Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3362c6-a03a-4f9f-a091-b762c0175f27/1/95UXEF21gZ7flq3LIhzoSnMGHMI.roa
File: 95UXEF21gZ7flq3LIhzoSnMGHMI.roa (raw, json)
Hash identifier: G69a8tnacaWcTDuPydYIocEgi7cgOBN1HbyOI50NXo4=
Subject key identifier: F7:95:17:10:5D:B5:81:9E:DF:96:AD:CB:22:1C:E8:4A:73:06:1C:C2
Certificate issuer: /CN=ca1c7571596e444aa32371cbab724d46d3c3c52c
Certificate serial: 0197A0CA52A3906B832B10E017F0E2C80653
Authority key identifier: CA:1C:75:71:59:6E:44:4A:A3:23:71:CB:AB:72:4D:46:D3:C3:C5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yhx1cVluREqjI3HLq3JNRtPDxSw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/3362c6-a03a-4f9f-a091-b762c0175f27/1/95UXEF21gZ7flq3LIhzoSnMGHMI.roa
Signing time: Tue 24 Jun 2025 07:15:03 +0000
ROA not before: Tue 24 Jun 2025 07:15:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216246
IP address blocks: 79.137.192.0/24 maxlen: 24
85.192.30.0/24 maxlen: 24
85.192.56.0/24 maxlen: 24
213.219.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/3362c6-a03a-4f9f-a091-b762c0175f27/1/yhx1cVluREqjI3HLq3JNRtPDxSw.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/3362c6-a03a-4f9f-a091-b762c0175f27/1/yhx1cVluREqjI3HLq3JNRtPDxSw.mft
rsync://rpki.ripe.net/repository/DEFAULT/yhx1cVluREqjI3HLq3JNRtPDxSw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 07:42:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:a0:ca:52:a3:90:6b:83:2b:10:e0:17:f0:e2:c8:06:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca1c7571596e444aa32371cbab724d46d3c3c52c
Validity
Not Before: Jun 24 07:15:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f79517105db5819edf96adcb221ce84a73061cc2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:55:70:b6:35:b8:0a:e4:9d:5b:5c:46:82:bf:
ad:7e:3d:c3:7a:d1:2f:23:45:a9:22:5e:d6:2b:74:
d7:ff:3c:97:39:2d:1a:f4:63:56:10:04:38:07:ae:
aa:e7:5b:34:37:82:79:3d:3b:4c:9d:fa:05:e6:cc:
7e:1a:19:63:b9:a7:d5:cb:92:c9:49:3e:e9:f6:51:
96:a5:33:fc:7c:8f:a4:7b:6b:48:dd:5f:0d:6c:51:
5e:3e:ff:e2:d9:d9:13:57:5b:03:76:ac:8b:28:9f:
08:0e:e7:c4:4b:f4:74:4c:0b:e4:2c:bb:a7:6e:b2:
d3:a0:c9:4e:23:e5:1c:6a:44:00:3a:37:ba:40:5a:
f0:92:c0:dc:17:9f:c2:73:82:c8:de:26:40:52:fe:
51:50:79:71:3d:61:37:7b:6a:46:90:f8:59:70:4c:
b3:14:ff:b5:52:84:85:a4:50:f1:b2:b4:7c:b1:ff:
64:35:3f:0d:5b:49:94:6b:4d:e0:fa:2b:c2:7c:5b:
77:26:07:f9:77:48:20:b0:73:16:1d:2e:65:2b:0c:
31:24:83:d5:61:fc:a1:eb:8e:c8:1a:f7:8b:9a:5f:
6e:7e:25:36:03:7d:16:f3:8f:39:43:59:32:c6:5f:
b1:43:ab:32:85:e9:77:81:1a:a1:cc:06:8c:58:94:
d0:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:95:17:10:5D:B5:81:9E:DF:96:AD:CB:22:1C:E8:4A:73:06:1C:C2
X509v3 Authority Key Identifier:
