Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/iQ2x5DuukHypu2la5SLh9oJxBn0.roa
File: iQ2x5DuukHypu2la5SLh9oJxBn0.roa (raw, json)
Hash identifier: I3RrB1Z27um7iRUVofzGM0edWTijakibftmJRu+RFMs=
Subject key identifier: 89:0D:B1:E4:3B:AE:90:7C:A9:BB:69:5A:E5:22:E1:F6:82:71:06:7D
Certificate issuer: /CN=4ecf53007c79cc5e2f2d7356ba9121a78c0c7714
Certificate serial: 0198A30356BB9F6CB0C35ECC3F24BE3552CC
Authority key identifier: 4E:CF:53:00:7C:79:CC:5E:2F:2D:73:56:BA:91:21:A7:8C:0C:77:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/iQ2x5DuukHypu2la5SLh9oJxBn0.roa
Signing time: Wed 13 Aug 2025 10:39:21 +0000
ROA not before: Wed 13 Aug 2025 10:39:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29535
IP address blocks: 79.191.255.0/24 maxlen: 24
80.51.76.0/24 maxlen: 24
80.54.110.0/23 maxlen: 24
83.2.0.0/20 maxlen: 20
83.2.8.0/22 maxlen: 22
83.2.56.0/22 maxlen: 22
178.42.9.0/24 maxlen: 24
178.42.22.0/24 maxlen: 24
193.110.120.0/22 maxlen: 22
195.149.235.0/24 maxlen: 24
195.149.236.0/22 maxlen: 22
213.25.164.0/24 maxlen: 24
2001:7f8:27::/48 maxlen: 48
2a01:1101:5::/48 maxlen: 48
2a01:11f0::/28 maxlen: 28
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 13:02:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a3:03:56:bb:9f:6c:b0:c3:5e:cc:3f:24:be:35:52:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4ecf53007c79cc5e2f2d7356ba9121a78c0c7714
Validity
Not Before: Aug 13 10:39:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=890db1e43bae907ca9bb695ae522e1f68271067d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:38:55:50:eb:f6:16:e3:6d:66:fd:57:5e:87:
90:15:97:90:6c:5d:c9:a6:ab:6e:77:05:49:79:49:
71:35:84:02:7c:d9:7d:27:99:01:29:06:c5:04:d2:
6e:5e:23:0d:79:d3:5e:a7:bd:39:fa:3f:5c:1a:65:
9b:c4:93:0e:20:99:13:97:26:8e:6e:31:68:e9:d9:
e4:f8:3e:b5:b1:c4:cf:76:e5:a0:bf:e3:92:fd:53:
c2:c9:b9:e2:93:d0:f6:ab:43:72:e8:5e:62:37:39:
7d:74:84:c1:4b:21:48:c6:07:8b:db:e2:35:f0:98:
c9:90:d7:bf:6e:44:06:f5:5c:2a:75:ca:9d:7a:85:
d0:1c:3b:37:e8:3e:21:d9:ca:80:a4:54:67:56:df:
f4:1b:be:0e:6d:52:b8:c0:33:4b:e0:63:05:65:11:
06:64:b9:cb:ad:bd:2e:82:07:48:41:b2:d3:ba:ae:
aa:d1:fc:f2:a1:39:d3:c7:3f:8a:4b:da:bf:3a:fe:
1e:11:37:99:78:73:28:7d:90:e0:6e:44:48:cb:80:
86:ce:16:0a:4c:92:32:0d:8d:6e:f3:f4:d1:18:d8:
2e:23:10:8e:bd:62:32:30:23:94:fd:46:b7:55:d4:
67:9e:65:0f:53:a1:85:f5:41:d0:73:2f:80:fd:d4:
f9:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:0D:B1:E4:3B:AE:90:7C:A9:BB:69:5A:E5:22:E1:F6:82:71:06:7D
X509v3 Authority Key Identifier:
keyid:4E:CF:53:00:7C:79:CC:5E:2F:2D:73:56:BA:91:21:A7:8C:0C:77:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/iQ2x5DuukHypu2la5SLh9oJxBn0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.191.255.0/24
80.51.76.0/24
80.54.110.0/23
83.2.0.0/20
83.2.56.0/22
178.42.9.0/24
178.42.22.0/24
