Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/w7idwTdXPoOWVZlR9CoFAbQi8hM.roa
File: w7idwTdXPoOWVZlR9CoFAbQi8hM.roa (raw, json)
Hash identifier: ilsj5ZYvMhkJ++mzc4MatQJ2qPuYOf+lvnTyvWyEf1A=
Subject key identifier: C3:B8:9D:C1:37:57:3E:83:96:55:99:51:F4:2A:05:01:B4:22:F2:13
Certificate issuer: /CN=08953a5f11a8279cdf8798960de1e22eb1227d95
Certificate serial: 019995622BB4A8964D2B111D26D495D8B49F
Authority key identifier: 08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/w7idwTdXPoOWVZlR9CoFAbQi8hM.roa
Signing time: Mon 29 Sep 2025 12:11:02 +0000
ROA not before: Mon 29 Sep 2025 12:11:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21472
IP address blocks: 5.2.16.0/21 maxlen: 21
5.2.16.0/23 maxlen: 23
5.2.18.0/23 maxlen: 23
5.2.20.0/23 maxlen: 23
5.2.23.0/24 maxlen: 24
91.224.190.0/23 maxlen: 23
162.33.228.0/23 maxlen: 23
185.79.56.0/22 maxlen: 22
185.79.56.0/24 maxlen: 24
185.149.176.0/22 maxlen: 22
185.182.147.0/24 maxlen: 24
185.229.40.0/22 maxlen: 22
185.229.40.0/23 maxlen: 23
195.49.144.0/22 maxlen: 22
2a00:e740::/32 maxlen: 32
2a07:69c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.crl
rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.mft
rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 10 Oct 2025 14:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:95:62:2b:b4:a8:96:4d:2b:11:1d:26:d4:95:d8:b4:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=08953a5f11a8279cdf8798960de1e22eb1227d95
Validity
Not Before: Sep 29 12:11:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c3b89dc137573e8396559951f42a0501b422f213
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:6b:cb:94:57:a6:8d:b2:59:36:f8:11:ea:5d:
4b:e6:d7:66:10:44:da:19:ed:f0:ff:9d:1a:46:6a:
bb:29:7d:19:80:4c:40:2a:35:49:29:bd:4a:82:c4:
7d:d8:75:a9:e9:41:b3:74:2a:23:85:ea:b3:8a:ec:
b2:14:11:5e:e6:87:db:23:28:5c:52:e5:53:24:63:
84:31:b1:f8:42:a9:99:4f:d6:ae:d8:71:89:6f:90:
e2:99:9f:1d:de:5c:b3:fe:42:5c:24:dc:2b:b9:e0:
c7:55:1e:db:03:35:b5:5f:8b:66:52:79:82:c9:a4:
0b:59:86:94:44:2f:15:fc:7a:ee:7c:13:03:24:d2:
62:8b:0a:6f:56:3b:0b:34:79:6f:1a:31:50:34:59:
f2:d2:50:8f:4f:ca:6c:a8:0e:a4:77:6a:23:06:86:
31:97:62:1a:eb:c5:22:5e:94:1d:c0:92:d6:c0:ce:
34:21:cd:53:e3:f5:78:43:85:70:18:6d:31:84:ae:
0d:60:59:71:22:60:1c:31:75:a2:1b:e6:48:84:74:
9e:ba:46:d7:ea:02:c0:79:75:2f:0f:a8:69:b6:18:
4c:38:86:72:4c:ae:f7:3f:8e:0b:a7:30:80:a9:d5:
f8:a8:67:49:84:bb:fe:d8:12:54:29:f1:76:08:5d:
47:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:B8:9D:C1:37:57:3E:83:96:55:99:51:F4:2A:05:01:B4:22:F2:13
X509v3 Authority Key Identifier:
keyid:08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/w7idwTdXPoOWVZlR9CoFAbQi8hM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.2.16.0/21
