Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/dHr3S3MtNvYw9zPAytJUJf5Polg.roa
File: dHr3S3MtNvYw9zPAytJUJf5Polg.roa (raw, json)
Hash identifier: 6ik71U5mDCDLej/D58qufytoq9ZgmhfMCzyzKL+xxNA=
Subject key identifier: 74:7A:F7:4B:73:2D:36:F6:30:F7:33:C0:CA:D2:54:25:FE:4F:A2:58
Certificate issuer: /CN=2f3136ed10998580a517d9598abca33d9ba66599
Certificate serial: 01995E9A7049160870418F83B0D7FE96865E
Authority key identifier: 2F:31:36:ED:10:99:85:80:A5:17:D9:59:8A:BC:A3:3D:9B:A6:65:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LzE27RCZhYClF9lZiryjPZumZZk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/dHr3S3MtNvYw9zPAytJUJf5Polg.roa
Signing time: Thu 18 Sep 2025 20:53:23 +0000
ROA not before: Thu 18 Sep 2025 20:53:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 145.224.128.0/20 maxlen: 24
145.224.144.0/20 maxlen: 24
145.224.160.0/20 maxlen: 24
145.224.176.0/20 maxlen: 24
145.224.192.0/19 maxlen: 24
145.224.192.0/24 maxlen: 24
163.76.128.0/20 maxlen: 24
163.76.144.0/20 maxlen: 24
163.76.160.0/20 maxlen: 24
163.76.176.0/20 maxlen: 24
163.76.192.0/20 maxlen: 24
2a03:5d67::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/LzE27RCZhYClF9lZiryjPZumZZk.crl
rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/LzE27RCZhYClF9lZiryjPZumZZk.mft
rsync://rpki.ripe.net/repository/DEFAULT/LzE27RCZhYClF9lZiryjPZumZZk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 13:21:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:5e:9a:70:49:16:08:70:41:8f:83:b0:d7:fe:96:86:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f3136ed10998580a517d9598abca33d9ba66599
Validity
Not Before: Sep 18 20:53:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=747af74b732d36f630f733c0cad25425fe4fa258
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:ab:08:8e:59:7c:cd:51:3d:95:dc:fa:4b:3b:
08:21:31:f2:4c:e9:ab:3a:bd:a7:ca:e4:84:69:db:
e1:bf:39:fd:d7:45:14:72:c8:8f:b6:a4:91:b0:7c:
e4:cc:09:51:3c:ea:51:e1:ae:99:43:4f:1c:89:a7:
5e:c8:00:6d:ad:99:f2:ae:fc:b1:36:72:6c:f2:61:
a5:1a:82:bc:61:11:f7:fc:bb:e3:2e:7c:df:cd:9f:
12:b9:39:59:ab:a1:5d:3e:57:37:a0:99:11:40:69:
6d:98:9a:a6:3b:93:52:72:10:6c:97:6e:8b:6e:9a:
bc:0b:c5:e6:9b:bd:67:39:51:5f:9f:35:0e:a1:f2:
64:3f:b9:f7:20:4f:2c:fa:f0:57:30:a8:3b:0b:54:
a8:1e:58:c5:45:cf:36:a4:43:2e:84:50:8d:84:64:
07:8c:49:48:52:f2:c7:61:11:25:38:61:a3:ae:44:
06:87:49:05:42:c3:0f:fe:b5:b6:bd:a5:dc:5f:19:
32:ca:0e:fd:66:f9:12:e2:8e:0f:e7:f9:c2:59:ed:
18:ba:a9:bd:e5:a1:05:fe:69:a6:17:0e:21:e6:04:
5b:12:a0:4d:63:71:33:61:c3:15:5a:4b:1a:e2:98:
d7:55:79:d3:2d:fd:8f:96:cd:40:3b:d0:46:53:12:
71:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:7A:F7:4B:73:2D:36:F6:30:F7:33:C0:CA:D2:54:25:FE:4F:A2:58
X509v3 Authority Key Identifier:
keyid:2F:31:36:ED:10:99:85:80:A5:17:D9:59:8A:BC:A3:3D:9B:A6:65:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LzE27RCZhYClF9lZiryjPZumZZk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/dHr3S3MtNvYw9zPAytJUJf5Polg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/LzE27RCZhYClF9lZiryjPZumZZk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.224.128.0-145.224.223.255
163.76.128.0-163.76.207.255
IPv6:
2a03:5d67::/32
Signature Algorithm: sha256WithRSAEncryption
69:fa:a5:06:51:73:10:75:e6:cb:cc:48:43:ac:d2:25:68:81:
e4:5d:e0:da:a0:2d:0d:44:73:28:43:63:5f:65:fb:47:4c:65:
33:d6:09:2c:34:ef:99:8f:04:a3:7b:1d:3c:4e:9a:f5:ea:32:
5f:ba:1f:c9:21:ce:12:fc:88:3d:80:86:22:00:3d:84:38:48:
c2:fa:4c:e5:27:99:54:79:f7:08:b3:a1:5f:b8:51:bd:fc:72:
bc:fb:50:67:7a:e0:4b:48:a6:a5:f9:a5:15:5d:32:6f:50:ae:
e9:08:fd:84:37:46:e9:ac:ed:95:2a:2b:d3:27:94:b2:77:9f:
49:bb:8f:59:b8:9d:f2:8e:bc:1d:74:e7:75:99:86:28:0a:cd:
3c:b2:5d:2b:6b:83:bd:7b:5e:dc:d4:36:ac:f6:49:b8:af:bd:
5b:25:68:7d:24:6a:47:23:66:50:7f:65:5f:09:19:cb:7b:a0:
5c:d5:7b:fe:77:0c:6c:73:77:bb:d9:59:fa:22:26:5d:de:ac:
4a:31:cd:8c:13:3b:60:98:58:78:47:7e:27:75:e1:72:4e:b8:
ae:10:ff:74:a2:cb:05:d9:e8:50:8c:6f:e7:f7:73:1a:b4:ba:
e2:5a:82:9b:f8:cd:b3:3e:5d:41:e9:ef:b0:41:5f:1b:0b:0d:
be:80:d2:59
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZlemnBJFghwQY+DsNf+loZeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMzEzNmVkMTA5OTg1ODBhNTE3ZDk1OThhYmNhMzNkOWJh
NjY1OTkwHhcNMjUwOTE4MjA1MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDdhZjc0YjczMmQzNmY2MzBmNzMzYzBjYWQyNTQyNWZlNGZhMjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36sIjll8zVE9ldz6SzsIITHyTOmr
Or2nyuSEadvhvzn910UUcsiPtqSRsHzkzAlRPOpR4a6ZQ08ciadeyABtrZnyrvyx
NnJs8mGlGoK8YRH3/LvjLnzfzZ8SuTlZq6FdPlc3oJkRQGltmJqmO5NSchBsl26L
bpq8C8Xmm71nOVFfnzUOofJkP7n3IE8s+vBXMKg7C1SoHljFRc82pEMuhFCNhGQH
jElIUvLHYRElOGGjrkQGh0kFQsMP/rW2vaXcXxkyyg79ZvkS4o4P5/nCWe0Yuqm9
5aEF/mmmFw4h5gRbEqBNY3EzYcMVWksa4pjXVXnTLf2Pls1AO9BGUxJxfQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFHR690tzLTb2MPczwMrSVCX+T6JYMB8GA1UdIwQY
MBaAFC8xNu0QmYWApRfZWYq8oz2bpmWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHpFMjdSQ1poWUNsRjlsWmlyeWpQWnVtWlprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mOTBkODMtMDJiZS00ZTVmLWJkMGYt
OTI5ZjEwNjYzMGYxLzEvZEhyM1MzTXROdll3OXpQQXl0SlVKZjVQb2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mOTBkODMtMDJiZS00ZTVmLWJkMGYtOTI5ZjEwNjYzMGYx
LzEvTHpFMjdSQ1poWUNsRjlsWmlyeWpQWnVtWlprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAiBAIAATAcMAwDBAeR4IAD
BAWR4MAwDAMEB6NMgAMEBKNMwDANBAIAAjAHAwUAKgNdZzANBgkqhkiG9w0BAQsF
AAOCAQEAafqlBlFzEHXmy8xIQ6zSJWiB5F3g2qAtDURzKENjX2X7R0xlM9YJLDTv
mY8Eo3sdPE6a9eoyX7ofySHOEvyIPYCGIgA9hDhIwvpM5SeZVHn3CLOhX7hRvfxy
vPtQZ3rgS0impfmlFV0yb1Cu6Qj9hDdG6aztlSor0yeUsnefSbuPWbid8o68HXTn
dZmGKArNPLJdK2uDvXte3NQ2rPZJuK+9WyVofSRqRyNmUH9lXwkZy3ugXNV7/ncM
bHN3u9lZ+iImXd6sSjHNjBM7YJhYeEd+J3Xhck64rhD/dKLLBdnoUIxv5/dzGrS6
4lqCm/jNsz5dQenvsEFfGwsNvoDSWQ==
-----END CERTIFICATE-----
Generated at Wed Oct 8 22:51:07 2025 by rpki-client