Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/fl8rnacXy3y9RR72Ckv0yy_-8A0.roa
File: fl8rnacXy3y9RR72Ckv0yy_-8A0.roa (raw, json)
Hash identifier: QlQ79ekyqU3zQDGrsHiwAcV6R8Y7CsOQW9QiHoruZS0=
Subject key identifier: 7E:5F:2B:9D:A7:17:CB:7C:BD:45:1E:F6:0A:4B:F4:CB:2F:FE:F0:0D
Certificate issuer: /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial: 0198AEB8833E3AF3EAC38A2F66266CABF7FC
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/fl8rnacXy3y9RR72Ckv0yy_-8A0.roa
Signing time: Fri 15 Aug 2025 17:13:04 +0000
ROA not before: Fri 15 Aug 2025 17:13:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 37.148.128.0/22 maxlen: 24
93.88.153.0/24 maxlen: 24
93.88.154.0/23 maxlen: 24
93.88.157.0/24 maxlen: 24
95.155.133.0/24 maxlen: 24
95.155.134.0/24 maxlen: 24
95.155.146.0/23 maxlen: 24
95.155.148.0/22 maxlen: 24
95.155.159.0/24 maxlen: 24
152.89.84.0/24 maxlen: 24
152.89.87.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ae:b8:83:3e:3a:f3:ea:c3:8a:2f:66:26:6c:ab:f7:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Validity
Not Before: Aug 15 17:13:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7e5f2b9da717cb7cbd451ef60a4bf4cb2ffef00d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:d8:5f:78:8e:01:0f:91:ba:f5:5f:b3:15:b1:
c2:c2:e2:53:08:0e:aa:cf:f2:ec:aa:db:b6:7c:fe:
eb:f1:5f:54:3a:72:b4:b6:ee:37:6a:01:84:30:cc:
f2:2f:8e:1a:c5:2b:44:9f:06:4a:11:1f:a7:b6:57:
db:3d:93:e6:80:d4:03:01:f1:64:50:33:54:5f:45:
d1:03:ff:05:d5:31:74:69:2a:cd:07:a6:7b:6c:e5:
47:82:70:f2:e8:70:4e:4c:a1:5c:c9:91:4e:73:2c:
e7:93:fa:85:5f:75:b7:d4:5c:d7:42:36:17:55:94:
e3:67:95:6e:73:39:23:fe:dc:e7:88:36:48:c0:5a:
3e:f1:18:c0:5e:5a:dd:8c:0e:8e:19:21:81:d2:6c:
91:6c:3a:1a:ea:95:35:b9:ee:f4:75:32:83:42:b1:
aa:bd:7c:b1:d0:12:81:ab:e9:62:5e:53:42:86:0c:
f6:b5:09:82:a1:fb:db:f7:90:fc:2a:54:6a:f7:fe:
1c:95:58:cd:13:e0:cc:f6:0d:3c:98:86:2b:95:be:
eb:a5:06:b5:3b:1f:58:2e:55:7a:26:b7:86:84:b6:
06:1c:86:38:55:d3:4d:65:ad:03:f9:40:a4:ac:a1:
16:30:fc:fd:a2:5c:67:d6:cb:14:29:dc:db:4e:1a:
5a:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:5F:2B:9D:A7:17:CB:7C:BD:45:1E:F6:0A:4B:F4:CB:2F:FE:F0:0D
X509v3 Authority Key Identifier:
keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/fl8rnacXy3y9RR72Ckv0yy_-8A0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.148.128.0/22
93.88.153.0-93.88.155.255
93.88.157.0/24
