Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/32XJfOuajaXKWFXToBNlGxtkW6Q.roa
File: 32XJfOuajaXKWFXToBNlGxtkW6Q.roa (raw, json)
Hash identifier: dKLGEpCpRymK3fL0g+5BlFVGvIZeLfMhwXmSO0Ljm9k=
Subject key identifier: DF:65:C9:7C:EB:9A:8D:A5:CA:58:55:D3:A0:13:65:1B:1B:64:5B:A4
Certificate issuer: /CN=aeb0b777f5377bb1c50653884b03e27dcdee828e
Certificate serial: 01999A4A4577994D1496ADB85CEFDA674B41
Authority key identifier: AE:B0:B7:77:F5:37:7B:B1:C5:06:53:88:4B:03:E2:7D:CD:EE:82:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/32XJfOuajaXKWFXToBNlGxtkW6Q.roa
Signing time: Tue 30 Sep 2025 11:03:02 +0000
ROA not before: Tue 30 Sep 2025 11:03:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33921
IP address blocks: 5.42.207.0/24 maxlen: 24
45.92.79.0/24 maxlen: 24
84.246.112.0/24 maxlen: 24
84.246.113.0/24 maxlen: 24
84.246.114.0/24 maxlen: 24
84.246.115.0/24 maxlen: 24
194.213.108.0/24 maxlen: 24
2a13:a380::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.mft
rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 16:33:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9a:4a:45:77:99:4d:14:96:ad:b8:5c:ef:da:67:4b:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aeb0b777f5377bb1c50653884b03e27dcdee828e
Validity
Not Before: Sep 30 11:03:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=df65c97ceb9a8da5ca5855d3a013651b1b645ba4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:69:ae:f8:f8:0b:06:f8:32:62:ed:a6:f0:d6:
2e:5b:6e:fe:fb:d2:7b:36:78:0e:2c:5b:c1:e9:1d:
16:75:59:55:b9:3f:a1:97:f4:ff:df:fd:f7:1f:a0:
68:ea:14:0d:95:bf:32:80:7d:39:af:a3:6e:65:62:
4f:4b:0c:8d:84:2f:aa:4b:bf:7a:a6:ba:4e:7c:57:
36:4a:55:a6:4d:19:a1:bd:3c:53:99:5f:15:9a:55:
28:fd:03:be:c7:1b:cf:e5:d1:5c:83:2e:d3:f5:25:
bf:58:bf:95:e4:83:b6:67:b7:b1:93:0f:86:ca:dc:
69:f6:be:fc:e5:d6:e6:8f:01:13:37:be:5c:13:3c:
c1:83:97:d1:7a:e4:f8:39:ec:88:45:1e:a9:74:93:
ea:e0:9c:bc:30:ba:17:00:12:2e:a4:f5:f3:ef:59:
17:16:84:e9:b2:f1:d1:d2:52:6d:90:cf:04:42:68:
25:9d:d5:54:a8:e8:41:c9:72:25:55:a1:43:9c:cc:
12:3e:e3:17:fa:97:b5:4c:38:5d:df:f1:8d:57:85:
89:db:de:3e:f7:b4:99:65:12:b5:a9:9c:f2:43:47:
1e:35:b0:77:62:50:77:a7:22:1f:98:d9:80:86:42:
8d:1e:a7:ac:58:e3:f9:ee:81:b2:a5:0a:61:27:26:
4d:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:65:C9:7C:EB:9A:8D:A5:CA:58:55:D3:A0:13:65:1B:1B:64:5B:A4
X509v3 Authority Key Identifier:
keyid:AE:B0:B7:77:F5:37:7B:B1:C5:06:53:88:4B:03:E2:7D:CD:EE:82:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/32XJfOuajaXKWFXToBNlGxtkW6Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.207.0/24
45.92.79.0/24
84.246.112.0/22
194.213.108.0/24
