Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/0rEIceaKS3aZkNghX8Jx7J9MC6w.roa
File: 0rEIceaKS3aZkNghX8Jx7J9MC6w.roa (raw, json)
Hash identifier: K7xyCMi2UhNSiwvVtT5jORld0ff0aWurjAftM1O8nno=
Subject key identifier: D2:B1:08:71:E6:8A:4B:76:99:90:D8:21:5F:C2:71:EC:9F:4C:0B:AC
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 019791A9A4AB151D2E8BD5AC0EE95191201C
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/0rEIceaKS3aZkNghX8Jx7J9MC6w.roa
Signing time: Sat 21 Jun 2025 08:45:03 +0000
ROA not before: Sat 21 Jun 2025 08:45:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12846
IP address blocks: 90.188.0.0/20 maxlen: 23
90.188.0.0/23 maxlen: 23
90.188.16.0/20 maxlen: 20
194.150.128.0/19 maxlen: 19
194.150.146.0/24 maxlen: 24
212.94.96.0/19 maxlen: 19
212.94.101.0/24 maxlen: 24
212.94.126.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 03 Jul 2025 19:33:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:91:a9:a4:ab:15:1d:2e:8b:d5:ac:0e:e9:51:91:20:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Jun 21 08:45:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d2b10871e68a4b769990d8215fc271ec9f4c0bac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:3f:ac:a5:c2:fb:08:0d:10:5b:0c:66:57:6c:
44:a2:2d:81:7d:0e:05:da:c9:3f:45:af:f5:05:27:
b0:3a:65:2a:da:23:b0:5d:c0:00:e0:ed:9c:fd:e0:
a1:31:ce:e0:62:67:2b:0e:10:72:bb:6d:3c:39:f6:
4c:cd:c3:c2:71:2a:bf:bc:ea:1a:84:ae:4c:36:0d:
99:8d:78:d2:e2:ac:8e:2e:0a:4c:0a:c7:46:04:3e:
67:14:cc:5f:7e:18:00:e5:f0:b4:93:1f:14:d7:64:
44:40:9f:4d:89:a6:db:3c:88:97:fa:67:90:6d:4d:
2c:6e:60:71:65:c0:85:73:be:6a:fa:f9:ee:f5:76:
c7:dc:bc:19:b7:13:77:e6:06:55:ae:6c:4c:e8:42:
e1:ab:07:4c:e4:76:c8:98:88:19:50:cc:d0:88:fc:
1c:b2:3e:d4:0c:75:ed:b1:22:af:75:97:48:4a:d6:
a8:73:17:9d:db:7f:1a:b8:a0:19:33:79:18:1b:af:
08:62:61:b5:ad:0f:7b:3c:cd:5a:f0:ca:9a:e6:c4:
60:6b:31:ed:ba:ed:de:d4:c3:74:86:15:65:ab:6a:
a5:07:06:87:23:c8:3f:f4:86:e0:6a:3e:75:bc:b8:
aa:64:7f:05:ff:d6:1b:36:01:ea:a1:08:63:a9:08:
25:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:B1:08:71:E6:8A:4B:76:99:90:D8:21:5F:C2:71:EC:9F:4C:0B:AC
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/0rEIceaKS3aZkNghX8Jx7J9MC6w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
90.188.0.0/19
194.150.128.0/19
212.94.96.0/19
Signature Algorithm: sha256WithRSAEncryption
25:0e:22:1a:fd:06:b8:04:73:01:11:9e:31:37:0c:67:ab:af:
e8:43:06:b5:0e:57:2e:d0:0b:de:60:a1:03:63:49:c5:23:a4:
f9:ac:09:e0:71:a5:5a:87:7e:bc:41:79:32:49:3f:ec:3d:12:
e4:20:8d:1f:80:e7:48:40:02:a5:4a:e9:03:d9:6a:a8:40:1f:
48:77:e2:61:ed:ed:f6:a5:17:82:c5:91:8f:39:40:61:94:eb:
cb:31:26:41:73:7a:85:81:1d:6c:0e:8b:77:b3:f1:04:f9:0b:
0f:7a:ef:58:58:e9:b6:29:5a:69:b4:2b:35:93:19:32:df:f1:
81:cb:47:92:e7:c2:95:00:04:01:ec:82:96:c2:37:4e:27:7c:
ea:c2:23:9c:83:a0:cb:95:53:7a:e8:6c:d0:46:a6:92:ff:f0:
15:9f:23:01:bd:fb:dd:d4:a1:27:ad:12:50:99:b4:08:74:bf:
ff:64:cd:9b:fb:83:e3:a1:0b:3a:c6:36:02:fc:30:6c:e5:b5:
02:14:5c:56:d7:a9:9c:7f:57:75:e9:40:47:71:a9:5c:a2:79:
05:bd:41:86:98:88:10:6a:d2:a1:6e:2b:47:54:06:14:74:1c:
74:a5:80:ac:45:ad:a9:de:5c:93:05:b6:63:ee:7d:53:ef:8d:
0a:a6:00:d2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZeRqaSrFR0ui9WsDulRkSAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwNjIxMDg0NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmIxMDg3MWU2OGE0Yjc2OTk5MGQ4MjE1ZmMyNzFlYzlmNGMwYmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxD+spcL7CA0QWwxmV2xEoi2BfQ4F
2sk/Ra/1BSewOmUq2iOwXcAA4O2c/eChMc7gYmcrDhByu208OfZMzcPCcSq/vOoa
hK5MNg2ZjXjS4qyOLgpMCsdGBD5nFMxffhgA5fC0kx8U12REQJ9NiabbPIiX+meQ
bU0sbmBxZcCFc75q+vnu9XbH3LwZtxN35gZVrmxM6ELhqwdM5HbImIgZUMzQiPwc
sj7UDHXtsSKvdZdIStaocxed238auKAZM3kYG68IYmG1rQ97PM1a8Mqa5sRgazHt
uu3e1MN0hhVlq2qlBwaHI8g/9Ibgaj51vLiqZH8F/9YbNgHqoQhjqQgldQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNKxCHHmikt2mZDYIV/CceyfTAusMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvMHJFSWNlYUtTM2Faa05naFg4Sng3SjlNQzZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFWrwAAwQF
wpaAAwQF1F5gMA0GCSqGSIb3DQEBCwUAA4IBAQAlDiIa/Qa4BHMBEZ4xNwxnq6/o
Qwa1Dlcu0AveYKEDY0nFI6T5rAngcaVah368QXkyST/sPRLkII0fgOdIQAKlSukD
2WqoQB9Id+Jh7e32pReCxZGPOUBhlOvLMSZBc3qFgR1sDot3s/EE+QsPeu9YWOm2
KVpptCs1kxky3/GBy0eS58KVAAQB7IKWwjdOJ3zqwiOcg6DLlVN66GzQRqaS//AV
nyMBvfvd1KEnrRJQmbQIdL//ZM2b+4PjoQs6xjYC/DBs5bUCFFxW16mcf1d16UBH
calconkFvUGGmIgQatKhbitHVAYUdBx0pYCsRa2p3lyTBbZj7n1T740KpgDS
-----END CERTIFICATE-----
Generated at Wed Jul 2 22:45:13 2025 by rpki-client