Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/537191-1179-48ec-ad9f-ffe43a52d3f6/1/X9RNdUxkmLFNiFpUP9LHqq5hH5Q.roa
File: X9RNdUxkmLFNiFpUP9LHqq5hH5Q.roa (raw, json)
Hash identifier: sO05RjG57ukJeOdbo7TbIC4ef+lfKmg1XE7a20jQ0B4=
Subject key identifier: 5F:D4:4D:75:4C:64:98:B1:4D:88:5A:54:3F:D2:C7:AA:AE:61:1F:94
Certificate issuer: /CN=b9ac49d1ccdcaedd9a13f4803df1aedce6dc1112
Certificate serial: 0197F37C7838A7B2A20697B14FEF5B11DEF9
Authority key identifier: B9:AC:49:D1:CC:DC:AE:DD:9A:13:F4:80:3D:F1:AE:DC:E6:DC:11:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uaxJ0czcrt2aE_SAPfGu3ObcERI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/537191-1179-48ec-ad9f-ffe43a52d3f6/1/X9RNdUxkmLFNiFpUP9LHqq5hH5Q.roa
Signing time: Thu 10 Jul 2025 08:38:30 +0000
ROA not before: Thu 10 Jul 2025 08:38:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 52157
IP address blocks: 5.100.188.0/22 maxlen: 22
93.89.112.0/20 maxlen: 20
185.193.92.0/22 maxlen: 22
185.209.224.0/22 maxlen: 22
185.237.36.0/22 maxlen: 22
2a02:25e8::/29 maxlen: 29
2a03:ba00::/32 maxlen: 32
2a03:ba01::/32 maxlen: 32
2a03:ba02::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/08/537191-1179-48ec-ad9f-ffe43a52d3f6/1/uaxJ0czcrt2aE_SAPfGu3ObcERI.crl
rsync://rpki.ripe.net/repository/DEFAULT/08/537191-1179-48ec-ad9f-ffe43a52d3f6/1/uaxJ0czcrt2aE_SAPfGu3ObcERI.mft
rsync://rpki.ripe.net/repository/DEFAULT/uaxJ0czcrt2aE_SAPfGu3ObcERI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 00:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f3:7c:78:38:a7:b2:a2:06:97:b1:4f:ef:5b:11:de:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9ac49d1ccdcaedd9a13f4803df1aedce6dc1112
Validity
Not Before: Jul 10 08:38:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5fd44d754c6498b14d885a543fd2c7aaae611f94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:42:51:d4:55:e6:85:b0:92:a7:aa:39:0c:d1:
85:c2:54:1c:2c:2c:7e:34:72:e2:ac:b2:07:24:b2:
57:0b:1c:22:51:02:f6:12:e6:19:ec:b9:ab:14:d3:
5a:2e:b5:28:75:ca:8b:c8:2c:a0:39:7d:ba:8d:df:
c2:2a:ac:75:d8:b5:9f:d9:b4:8e:b5:26:0e:6c:62:
4c:c5:51:fb:29:97:3f:07:ff:b0:07:42:ab:39:09:
6e:f8:e9:74:1b:68:da:6d:59:15:c1:42:d3:4e:dc:
01:bc:4d:a3:6d:7e:0e:e1:87:fe:7a:29:e3:83:d2:
90:b0:14:65:a1:4c:26:c3:b8:89:ec:23:cb:aa:4f:
55:fc:39:b6:07:f2:18:2f:d4:e2:10:9c:1c:eb:17:
74:a3:c5:e6:49:69:00:e8:a2:fa:7b:e9:c4:4d:9b:
da:14:a3:17:d3:ff:ed:c7:dc:fb:a4:cd:39:f6:9f:
46:21:a3:f8:6a:01:b0:8b:b2:c2:ae:0b:85:25:5c:
bb:84:0f:30:c9:0d:71:cf:5d:e3:66:6c:fd:be:d4:
40:3d:8f:5d:0a:62:4b:29:93:d6:b6:f2:a8:d2:d0:
1f:b1:5b:f1:4a:3f:f8:02:a1:78:d2:9b:2d:00:25:
a5:62:52:d1:ad:f7:d8:f5:9d:56:b1:f1:4e:9f:f1:
d5:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:D4:4D:75:4C:64:98:B1:4D:88:5A:54:3F:D2:C7:AA:AE:61:1F:94
X509v3 Authority Key Identifier:
