Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/OGo9fBtswLdwnS7x4PLyvgfblhc.roa
File: OGo9fBtswLdwnS7x4PLyvgfblhc.roa (raw, json)
Hash identifier: YfRWTX+R7heO/+Oj3o5jtwp1kOciqeFbXjDX1mTE1h8=
Subject key identifier: 38:6A:3D:7C:1B:6C:C0:B7:70:9D:2E:F1:E0:F2:F2:BE:07:DB:96:17
Certificate issuer: /CN=a5b9df7e98f6f39fe2ba4022da277d2819828021
Certificate serial: 0199998A028F5A794B24A36920029638DB75
Authority key identifier: A5:B9:DF:7E:98:F6:F3:9F:E2:BA:40:22:DA:27:7D:28:19:82:80:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pbnffpj285_iukAi2id9KBmCgCE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/OGo9fBtswLdwnS7x4PLyvgfblhc.roa
Signing time: Tue 30 Sep 2025 07:33:02 +0000
ROA not before: Tue 30 Sep 2025 07:33:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208414
IP address blocks: 45.138.104.0/24 maxlen: 29
45.138.105.0/24 maxlen: 29
45.138.106.0/24 maxlen: 24
45.138.107.0/24 maxlen: 24
89.221.208.0/24 maxlen: 24
89.221.209.0/24 maxlen: 24
89.221.210.0/24 maxlen: 24
89.221.211.0/24 maxlen: 24
185.8.236.0/22 maxlen: 24
2a0e:acc0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/pbnffpj285_iukAi2id9KBmCgCE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/pbnffpj285_iukAi2id9KBmCgCE.mft
rsync://rpki.ripe.net/repository/DEFAULT/pbnffpj285_iukAi2id9KBmCgCE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 10 Oct 2025 07:02:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:99:8a:02:8f:5a:79:4b:24:a3:69:20:02:96:38:db:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5b9df7e98f6f39fe2ba4022da277d2819828021
Validity
Not Before: Sep 30 07:33:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=386a3d7c1b6cc0b7709d2ef1e0f2f2be07db9617
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:b6:fd:2c:a1:77:bb:df:b7:ed:6a:a8:a6:6b:
5a:1b:68:25:79:0f:53:84:85:0a:29:5c:4b:6f:1a:
1e:7a:40:2e:ff:de:ca:c8:44:16:ce:07:87:01:f8:
19:6a:b9:f7:41:91:92:51:04:cc:c8:06:62:ba:cb:
13:f8:c9:8b:78:fa:de:d7:62:a6:18:9e:7b:74:84:
ff:fa:3a:d2:ad:02:6f:40:11:84:2e:05:69:7c:c7:
6e:42:d5:dd:a2:09:ff:16:91:40:93:3c:17:41:50:
8c:b5:0a:9d:1d:46:90:83:74:78:69:b3:05:77:ab:
dc:4b:74:3b:4c:12:23:d2:5d:8d:9f:87:c0:05:e4:
8a:b9:5b:a4:c0:44:22:2d:93:44:1b:6a:d8:a0:1b:
d0:13:7e:24:cb:e8:1e:89:a1:e9:81:e2:59:01:83:
cc:92:3d:06:fd:a8:22:7b:eb:99:1b:3c:96:47:64:
f3:12:33:5b:af:94:31:74:f2:03:b6:7a:4b:49:7d:
e9:ef:47:d7:44:1a:da:15:dd:6a:42:4e:d7:77:41:
f7:2d:ff:f2:2c:20:25:d7:46:46:2d:6f:a7:a6:1a:
21:5b:be:19:ab:9d:5e:35:84:c0:dc:d5:ae:06:b4:
fa:ac:32:91:24:fb:13:80:b5:85:02:52:50:81:68:
52:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:6A:3D:7C:1B:6C:C0:B7:70:9D:2E:F1:E0:F2:F2:BE:07:DB:96:17
X509v3 Authority Key Identifier:
