Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ApJzodTu5HPJXI9NCI_fY83oyZQ.roa
File: ApJzodTu5HPJXI9NCI_fY83oyZQ.roa (raw, json)
Hash identifier: XzMD8v9s6QnEs+yOqEL+H1pIi1xDRqXl1ItG1fskxZA=
Subject key identifier: 02:92:73:A1:D4:EE:E4:73:C9:5C:8F:4D:08:8F:DF:63:CD:E8:C9:94
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0198CE9F03D37B01D473043586AAE611D476
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ApJzodTu5HPJXI9NCI_fY83oyZQ.roa
Signing time: Thu 21 Aug 2025 21:53:04 +0000
ROA not before: Thu 21 Aug 2025 21:53:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213520
IP address blocks: 64.188.68.0/22 maxlen: 24
64.188.74.0/24 maxlen: 24
64.188.104.0/22 maxlen: 24
77.239.120.0/23 maxlen: 24
144.31.196.0/23 maxlen: 24
193.23.197.0/24 maxlen: 24
193.23.210.0/23 maxlen: 24
193.23.218.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 23:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ce:9f:03:d3:7b:01:d4:73:04:35:86:aa:e6:11:d4:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Aug 21 21:53:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=029273a1d4eee473c95c8f4d088fdf63cde8c994
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:ae:c7:ca:68:5e:76:87:ef:05:ed:4f:0c:91:
1c:34:7d:d1:59:94:7b:b2:13:0d:f0:5d:1f:83:2b:
11:56:9b:1f:38:02:fe:08:bb:74:52:d7:35:2c:f9:
6b:1b:bc:8f:19:ca:8c:3f:30:41:a2:66:82:c5:5b:
50:40:32:76:64:26:7c:e4:29:16:f3:48:74:17:36:
66:02:50:9d:d3:40:05:8d:03:25:bd:b2:c3:a3:7e:
38:e2:84:2a:ce:b8:56:d9:55:43:0e:74:65:c4:c6:
4a:dc:37:77:3c:5b:e4:5b:4e:ba:dc:d9:4a:0e:9e:
aa:9f:9a:d3:3e:dc:35:c0:a5:d9:e4:37:15:ff:38:
1e:08:ec:67:8f:f5:f7:3a:82:df:ca:80:a4:8a:c1:
a3:11:10:e2:02:7d:68:8c:13:67:bd:8d:86:0a:63:
e6:63:e9:51:94:c0:2c:12:9a:a0:c3:4d:0f:e7:4e:
18:9c:67:e5:30:68:6e:5a:35:f4:bc:1f:48:9d:cc:
74:fa:22:3f:12:d3:4e:9b:53:27:57:db:ec:9b:12:
f1:69:95:09:d8:87:81:61:58:df:ab:36:b5:15:50:
b6:65:18:80:25:c6:6a:3d:47:d6:aa:c3:d1:ae:01:
b3:c4:29:db:1e:1e:6d:3e:b6:08:18:07:58:2d:cd:
c3:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:92:73:A1:D4:EE:E4:73:C9:5C:8F:4D:08:8F:DF:63:CD:E8:C9:94
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ApJzodTu5HPJXI9NCI_fY83oyZQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.68.0/22
64.188.74.0/24
64.188.104.0/22
77.239.120.0/23
144.31.196.0/23
193.23.197.0/24
193.23.210.0/23
193.23.218.0/23
Signature Algorithm: sha256WithRSAEncryption
4b:98:04:fe:f5:44:40:59:02:7f:58:41:88:15:7e:94:7b:77:
f3:22:7f:da:22:42:36:51:5b:bd:13:c0:48:7c:cb:9a:f4:d3:
30:1f:aa:0f:1b:5c:77:2e:81:5b:cb:64:df:b8:6e:ea:eb:55:
7e:c7:5a:72:af:17:01:d3:e6:52:31:99:84:96:e9:af:e9:fa:
8a:67:27:68:aa:ec:24:e4:10:3d:9f:68:36:95:1d:a6:67:49:
a8:27:27:be:d6:d1:18:ac:45:ca:64:f6:47:10:07:8c:1d:d6:
80:b7:ae:04:9a:70:00:ab:39:0e:09:1f:7b:a8:cd:ab:8a:36:
ae:f4:42:57:30:4b:01:6a:4e:e2:64:fe:19:9f:1c:33:d2:ff:
78:cd:c5:36:3d:b0:73:a2:03:1d:4e:a5:cc:19:2c:40:bd:84:
46:5b:c4:79:cf:d7:19:d8:26:b0:b1:aa:47:a4:92:9c:9c:9f:
a1:45:21:e8:f3:9a:a2:29:f1:1e:e6:f4:7e:1c:5e:d9:ce:25:
2a:ba:bb:d6:73:16:70:b2:f6:08:93:47:e7:84:d1:5a:8d:8a:
b5:db:e8:c7:5e:86:32:1b:0f:10:00:77:62:fd:0f:c5:d1:c8:
e7:31:af:64:73:14:41:b4:fc:27:f5:ae:59:e7:26:f5:d9:58:
30:6c:ad:c8
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZjOnwPTewHUcwQ1hqrmEdR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODIxMjE1MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjkyNzNhMWQ0ZWVlNDczYzk1YzhmNGQwODhmZGY2M2NkZThjOTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA667HymhedofvBe1PDJEcNH3RWZR7
shMN8F0fgysRVpsfOAL+CLt0Utc1LPlrG7yPGcqMPzBBomaCxVtQQDJ2ZCZ85CkW
80h0FzZmAlCd00AFjQMlvbLDo3444oQqzrhW2VVDDnRlxMZK3Dd3PFvkW0663NlK
Dp6qn5rTPtw1wKXZ5DcV/zgeCOxnj/X3OoLfyoCkisGjERDiAn1ojBNnvY2GCmPm
Y+lRlMAsEpqgw00P504YnGflMGhuWjX0vB9Incx0+iI/EtNOm1MnV9vsmxLxaZUJ
2IeBYVjfqza1FVC2ZRiAJcZqPUfWqsPRrgGzxCnbHh5tPrYIGAdYLc3DYQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAKSc6HU7uRzyVyPTQiP32PN6MmUMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQXBKem9kVHU1SFBKWEk5TkNJX2ZZODNveVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCQLxEAwQA
QLxKAwQCQLxoAwQBTe94AwQBkB/EAwQAwRfFAwQBwRfSAwQBwRfaMA0GCSqGSIb3
DQEBCwUAA4IBAQBLmAT+9URAWQJ/WEGIFX6Ue3fzIn/aIkI2UVu9E8BIfMua9NMw
H6oPG1x3LoFby2TfuG7q61V+x1pyrxcB0+ZSMZmElumv6fqKZydoquwk5BA9n2g2
lR2mZ0moJye+1tEYrEXKZPZHEAeMHdaAt64EmnAAqzkOCR97qM2rijau9EJXMEsB
ak7iZP4Znxwz0v94zcU2PbBzogMdTqXMGSxAvYRGW8R5z9cZ2CawsapHpJKcnJ+h
RSHo85qiKfEe5vR+HF7ZziUqurvWcxZwsvYIk0fnhNFajYq12+jHXoYyGw8QAHdi
/Q/F0cjnMa9kcxRBtPwn9a5Z5yb12VgwbK3I
-----END CERTIFICATE-----
Generated at Sun Aug 24 07:19:25 2025 by rpki-client