Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/aAPjM_XPDDQsO68mlmOjlIms0io.roa
File: aAPjM_XPDDQsO68mlmOjlIms0io.roa (raw, json)
Hash identifier: xF98ssC/+VTcwkX22EdQGZnLSnHebds/QYmj2MMKLB8=
Subject key identifier: 68:03:E3:33:F5:CF:0C:34:2C:3B:AF:26:96:63:A3:94:89:AC:D2:2A
Certificate issuer: /CN=525b705a91dbc30ed10eb7222b7797b834e01863
Certificate serial: 0198BCB6F73BFB7175D902E789BB369DF47B
Authority key identifier: 52:5B:70:5A:91:DB:C3:0E:D1:0E:B7:22:2B:77:97:B8:34:E0:18:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/aAPjM_XPDDQsO68mlmOjlIms0io.roa
Signing time: Mon 18 Aug 2025 10:26:04 +0000
ROA not before: Mon 18 Aug 2025 10:26:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204880
IP address blocks: 185.236.240.0/23 maxlen: 24
2a0d:eb00::/32 maxlen: 32
2a0d:eb01::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.mft
rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:bc:b6:f7:3b:fb:71:75:d9:02:e7:89:bb:36:9d:f4:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=525b705a91dbc30ed10eb7222b7797b834e01863
Validity
Not Before: Aug 18 10:26:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6803e333f5cf0c342c3baf269663a39489acd22a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:db:18:f0:7b:bb:78:72:f4:c2:13:2d:14:29:
a2:88:65:41:b2:c0:1d:9c:07:6e:43:34:4e:b9:ad:
d1:a1:56:c9:66:74:13:ae:42:af:a4:8e:d5:4f:ab:
62:81:48:1c:a7:9d:38:81:7a:bd:2f:04:4b:cc:9c:
87:0a:08:6a:71:0f:c8:e0:68:af:ef:f0:7f:c6:4e:
56:e6:d1:32:a2:91:92:1e:8a:26:48:b4:17:f5:b7:
f5:fb:e0:2c:c6:fd:88:26:00:d1:8d:7e:50:f4:e1:
b1:d8:18:a4:61:df:16:b6:ac:fd:ef:61:30:2e:70:
59:9f:dc:dc:1c:05:2a:1f:d9:12:5e:aa:06:4f:f5:
be:c1:9e:45:a2:28:75:8c:26:04:53:a1:61:0a:6a:
49:2d:0b:7e:d3:ad:ff:0d:5c:28:ef:7f:6c:54:14:
6d:43:93:35:ec:79:22:44:e0:16:5b:11:75:14:99:
d1:75:92:58:19:23:1a:6d:ed:6b:ed:d5:88:79:75:
14:05:c3:ce:85:36:a6:5d:22:08:6c:de:f6:53:44:
b8:c4:5e:d7:bf:89:ec:4b:6d:92:05:65:33:c1:1a:
c2:5c:a0:a1:7b:08:93:3a:93:57:ed:70:ae:4b:ad:
33:bd:e1:a9:2e:82:57:8f:16:e2:d2:d2:b4:fa:49:
f4:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:03:E3:33:F5:CF:0C:34:2C:3B:AF:26:96:63:A3:94:89:AC:D2:2A
X509v3 Authority Key Identifier:
keyid:52:5B:70:5A:91:DB:C3:0E:D1:0E:B7:22:2B:77:97:B8:34:E0:18:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/aAPjM_XPDDQsO68mlmOjlIms0io.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.236.240.0/23
IPv6:
2a0d:eb00::-2a0d:eb01:ff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
40:ca:5b:87:d4:56:65:97:41:09:35:c0:7c:d2:fe:0e:b1:81:
