Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/tDo_atpT6VLkLCUrGS5di7JdOpY.roa
File: tDo_atpT6VLkLCUrGS5di7JdOpY.roa (raw, json)
Hash identifier: 34FZjfIchoZn3cBM50GZegDU3woCBReTpheCA5hB7FA=
Subject key identifier: B4:3A:3F:6A:DA:53:E9:52:E4:2C:25:2B:19:2E:5D:8B:B2:5D:3A:96
Certificate issuer: /CN=a968adf120a74a5d10809cfd3cb6814fc89b1f46
Certificate serial: 0198C238E068691828C0C1C1E0FF6E97AA11
Authority key identifier: A9:68:AD:F1:20:A7:4A:5D:10:80:9C:FD:3C:B6:81:4F:C8:9B:1F:46
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qWit8SCnSl0QgJz9PLaBT8ibH0Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/tDo_atpT6VLkLCUrGS5di7JdOpY.roa
Signing time: Tue 19 Aug 2025 12:06:04 +0000
ROA not before: Tue 19 Aug 2025 12:06:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39507
IP address blocks: 46.253.208.0/20 maxlen: 20
91.221.158.0/23 maxlen: 23
91.222.72.0/22 maxlen: 22
91.224.196.0/23 maxlen: 23
91.231.32.0/23 maxlen: 23
91.234.100.0/22 maxlen: 22
91.237.219.0/24 maxlen: 24
91.237.224.0/22 maxlen: 22
91.237.228.0/23 maxlen: 23
95.171.192.0/19 maxlen: 19
176.101.80.0/21 maxlen: 21
176.101.128.0/20 maxlen: 20
185.3.60.0/22 maxlen: 22
185.23.44.0/22 maxlen: 22
185.41.80.0/22 maxlen: 22
185.95.196.0/22 maxlen: 22
185.107.140.0/22 maxlen: 22
185.234.232.0/22 maxlen: 22
185.245.44.0/22 maxlen: 22
185.253.64.0/22 maxlen: 22
188.191.216.0/21 maxlen: 21
194.180.220.0/22 maxlen: 22
2a07:f080::/32 maxlen: 32
2a0c:3540::/32 maxlen: 32
2a0d:3100::/29 maxlen: 29
2a0d:4a80::/32 maxlen: 32
2a0d:9180::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/qWit8SCnSl0QgJz9PLaBT8ibH0Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/qWit8SCnSl0QgJz9PLaBT8ibH0Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/qWit8SCnSl0QgJz9PLaBT8ibH0Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c2:38:e0:68:69:18:28:c0:c1:c1:e0:ff:6e:97:aa:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a968adf120a74a5d10809cfd3cb6814fc89b1f46
Validity
Not Before: Aug 19 12:06:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b43a3f6ada53e952e42c252b192e5d8bb25d3a96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:3d:cc:6b:06:e5:0f:2a:de:7b:f8:02:e8:a8:
54:56:7e:c9:af:d3:2a:47:d5:cf:94:01:c2:7a:1c:
67:cb:a0:68:7e:ab:30:09:71:1a:d6:0f:8b:22:75:
d0:62:18:e3:4a:e3:a3:b0:52:fc:84:8e:30:8f:6c:
f5:65:87:31:a9:76:31:85:31:0d:6d:2c:b2:fc:b6:
e3:7e:2c:ae:99:a9:3d:f9:f3:12:ac:14:3b:cc:1d:
82:f2:8a:70:ef:af:ee:f5:2c:4e:58:5a:97:74:0d:
39:3d:c5:68:3e:ce:14:ea:5b:75:be:be:8e:26:41:
8b:26:64:d8:34:fd:88:cc:f1:d3:7a:04:6f:03:8b:
fe:e3:25:18:e2:15:74:23:de:74:95:7c:4f:6c:cb:
c7:f2:69:31:39:7b:de:83:e4:f4:d0:3c:5c:48:32:
8f:46:09:10:ed:53:44:79:14:c6:22:8a:77:20:c3:
9f:18:62:a8:20:16:32:53:bb:76:bd:44:d3:a6:bc:
d3:d4:31:9f:45:d0:66:ca:34:67:62:23:b9:2b:1d:
58:9b:61:64:55:d2:27:a2:6a:f4:58:2e:97:38:96:
7b:48:84:cc:26:f6:07:90:cb:0d:e4:fe:df:b8:1d:
fd:c9:d9:1a:af:40:28:16:92:27:89:52:11:5f:c5:
63:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:3A:3F:6A:DA:53:E9:52:E4:2C:25:2B:19:2E:5D:8B:B2:5D:3A:96
X509v3 Authority Key Identifier:
keyid:A9:68:AD:F1:20:A7:4A:5D:10:80:9C:FD:3C:B6:81:4F:C8:9B:1F:46
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qWit8SCnSl0QgJz9PLaBT8ibH0Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/tDo_atpT6VLkLCUrGS5di7JdOpY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/qWit8SCnSl0QgJz9PLaBT8ibH0Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.253.208.0/20
