Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/S3BCMyCKOcbQqlqmy3mx85uoK64.roa
File: S3BCMyCKOcbQqlqmy3mx85uoK64.roa (raw, json)
Hash identifier: RcmuF64w6qJbE1gH9G6ANbQNVf8PsYQ6HyHDkfi/TmQ=
Subject key identifier: 4B:70:42:33:20:8A:39:C6:D0:AA:5A:A6:CB:79:B1:F3:9B:A8:2B:AE
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019898452631CD95F5D95D219209419E4657
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/S3BCMyCKOcbQqlqmy3mx85uoK64.roa
Signing time: Mon 11 Aug 2025 08:35:25 +0000
ROA not before: Mon 11 Aug 2025 08:35:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42649
IP address blocks: 192.165.127.0/24 maxlen: 24
192.165.138.0/23 maxlen: 24
193.180.20.0/24 maxlen: 24
193.180.121.0/24 maxlen: 24
193.183.161.0/24 maxlen: 24
193.183.162.0/24 maxlen: 24
193.183.163.0/24 maxlen: 24
193.183.239.0/24 maxlen: 24
193.234.83.0/24 maxlen: 24
193.234.86.0/24 maxlen: 24
193.234.255.0/24 maxlen: 24
193.235.73.0/24 maxlen: 24
193.235.130.0/24 maxlen: 24
194.68.43.0/24 maxlen: 24
194.68.159.0/24 maxlen: 24
194.68.160.0/24 maxlen: 24
194.103.4.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:98:45:26:31:cd:95:f5:d9:5d:21:92:09:41:9e:46:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Aug 11 08:35:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b704233208a39c6d0aa5aa6cb79b1f39ba82bae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:88:52:e3:95:5d:d4:18:47:30:c1:d6:7f:c7:
fe:b5:0b:c4:43:c3:e0:c0:b8:c1:28:41:c3:13:4a:
1b:32:eb:05:4a:7a:24:2b:25:f2:af:69:19:38:0d:
9b:02:6a:7a:9a:91:ae:b7:78:c9:4c:81:5b:31:f2:
c7:59:13:cb:26:3f:c3:45:6e:d6:ae:63:69:29:ce:
91:9a:1d:0b:4f:86:d2:4b:dc:4f:ff:27:e2:65:41:
9d:b3:33:9e:9f:41:50:96:4e:51:1b:a3:a7:65:6b:
c6:97:5f:9d:78:bf:0b:b8:72:40:67:00:63:f0:77:
84:e4:92:45:e0:2a:f5:f5:4d:77:c0:40:da:9a:aa:
4c:90:80:40:50:12:8b:bf:20:2b:25:82:83:c0:0c:
8b:99:d7:3e:ef:86:73:21:9a:f2:54:1c:1b:9c:4d:
fd:5e:57:04:a9:1d:d2:8b:98:9b:f4:ef:37:a3:28:
21:3f:e6:d2:c6:2b:de:51:39:7e:1e:54:12:05:42:
57:0b:f8:bf:e9:cb:16:2b:a0:01:a9:d8:b9:0e:58:
a7:18:c1:55:1e:f3:48:3d:90:81:77:a5:37:89:67:
58:c0:85:c0:d6:ea:ab:b6:03:65:2b:e4:88:55:d9:
47:24:f6:a3:96:e5:ca:96:ec:88:73:7a:49:c2:ed:
1b:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:70:42:33:20:8A:39:C6:D0:AA:5A:A6:CB:79:B1:F3:9B:A8:2B:AE
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/S3BCMyCKOcbQqlqmy3mx85uoK64.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.165.127.0/24
192.165.138.0/23
193.180.20.0/24
193.180.121.0/24
