Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/99d9a6-13be-40ab-be53-b42a4c3e916b/1/qK0r22fc4dStcfs-iJMEOqc-e8I.roa
File: qK0r22fc4dStcfs-iJMEOqc-e8I.roa (raw, json)
Hash identifier: szAPsZBmBxrbRZJWId/rghs7S63YVBb1wXhPcGatKBA=
Subject key identifier: A8:AD:2B:DB:67:DC:E1:D4:AD:71:FB:3E:88:93:04:3A:A7:3E:7B:C2
Certificate issuer: /CN=87b3cb2d6fb68e6edb8442feb0abfc95aeb5b157
Certificate serial: 01963E73108ED0C2DBF1A6DC6DE827EE26C6
Authority key identifier: 87:B3:CB:2D:6F:B6:8E:6E:DB:84:42:FE:B0:AB:FC:95:AE:B5:B1:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h7PLLW-2jm7bhEL-sKv8la61sVc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/99d9a6-13be-40ab-be53-b42a4c3e916b/1/qK0r22fc4dStcfs-iJMEOqc-e8I.roa
Signing time: Wed 16 Apr 2025 11:54:10 +0000
ROA not before: Wed 16 Apr 2025 11:54:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8145
IP address blocks: 85.208.92.0/22 maxlen: 22
85.208.92.0/24 maxlen: 24
85.208.93.0/24 maxlen: 24
85.208.94.0/24 maxlen: 24
2a09:84c0::/30 maxlen: 30
2a09:84c0::/32 maxlen: 32
2a09:84c1::/32 maxlen: 32
2a09:84c2::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/99d9a6-13be-40ab-be53-b42a4c3e916b/1/h7PLLW-2jm7bhEL-sKv8la61sVc.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/99d9a6-13be-40ab-be53-b42a4c3e916b/1/h7PLLW-2jm7bhEL-sKv8la61sVc.mft
rsync://rpki.ripe.net/repository/DEFAULT/h7PLLW-2jm7bhEL-sKv8la61sVc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 09 May 2025 14:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:3e:73:10:8e:d0:c2:db:f1:a6:dc:6d:e8:27:ee:26:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=87b3cb2d6fb68e6edb8442feb0abfc95aeb5b157
Validity
Not Before: Apr 16 11:54:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a8ad2bdb67dce1d4ad71fb3e8893043aa73e7bc2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:e8:5f:9a:b2:24:5f:f6:ab:65:82:d0:71:07:
87:b2:78:d7:6c:a1:e8:db:7c:be:fe:84:78:13:bc:
17:fd:a2:b0:68:61:92:60:30:a1:d1:00:75:46:de:
67:89:98:99:a4:97:14:d8:55:23:8a:42:46:99:bd:
20:10:26:7e:89:33:63:bf:07:04:32:1b:4c:c7:2b:
13:af:e8:53:01:5a:c3:44:00:84:be:af:1e:e1:1e:
9d:2c:0d:7e:e5:bf:14:f7:ac:0c:a3:3e:4c:46:b4:
76:e5:48:82:d8:30:8e:6a:50:22:c6:34:e0:1f:4a:
6a:aa:18:3d:ec:a3:6a:32:22:a5:65:cb:15:0c:37:
29:dd:d5:2c:03:d4:37:c5:74:e3:95:55:f9:b4:39:
2f:94:f4:19:cb:16:71:27:15:d8:10:7e:18:d1:5d:
f3:cf:5c:01:d0:45:c2:02:a5:88:bb:91:d8:16:64:
02:32:15:18:d8:b4:86:78:a2:e9:ce:5e:41:0d:69:
03:c8:12:e5:a9:e7:c3:37:19:85:0f:86:5d:59:fe:
d9:09:ca:88:13:a1:45:74:27:76:fb:46:20:58:8b:
d2:0f:d2:8a:33:1f:aa:65:21:70:66:63:74:a0:d9:
68:f3:d0:e7:21:e3:13:dc:fb:ef:8d:66:c9:78:77:
01:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:AD:2B:DB:67:DC:E1:D4:AD:71:FB:3E:88:93:04:3A:A7:3E:7B:C2
X509v3 Authority Key Identifier:
keyid:87:B3:CB:2D:6F:B6:8E:6E:DB:84:42:FE:B0:AB:FC:95:AE:B5:B1:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h7PLLW-2jm7bhEL-sKv8la61sVc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/99d9a6-13be-40ab-be53-b42a4c3e916b/1/qK0r22fc4dStcfs-iJMEOqc-e8I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/99d9a6-13be-40ab-be53-b42a4c3e916b/1/h7PLLW-2jm7bhEL-sKv8la61sVc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.208.92.0/22
IPv6:
2a09:84c0::/30
Signature Algorithm: sha256WithRSAEncryption
6e:c1:96:5c:8a:fd:86:97:ab:72:f3:5b:26:4d:c1:f6:2c:60:
6c:d1:a1:2d:32:d0:13:4e:60:05:0d:78:61:7a:d6:a6:7f:c6:
26:d8:c8:5a:63:9c:ef:81:a1:cb:e9:1f:2b:63:41:84:d9:2d:
1e:1e:c0:8c:fb:08:d5:52:27:4e:b5:22:b8:a3:73:b7:4a:30:
fd:80:bf:fd:1f:9c:fa:e9:e1:45:b0:cb:37:88:46:50:50:a9:
a6:a7:57:2c:5d:90:66:b2:2b:fc:da:08:b4:d4:c2:40:6a:29:
cc:7c:c8:b8:48:b9:56:91:93:a2:b2:5d:6f:d0:de:c9:52:0a:
7c:d4:29:cc:62:00:4d:98:25:10:88:bd:c0:50:ec:f6:35:25:
41:e0:68:df:df:11:38:95:8a:c5:d7:99:e2:95:b3:50:80:d7:
89:e3:0a:6f:fa:85:97:2a:12:9b:03:83:e2:d9:48:bb:3f:df:
e7:62:f3:58:41:fb:6d:85:14:a0:ed:81:ec:b9:4d:06:be:c0:
14:fe:48:e1:5a:f3:5e:29:a8:b6:4f:d4:84:07:56:1e:8b:9f:
38:0d:55:e9:6a:20:20:1c:64:fb:f0:11:0d:0c:12:f7:f5:e0:
ff:35:c9:c3:c4:30:ce:7a:fe:9b:1d:55:1b:82:df:1d:e3:ba:
3d:bd:59:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZY+cxCO0MLb8abcbegn7ibGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YjNjYjJkNmZiNjhlNmVkYjg0NDJmZWIwYWJmYzk1YWVi
NWIxNTcwHhcNMjUwNDE2MTE1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGFkMmJkYjY3ZGNlMWQ0YWQ3MWZiM2U4ODkzMDQzYWE3M2U3YmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuhfmrIkX/arZYLQcQeHsnjXbKHo
23y+/oR4E7wX/aKwaGGSYDCh0QB1Rt5niZiZpJcU2FUjikJGmb0gECZ+iTNjvwcE
MhtMxysTr+hTAVrDRACEvq8e4R6dLA1+5b8U96wMoz5MRrR25UiC2DCOalAixjTg
H0pqqhg97KNqMiKlZcsVDDcp3dUsA9Q3xXTjlVX5tDkvlPQZyxZxJxXYEH4Y0V3z
z1wB0EXCAqWIu5HYFmQCMhUY2LSGeKLpzl5BDWkDyBLlqefDNxmFD4ZdWf7ZCcqI
E6FFdCd2+0YgWIvSD9KKMx+qZSFwZmN0oNlo89DnIeMT3PvvjWbJeHcBuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKitK9tn3OHUrXH7PoiTBDqnPnvCMB8GA1UdIwQY
MBaAFIezyy1vto5u24RC/rCr/JWutbFXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDdQTExXLTJqbTdiaEVMLXNLdjhsYTYxc1ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy85OWQ5YTYtMTNiZS00MGFiLWJlNTMt
YjQyYTRjM2U5MTZiLzEvcUswcjIyZmM0ZFN0Y2ZzLWlKTUVPcWMtZThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy85OWQ5YTYtMTNiZS00MGFiLWJlNTMtYjQyYTRjM2U5MTZi
LzEvaDdQTExXLTJqbTdiaEVMLXNLdjhsYTYxc1ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdBcMA0E
AgACMAcDBQIqCYTAMA0GCSqGSIb3DQEBCwUAA4IBAQBuwZZciv2Gl6ty81smTcH2
LGBs0aEtMtATTmAFDXhhetamf8Ym2MhaY5zvgaHL6R8rY0GE2S0eHsCM+wjVUidO
tSK4o3O3SjD9gL/9H5z66eFFsMs3iEZQUKmmp1csXZBmsiv82gi01MJAainMfMi4
SLlWkZOisl1v0N7JUgp81CnMYgBNmCUQiL3AUOz2NSVB4Gjf3xE4lYrF15nilbNQ
gNeJ4wpv+oWXKhKbA4Pi2Ui7P9/nYvNYQftthRSg7YHsuU0GvsAU/kjhWvNeKai2
T9SEB1Yei584DVXpaiAgHGT78BENDBL39eD/NcnDxDDOev6bHVUbgt8d47o9vVk4
-----END CERTIFICATE-----
Generated at Thu May 8 20:45:44 2025 by rpki-client