keyid:CA:1C:75:71:59:6E:44:4A:A3:23:71:CB:AB:72:4D:46:D3:C3:C5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yhx1cVluREqjI3HLq3JNRtPDxSw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3362c6-a03a-4f9f-a091-b762c0175f27/1/95UXEF21gZ7flq3LIhzoSnMGHMI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3362c6-a03a-4f9f-a091-b762c0175f27/1/yhx1cVluREqjI3HLq3JNRtPDxSw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.137.192.0/24
85.192.30.0/24
85.192.56.0/24
213.219.247.0/24
Signature Algorithm: sha256WithRSAEncryption
bc:ee:1f:82:f0:1c:36:c6:a5:87:17:59:a0:4e:46:0c:fa:88:
58:36:95:55:c6:3e:8f:82:f8:be:30:c8:c1:46:40:16:50:46:
c0:79:6f:71:14:94:bd:59:9f:2c:1e:74:ca:44:4e:5e:da:7d:
58:ca:4f:22:87:6b:25:07:89:00:16:17:17:72:96:5f:14:a9:
ab:24:d5:9d:ac:9a:41:48:be:4c:75:26:2e:83:2a:f2:27:45:
68:16:e4:ee:51:8a:57:7c:40:7b:8d:f0:db:c2:5c:c9:46:8a:
41:8b:ea:6e:c9:08:9d:0c:65:f0:6d:f5:e2:e4:84:31:9a:e2:
ae:2c:26:40:5e:ec:07:be:b8:5e:68:e6:7f:c2:1b:9e:3e:af:
a9:35:b6:05:7c:a9:b6:2e:0c:88:8f:c1:e5:24:a5:59:73:b4:
02:46:3c:52:26:32:c7:1f:33:12:81:4b:f1:fe:fe:e4:02:a5:
06:7c:26:b4:b1:6d:33:4e:f5:c7:e7:9e:ab:b1:b5:eb:5a:36:
e6:46:0f:3a:ec:11:1e:d4:a4:f0:bf:8b:b3:fd:c8:c0:ba:3e:
13:7b:73:d3:cc:94:8e:5c:ee:1b:06:00:80:34:44:73:d7:06:
3e:c0:b9:a4:24:6f:fb:1b:7d:80:8a:13:73:bc:c5:16:f3:10:
fa:5f:f7:06
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZegylKjkGuDKxDgF/DiyAZTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMWM3NTcxNTk2ZTQ0NGFhMzIzNzFjYmFiNzI0ZDQ2ZDNj
M2M1MmMwHhcNMjUwNjI0MDcxNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzk1MTcxMDVkYjU4MTllZGY5NmFkY2IyMjFjZTg0YTczMDYxY2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFVwtjW4CuSdW1xGgr+tfj3DetEv
I0WpIl7WK3TX/zyXOS0a9GNWEAQ4B66q51s0N4J5PTtMnfoF5sx+GhljuafVy5LJ
ST7p9lGWpTP8fI+ke2tI3V8NbFFePv/i2dkTV1sDdqyLKJ8IDufES/R0TAvkLLun
brLToMlOI+UcakQAOje6QFrwksDcF5/Cc4LI3iZAUv5RUHlxPWE3e2pGkPhZcEyz
FP+1UoSFpFDxsrR8sf9kNT8NW0mUa03g+ivCfFt3Jgf5d0ggsHMWHS5lKwwxJIPV
Yfyh647IGveLml9ufiU2A30W8485Q1kyxl+xQ6syhel3gRqhzAaMWJTQ7wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPeVFxBdtYGe35atyyIc6EpzBhzCMB8GA1UdIwQY
MBaAFMocdXFZbkRKoyNxy6tyTUbTw8UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWh4MWNWbHVSRXFqSTNITHEzSk5SdFBEeFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zMzYyYzYtYTAzYS00ZjlmLWEwOTEt
Yjc2MmMwMTc1ZjI3LzEvOTVVWEVGMjFnWjdmbHEzTEloem9Tbk1HSE1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zMzYyYzYtYTAzYS00ZjlmLWEwOTEtYjc2MmMwMTc1ZjI3
LzEveWh4MWNWbHVSRXFqSTNITHEzSk5SdFBEeFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAT4nAAwQA
VcAeAwQAVcA4AwQA1dv3MA0GCSqGSIb3DQEBCwUAA4IBAQC87h+C8Bw2xqWHF1mg
TkYM+ohYNpVVxj6Pgvi+MMjBRkAWUEbAeW9xFJS9WZ8sHnTKRE5e2n1Yyk8ih2sl
B4kAFhcXcpZfFKmrJNWdrJpBSL5MdSYugyryJ0VoFuTuUYpXfEB7jfDbwlzJRopB
i+puyQidDGXwbfXi5IQxmuKuLCZAXuwHvrheaOZ/whuePq+pNbYFfKm2LgyIj8Hl
JKVZc7QCRjxSJjLHHzMSgUvx/v7kAqUGfCa0sW0zTvXH556rsbXrWjbmRg867BEe
1KTwv4uz/cjAuj4Te3PTzJSOXO4bBgCANERz1wY+wLmkJG/7G32AihNzvMUW8xD6
X/cG
-----END CERTIFICATE-----
Generated at Sun Jun 29 16:01:43 2025 by rpki-client