91.221.158.0/23
91.222.72.0/22
91.224.196.0/23
91.231.32.0/23
91.234.100.0/22
91.237.219.0/24
91.237.224.0-91.237.229.255
95.171.192.0/19
176.101.80.0/21
176.101.128.0/20
185.3.60.0/22
185.23.44.0/22
185.41.80.0/22
185.95.196.0/22
185.107.140.0/22
185.234.232.0/22
185.245.44.0/22
185.253.64.0/22
188.191.216.0/21
194.180.220.0/22
IPv6:
2a07:f080::/32
2a0c:3540::/32
2a0d:3100::/29
2a0d:4a80::/32
2a0d:9180::/32
Signature Algorithm: sha256WithRSAEncryption
96:da:de:29:a7:6c:06:02:c8:11:46:51:a0:f1:75:87:11:f3:
90:45:98:54:63:30:7c:74:ba:2b:f3:c7:1a:6a:2b:ff:ed:3c:
d6:2f:60:fa:5a:6d:2b:67:3a:5b:7d:c9:31:7d:39:98:d7:ad:
e6:43:d4:1c:f8:0d:9b:6e:fd:ba:b3:c7:66:f7:3c:52:2f:1c:
d8:be:f0:35:fe:20:92:c7:0a:dd:44:fd:1e:b2:a9:fc:09:59:
23:41:e1:9f:fc:9e:38:16:49:92:cd:9b:c5:44:05:71:78:19:
1c:0e:ab:5d:b4:1b:eb:f7:a4:0b:c8:a0:79:82:d4:6b:41:a9:
84:77:c9:e2:50:8c:7e:3e:13:41:84:7b:49:d5:5f:97:6d:3f:
c8:f7:e1:2f:66:04:48:bd:4e:ce:bd:68:69:d6:cc:3c:bd:1d:
98:6b:8e:a6:16:aa:d1:88:fa:ff:f3:6b:f1:1f:5d:9a:13:ad:
96:3f:5e:61:03:13:9e:25:b4:8e:32:cd:45:f4:d0:46:24:e5:
b9:f3:81:3d:4a:4c:ec:bc:3e:11:9a:70:b1:e8:27:ac:76:49:
ea:53:d2:70:27:3f:55:3a:22:48:91:39:5e:75:d4:db:90:57:
bc:14:1f:f7:3b:a3:dc:7a:e6:f1:44:47:a1:ad:a7:39:3f:2f:
e7:5d:87:08
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgISAZjCOOBoaRgowMHB4P9ul6oRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NjhhZGYxMjBhNzRhNWQxMDgwOWNmZDNjYjY4MTRmYzg5
YjFmNDYwHhcNMjUwODE5MTIwNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDNhM2Y2YWRhNTNlOTUyZTQyYzI1MmIxOTJlNWQ4YmIyNWQzYTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD3MawblDyree/gC6KhUVn7Jr9Mq
R9XPlAHCehxny6BofqswCXEa1g+LInXQYhjjSuOjsFL8hI4wj2z1ZYcxqXYxhTEN
bSyy/Lbjfiyumak9+fMSrBQ7zB2C8opw76/u9SxOWFqXdA05PcVoPs4U6lt1vr6O
JkGLJmTYNP2IzPHTegRvA4v+4yUY4hV0I950lXxPbMvH8mkxOXveg+T00DxcSDKP
RgkQ7VNEeRTGIop3IMOfGGKoIBYyU7t2vUTTprzT1DGfRdBmyjRnYiO5Kx1Ym2Fk
VdInomr0WC6XOJZ7SITMJvYHkMsN5P7fuB39ydkar0AoFpIniVIRX8Vj3wIDAQAB
o4ICuTCCArUwHQYDVR0OBBYEFLQ6P2raU+lS5CwlKxkuXYuyXTqWMB8GA1UdIwQY
MBaAFKlorfEgp0pdEICc/Ty2gU/Imx9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVdpdDhTQ25TbDBRZ0p6OVBMYUJUOGliSDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jNGIyMTEtYzA4OS00YzA1LTgwM2It
ODBjZTQ1ODYxMjM5LzEvdERvX2F0cFQ2VkxrTENVckdTNWRpN0pkT3BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jNGIyMTEtYzA4OS00YzA1LTgwM2ItODBjZTQ1ODYxMjM5
LzEvcVdpdDhTQ25TbDBRZ0p6OVBMYUJUOGliSDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHOBggrBgEFBQcBBwEB/wSBvjCBuzCBjQQCAAEwgYYDBAQu
/dADBAFb3Z4DBAJb3kgDBAFb4MQDBAFb5yADBAJb6mQDBABb7dswDAMEBVvt4AME
AVvt5AMEBV+rwAMEA7BlUAMEBLBlgAMEArkDPAMEArkXLAMEArkpUAMEArlfxAME
ArlrjAMEArnq6AMEArn1LAMEArn9QAMEA7y/2AMEAsK03DApBAIAAjAjAwUAKgfw
gAMFACoMNUADBQMqDTEAAwUAKg1KgAMFACoNkYAwDQYJKoZIhvcNAQELBQADggEB
AJba3imnbAYCyBFGUaDxdYcR85BFmFRjMHx0uivzxxpqK//tPNYvYPpabStnOlt9
yTF9OZjXreZD1Bz4DZtu/bqzx2b3PFIvHNi+8DX+IJLHCt1E/R6yqfwJWSNB4Z/8
njgWSZLNm8VEBXF4GRwOq120G+v3pAvIoHmC1GtBqYR3yeJQjH4+E0GEe0nVX5dt
P8j34S9mBEi9Ts69aGnWzDy9HZhrjqYWqtGI+v/za/EfXZoTrZY/XmEDE54ltI4y
zUX00EYk5bnzgT1KTOy8PhGacLHoJ6x2SepT0nAnP1U6IkiROV511NuQV7wUH/c7
o9x65vFER6Gtpzk/L+ddhwg=
-----END CERTIFICATE-----
Generated at Sat Aug 23 18:19:28 2025 by rpki-client