Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Bi4PteCuRSQ3wHMcJ452R3c01HQ.roa
File: Bi4PteCuRSQ3wHMcJ452R3c01HQ.roa (raw, json)
Hash identifier: MHa+8BmOS1ED980rqsEV2TyJQpOZTLSX5XGl7JHp79A=
Subject key identifier: 06:2E:0F:B5:E0:AE:45:24:37:C0:73:1C:27:8E:76:47:77:34:D4:74
Certificate issuer: /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial: 0198D2F84C5149986E1456BB1E2744874019
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Bi4PteCuRSQ3wHMcJ452R3c01HQ.roa
Signing time: Fri 22 Aug 2025 18:09:04 +0000
ROA not before: Fri 22 Aug 2025 18:09:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 14.102.227.0/24 maxlen: 24
14.102.234.0/24 maxlen: 24
45.151.140.0/24 maxlen: 24
74.112.152.0/22 maxlen: 24
94.229.222.0/24 maxlen: 24
103.41.44.0/23 maxlen: 24
194.36.33.0/24 maxlen: 24
205.237.88.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:d2:f8:4c:51:49:98:6e:14:56:bb:1e:27:44:87:40:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Validity
Not Before: Aug 22 18:09:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=062e0fb5e0ae452437c0731c278e76477734d474
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:5f:91:e9:00:89:5a:5b:88:e0:01:fc:cc:69:
8a:d2:bb:56:53:c0:34:76:cd:5c:8c:ac:31:e9:dc:
87:f8:0a:82:4e:c2:20:c6:37:b4:d3:7c:92:13:09:
0e:14:48:db:39:e5:e0:f9:99:83:67:5b:cc:2f:2e:
9b:7d:16:16:5a:9c:c5:c2:17:da:34:55:98:fb:1b:
47:5c:72:bc:7b:f1:e8:93:c9:07:d9:46:2b:2f:14:
fe:09:99:70:eb:39:a5:ce:e8:3f:ae:9e:80:af:9d:
c2:6c:f5:5a:ef:0e:55:59:5d:a1:df:ee:85:ff:7e:
5d:0d:aa:6d:fd:b5:f3:20:f7:1d:d7:0f:17:16:8e:
7f:29:8d:ff:25:42:6b:eb:b1:ff:d1:09:b0:88:20:
7e:8b:38:a5:01:d5:40:a7:d5:a9:c2:07:7b:2a:bc:
5b:65:25:65:73:88:b4:e6:9a:58:92:aa:ad:e5:52:
ff:cb:b6:01:96:61:6e:d6:0b:8c:e8:9b:9c:ed:4b:
2f:62:db:04:16:35:ec:4c:1a:68:13:83:2b:40:2b:
81:64:f6:e4:d3:a5:b7:eb:42:b8:13:fc:2d:d3:a2:
5f:3a:b5:55:04:16:1f:b0:da:fb:6b:fb:1c:30:38:
0e:4b:67:89:c8:ab:f6:e8:07:08:e4:74:9d:d7:cb:
76:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:2E:0F:B5:E0:AE:45:24:37:C0:73:1C:27:8E:76:47:77:34:D4:74
X509v3 Authority Key Identifier:
keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Bi4PteCuRSQ3wHMcJ452R3c01HQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
14.102.227.0/24
14.102.234.0/24
45.151.140.0/24
74.112.152.0/22
94.229.222.0/24
103.41.44.0/23
194.36.33.0/24
205.237.88.0/22
Signature Algorithm: sha256WithRSAEncryption
63:7f:fd:b9:a8:8c:77:93:1b:44:a3:b7:28:6d:c4:22:4c:d6:
98:93:af:99:bf:67:48:50:9e:ab:94:bc:0a:f4:98:3b:5e:6d:
d7:50:e3:f2:5a:0a:c8:e0:cd:3c:c0:f7:9a:ea:e3:bd:a6:62:
15:bb:e4:59:e6:33:e5:f2:33:fe:62:04:f3:e9:3e:15:1c:e9:
83:19:59:46:6b:37:08:d8:21:f7:b1:c4:d7:61:97:11:75:0c:
17:b1:2b:b9:ff:40:47:b6:63:1f:eb:f5:44:48:02:76:f7:9a:
1c:80:dd:31:0a:76:1e:36:ec:5b:8d:ce:a9:46:2d:d0:c1:41:
b6:68:07:60:bc:ac:fb:7a:71:8e:4c:35:d0:62:d0:54:c6:18:
c3:6e:63:2a:43:50:36:03:cf:95:95:6a:9f:d5:b2:56:10:d2:
78:01:ef:9c:34:a0:77:d5:09:78:a8:21:73:9a:f5:af:c4:5d:
e7:7f:e5:6d:69:56:e0:13:a7:25:14:a1:e5:47:13:cd:5a:05:
b5:20:3a:90:0f:9d:22:dd:15:6b:87:98:e6:58:8b:ba:99:92:
e7:9d:40:4d:e8:19:ff:2d:f3:1d:5e:cb:5d:34:cd:30:4e:7a:
a3:8a:be:c0:ff:8b:95:dc:5a:f6:4d:ba:da:03:de:0f:dd:e0:
a7:c5:1e:66
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZjS+ExRSZhuFFa7HidEh0AZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwODIyMTgwOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjJlMGZiNWUwYWU0NTI0MzdjMDczMWMyNzhlNzY0Nzc3MzRkNDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF+R6QCJWluI4AH8zGmK0rtWU8A0
ds1cjKwx6dyH+AqCTsIgxje003ySEwkOFEjbOeXg+ZmDZ1vMLy6bfRYWWpzFwhfa
NFWY+xtHXHK8e/Hok8kH2UYrLxT+CZlw6zmlzug/rp6Ar53CbPVa7w5VWV2h3+6F
/35dDapt/bXzIPcd1w8XFo5/KY3/JUJr67H/0QmwiCB+izilAdVAp9Wpwgd7Krxb
ZSVlc4i05ppYkqqt5VL/y7YBlmFu1guM6Juc7UsvYtsEFjXsTBpoE4MrQCuBZPbk
06W360K4E/wt06JfOrVVBBYfsNr7a/scMDgOS2eJyKv26AcI5HSd18t2rQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAYuD7XgrkUkN8BzHCeOdkd3NNR0MB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQmk0UHRlQ3VSU1Ezd0hNY0o0NTJSM2MwMUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQADmbjAwQA
DmbqAwQALZeMAwQCSnCYAwQAXuXeAwQBZyksAwQAwiQhAwQCze1YMA0GCSqGSIb3
DQEBCwUAA4IBAQBjf/25qIx3kxtEo7cobcQiTNaYk6+Zv2dIUJ6rlLwK9Jg7Xm3X
UOPyWgrI4M08wPea6uO9pmIVu+RZ5jPl8jP+YgTz6T4VHOmDGVlGazcI2CH3scTX
YZcRdQwXsSu5/0BHtmMf6/VESAJ295ocgN0xCnYeNuxbjc6pRi3QwUG2aAdgvKz7
enGOTDXQYtBUxhjDbmMqQ1A2A8+VlWqf1bJWENJ4Ae+cNKB31Ql4qCFzmvWvxF3n
f+VtaVbgE6clFKHlRxPNWgW1IDqQD50i3RVrh5jmWIu6mZLnnUBN6Bn/LfMdXstd
NM0wTnqjir7A/4uV3Fr2TbraA94P3eCnxR5m
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:35:55 2025 by rpki-client