Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/8YmL9Ep32a72BjjrjP1j1JO7b5Q.roa
File: 8YmL9Ep32a72BjjrjP1j1JO7b5Q.roa (raw, json)
Hash identifier: Ht29fppl19fG6SkxbeWiQ7UIPOPKrDH3yWJ3G4r6GG4=
Subject key identifier: F1:89:8B:F4:4A:77:D9:AE:F6:06:38:EB:8C:FD:63:D4:93:BB:6F:94
Certificate issuer: /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial: 01977E122D8C1C5717A78741C752D426F770
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/8YmL9Ep32a72BjjrjP1j1JO7b5Q.roa
Signing time: Tue 17 Jun 2025 13:26:49 +0000
ROA not before: Tue 17 Jun 2025 13:26:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34602
IP address blocks: 31.130.128.0/21 maxlen: 21
77.50.0.0/16 maxlen: 16
77.50.0.0/23 maxlen: 23
77.50.2.0/23 maxlen: 23
77.50.4.0/22 maxlen: 22
77.50.8.0/21 maxlen: 21
77.50.16.0/20 maxlen: 20
77.50.32.0/19 maxlen: 19
77.50.53.0/24 maxlen: 24
77.50.64.0/18 maxlen: 24
77.50.128.0/17 maxlen: 24
77.233.192.0/19 maxlen: 19
77.233.192.0/20 maxlen: 20
77.233.208.0/22 maxlen: 22
77.233.216.0/22 maxlen: 22
77.243.96.0/20 maxlen: 20
81.17.144.0/20 maxlen: 24
81.17.144.0/21 maxlen: 21
81.17.155.0/24 maxlen: 24
81.17.156.0/23 maxlen: 23
91.204.128.0/23 maxlen: 23
91.204.130.0/24 maxlen: 24
94.141.162.0/23 maxlen: 23
94.141.163.0/24 maxlen: 24
94.141.164.0/22 maxlen: 22
94.141.168.0/22 maxlen: 22
94.141.172.0/22 maxlen: 22
94.141.176.0/20 maxlen: 20
185.185.140.0/24 maxlen: 24
2a00:e78::/31 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 21:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:7e:12:2d:8c:1c:57:17:a7:87:41:c7:52:d4:26:f7:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Validity
Not Before: Jun 17 13:26:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f1898bf44a77d9aef60638eb8cfd63d493bb6f94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:49:c2:33:b9:cb:f6:17:f6:80:3c:1a:11:76:
72:97:7b:fb:ad:96:87:ac:6d:c1:82:bc:f3:a7:be:
47:6c:59:59:18:6e:f4:b2:27:47:83:28:f9:58:06:
ce:99:bd:2b:c7:49:bc:63:c4:df:af:34:e1:19:38:
4b:bc:98:39:88:8f:c0:6e:5c:57:47:1b:42:e1:a8:
2c:fd:e6:60:9a:b5:aa:99:bd:d9:0c:f9:68:ca:b0:
57:75:87:e4:82:53:f5:23:11:03:f9:d6:9a:22:0e:
ce:3c:07:77:65:7d:35:7c:3a:84:3d:87:74:f9:ba:
cb:97:0e:6c:f4:9c:6e:57:8e:89:29:1b:64:c4:5f:
53:21:d1:85:0c:b4:03:89:72:df:50:62:a5:6f:43:
7d:bd:00:e2:67:02:08:90:0e:45:b3:8b:74:ca:5c:
86:37:0f:d0:fc:e0:81:ff:7c:53:19:22:9d:3f:8c:
4e:8c:46:14:5b:53:f9:af:9c:43:35:7a:2a:7a:30:
21:de:0b:e6:63:83:12:46:c5:02:e7:79:30:14:10:
da:b8:a1:31:25:f3:d2:56:78:12:cb:90:20:aa:f6:
0e:ca:c6:3a:9f:71:e2:b9:5f:cf:5d:80:82:ab:be:
96:a7:48:c0:56:3c:5d:75:d6:94:1e:75:5a:00:a8:
17:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:89:8B:F4:4A:77:D9:AE:F6:06:38:EB:8C:FD:63:D4:93:BB:6F:94