IPv6:
2a13:a380::/40
Signature Algorithm: sha256WithRSAEncryption
68:ad:79:3a:23:a3:e2:27:b4:5e:03:8f:3d:b1:80:88:9d:66:
46:83:b8:77:02:d3:24:98:66:51:18:80:e7:9a:68:9d:fc:92:
8b:52:1e:4c:52:00:ef:7e:c2:31:87:b1:05:3c:40:69:08:56:
b2:2e:09:f0:da:43:18:ab:25:7c:e9:3e:ef:19:ee:fb:f0:da:
ca:b7:8e:58:02:60:44:ba:22:cf:9d:3f:06:0b:6c:ee:62:82:
82:70:b0:de:e1:57:05:e2:da:13:e3:74:28:54:ac:20:f2:57:
c7:5a:6e:b7:ea:b5:06:62:5f:c8:eb:c4:73:49:8a:be:1f:55:
49:97:c0:44:0a:eb:81:92:9b:cb:fd:56:6a:5f:86:ce:9c:4e:
dc:92:ee:6c:e2:20:0f:35:07:54:e1:55:02:a7:66:e6:79:d3:
cd:0e:de:e1:a1:3f:33:a7:7f:47:86:55:6e:b9:f3:9f:f7:76:
dc:fd:9b:22:17:12:1b:d6:f3:ec:63:07:49:cf:95:fe:db:ee:
bb:a0:60:5a:e8:1b:4f:96:7a:01:a3:82:23:e3:0c:4f:5c:df:
6a:be:f0:1d:fc:1a:74:41:73:81:cd:6e:58:bb:46:16:4f:7e:
d2:7b:45:e0:af:74:d8:45:97:c4:15:6a:1d:ed:06:b1:8b:c4:
fe:dc:40:4f
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZmaSkV3mU0Ulq24XO/aZ0tBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjBiNzc3ZjUzNzdiYjFjNTA2NTM4ODRiMDNlMjdkY2Rl
ZTgyOGUwHhcNMjUwOTMwMTEwMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjY1Yzk3Y2ViOWE4ZGE1Y2E1ODU1ZDNhMDEzNjUxYjFiNjQ1YmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9mmu+PgLBvgyYu2m8NYuW27++9J7
NngOLFvB6R0WdVlVuT+hl/T/3/33H6Bo6hQNlb8ygH05r6NuZWJPSwyNhC+qS796
prpOfFc2SlWmTRmhvTxTmV8VmlUo/QO+xxvP5dFcgy7T9SW/WL+V5IO2Z7exkw+G
ytxp9r785dbmjwETN75cEzzBg5fReuT4OeyIRR6pdJPq4Jy8MLoXABIupPXz71kX
FoTpsvHR0lJtkM8EQmglndVUqOhByXIlVaFDnMwSPuMX+pe1TDhd3/GNV4WJ294+
97SZZRK1qZzyQ0ceNbB3YlB3pyIfmNmAhkKNHqesWOP57oGypQphJyZNuQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFN9lyXzrmo2lylhV06ATZRsbZFukMB8GA1UdIwQY
MBaAFK6wt3f1N3uxxQZTiEsD4n3N7oKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJDM2RfVTNlN0hGQmxPSVN3UGlmYzN1Z280LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8yMmRmNjEtYjYwOS00OTg2LTk5ZTMt
OTI2YzRhMzI2ZTA4LzEvMzJYSmZPdWFqYVhLV0ZYVG9CTmxHeHRrVzZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8yMmRmNjEtYjYwOS00OTg2LTk5ZTMtOTI2YzRhMzI2ZTA4
LzEvcnJDM2RfVTNlN0hGQmxPSVN3UGlmYzN1Z280LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQABSrPAwQA
LVxPAwQCVPZwAwQAwtVsMA4EAgACMAgDBgAqE6OAADANBgkqhkiG9w0BAQsFAAOC
AQEAaK15OiOj4ie0XgOPPbGAiJ1mRoO4dwLTJJhmURiA55ponfySi1IeTFIA737C
MYexBTxAaQhWsi4J8NpDGKslfOk+7xnu+/DayreOWAJgRLoiz50/Bgts7mKCgnCw
3uFXBeLaE+N0KFSsIPJXx1put+q1BmJfyOvEc0mKvh9VSZfARArrgZKby/1Wal+G
zpxO3JLubOIgDzUHVOFVAqdm5nnTzQ7e4aE/M6d/R4ZVbrnzn/d23P2bIhcSG9bz
7GMHSc+V/tvuu6BgWugbT5Z6AaOCI+MMT1zfar7wHfwadEFzgc1uWLtGFk9+0ntF
4K902EWXxBVqHe0GsYvE/txATw==
-----END CERTIFICATE-----
Generated at Thu Oct 9 01:18:46 2025 by rpki-client