95.155.133.0-95.155.134.255
95.155.146.0-95.155.151.255
95.155.159.0/24
152.89.84.0/24
152.89.87.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:a3:76:81:e0:e7:e3:b2:bd:17:9c:09:a5:83:f3:fe:85:b9:
39:09:72:32:cb:37:46:ef:98:d5:21:51:db:f3:a6:9c:be:f4:
1e:88:09:c6:37:85:c0:5a:c3:dd:4c:b7:f7:ee:0f:69:9b:ed:
ec:21:b6:66:24:53:aa:94:21:0e:97:56:07:b8:b9:12:d8:b1:
6c:91:78:eb:85:ee:3f:3e:d8:29:97:7f:25:f1:3c:cf:43:56:
68:ae:08:76:50:f0:47:a0:1f:0e:0e:81:61:47:6e:da:66:d2:
dd:6b:43:20:4f:cf:88:0b:78:c7:2b:33:2c:6f:f1:33:f5:c9:
5e:a2:af:f6:51:a0:a4:62:14:01:20:f4:40:3a:17:43:0d:3b:
92:75:68:59:24:8a:c3:49:fd:41:51:da:3a:40:09:49:23:43:
ad:05:15:44:79:7a:93:4a:78:8d:d0:0f:c0:a9:27:33:b4:b8:
7d:cb:56:83:f2:53:21:4a:e5:d2:6b:1a:c4:e9:a3:98:89:cb:
43:b0:8a:1f:1d:95:18:b2:6f:0f:47:89:41:ba:79:4a:35:6f:
11:e4:92:90:70:1f:0e:2d:37:ed:fd:1f:14:9d:ed:13:3e:17:
3a:00:a7:46:ef:f7:ad:7d:28:e2:a3:c3:0f:9e:db:e0:a0:00:
cf:cd:b8:64
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZiuuIM+OvPqw4ovZiZsq/f8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjUwODE1MTcxMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTVmMmI5ZGE3MTdjYjdjYmQ0NTFlZjYwYTRiZjRjYjJmZmVmMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlthfeI4BD5G69V+zFbHCwuJTCA6q
z/Lsqtu2fP7r8V9UOnK0tu43agGEMMzyL44axStEnwZKER+ntlfbPZPmgNQDAfFk
UDNUX0XRA/8F1TF0aSrNB6Z7bOVHgnDy6HBOTKFcyZFOcyznk/qFX3W31FzXQjYX
VZTjZ5Vuczkj/tzniDZIwFo+8RjAXlrdjA6OGSGB0myRbDoa6pU1ue70dTKDQrGq
vXyx0BKBq+liXlNChgz2tQmCofvb95D8KlRq9/4clVjNE+DM9g08mIYrlb7rpQa1
Ox9YLlV6JreGhLYGHIY4VdNNZa0D+UCkrKEWMPz9olxn1ssUKdzbThpawQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFH5fK52nF8t8vUUe9gpL9Msv/vANMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvZmw4cm5hY1h5M3k5UlI3MkNrdjB5eV8tOEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCJZSAMAwD
BABdWJkDBAJdWJgDBABdWJ0wDAMEAF+bhQMEAF+bhjAMAwQBX5uSAwQDX5uQAwQA
X5ufAwQAmFlUAwQAmFlXMA0GCSqGSIb3DQEBCwUAA4IBAQA8o3aB4Ofjsr0XnAml
g/P+hbk5CXIyyzdG75jVIVHb86acvvQeiAnGN4XAWsPdTLf37g9pm+3sIbZmJFOq
lCEOl1YHuLkS2LFskXjrhe4/Ptgpl38l8TzPQ1Zorgh2UPBHoB8ODoFhR27aZtLd
a0MgT8+IC3jHKzMsb/Ez9cleoq/2UaCkYhQBIPRAOhdDDTuSdWhZJIrDSf1BUdo6
QAlJI0OtBRVEeXqTSniN0A/AqScztLh9y1aD8lMhSuXSaxrE6aOYictDsIofHZUY
sm8PR4lBunlKNW8R5JKQcB8OLTft/R8Une0TPhc6AKdG7/etfSjio8MPntvgoADP
zbhk
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:55:20 2025 by rpki-client