuer: /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial: 0198ACF6AEE160E1A0DE879332ADEEDDACFB
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/IcBXNhcRwC9rqTJrrwBbNq4dyNc.roa
Signing time: Fri 15 Aug 2025 09:01:44 +0000
ROA not before: Fri 15 Aug 2025 09:01:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47950
IP address blocks: 91.223.67.0/24 maxlen: 24
193.41.244.0/24 maxlen: 24
193.41.246.0/24 maxlen: 24
2a06:e800::/48 maxlen: 48
2a0d:f400::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ac:f6:ae:e1:60:e1:a0:de:87:93:32:ad:ee:dd:ac:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Validity
Not Before: Aug 15 09:01:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=21c057361711c02f6ba9326baf005b36ae1dc8d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:02:9d:9a:02:7d:20:f0:83:13:53:93:b0:7c:
f4:12:2d:98:bd:42:42:fe:6a:fd:fe:42:ad:31:d2:
a7:1c:df:e4:2c:6f:ac:cf:77:3d:98:89:4c:fa:cb:
61:45:94:fd:d4:0b:37:9d:fe:48:eb:05:36:4f:ff:
36:52:55:d0:db:2c:3f:44:30:c9:66:7e:13:49:90:
4d:68:de:d4:7d:6e:85:9f:8c:3b:54:f3:41:a0:0c:
11:c1:80:36:e7:c5:58:8f:b6:12:41:78:44:e9:e6:
c5:1d:2e:c6:05:08:21:ad:29:b1:95:4e:0a:4f:fc:
d0:ba:9d:b8:38:c2:6a:30:d1:07:5c:09:b6:3d:25:
11:2b:45:cc:e2:03:07:d0:86:a4:26:68:b8:0b:26:
c7:7b:7b:07:5d:19:f3:2f:35:72:c8:9c:b9:6e:d7:
78:98:b3:24:d6:69:04:5b:63:86:f5:2b:ae:d7:7b:
98:58:14:27:f3:79:34:67:ea:ff:69:1f:72:eb:49:
d7:31:1f:1c:c2:70:36:8e:22:e6:f9:6b:09:8a:e3:
63:21:45:d7:41:bb:00:87:91:a6:d8:10:ea:8e:70:
26:0c:25:e3:49:92:95:1b:f7:b8:64:f0:4b:85:6e:
b5:1a:ca:d2:8a:a8:7a:c4:75:4f:7b:2b:07:ab:e2:
32:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:C0:57:36:17:11:C0:2F:6B:A9:32:6B:AF:00:5B:36:AE:1D:C8:D7
X509v3 Authority Key Identifier:
keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/IcBXNhcRwC9rqTJrrwBbNq4dyNc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.223.67.0/24
193.41.244.0/24
193.41.246.0/24
IPv6:
2a06:e800::/48
2a0d:f400::/32
Signature Algorithm: sha256WithRSAEncryption
95:1c:f8:0a:71:8f:33:8f:1e:d3:f2:e6:60:f0:73:66:d4:c9:
71:7d:ed:27:be:cb:97:8f:5e:e4:68:14:d3:d2:ee:f7:cd:f6:
17:4d:90:31:aa:c9:44:22:d8:77:b0:2c:ef:4b:19:b2:51:06:
c1:ff:2e:ab:dd:a8:6b:7d:dc:ad:64:7c:07:13:30:2d:90:6d:
4a:4e:37:d4:1d:9b:83:7b:3a:54:91:03:bd:05:e3:dd:04:03:
8f:04:14:3d:ac:aa:eb:b5:86:34:bd:af:a6:70:0b:e6:26:22:
54:ac:a0:a7:1b:bb:f0:1e:97:7f:2f:79:26:8b:3f:89:c1:01:
c6:3c:17:fe:bb:0f:7f:e3:a3:f4:02:45:9e:d5:ae:e6:a4:b4:
09:b2:ba:e7:52:ff:5f:95:07:4c:04:28:3c:35:7b:b9:55:4b:
1c:4c:1a:d1:1e:bc:44:06:24:e7:9f:44:86:68:b1:00:7e:e8:
6e:d1:95:a3:6c:5c:4f:7a:6b:f5:84:b0:1e:92:ed:63:bf:d0:
ac:bf:d3:20:de:42:58:4a:8b:ea:d0:53:fe:81:f3:65:23:14:
69:d9:f1:c2:5b:c5:b1:2d:ff:f6:1c:7e:15:ad:d7:08:d1:8e:
b7:d8:c9:25:ef:32:98:2a:80:3e:b5:4e:4d:5c:ab:fb:07:8e:
7e:e9:42:db
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZis9q7hYOGg3oeTMq3u3az7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwODE1MDkwMTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWMwNTczNjE3MTFjMDJmNmJhOTMyNmJhZjAwNWIzNmFlMWRjOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugKdmgJ9IPCDE1OTsHz0Ei2YvUJC
/mr9/kKtMdKnHN/kLG+sz3c9mIlM+sthRZT91As3nf5I6wU2T/82UlXQ2yw/RDDJ
Zn4TSZBNaN7UfW6Fn4w7VPNBoAwRwYA258VYj7YSQXhE6ebFHS7GBQghrSmxlU4K
T/zQup24OMJqMNEHXAm2PSURK0XM4gMH0IakJmi4CybHe3sHXRnzLzVyyJy5btd4
mLMk1mkEW2OG9Suu13uYWBQn83k0Z+r/aR9y60nXMR8cwnA2jiLm+WsJiuNjIUXX
QbsAh5Gm2BDqjnAmDCXjSZKVG/e4ZPBLhW61GsrSiqh6xHVPeysHq+IyrQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCHAVzYXEcAva6kya68AWzauHcjXMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvSWNCWE5oY1J3QzlycVRKcnJ3QmJOcTRkeU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAYBAIAATASAwQAW99DAwQA
wSn0AwQAwSn2MBYEAgACMBADBwAqBugAAAADBQAqDfQAMA0GCSqGSIb3DQEBCwUA
A4IBAQCVHPgKcY8zjx7T8uZg8HNm1Mlxfe0nvsuXj17kaBTT0u73zfYXTZAxqslE
Ith3sCzvSxmyUQbB/y6r3ahrfdytZHwHEzAtkG1KTjfUHZuDezpUkQO9BePdBAOP
BBQ9rKrrtYY0va+mcAvmJiJUrKCnG7vwHpd/L3kmiz+JwQHGPBf+uw9/46P0AkWe
1a7mpLQJsrrnUv9flQdMBCg8NXu5VUscTBrRHrxEBiTnn0SGaLEAfuhu0ZWjbFxP
emv1hLAeku1jv9Csv9Mg3kJYSovq0FP+gfNlIxRp2fHCW8WxLf/2HH4VrdcI0Y63
2Mkl7zKYKoA+tU5NXKv7B45+6ULb
-----END CERTIFICATE-----
Generated at Sat Aug 23 18:42:52 2025 by rpki-client