keyid:A5:B9:DF:7E:98:F6:F3:9F:E2:BA:40:22:DA:27:7D:28:19:82:80:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pbnffpj285_iukAi2id9KBmCgCE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/OGo9fBtswLdwnS7x4PLyvgfblhc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/pbnffpj285_iukAi2id9KBmCgCE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.138.104.0/22
89.221.208.0/22
185.8.236.0/22
IPv6:
2a0e:acc0::/29
Signature Algorithm: sha256WithRSAEncryption
08:6f:f5:77:b6:dc:c2:d7:2c:9e:52:7d:d0:56:5b:55:db:d1:
c0:9d:22:1e:64:83:ff:c8:4f:f5:90:80:5b:7e:5a:02:84:f4:
26:f3:9b:b7:4d:44:78:84:e7:d6:8d:7e:df:17:30:20:3b:70:
a9:64:2b:5a:94:ba:67:c0:ae:9b:83:63:57:20:7a:c2:64:ac:
3e:de:27:d7:f8:91:26:2d:01:b4:5f:56:a6:33:cc:af:54:6f:
cb:e3:a6:20:a0:5d:01:d8:3f:89:22:23:31:2c:7a:6d:31:6c:
28:f8:79:1c:18:2f:0c:01:4c:aa:68:7e:89:92:fb:ad:4b:e5:
fe:01:97:8b:c3:8c:a4:66:d7:46:78:98:00:1a:5e:32:ef:73:
d7:9e:c0:2d:7f:67:fa:b4:ef:da:31:7c:d5:1b:11:85:93:58:
b9:31:05:88:d4:82:b4:30:6a:f6:1c:a2:75:55:8f:26:80:5f:
34:61:93:df:61:df:09:22:eb:10:9a:07:63:1b:f3:c3:64:e7:
5d:8e:4b:91:6a:8c:c2:35:20:02:30:78:2d:ac:88:d7:71:45:
44:61:0c:d4:4c:86:d0:b7:56:8c:c7:53:9d:4e:33:ff:90:52:
ca:ab:a9:e0:03:b5:70:32:08:5d:4f:28:8f:31:75:9a:80:eb:
68:b9:5d:a7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZmZigKPWnlLJKNpIAKWONt1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YjlkZjdlOThmNmYzOWZlMmJhNDAyMmRhMjc3ZDI4MTk4
MjgwMjEwHhcNMjUwOTMwMDczMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZhM2Q3YzFiNmNjMGI3NzA5ZDJlZjFlMGYyZjJiZTA3ZGI5NjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLb9LKF3u9+37WqopmtaG2gleQ9T
hIUKKVxLbxoeekAu/97KyEQWzgeHAfgZarn3QZGSUQTMyAZiussT+MmLePre12Km
GJ57dIT/+jrSrQJvQBGELgVpfMduQtXdogn/FpFAkzwXQVCMtQqdHUaQg3R4abMF
d6vcS3Q7TBIj0l2Nn4fABeSKuVukwEQiLZNEG2rYoBvQE34ky+geiaHpgeJZAYPM
kj0G/agie+uZGzyWR2TzEjNbr5QxdPIDtnpLSX3p70fXRBraFd1qQk7Xd0H3Lf/y
LCAl10ZGLW+nphohW74Zq51eNYTA3NWuBrT6rDKRJPsTgLWFAlJQgWhSvQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDhqPXwbbMC3cJ0u8eDy8r4H25YXMB8GA1UdIwQY
MBaAFKW5336Y9vOf4rpAItonfSgZgoAhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGJuZmZwajI4NV9pdWtBaTJpZDlLQm1DZ0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC85NzMwNDctODkxNC00MWM2LWExZTAt
MGFjN2I3ZWRlNDJiLzEvT0dvOWZCdHN3TGR3blM3eDRQTHl2Z2ZibGhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC85NzMwNDctODkxNC00MWM2LWExZTAtMGFjN2I3ZWRlNDJi
LzEvcGJuZmZwajI4NV9pdWtBaTJpZDlLQm1DZ0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLYpoAwQC
Wd3QAwQCuQjsMA0EAgACMAcDBQMqDqzAMA0GCSqGSIb3DQEBCwUAA4IBAQAIb/V3
ttzC1yyeUn3QVltV29HAnSIeZIP/yE/1kIBbfloChPQm85u3TUR4hOfWjX7fFzAg
O3CpZCtalLpnwK6bg2NXIHrCZKw+3ifX+JEmLQG0X1amM8yvVG/L46YgoF0B2D+J
IiMxLHptMWwo+HkcGC8MAUyqaH6JkvutS+X+AZeLw4ykZtdGeJgAGl4y73PXnsAt
f2f6tO/aMXzVGxGFk1i5MQWI1IK0MGr2HKJ1VY8mgF80YZPfYd8JIusQmgdjG/PD
ZOddjkuRaozCNSACMHgtrIjXcUVEYQzUTIbQt1aMx1OdTjP/kFLKq6ngA7VwMghd
TyiPMXWagOtouV2n
-----END CERTIFICATE-----
Generated at Thu Oct 9 08:06:12 2025 by rpki-client