X509v3 Authority Key Identifier:
keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/8YmL9Ep32a72BjjrjP1j1JO7b5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.130.128.0/21
77.50.0.0/16
77.233.192.0/19
77.243.96.0/20
81.17.144.0/20
91.204.128.0-91.204.130.255
94.141.162.0-94.141.191.255
185.185.140.0/24
IPv6:
2a00:e78::/31
Signature Algorithm: sha256WithRSAEncryption
ce:10:9f:7b:cc:eb:9f:b2:7b:d2:17:83:b9:6c:24:07:e3:36:
f5:14:f3:34:3c:69:60:d8:59:97:16:af:f1:ea:c0:83:f6:0e:
31:29:7d:d1:ae:2b:72:45:da:e1:39:44:50:99:c6:89:8d:75:
a6:e8:3c:25:53:0d:74:ad:d0:f5:23:b5:d1:4d:ee:9c:9a:cc:
db:7b:d0:16:c2:38:57:7c:cd:ac:6f:d1:b2:65:40:bc:3b:8d:
b6:f5:4c:f1:e7:ca:e0:84:ee:c4:f3:9b:c3:86:d2:5f:16:96:
c9:cc:c3:c5:cd:b2:9a:47:de:ba:3b:d2:64:de:a7:43:ec:8c:
5b:58:4e:df:9c:90:2e:8d:d2:36:70:c4:fa:00:8e:0d:40:e3:
d8:73:1e:e9:18:ba:f2:77:d1:30:67:eb:1d:c4:64:12:e6:bd:
8d:81:24:5e:0b:ee:c6:21:1c:24:fe:6e:18:13:03:3c:d1:1f:
ad:57:d5:66:c6:eb:3d:86:13:67:6d:f9:c5:5c:d2:2e:c8:a7:
26:16:44:cf:fb:06:f6:d5:3b:e1:4d:58:6b:e4:e4:91:0b:fc:
73:ec:97:ce:af:8c:13:3d:a3:d7:15:41:16:c2:96:66:a5:a4:
14:32:a7:6d:3b:db:58:5a:19:53:49:c9:78:45:fa:80:f4:6b:
3c:76:1f:e6
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZd+Ei2MHFcXp4dBx1LUJvdwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjUwNjE3MTMyNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTg5OGJmNDRhNzdkOWFlZjYwNjM4ZWI4Y2ZkNjNkNDkzYmI2Zjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUnCM7nL9hf2gDwaEXZyl3v7rZaH
rG3Bgrzzp75HbFlZGG70sidHgyj5WAbOmb0rx0m8Y8TfrzThGThLvJg5iI/AblxX
RxtC4ags/eZgmrWqmb3ZDPloyrBXdYfkglP1IxED+daaIg7OPAd3ZX01fDqEPYd0
+brLlw5s9JxuV46JKRtkxF9TIdGFDLQDiXLfUGKlb0N9vQDiZwIIkA5Fs4t0ylyG
Nw/Q/OCB/3xTGSKdP4xOjEYUW1P5r5xDNXoqejAh3gvmY4MSRsUC53kwFBDauKEx
JfPSVngSy5AgqvYOysY6n3HiuV/PXYCCq76Wp0jAVjxdddaUHnVaAKgXMQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFPGJi/RKd9mu9gY464z9Y9STu2+UMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvOFltTDlFcDMyYTcyQmpqcmpQMWoxSk83YjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBFBAIAATA/AwQDH4KAAwMA
TTIDBAVN6cADBARN82ADBARREZAwDAMEB1vMgAMEAFvMgjAMAwQBXo2iAwQGXo2A
AwQAubmMMA0EAgACMAcDBQEqAA54MA0GCSqGSIb3DQEBCwUAA4IBAQDOEJ97zOuf
snvSF4O5bCQH4zb1FPM0PGlg2FmXFq/x6sCD9g4xKX3RrityRdrhOURQmcaJjXWm
6DwlUw10rdD1I7XRTe6cmszbe9AWwjhXfM2sb9GyZUC8O4229Uzx58rghO7E85vD
htJfFpbJzMPFzbKaR966O9Jk3qdD7IxbWE7fnJAujdI2cMT6AI4NQOPYcx7pGLry
d9EwZ+sdxGQS5r2NgSReC+7GIRwk/m4YEwM80R+tV9Vmxus9hhNnbfnFXNIuyKcm
FkTP+wb21TvhTVhr5OSRC/xz7JfOr4wTPaPXFUEWwpZmpaQUMqdtO9tYWhlTScl4
RfqA9Gs8dh/m
-----END CERTIFICATE-----
Generated at Sun Jun 29 06:41:23 2025 by rpki-client