92:90:1d:6b:5b:cd:d0:99:08:a3:6f:ed:26:32:4c:be:5d:b2:
4a:65:c9:02:f6:18:b5:6e:70:04:2b:c9:3a:8f:2b:94:94:28:
76:e2:7a:98:09:27:3b:5f:8b:2b:1b:32:5d:5f:b3:5d:46:ed:
2a:d0:65:f1:28:6e:45:ff:2a:a7:19:30:87:37:a7:0c:5c:1d:
1f:4d:ec:27:37:88:9b:8d:84:a2:fa:0e:89:34:24:60:8d:0a:
f3:d0:27:18:9c:d3:83:a6:06:57:3d:1f:7b:5c:04:b5:44:b9:
00:1a:d0:1e:f6:3b:33:80:86:41:f4:2f:aa:63:b7:f2:9e:da:
43:03:71:30:1a:c1:2e:83:25:72:45:44:10:31:bd:12:fb:fc:
88:aa:e6:e7:3b:7f:cf:74:30:d0:71:98:56:08:88:aa:8d:95:
7f:f8:b1:72:71:e2:bf:28:25:e2:b5:51:3f:bd:ed:65:38:d7:
94:80:b5:57:a4:4a:d7:9a:b0:fd:07:af:02:83:f2:f7:56:55:
e1:e1:cd:93:66:69:d7:e4:13:16:45:8d:b3:d0:93:71:7a:f8:
b4:24:d3:50:14:d8:a3:95:b0:ad:3f:dd:ea:7b:fb:1a:3b:55:
ce:ec:de:57
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZi8tvc7+3F12QLnibs2nfR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNWI3MDVhOTFkYmMzMGVkMTBlYjcyMjJiNzc5N2I4MzRl
MDE4NjMwHhcNMjUwODE4MTAyNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODAzZTMzM2Y1Y2YwYzM0MmMzYmFmMjY5NjYzYTM5NDg5YWNkMjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodsY8Hu7eHL0whMtFCmiiGVBssAd
nAduQzROua3RoVbJZnQTrkKvpI7VT6tigUgcp504gXq9LwRLzJyHCghqcQ/I4Giv
7/B/xk5W5tEyopGSHoomSLQX9bf1++Asxv2IJgDRjX5Q9OGx2BikYd8Wtqz972Ew
LnBZn9zcHAUqH9kSXqoGT/W+wZ5Foih1jCYEU6FhCmpJLQt+063/DVwo739sVBRt
Q5M17HkiROAWWxF1FJnRdZJYGSMabe1r7dWIeXUUBcPOhTamXSIIbN72U0S4xF7X
v4nsS22SBWUzwRrCXKChewiTOpNX7XCuS60zveGpLoJXjxbi0tK0+kn0rwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGgD4zP1zww0LDuvJpZjo5SJrNIqMB8GA1UdIwQY
MBaAFFJbcFqR28MO0Q63Iit3l7g04BhjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWx0d1dwSGJ3dzdSRHJjaUszZVh1RFRnR0dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNDYyZGMtOWU1OS00ZThkLTljNmQt
ZjQ2ODg3ZGY5ODYzLzEvYUFQak1fWFBERFFzTzY4bWxtT2psSW1zMGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNDYyZGMtOWU1OS00ZThkLTljNmQtZjQ2ODg3ZGY5ODYz
LzEvVWx0d1dwSGJ3dzdSRHJjaUszZVh1RFRnR0dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQBuezwMBYE
AgACMBAwDgMEACoN6wMGACoN6wEAMA0GCSqGSIb3DQEBCwUAA4IBAQBAyluH1FZl
l0EJNcB80v4OsYGSkB1rW83QmQijb+0mMky+XbJKZckC9hi1bnAEK8k6jyuUlCh2
4nqYCSc7X4srGzJdX7NdRu0q0GXxKG5F/yqnGTCHN6cMXB0fTewnN4ibjYSi+g6J
NCRgjQrz0CcYnNODpgZXPR97XAS1RLkAGtAe9jszgIZB9C+qY7fyntpDA3EwGsEu
gyVyRUQQMb0S+/yIqubnO3/PdDDQcZhWCIiqjZV/+LFyceK/KCXitVE/ve1lONeU
gLVXpErXmrD9B68Cg/L3VlXh4c2TZmnX5BMWRY2z0JNxevi0JNNQFNijlbCtP93q
e/saO1XO7N5X
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:47:57 2025 by rpki-client