193.110.120.0/22
195.149.235.0-195.149.239.255
213.25.164.0/24
IPv6:
2001:7f8:27::/48
2a01:1101:5::/48
2a01:11f0::/28
Signature Algorithm: sha256WithRSAEncryption
60:9b:e7:fe:9c:a7:f9:09:e4:cd:ea:6a:e8:d5:6c:8c:1a:e2:
21:1d:d2:c7:60:11:29:20:2c:1a:21:7b:6c:1c:d4:ba:68:6e:
c8:52:1c:8a:b9:4b:80:5f:e7:21:91:6e:1c:da:a5:86:f3:87:
7b:d1:3b:c3:6b:0b:7b:68:27:f1:6b:72:6a:53:8c:3f:c2:1d:
4c:fc:5d:e0:f4:d2:f2:2a:0c:c3:c3:02:f7:df:90:63:1b:0f:
6f:76:5b:aa:6f:24:d1:83:ce:ef:21:58:8a:f1:a1:b2:b3:c6:
90:44:6a:a5:e6:86:70:d8:c1:68:a5:69:ca:26:69:18:55:95:
78:13:fb:0c:1d:e3:e2:c1:a6:2c:21:e4:42:e8:1a:1e:9a:b3:
84:17:f3:f4:3a:7c:bf:65:47:69:25:23:3c:2c:87:85:9b:03:
23:a6:b2:fd:02:6e:93:c3:a6:34:bc:3b:a3:d5:8a:4d:6c:cd:
f0:75:c3:dc:5c:f8:e6:39:88:de:e6:a8:a4:af:26:a6:ee:a7:
3e:cc:70:fc:46:9c:1b:7b:6f:53:dc:82:f7:8a:69:37:ac:91:
87:a5:68:48:b5:c5:d7:f1:c7:f3:d2:61:ba:cd:94:22:82:e0:
f8:37:e9:c9:78:1b:86:29:0e:90:31:a7:c5:d4:df:75:e9:77:
b7:e5:de:88
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAZijA1a7n2yww17MPyS+NVLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Y1MzAwN2M3OWNjNWUyZjJkNzM1NmJhOTEyMWE3OGMw
Yzc3MTQwHhcNMjUwODEzMTAzOTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTBkYjFlNDNiYWU5MDdjYTliYjY5NWFlNTIyZTFmNjgyNzEwNjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjhVUOv2FuNtZv1XXoeQFZeQbF3J
pqtudwVJeUlxNYQCfNl9J5kBKQbFBNJuXiMNedNep705+j9cGmWbxJMOIJkTlyaO
bjFo6dnk+D61scTPduWgv+OS/VPCybnik9D2q0Ny6F5iNzl9dITBSyFIxgeL2+I1
8JjJkNe/bkQG9VwqdcqdeoXQHDs36D4h2cqApFRnVt/0G74ObVK4wDNL4GMFZREG
ZLnLrb0uggdIQbLTuq6q0fzyoTnTxz+KS9q/Ov4eETeZeHMofZDgbkRIy4CGzhYK
TJIyDY1u8/TRGNguIxCOvWIyMCOU/Ua3VdRnnmUPU6GF9UHQcy+A/dT5rQIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFIkNseQ7rpB8qbtpWuUi4faCcQZ9MB8GA1UdIwQY
MBaAFE7PUwB8ecxeLy1zVrqRIaeMDHcUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHM5VEFIeDV6RjR2TFhOV3VwRWhwNHdNZHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi82NDhjNzUtMmJlOC00YmZkLWExYjEt
Y2I4YjNhMDk0MjA5LzEvaVEyeDVEdXVrSHlwdTJsYTVTTGg5b0p4Qm4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi82NDhjNzUtMmJlOC00YmZkLWExYjEtY2I4YjNhMDk0MjA5
LzEvVHM5VEFIeDV6RjR2TFhOV3VwRWhwNHdNZHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBKBAIAATBEAwQAT7//AwQA
UDNMAwQBUDZuAwQEUwIAAwQCUwI4AwQAsioJAwQAsioWAwQCwW54MAwDBADDlesD
BATDleADBADVGaQwHwQCAAIwGQMHACABB/gAJwMHACoBEQEABQMFBCoBEfAwDQYJ
KoZIhvcNAQELBQADggEBAGCb5/6cp/kJ5M3qaujVbIwa4iEd0sdgESkgLBohe2wc
1LpobshSHIq5S4Bf5yGRbhzapYbzh3vRO8NrC3toJ/FrcmpTjD/CHUz8XeD00vIq
DMPDAvffkGMbD292W6pvJNGDzu8hWIrxobKzxpBEaqXmhnDYwWilacomaRhVlXgT
+wwd4+LBpiwh5ELoGh6as4QX8/Q6fL9lR2klIzwsh4WbAyOmsv0CbpPDpjS8O6PV
ik1szfB1w9xc+OY5iN7mqKSvJqbupz7McPxGnBt7b1PcgveKaTeskYelaEi1xdfx
x/PSYbrNlCKC4Pg36cl4G4YpDpAxp8XU33Xpd7fl3og=
-----END CERTIFICATE-----
Generated at Sat Aug 23 23:23:39 2025 by rpki-client