Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KHpldrrDNbYVp7cFVr9-zEXEGr8.roa
File: KHpldrrDNbYVp7cFVr9-zEXEGr8.roa (raw, json)
Hash identifier: pJr6EDRhz8yrIZ3rWQfq1FjaxHyxNIXMAhqBhC4+L1k=
Subject key identifier: 28:7A:65:76:BA:C3:35:B6:15:A7:B7:05:56:BF:7E:CC:45:C4:1A:BF
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 0198B7DAC5F296CEC34B0FB2C0A2181D0228
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KHpldrrDNbYVp7cFVr9-zEXEGr8.roa
Signing time: Sun 17 Aug 2025 11:47:04 +0000
ROA not before: Sun 17 Aug 2025 11:47:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215304
IP address blocks: 185.206.250.0/24 maxlen: 24
185.210.235.0/24 maxlen: 24
185.218.20.0/24 maxlen: 24
185.226.107.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:b7:da:c5:f2:96:ce:c3:4b:0f:b2:c0:a2:18:1d:02:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Aug 17 11:47:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=287a6576bac335b615a7b70556bf7ecc45c41abf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:fd:d6:90:3e:50:ab:5f:c0:d4:64:7c:d5:37:
10:12:bb:70:25:2c:d7:98:dc:65:6b:71:9f:e8:b1:
a8:fc:04:44:9e:91:d9:6b:3f:87:2e:61:92:18:94:
5c:b4:33:b8:0d:80:6d:61:d4:ca:20:f5:a0:2d:2f:
45:ff:9d:d6:d8:4a:69:40:03:f5:44:fc:3d:2c:ee:
4f:d5:cc:60:fc:56:49:fd:d1:5b:24:91:28:99:31:
02:d1:75:6f:f3:ff:95:35:dd:9b:f0:0f:44:4a:be:
ac:b5:09:83:ec:af:74:4a:8f:1c:d9:8a:45:af:53:
18:9e:c7:a3:5d:3e:da:61:aa:d8:5a:ac:28:9c:e4:
49:ad:b8:70:2c:df:d8:a4:7d:33:85:35:00:50:21:
d7:07:fb:88:ab:ed:7d:97:28:7b:c4:44:27:ce:7f:
6f:cd:b7:1d:61:bb:44:ab:b9:6b:be:91:1c:b9:37:
5f:6f:ea:8a:e3:8e:32:95:d0:88:77:89:e4:33:73:
51:d5:f0:f3:08:ab:6b:52:a8:4d:02:d9:ee:94:ef:
9d:85:b0:3b:df:2e:9f:7b:48:31:93:89:c3:8f:e8:
bd:66:48:5b:07:25:d9:ac:1c:bf:f5:a2:56:29:23:
52:56:d3:b5:a1:ce:15:0d:85:86:e1:99:97:14:29:
c7:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:7A:65:76:BA:C3:35:B6:15:A7:B7:05:56:BF:7E:CC:45:C4:1A:BF
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KHpldrrDNbYVp7cFVr9-zEXEGr8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.206.250.0/24
185.210.235.0/24
185.218.20.0/24
185.226.107.0/24
Signature Algorithm: sha256WithRSAEncryption
b2:57:07:0f:d9:f4:bb:74:4e:45:c7:47:f8:a0:1d:d0:29:78:
1a:05:9e:fa:6b:a2:5f:24:6e:89:9c:8f:12:a9:bb:96:bd:7a:
54:13:0c:ab:67:17:d2:90:f4:ee:8b:be:02:3d:f7:67:86:cb:
ef:7b:12:be:ba:9f:94:9c:5f:b8:1e:cd:83:9f:31:99:ab:ef:
8e:a6:60:ec:61:31:64:60:da:3f:86:32:19:9c:e4:9a:77:25:
cb:25:72:55:0a:ae:21:ea:05:68:cb:fd:a8:d6:52:13:91:8e:
5e:ec:2a:6b:3b:88:46:b1:ac:ad:35:2b:46:89:fc:64:e0:58:
1e:fc:5c:32:f0:9f:2c:ea:18:41:e5:d1:7c:9a:06:01:d7:17:
12:c5:96:34:76:9d:16:49:a1:60:a8:09:29:97:8e:91:2c:66:
5f:6c:d1:f4:0c:62:c0:ef:ec:47:00:69:30:3a:88:87:3e:1a:
2e:a8:af:18:7a:51:59:86:7a:30:4e:67:0b:9a:c3:b1:12:13:
c9:b2:94:1f:7c:00:d9:fc:39:50:8e:5b:6d:6a:e8:ed:95:49:
af:d6:76:11:ef:5c:73:77:a8:38:70:8f:c3:3d:21:f7:21:40:
bf:7b:37:9d:e1:a8:68:1a:4a:cd:e3:02:79:a0:ea:01:60:af:
91:c6:3c:5f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZi32sXyls7DSw+ywKIYHQIoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwODE3MTE0NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODdhNjU3NmJhYzMzNWI2MTVhN2I3MDU1NmJmN2VjYzQ1YzQxYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv3WkD5Qq1/A1GR81TcQErtwJSzX
mNxla3Gf6LGo/AREnpHZaz+HLmGSGJRctDO4DYBtYdTKIPWgLS9F/53W2EppQAP1
RPw9LO5P1cxg/FZJ/dFbJJEomTEC0XVv8/+VNd2b8A9ESr6stQmD7K90So8c2YpF
r1MYnsejXT7aYarYWqwonORJrbhwLN/YpH0zhTUAUCHXB/uIq+19lyh7xEQnzn9v
zbcdYbtEq7lrvpEcuTdfb+qK444yldCId4nkM3NR1fDzCKtrUqhNAtnulO+dhbA7
3y6fe0gxk4nDj+i9ZkhbByXZrBy/9aJWKSNSVtO1oc4VDYWG4ZmXFCnHawIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCh6ZXa6wzW2Fae3BVa/fsxFxBq/MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvS0hwbGRyckROYllWcDdjRlZyOS16RVhFR3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuc76AwQA
udLrAwQAudoUAwQAueJrMA0GCSqGSIb3DQEBCwUAA4IBAQCyVwcP2fS7dE5Fx0f4
oB3QKXgaBZ76a6JfJG6JnI8SqbuWvXpUEwyrZxfSkPTui74CPfdnhsvvexK+up+U
nF+4Hs2DnzGZq++OpmDsYTFkYNo/hjIZnOSadyXLJXJVCq4h6gVoy/2o1lITkY5e
7CprO4hGsaytNStGifxk4Fge/Fwy8J8s6hhB5dF8mgYB1xcSxZY0dp0WSaFgqAkp
l46RLGZfbNH0DGLA7+xHAGkwOoiHPhouqK8YelFZhnowTmcLmsOxEhPJspQffADZ
/DlQjlttaujtlUmv1nYR71xzd6g4cI/DPSH3IUC/ezed4ahoGkrN4wJ5oOoBYK+R
xjxf
-----END CERTIFICATE-----
Generated at Sat Aug 23 18:38:57 2025 by rpki-client