Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/H4J_7ypAJ4hgBEB4fVDKFhXluIE.roa
File: H4J_7ypAJ4hgBEB4fVDKFhXluIE.roa (raw, json)
Hash identifier: BtWyDIO/zf/0LXUY6FzALBn7OXPRy7qH7floDc9wE5g=
Subject key identifier: 1F:82:7F:EF:2A:40:27:88:60:04:40:78:7D:50:CA:16:15:E5:B8:81
Certificate issuer: /CN=6b92cf3390caa5879e759729cd9008c6eca55a27
Certificate serial: 0199AA7474DB41156396EE3ECD608FAAB4F1
Authority key identifier: 6B:92:CF:33:90:CA:A5:87:9E:75:97:29:CD:90:08:C6:EC:A5:5A:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/H4J_7ypAJ4hgBEB4fVDKFhXluIE.roa
Signing time: Fri 03 Oct 2025 14:23:02 +0000
ROA not before: Fri 03 Oct 2025 14:23:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43949
IP address blocks: 2.58.180.0/22 maxlen: 22
168.168.0.0/21 maxlen: 21
168.168.8.0/22 maxlen: 22
168.168.12.0/23 maxlen: 23
168.168.14.0/24 maxlen: 24
168.168.15.0/24 maxlen: 24
168.168.16.0/23 maxlen: 23
168.168.24.0/24 maxlen: 24
168.168.32.0/22 maxlen: 22
168.168.80.0/20 maxlen: 20
168.168.96.0/19 maxlen: 19
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/a5LPM5DKpYeedZcpzZAIxuylWic.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/a5LPM5DKpYeedZcpzZAIxuylWic.mft
rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 17:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:aa:74:74:db:41:15:63:96:ee:3e:cd:60:8f:aa:b4:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b92cf3390caa5879e759729cd9008c6eca55a27
Validity
Not Before: Oct 3 14:23:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1f827fef2a402788600440787d50ca1615e5b881
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:82:50:4b:ee:fd:52:49:fe:48:e8:97:57:2b:
cf:8d:18:97:65:ce:11:2e:37:c9:d6:c1:1d:d6:4a:
32:ba:2b:c8:b4:45:35:0d:72:f5:8b:e3:cb:29:85:
73:97:60:f7:8b:41:17:56:96:ce:33:de:d1:f0:ab:
f9:88:4c:18:47:f8:d4:72:0c:41:ab:d6:5e:4d:06:
89:ff:1d:53:d5:7b:4c:e6:90:cc:ba:2d:4b:99:82:
6b:0d:dc:ee:33:fb:2d:e2:69:57:67:a9:e5:b5:79:
80:ce:f8:30:f2:71:22:7d:32:fe:5b:52:0a:3c:45:
9e:74:b0:9e:48:6a:a6:4c:d8:1b:54:d2:f5:6e:10:
9c:8a:16:3b:17:a3:99:5c:9e:c3:3c:b8:dd:91:37:
7d:b7:91:10:65:1e:9c:a0:6b:60:61:8f:a6:57:db:
ab:2e:98:37:d8:46:b3:09:ef:5d:f9:cb:a3:23:0f:
44:f6:fa:96:8b:83:3d:83:c2:a4:75:d9:4c:36:e8:
bb:86:84:e6:d1:e3:85:a6:18:18:16:47:9f:13:36:
02:2a:6f:50:e5:99:c5:51:fe:b5:ab:83:1a:aa:c5:
10:38:78:ba:8d:b8:91:83:08:56:e6:5c:49:f2:cc:
bd:16:e1:95:11:f8:0a:5c:64:e5:a0:6d:a4:c5:60:
c6:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:82:7F:EF:2A:40:27:88:60:04:40:78:7D:50:CA:16:15:E5:B8:81
X509v3 Authority Key Identifier:
keyid:6B:92:CF:33:90:CA:A5:87:9E:75:97:29:CD:90:08:C6:EC:A5:5A:27
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/H4J_7ypAJ4hgBEB4fVDKFhXluIE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/a5LPM5DKpYeedZcpzZAIxuylWic.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.180.0/22
