Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/Ak-sqmkHeD14lUUnj1nQSctaUaY.roa
File: Ak-sqmkHeD14lUUnj1nQSctaUaY.roa (raw, json)
Hash identifier: Uwu2WgFX6hBPe31f7V4j1w99D6laoHZ23sxjTnhDpmU=
Subject key identifier: 02:4F:AC:AA:69:07:78:3D:78:95:45:27:8F:59:D0:49:CB:5A:51:A6
Certificate issuer: /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial: 0198BE0C7545F693D9156BF22FACDF190792
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/Ak-sqmkHeD14lUUnj1nQSctaUaY.roa
Signing time: Mon 18 Aug 2025 16:39:04 +0000
ROA not before: Mon 18 Aug 2025 16:39:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 85.115.208.0/23 maxlen: 24
85.115.210.0/23 maxlen: 24
213.145.68.0/23 maxlen: 23
213.145.70.0/23 maxlen: 24
213.145.72.0/21 maxlen: 24
213.145.82.0/23 maxlen: 24
213.145.84.0/23 maxlen: 23
213.145.86.0/23 maxlen: 23
213.145.88.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:be:0c:75:45:f6:93:d9:15:6b:f2:2f:ac:df:19:07:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Validity
Not Before: Aug 18 16:39:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=024facaa6907783d789545278f59d049cb5a51a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:c0:42:fc:7c:80:8c:f6:e2:5f:f5:92:8b:c5:
39:32:b4:da:b3:59:d1:f4:93:e5:f1:ae:d0:52:6d:
88:6a:19:e2:16:7d:a5:39:27:b0:64:66:cd:b8:dc:
c9:7d:e5:22:7c:31:ff:10:0e:97:89:42:18:74:34:
e9:cf:0b:af:7d:de:2d:1a:45:98:f1:0c:c5:fd:25:
48:9c:32:56:6a:7b:91:f3:7e:9f:00:1f:a6:5f:cc:
5d:ef:2f:93:c0:e5:63:dc:bc:e2:73:45:5e:a6:7c:
f0:14:48:a5:85:da:c4:db:63:76:fb:12:9c:6c:c7:
2e:69:97:c9:b9:f6:ab:f4:47:65:48:eb:c6:83:0f:
0b:30:f8:0f:50:cd:c4:5d:01:ab:f5:53:23:58:26:
60:14:58:73:a3:5c:ed:a0:e2:e1:73:fa:25:d0:8b:
e3:e5:f0:44:86:00:2d:65:41:e5:ec:30:c7:2b:0b:
42:af:14:5a:4e:4a:f8:30:85:bb:de:f0:7a:25:ac:
04:5b:43:c7:ba:b4:ec:29:10:f0:95:06:72:ac:9b:
a8:9e:9d:6c:3e:7a:c8:ad:d3:09:6d:86:06:f0:56:
23:6c:29:2c:98:b4:cc:b5:aa:60:29:75:f0:91:51:
81:9b:0a:00:da:2c:50:53:51:f1:3f:73:0a:82:1d:
24:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:4F:AC:AA:69:07:78:3D:78:95:45:27:8F:59:D0:49:CB:5A:51:A6
X509v3 Authority Key Identifier:
keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/Ak-sqmkHeD14lUUnj1nQSctaUaY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.115.208.0/22
213.145.68.0-213.145.79.255
213.145.82.0-213.145.89.255
Signature Algorithm: sha256WithRSAEncryption
6e:58:a3:93:f1:53:03:51:9b:c5:35:7d:01:76:a4:a1:0e:3d:
61:ce:85:52:8e:1e:50:e8:0b:3d:9d:0c:32:c5:2b:ca:bd:0b:
87:47:82:78:de:e8:10:7f:9e:66:d6:3e:90:2c:7d:98:5a:3c:
39:df:87:56:81:53:e5:69:f0:39:ab:bf:39:89:1b:ee:b1:b8:
8b:ac:28:b9:dd:21:3c:b3:de:b1:7e:2e:a9:1c:9c:ef:d5:83:
9c:0c:64:45:00:b2:e5:38:12:fe:96:50:38:3b:98:e8:10:9d:
07:8b:a2:58:f4:a9:2a:c4:56:dd:00:aa:7a:a2:55:ba:10:39:
c1:6a:47:4d:aa:b8:40:83:7f:f1:bf:02:5b:85:3c:79:d3:2c:
83:29:65:da:f6:72:06:d7:6c:23:33:d1:e3:69:98:53:3e:e1:
ed:e2:72:4c:06:0c:42:3a:19:87:3c:e7:30:1e:b7:8e:db:e3:
7b:c5:39:c2:dd:36:99:7f:75:e8:49:42:47:52:91:30:2f:d6:
f3:c4:14:ea:42:64:d0:34:b4:1e:a9:f9:a0:c6:ef:b0:63:b2:
c3:6c:2f:1c:5d:75:01:8a:ee:a6:28:9f:15:2a:c1:1f:b6:8b:
43:61:0b:90:8b:55:be:ac:e6:95:ab:eb:d1:e9:93:82:69:ae:
a9:80:23:f7
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZi+DHVF9pPZFWvyL6zfGQeSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUwODE4MTYzOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjRmYWNhYTY5MDc3ODNkNzg5NTQ1Mjc4ZjU5ZDA0OWNiNWE1MWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMBC/HyAjPbiX/WSi8U5MrTas1nR
9JPl8a7QUm2IahniFn2lOSewZGbNuNzJfeUifDH/EA6XiUIYdDTpzwuvfd4tGkWY
8QzF/SVInDJWanuR836fAB+mX8xd7y+TwOVj3Lzic0VepnzwFEilhdrE22N2+xKc
bMcuaZfJufar9EdlSOvGgw8LMPgPUM3EXQGr9VMjWCZgFFhzo1ztoOLhc/ol0Ivj
5fBEhgAtZUHl7DDHKwtCrxRaTkr4MIW73vB6JawEW0PHurTsKRDwlQZyrJuonp1s
PnrIrdMJbYYG8FYjbCksmLTMtapgKXXwkVGBmwoA2ixQU1HxP3MKgh0kGwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFAJPrKppB3g9eJVFJ49Z0EnLWlGmMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvQWstc3Fta0hlRDE0bFVVbmoxblFTY3RhVWFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQCVXPQMAwD
BALVkUQDBATVkUAwDAMEAdWRUgMEAdWRWDANBgkqhkiG9w0BAQsFAAOCAQEAblij
k/FTA1GbxTV9AXakoQ49Yc6FUo4eUOgLPZ0MMsUryr0Lh0eCeN7oEH+eZtY+kCx9
mFo8Od+HVoFT5WnwOau/OYkb7rG4i6woud0hPLPesX4uqRyc79WDnAxkRQCy5TgS
/pZQODuY6BCdB4uiWPSpKsRW3QCqeqJVuhA5wWpHTaq4QIN/8b8CW4U8edMsgyll
2vZyBtdsIzPR42mYUz7h7eJyTAYMQjoZhzznMB63jtvje8U5wt02mX916ElCR1KR
MC/W88QU6kJk0DS0Hqn5oMbvsGOyw2wvHF11AYrupiifFSrBH7aLQ2ELkItVvqzm
lavr0emTgmmuqYAj9w==
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:07:03 2025 by rpki-client