keyid:B9:AC:49:D1:CC:DC:AE:DD:9A:13:F4:80:3D:F1:AE:DC:E6:DC:11:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uaxJ0czcrt2aE_SAPfGu3ObcERI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/537191-1179-48ec-ad9f-ffe43a52d3f6/1/X9RNdUxkmLFNiFpUP9LHqq5hH5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/537191-1179-48ec-ad9f-ffe43a52d3f6/1/uaxJ0czcrt2aE_SAPfGu3ObcERI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.100.188.0/22
93.89.112.0/20
185.193.92.0/22
185.209.224.0/22
185.237.36.0/22
IPv6:
2a02:25e8::/29
2a03:ba00::-2a03:ba02:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
0e:92:59:ef:11:2a:4e:11:ab:bb:ec:d2:90:b3:4e:e7:11:68:
62:fb:47:2d:ce:80:53:16:58:5e:e5:e7:8d:ac:6f:4b:42:52:
bc:15:ba:85:e4:71:cc:6d:4f:49:ff:71:6f:98:7a:f8:f2:c6:
74:eb:a2:83:8b:7c:99:c9:32:85:d5:9f:a4:fa:54:37:0c:d7:
fa:31:57:01:92:d8:27:94:82:88:b1:8a:7a:ef:ba:38:16:ea:
23:72:fc:66:8b:08:0e:00:a8:68:1f:d6:02:2a:8f:a7:ab:eb:
2e:1d:e4:f2:9d:be:fe:04:a2:e4:23:3b:b3:c7:6c:3a:a2:08:
8a:f1:e4:61:a2:d7:e3:a0:b8:36:71:fc:fa:70:a3:e2:3f:08:
7a:83:aa:36:b6:4f:b6:9b:23:32:de:67:b3:c5:26:e7:d9:dc:
9c:29:b0:91:82:27:7e:0e:6d:f4:11:af:55:a3:7b:a2:a5:6d:
87:ea:75:0b:e1:30:a2:0c:ca:0a:e2:cf:79:ce:46:58:cf:47:
41:4f:4b:06:c5:e3:7b:36:f9:61:06:ed:b7:7d:a3:56:ca:56:
bb:48:60:90:9d:e1:b2:01:02:26:10:84:77:d2:2c:e4:8f:f6:
15:12:66:d4:22:6a:8b:c3:f3:da:92:00:31:7d:78:8e:76:b9:
87:af:b9:98
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZfzfHg4p7KiBpexT+9bEd75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YWM0OWQxY2NkY2FlZGQ5YTEzZjQ4MDNkZjFhZWRjZTZk
YzExMTIwHhcNMjUwNzEwMDgzODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmQ0NGQ3NTRjNjQ5OGIxNGQ4ODVhNTQzZmQyYzdhYWFlNjExZjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0JR1FXmhbCSp6o5DNGFwlQcLCx+
NHLirLIHJLJXCxwiUQL2EuYZ7LmrFNNaLrUodcqLyCygOX26jd/CKqx12LWf2bSO
tSYObGJMxVH7KZc/B/+wB0KrOQlu+Ol0G2jabVkVwULTTtwBvE2jbX4O4Yf+einj
g9KQsBRloUwmw7iJ7CPLqk9V/Dm2B/IYL9TiEJwc6xd0o8XmSWkA6KL6e+nETZva
FKMX0//tx9z7pM059p9GIaP4agGwi7LCrguFJVy7hA8wyQ1xz13jZmz9vtRAPY9d
CmJLKZPWtvKo0tAfsVvxSj/4AqF40pstACWlYlLRrffY9Z1WsfFOn/HVDQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFF/UTXVMZJixTYhaVD/Sx6quYR+UMB8GA1UdIwQY
MBaAFLmsSdHM3K7dmhP0gD3xrtzm3BESMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWF4SjBjemNydDJhRV9TQVBmR3UzT2JjRVJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC81MzcxOTEtMTE3OS00OGVjLWFkOWYt
ZmZlNDNhNTJkM2Y2LzEvWDlSTmRVeGttTEZOaUZwVVA5TEhxcTVoSDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC81MzcxOTEtMTE3OS00OGVjLWFkOWYtZmZlNDNhNTJkM2Y2
LzEvdWF4SjBjemNydDJhRV9TQVBmR3UzT2JjRVJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAkBAIAATAeAwQCBWS8AwQE
XVlwAwQCucFcAwQCudHgAwQCue0kMBwEAgACMBYDBQMqAiXoMA0DBAEqA7oDBQAq
A7oCMA0GCSqGSIb3DQEBCwUAA4IBAQAOklnvESpOEau77NKQs07nEWhi+0ctzoBT
Flhe5eeNrG9LQlK8FbqF5HHMbU9J/3FvmHr48sZ066KDi3yZyTKF1Z+k+lQ3DNf6
MVcBktgnlIKIsYp677o4FuojcvxmiwgOAKhoH9YCKo+nq+suHeTynb7+BKLkIzuz
x2w6ogiK8eRhotfjoLg2cfz6cKPiPwh6g6o2tk+2myMy3mezxSbn2dycKbCRgid+
Dm30Ea9Vo3uipW2H6nUL4TCiDMoK4s95zkZYz0dBT0sGxeN7NvlhBu23faNWyla7
SGCQneGyAQImEIR30izkj/YVEmbUImqLw/PakgAxfXiOdrmHr7mY
-----END CERTIFICATE-----
Generated at Sun Jul 27 08:43:39 2025 by rpki-client