168.168.0.0-168.168.17.255
168.168.24.0/24
168.168.32.0/22
168.168.80.0-168.168.127.255
Signature Algorithm: sha256WithRSAEncryption
1f:8b:63:9c:8f:e8:c6:03:19:e4:cf:eb:74:31:a2:d4:52:78:
af:ee:b0:0a:88:62:9e:44:ad:f4:0b:76:f1:9d:30:af:06:52:
af:6b:32:d3:97:24:b9:69:a4:c5:8b:93:e5:a4:c2:ec:22:a5:
e3:69:73:b7:04:02:94:6e:a4:b7:64:32:d3:eb:5c:50:3c:80:
87:c3:34:68:1f:23:80:05:81:c1:ed:61:e9:37:ae:34:a8:aa:
16:ed:45:c1:b4:7f:b7:c4:f0:2b:a9:d2:38:82:47:5f:d0:0d:
12:fb:3b:65:e6:0b:08:05:c1:b5:d0:af:f4:e4:64:50:42:85:
f0:3c:66:a0:c0:df:e8:e4:3d:36:fa:bd:d5:85:c2:1c:9d:5c:
a2:4d:98:aa:50:31:2f:7a:09:22:43:81:e5:32:c8:90:72:05:
e8:13:1a:ba:26:7a:a1:20:0c:46:04:28:92:fb:92:9e:73:74:
7d:d8:15:2d:ae:1f:50:cd:92:b9:4b:aa:bc:84:dd:41:18:42:
ff:00:b9:8c:79:dd:c4:6e:9c:37:ff:50:3d:89:f8:76:32:30:
86:6f:98:bf:a2:c8:97:d9:77:19:ec:22:41:25:e4:68:95:13:
0a:0d:3b:0c:59:64:49:a7:de:4e:29:e1:ff:5e:f8:15:0d:1f:
f9:32:1e:f1
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZmqdHTbQRVjlu4+zWCPqrTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiOTJjZjMzOTBjYWE1ODc5ZTc1OTcyOWNkOTAwOGM2ZWNh
NTVhMjcwHhcNMjUxMDAzMTQyMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjgyN2ZlZjJhNDAyNzg4NjAwNDQwNzg3ZDUwY2ExNjE1ZTViODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14JQS+79Ukn+SOiXVyvPjRiXZc4R
LjfJ1sEd1koyuivItEU1DXL1i+PLKYVzl2D3i0EXVpbOM97R8Kv5iEwYR/jUcgxB
q9ZeTQaJ/x1T1XtM5pDMui1LmYJrDdzuM/st4mlXZ6nltXmAzvgw8nEifTL+W1IK
PEWedLCeSGqmTNgbVNL1bhCcihY7F6OZXJ7DPLjdkTd9t5EQZR6coGtgYY+mV9ur
Lpg32EazCe9d+cujIw9E9vqWi4M9g8KkddlMNui7hoTm0eOFphgYFkefEzYCKm9Q
5ZnFUf61q4MaqsUQOHi6jbiRgwhW5lxJ8sy9FuGVEfgKXGTloG2kxWDG9wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFB+Cf+8qQCeIYARAeH1QyhYV5biBMB8GA1UdIwQY
MBaAFGuSzzOQyqWHnnWXKc2QCMbspVonMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTVMUE01REtwWWVlZFpjcHpaQUl4dXlsV2ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xMjM0OWUtNTI4Mi00NzJhLWFlNTIt
MmEwNjIyMzYyM2UwLzEvSDRKXzd5cEFKNGhnQkVCNGZWREtGaFhsdUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xMjM0OWUtNTI4Mi00NzJhLWFlNTItMmEwNjIyMzYyM2Uw
LzEvYTVMUE01REtwWWVlZFpjcHpaQUl4dXlsV2ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAATAtAwQCAjq0MAsD
AwOoqAMEAaioEAMEAKioGAMEAqioIDAMAwQEqKhQAwQHqKgAMA0GCSqGSIb3DQEB
CwUAA4IBAQAfi2Ocj+jGAxnkz+t0MaLUUniv7rAKiGKeRK30C3bxnTCvBlKvazLT
lyS5aaTFi5PlpMLsIqXjaXO3BAKUbqS3ZDLT61xQPICHwzRoHyOABYHB7WHpN640
qKoW7UXBtH+3xPArqdI4gkdf0A0S+ztl5gsIBcG10K/05GRQQoXwPGagwN/o5D02
+r3VhcIcnVyiTZiqUDEvegkiQ4HlMsiQcgXoExq6JnqhIAxGBCiS+5Kec3R92BUt
rh9QzZK5S6q8hN1BGEL/ALmMed3Ebpw3/1A9ifh2MjCGb5i/osiX2XcZ7CJBJeRo
lRMKDTsMWWRJp95OKeH/XvgVDR/5Mh7x
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:15:32 2025 by rpki-client