193.183.161.0-193.183.163.255
193.183.239.0/24
193.234.83.0/24
193.234.86.0/24
193.234.255.0/24
193.235.73.0/24
193.235.130.0/24
194.68.43.0/24
194.68.159.0-194.68.160.255
194.103.4.0/24
Signature Algorithm: sha256WithRSAEncryption
75:da:43:da:15:a1:bf:48:fb:03:ac:e2:a9:22:4f:73:e4:2f:
58:99:56:a4:23:f0:5e:b8:dc:07:49:be:71:99:0c:83:76:07:
1f:b1:f6:5d:a2:64:4b:23:28:84:93:3a:6c:17:6c:1c:a9:a3:
88:21:c3:54:52:68:ea:18:39:62:1a:ef:8b:8a:33:97:36:9b:
51:a0:bf:ff:e5:5f:95:d6:4c:16:5c:da:c6:cd:34:08:ce:56:
5f:e5:5c:2c:c7:d7:a0:db:98:6c:54:66:b0:b0:87:a4:ed:d2:
7a:73:10:5e:67:96:e9:bd:60:f2:00:80:c8:8a:0a:82:18:36:
5f:d2:c9:33:77:16:ac:e8:7f:e7:98:66:68:ba:a8:0e:73:eb:
eb:b6:e1:0b:05:5d:c2:93:57:b2:1b:e6:72:08:f2:2a:01:4a:
6f:a6:aa:ca:05:20:3c:01:cf:70:be:f8:eb:aa:27:63:25:1d:
a6:a8:ff:48:e1:29:75:05:41:20:cf:9a:5a:27:b2:11:fd:0d:
45:4f:f9:5d:6b:5a:ef:75:4e:24:80:12:de:9e:10:f9:33:dc:
56:9b:8e:73:3d:e8:f2:03:c9:34:81:79:d8:83:b6:1a:62:16:
eb:b3:81:b3:f4:a6:2e:63:fe:a2:58:6b:bc:d5:cb:da:e4:54:
23:8d:f1:a5
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZiYRSYxzZX12V0hkglBnkZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwODExMDgzNTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjcwNDIzMzIwOGEzOWM2ZDBhYTVhYTZjYjc5YjFmMzliYTgyYmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6IhS45Vd1BhHMMHWf8f+tQvEQ8Pg
wLjBKEHDE0obMusFSnokKyXyr2kZOA2bAmp6mpGut3jJTIFbMfLHWRPLJj/DRW7W
rmNpKc6Rmh0LT4bSS9xP/yfiZUGdszOen0FQlk5RG6OnZWvGl1+deL8LuHJAZwBj
8HeE5JJF4Cr19U13wEDamqpMkIBAUBKLvyArJYKDwAyLmdc+74ZzIZryVBwbnE39
XlcEqR3Si5ib9O83oyghP+bSxiveUTl+HlQSBUJXC/i/6csWK6ABqdi5DlinGMFV
HvNIPZCBd6U3iWdYwIXA1uqrtgNlK+SIVdlHJPajluXKluyIc3pJwu0bGQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFEtwQjMgijnG0Kpapst5sfObqCuuMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvUzNCQ015Q0tPY2JRcWxxbXkzbXg4NXVvSzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAATBkAwQAwKV/AwQB
wKWKAwQAwbQUAwQAwbR5MAwDBADBt6EDBALBt6ADBADBt+8DBADB6lMDBADB6lYD
BADB6v8DBADB60kDBADB64IDBADCRCswDAMEAMJEnwMEAMJEoAMEAMJnBDANBgkq
hkiG9w0BAQsFAAOCAQEAddpD2hWhv0j7A6ziqSJPc+QvWJlWpCPwXrjcB0m+cZkM
g3YHH7H2XaJkSyMohJM6bBdsHKmjiCHDVFJo6hg5Yhrvi4ozlzabUaC//+VfldZM
Flzaxs00CM5WX+VcLMfXoNuYbFRmsLCHpO3SenMQXmeW6b1g8gCAyIoKghg2X9LJ
M3cWrOh/55hmaLqoDnPr67bhCwVdwpNXshvmcgjyKgFKb6aqygUgPAHPcL7466on
YyUdpqj/SOEpdQVBIM+aWieyEf0NRU/5XWta73VOJIAS3p4Q+TPcVpuOcz3o8gPJ
NIF52IO2GmIW67OBs/SmLmP+olhrvNXL2uRUI43xpQ==
-----END CERTIFICATE-----
Generated at Sat Aug 23 13:39:42 2025 by rpki-client