Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/K-dLXtUVqF1dRlNPkKenpCAC1AY.roa
File: K-dLXtUVqF1dRlNPkKenpCAC1AY.roa (raw, json)
Hash identifier: xIWDJnF5BaMx9DfsfKtxNkNrgPW2tOo1ObQi3+ybPF0=
Subject key identifier: 2B:E7:4B:5E:D5:15:A8:5D:5D:46:53:4F:90:A7:A7:A4:20:02:D4:06
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0198A03FAF144343AC7ADA50F48CF0697B18
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/K-dLXtUVqF1dRlNPkKenpCAC1AY.roa
Signing time: Tue 12 Aug 2025 21:46:24 +0000
ROA not before: Tue 12 Aug 2025 21:46:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209693
IP address blocks: 64.188.76.0/24 maxlen: 24
64.188.77.0/24 maxlen: 24
64.188.78.0/24 maxlen: 24
64.188.79.0/24 maxlen: 24
64.188.80.0/24 maxlen: 24
64.188.81.0/24 maxlen: 24
64.188.83.0/24 maxlen: 24
87.251.16.0/24 maxlen: 24
87.251.17.0/24 maxlen: 24
87.251.18.0/24 maxlen: 24
87.251.19.0/24 maxlen: 24
193.23.216.0/24 maxlen: 24
193.23.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 23:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a0:3f:af:14:43:43:ac:7a:da:50:f4:8c:f0:69:7b:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Aug 12 21:46:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2be74b5ed515a85d5d46534f90a7a7a42002d406
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ef:d9:da:9d:a5:46:8d:79:6d:88:c4:ee:c7:
44:d7:58:47:a7:d0:7f:65:eb:9a:e9:bc:99:75:8a:
de:98:6c:c2:74:8e:d7:43:48:42:77:b9:6a:60:bb:
37:c3:d9:4c:0f:0c:b7:04:16:69:1a:d2:87:04:2a:
31:a3:e3:0c:ed:57:a0:b4:04:08:e6:ac:91:1e:8b:
83:6d:1e:88:e8:3a:3e:e2:d0:3f:54:5b:d6:87:1e:
6d:a4:88:fd:ab:cd:dd:cf:7e:4c:3f:17:e0:69:21:
04:10:96:90:21:c0:65:ec:71:6b:0b:b2:31:00:2c:
55:1e:9a:2c:af:09:8f:e2:5f:9b:32:7a:c1:93:83:
47:2c:77:68:dc:9a:96:a4:75:dc:00:43:6c:28:32:
3d:36:b4:5e:47:ff:1b:8f:84:87:9b:4f:5a:2d:6f:
5d:cf:ed:35:9a:9f:08:23:3b:07:e4:ae:16:9a:19:
d4:a9:62:59:70:26:10:59:91:b7:79:0b:0f:91:82:
1e:24:bd:31:f0:da:55:00:21:e4:1b:eb:2b:03:6c:
99:39:ab:db:37:53:e4:b5:92:8c:6d:83:75:ff:64:
41:d7:43:d2:e8:23:5d:0c:ac:05:27:2e:09:8d:e5:
62:85:7c:9e:d6:0c:61:59:b3:6e:0b:72:e9:1c:29:
2e:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:E7:4B:5E:D5:15:A8:5D:5D:46:53:4F:90:A7:A7:A4:20:02:D4:06
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/K-dLXtUVqF1dRlNPkKenpCAC1AY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.76.0-64.188.81.255
64.188.83.0/24
87.251.16.0/22
193.23.216.0/24
193.23.221.0/24
Signature Algorithm: sha256WithRSAEncryption
47:fe:05:ef:09:eb:0c:c2:33:26:ec:a9:1c:90:41:2e:29:24:
32:95:ed:04:08:16:fa:63:83:12:2f:c9:ca:fd:78:99:58:ba:
07:78:17:4c:e3:fc:62:a2:c9:6d:8e:5a:b4:7f:ef:01:7a:ca:
af:a1:3a:17:76:99:ab:26:1b:0e:8a:7b:18:8b:16:20:13:b9:
58:11:91:05:eb:50:d0:1e:cd:0e:6c:7a:85:8a:7b:3a:c7:cc:
31:47:7c:14:cc:ee:3b:b1:19:b9:c4:7d:fc:8c:45:7b:b1:e2:
43:49:66:8d:3c:8d:14:1d:60:5a:23:b8:98:ad:62:ea:bf:dd:
0b:ca:e1:3a:a0:80:7f:b3:a7:93:2e:72:c9:dd:83:3c:0b:88:
5a:03:ff:a7:b0:47:a3:0d:c5:c5:b4:6b:3b:6f:a9:c7:72:72:
64:30:5a:80:f7:f6:34:02:9a:73:16:af:28:66:fb:3a:a0:bb:
19:44:a4:f1:38:63:75:45:4d:a0:54:44:76:c7:69:9c:4a:f5:
82:76:b9:39:d8:58:a7:ae:49:37:c8:74:eb:da:f3:8f:83:e5:
91:f9:aa:9f:b5:4e:86:9d:67:f8:f1:26:4b:17:d6:fa:bf:d3:
eb:d6:aa:f2:db:96:75:21:64:2a:7d:8f:ca:4e:df:54:c0:08:
dd:63:bf:02
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZigP68UQ0OsetpQ9IzwaXsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODEyMjE0NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmU3NGI1ZWQ1MTVhODVkNWQ0NjUzNGY5MGE3YTdhNDIwMDJkNDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve/Z2p2lRo15bYjE7sdE11hHp9B/
Zeua6byZdYremGzCdI7XQ0hCd7lqYLs3w9lMDwy3BBZpGtKHBCoxo+MM7VegtAQI
5qyRHouDbR6I6Do+4tA/VFvWhx5tpIj9q83dz35MPxfgaSEEEJaQIcBl7HFrC7Ix
ACxVHposrwmP4l+bMnrBk4NHLHdo3JqWpHXcAENsKDI9NrReR/8bj4SHm09aLW9d
z+01mp8IIzsH5K4WmhnUqWJZcCYQWZG3eQsPkYIeJL0x8NpVACHkG+srA2yZOavb
N1PktZKMbYN1/2RB10PS6CNdDKwFJy4JjeVihXye1gxhWbNuC3LpHCkuowIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFCvnS17VFahdXUZTT5Cnp6QgAtQGMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSy1kTFh0VVZxRjFkUmxOUGtLZW5wQ0FDMUFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBAJAvEwD
BAFAvFADBABAvFMDBAJX+xADBADBF9gDBADBF90wDQYJKoZIhvcNAQELBQADggEB
AEf+Be8J6wzCMybsqRyQQS4pJDKV7QQIFvpjgxIvycr9eJlYugd4F0zj/GKiyW2O
WrR/7wF6yq+hOhd2masmGw6KexiLFiATuVgRkQXrUNAezQ5seoWKezrHzDFHfBTM
7juxGbnEffyMRXux4kNJZo08jRQdYFojuJitYuq/3QvK4TqggH+zp5MucsndgzwL
iFoD/6ewR6MNxcW0aztvqcdycmQwWoD39jQCmnMWryhm+zqguxlEpPE4Y3VFTaBU
RHbHaZxK9YJ2uTnYWKeuSTfIdOva84+D5ZH5qp+1ToadZ/jxJksX1vq/0+vWqvLb
lnUhZCp9j8pO31TACN1jvwI=
-----END CERTIFICATE-----
Generated at Sun Aug 24 04:24:14 2025 by rpki-client