91.224.190.0/23
162.33.228.0/23
185.79.56.0/22
185.149.176.0/22
185.182.147.0/24
185.229.40.0/22
195.49.144.0/22
IPv6:
2a00:e740::/32
2a07:69c0::/29
Signature Algorithm: sha256WithRSAEncryption
1e:7a:6b:84:cb:e4:a9:6e:8e:3c:2e:24:06:63:a3:00:dd:8b:
04:51:09:27:e6:44:70:6e:7b:7e:fe:3b:dc:49:ab:ea:af:fd:
7e:61:62:33:b2:94:f7:49:b9:86:ce:62:10:4f:fd:b6:5b:1f:
e4:0e:e0:3c:af:f1:16:23:03:77:30:a9:13:b4:ac:79:65:41:
42:49:cc:68:4c:d9:d3:4f:6d:71:de:1e:d9:5c:26:74:09:a7:
bb:0e:00:db:c7:54:9e:0d:ab:4a:23:d5:40:ae:87:c0:9e:38:
12:58:cb:d4:43:eb:92:4e:a6:a0:49:69:c2:6b:3a:5b:03:3e:
96:1f:46:fc:e9:f0:0b:37:7d:16:60:f8:15:5d:bf:be:53:da:
b9:64:1f:4d:55:91:65:71:be:3b:cb:dd:57:1d:36:93:b2:d3:
64:b9:f7:38:e1:5e:6c:0e:b0:bb:d2:13:a0:3f:13:18:89:06:
95:3b:c0:7f:0b:af:7b:a0:55:fb:08:e5:dc:50:e2:d3:65:72:
dc:10:96:85:3b:0b:8c:6f:2e:c8:cf:1e:8c:40:c8:15:b3:6e:
60:9e:85:2f:96:2e:89:1d:70:a2:87:2c:3f:29:e0:50:18:75:
a0:48:5c:62:45:5a:65:99:87:ae:bc:0b:f2:c0:3f:3f:46:89:
70:b4:e7:33
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZmVYiu0qJZNKxEdJtSV2LSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4OTUzYTVmMTFhODI3OWNkZjg3OTg5NjBkZTFlMjJlYjEy
MjdkOTUwHhcNMjUwOTI5MTIxMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2I4OWRjMTM3NTczZTgzOTY1NTk5NTFmNDJhMDUwMWI0MjJmMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GvLlFemjbJZNvgR6l1L5tdmEETa
Ge3w/50aRmq7KX0ZgExAKjVJKb1KgsR92HWp6UGzdCojheqziuyyFBFe5ofbIyhc
UuVTJGOEMbH4QqmZT9au2HGJb5DimZ8d3lyz/kJcJNwrueDHVR7bAzW1X4tmUnmC
yaQLWYaURC8V/HrufBMDJNJiiwpvVjsLNHlvGjFQNFny0lCPT8psqA6kd2ojBoYx
l2Ia68UiXpQdwJLWwM40Ic1T4/V4Q4VwGG0xhK4NYFlxImAcMXWiG+ZIhHSeukbX
6gLAeXUvD6hpthhMOIZyTK73P44LpzCAqdX4qGdJhLv+2BJUKfF2CF1HZwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFMO4ncE3Vz6DllWZUfQqBQG0IvITMB8GA1UdIwQY
MBaAFAiVOl8RqCec34eYlg3h4i6xIn2VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2It
NzExNjk1NjdlMzljLzEvdzdpZHdUZFhQb09XVlpsUjlDb0ZBYlFpOGhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2ItNzExNjk1NjdlMzlj
LzEvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDBQIQAwQB
W+C+AwQBoiHkAwQCuU84AwQCuZWwAwQAubaTAwQCueUoAwQCwzGQMBQEAgACMA4D
BQAqAOdAAwUDKgdpwDANBgkqhkiG9w0BAQsFAAOCAQEAHnprhMvkqW6OPC4kBmOj
AN2LBFEJJ+ZEcG57fv473Emr6q/9fmFiM7KU90m5hs5iEE/9tlsf5A7gPK/xFiMD
dzCpE7SseWVBQknMaEzZ009tcd4e2VwmdAmnuw4A28dUng2rSiPVQK6HwJ44EljL
1EPrkk6moElpwms6WwM+lh9G/OnwCzd9FmD4FV2/vlPauWQfTVWRZXG+O8vdVx02
k7LTZLn3OOFebA6wu9IToD8TGIkGlTvAfwuve6BV+wjl3FDi02Vy3BCWhTsLjG8u
yM8ejEDIFbNuYJ6FL5YuiR1woocsPyngUBh1oEhcYkVaZZmHrrwL8sA/P0aJcLTn
Mw==
-----END CERTIFICATE-----
Generated at Thu Oct 9 20:07:44 2025 by rpki-client