Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/OPYEfeaD4UG3_woKyPv1Wj7JrZg.roa
File: OPYEfeaD4UG3_woKyPv1Wj7JrZg.roa (raw, json)
Hash identifier: iv8H/ObGNtJDTTAshveiukMxLvPbVXVjWuW+XjG+jWo=
Subject key identifier: 38:F6:04:7D:E6:83:E1:41:B7:FF:0A:0A:C8:FB:F5:5A:3E:C9:AD:98
Certificate issuer: /CN=d7c60a54e03c9f815cc33afd45d3c4db9af76f16
Certificate serial: 0198C2FF8C5B086FC4D6ED3D9D6DBE32AB1C
Authority key identifier: D7:C6:0A:54:E0:3C:9F:81:5C:C3:3A:FD:45:D3:C4:DB:9A:F7:6F:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/18YKVOA8n4Fcwzr9RdPE25r3bxY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/OPYEfeaD4UG3_woKyPv1Wj7JrZg.roa
Signing time: Tue 19 Aug 2025 15:43:04 +0000
ROA not before: Tue 19 Aug 2025 15:43:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36224
IP address blocks: 164.138.69.0/24 maxlen: 24
185.33.114.0/24 maxlen: 24
185.36.78.0/24 maxlen: 24
202.162.49.0/24 maxlen: 24
202.162.51.0/24 maxlen: 24
202.162.52.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/18YKVOA8n4Fcwzr9RdPE25r3bxY.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/18YKVOA8n4Fcwzr9RdPE25r3bxY.mft
rsync://rpki.ripe.net/repository/DEFAULT/18YKVOA8n4Fcwzr9RdPE25r3bxY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 14:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c2:ff:8c:5b:08:6f:c4:d6:ed:3d:9d:6d:be:32:ab:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d7c60a54e03c9f815cc33afd45d3c4db9af76f16
Validity
Not Before: Aug 19 15:43:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=38f6047de683e141b7ff0a0ac8fbf55a3ec9ad98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:d9:fa:82:30:95:08:dc:f5:fd:fc:9a:37:b4:
ad:2e:40:89:6a:c9:a1:02:d8:d8:e9:12:de:f2:07:
94:7a:96:b3:99:7a:81:5b:ae:98:b1:97:eb:b6:31:
dd:d8:d0:0c:2e:36:03:f9:f8:f3:30:1c:63:71:f3:
ed:95:bb:dc:4e:07:29:bc:0f:00:07:c3:32:5f:95:
c4:58:87:92:db:4f:0f:d2:0c:f9:d8:5b:87:83:1c:
64:de:c1:db:01:e9:27:26:8b:73:4f:ec:ef:df:7f:
92:c3:63:f5:f6:c7:4c:08:e1:0f:83:80:46:3c:5a:
91:96:50:78:a0:36:df:fe:fc:50:b4:74:37:14:b0:
3a:96:e1:b9:ed:1d:c4:2a:f2:4e:c8:19:01:56:92:
26:67:9a:f0:07:4b:37:d6:ee:93:a6:08:2e:a6:99:
26:f2:4a:3c:4f:29:33:91:ac:d9:86:20:04:89:c2:
9a:c3:19:aa:f0:23:50:4f:ee:0d:28:96:ed:46:9f:
5a:0c:2f:dc:7f:bb:ca:1e:65:a4:62:9b:24:4b:af:
d6:34:42:87:c5:9d:9b:5b:3d:e6:84:15:fa:44:82:
c2:6e:b8:6e:0c:ed:cb:3a:16:32:39:65:fd:87:70:
13:b6:6b:c4:2b:85:34:58:20:91:43:98:b0:51:ec:
36:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:F6:04:7D:E6:83:E1:41:B7:FF:0A:0A:C8:FB:F5:5A:3E:C9:AD:98
X509v3 Authority Key Identifier:
keyid:D7:C6:0A:54:E0:3C:9F:81:5C:C3:3A:FD:45:D3:C4:DB:9A:F7:6F:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/18YKVOA8n4Fcwzr9RdPE25r3bxY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/OPYEfeaD4UG3_woKyPv1Wj7JrZg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/89090c-53b1-41be-a338-3831f3ed1ca8/1/18YKVOA8n4Fcwzr9RdPE25r3bxY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
164.138.69.0/24
185.33.114.0/24
185.36.78.0/24
202.162.49.0/24
202.162.51.0-202.162.52.255
Signature Algorithm: sha256WithRSAEncryption
82:36:f1:c6:ed:68:ae:80:d7:3d:54:95:7b:f1:c0:31:71:69:
5e:de:04:fa:f9:57:1a:5a:77:24:e2:20:cf:a3:fb:6f:58:39:
73:02:3e:2c:fa:3e:e5:a4:7b:58:88:cd:8f:cd:e6:de:75:4c:
68:25:be:92:9f:47:9d:24:c9:73:e9:4e:8b:1c:48:9c:cd:63:
40:8c:44:c2:bb:63:4a:6c:9e:b7:28:d8:81:40:29:a6:6a:98:
03:e1:7c:73:3f:20:6b:db:39:ad:48:de:d1:f3:90:6f:05:ae:
fc:11:af:f2:ca:e3:79:53:dd:02:e4:1e:47:33:52:1f:a2:71:
41:06:d6:34:f9:be:1c:1f:df:b3:f3:e8:3b:0c:24:44:da:ec:
af:49:b7:00:94:f1:97:31:d2:d2:92:91:61:f3:0f:d9:b9:42:
8a:71:e1:68:ec:02:92:33:5b:5d:3f:c4:7d:06:f7:d0:60:d7:
af:08:94:7a:44:88:19:1a:43:f2:a4:45:4c:1c:49:77:38:58:
34:f9:f5:4d:a1:54:fe:bc:2d:2b:96:dc:78:24:73:2d:17:76:
64:d9:7a:7d:bf:65:f6:e2:c4:02:8b:0f:8a:de:08:8b:33:9d:
2f:f4:5a:33:86:2a:a4:e1:16:6c:2f:21:96:b9:a0:5c:ab:5d:
c6:aa:5a:d4
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZjC/4xbCG/E1u09nW2+MqscMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3YzYwYTU0ZTAzYzlmODE1Y2MzM2FmZDQ1ZDNjNGRiOWFm
NzZmMTYwHhcNMjUwODE5MTU0MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGY2MDQ3ZGU2ODNlMTQxYjdmZjBhMGFjOGZiZjU1YTNlYzlhZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tn6gjCVCNz1/fyaN7StLkCJasmh
AtjY6RLe8geUepazmXqBW66YsZfrtjHd2NAMLjYD+fjzMBxjcfPtlbvcTgcpvA8A
B8MyX5XEWIeS208P0gz52FuHgxxk3sHbAeknJotzT+zv33+Sw2P19sdMCOEPg4BG
PFqRllB4oDbf/vxQtHQ3FLA6luG57R3EKvJOyBkBVpImZ5rwB0s31u6Tpgguppkm
8ko8TykzkazZhiAEicKawxmq8CNQT+4NKJbtRp9aDC/cf7vKHmWkYpskS6/WNEKH
xZ2bWz3mhBX6RILCbrhuDO3LOhYyOWX9h3ATtmvEK4U0WCCRQ5iwUew2KQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDj2BH3mg+FBt/8KCsj79Vo+ya2YMB8GA1UdIwQY
MBaAFNfGClTgPJ+BXMM6/UXTxNua928WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMThZS1ZPQThuNEZjd3pyOVJkUEUyNXIzYnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC84OTA5MGMtNTNiMS00MWJlLWEzMzgt
MzgzMWYzZWQxY2E4LzEvT1BZRWZlYUQ0VUczX3dvS3lQdjFXajdKclpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC84OTA5MGMtNTNiMS00MWJlLWEzMzgtMzgzMWYzZWQxY2E4
LzEvMThZS1ZPQThuNEZjd3pyOVJkUEUyNXIzYnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQApIpFAwQA
uSFyAwQAuSROAwQAyqIxMAwDBADKojMDBADKojQwDQYJKoZIhvcNAQELBQADggEB
AII28cbtaK6A1z1UlXvxwDFxaV7eBPr5VxpadyTiIM+j+29YOXMCPiz6PuWke1iI
zY/N5t51TGglvpKfR50kyXPpToscSJzNY0CMRMK7Y0psnrco2IFAKaZqmAPhfHM/
IGvbOa1I3tHzkG8FrvwRr/LK43lT3QLkHkczUh+icUEG1jT5vhwf37Pz6DsMJETa
7K9JtwCU8Zcx0tKSkWHzD9m5Qopx4WjsApIzW10/xH0G99Bg168IlHpEiBkaQ/Kk
RUwcSXc4WDT59U2hVP68LSuW3Hgkcy0XdmTZen2/ZfbixAKLD4reCIsznS/0WjOG
KqThFmwvIZa5oFyrXcaqWtQ=
-----END CERTIFICATE-----
Generated at Sat Aug 23 21:46:38 2025 by rpki-client