Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ue7nHZGBtXCoAegwSWLwC4WZ3k4.roa
File: ue7nHZGBtXCoAegwSWLwC4WZ3k4.roa (raw, json)
Hash identifier: 8qnzgRJK+hQRMPyhcPCFsfqsh4k5lDJjsb7bGumh//g=
Subject key identifier: B9:EE:E7:1D:91:81:B5:70:A8:01:E8:30:49:62:F0:0B:85:99:DE:4E
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019A82F94A34789A050C4BF9B8629DC2A358
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ue7nHZGBtXCoAegwSWLwC4WZ3k4.roa
Signing time: Fri 14 Nov 2025 15:26:06 +0000
ROA not before: Fri 14 Nov 2025 15:26:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
82.115.211.0/24 maxlen: 24
85.217.130.0/23 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.245.0/24 maxlen: 24
87.121.132.0/22 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.27.0/24 maxlen: 24
91.92.248.0/21 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.175.0/24 maxlen: 24
178.215.239.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
193.222.98.0/24 maxlen: 24
194.31.222.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
212.115.41.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 14:56:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:82:f9:4a:34:78:9a:05:0c:4b:f9:b8:62:9d:c2:a3:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Nov 14 15:26:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b9eee71d9181b570a801e8304962f00b8599de4e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:cd:64:fe:21:be:07:61:ae:f9:c7:98:33:26:
a3:bd:8d:f2:43:98:71:87:cb:67:c4:20:72:e1:ce:
5d:3a:58:c2:b3:78:a7:f1:3c:ab:d7:cb:5b:ff:fd:
dc:d0:0c:e1:d2:e9:e1:fc:de:7c:9b:7a:8b:93:87:
39:44:c2:ea:3f:e5:89:b9:22:bd:4c:16:44:aa:21:
b0:af:79:59:0a:d4:95:9d:81:4b:dc:60:d2:76:1c:
68:01:ed:65:09:0d:b9:4b:37:b2:2e:cd:ec:44:03:
a5:36:9c:0f:52:a0:38:b3:14:54:e3:59:3b:c2:dc:
1b:38:58:77:14:1b:c5:6d:93:15:39:de:42:78:d8:
71:ae:f7:7b:9e:5f:09:b9:d8:1b:32:5b:29:eb:7b:
18:f3:70:88:75:00:48:70:fe:5f:4d:43:b0:c0:86:
4c:69:03:1e:22:a8:24:af:6e:40:aa:7d:e2:31:b5:
20:e4:d5:95:17:7a:33:24:2e:79:3a:4f:d2:b7:2a:
30:f4:8a:59:7f:12:7e:32:49:09:00:91:5a:6b:0e:
ec:3b:a8:72:21:c3:2b:85:ca:82:c8:c1:9d:84:e1:
1e:c1:d6:2e:52:cc:a1:f1:28:44:b5:5e:db:32:61:
cb:d5:38:5b:15:02:42:66:a7:9d:e8:63:2b:ce:29:
67:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:EE:E7:1D:91:81:B5:70:A8:01:E8:30:49:62:F0:0B:85:99:DE:4E
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ue7nHZGBtXCoAegwSWLwC4WZ3k4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.228.0/24
45.66.231.0/24
45.84.89.0/24
45.89.247.0/24
45.141.158.0/24
81.161.238.0/24
82.115.211.0/24
85.217.130.0/23
87.120.87.0/24
87.120.126.0/24
87.120.166.0/24
87.120.245.0/24
87.121.132.0/22
87.121.165.0/24
91.92.27.0/24
91.92.248.0/21
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.173.0/24
94.156.175.0/24
178.215.239.0/24
193.25.216.0/24
193.222.98.0/24
194.31.222.0/24
194.55.186.0/24
194.169.175.0/24
212.115.41.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:dd:c2:9e:6a:15:fe:5a:e6:ab:c5:34:a7:09:cf:22:fb:46:
0e:52:01:33:69:c4:2f:e1:99:4d:8c:b4:fc:51:c2:0d:b4:da:
94:7a:ab:0e:96:04:0d:30:fb:a5:7e:e3:fb:0a:b2:f0:c1:7c:
71:6e:df:71:79:59:37:30:9c:f5:68:75:c0:53:28:3b:7f:72:
29:f4:27:79:65:15:c1:a6:e3:99:d0:7e:06:60:18:47:96:0f:
bc:ff:c0:76:fa:d7:88:c5:a3:ee:f1:59:22:b5:d3:73:1e:2b:
cd:76:80:de:ef:53:84:f1:46:4c:3c:bf:a1:ec:2b:f8:1d:fb:
e9:cc:70:c0:1f:f5:44:99:4a:23:cf:b7:6b:9c:40:4e:e2:ee:
7c:d0:be:64:18:e7:5a:a4:aa:e4:8a:e4:e6:71:ff:82:cf:1a:
7e:ac:5e:b4:a7:bc:6c:bf:be:99:2b:72:79:c5:09:0a:20:d1:
eb:43:0a:8a:27:f4:52:3a:fe:aa:ff:28:cb:02:3b:5c:8c:57:
cb:da:9d:d2:6c:69:5c:e1:be:94:42:b1:82:43:3a:26:a8:7f:
de:ca:be:7a:51:b7:64:44:22:46:b1:10:ce:b4:24:d6:44:79:
2f:3a:cd:c3:40:07:5b:59:79:eb:c5:ef:39:f8:eb:32:5f:36:
d7:dc:d9:0b
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAZqC+Uo0eJoFDEv5uGKdwqNYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUxMTE0MTUyNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWVlZTcxZDkxODFiNTcwYTgwMWU4MzA0OTYyZjAwYjg1OTlkZTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhM1k/iG+B2Gu+ceYMyajvY3yQ5hx
h8tnxCBy4c5dOljCs3in8Tyr18tb//3c0Azh0unh/N58m3qLk4c5RMLqP+WJuSK9
TBZEqiGwr3lZCtSVnYFL3GDSdhxoAe1lCQ25SzeyLs3sRAOlNpwPUqA4sxRU41k7
wtwbOFh3FBvFbZMVOd5CeNhxrvd7nl8JudgbMlsp63sY83CIdQBIcP5fTUOwwIZM
aQMeIqgkr25Aqn3iMbUg5NWVF3ozJC55Ok/Styow9IpZfxJ+MkkJAJFaaw7sO6hy
IcMrhcqCyMGdhOEewdYuUsyh8ShEtV7bMmHL1ThbFQJCZqed6GMrzilnFwIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFLnu5x2RgbVwqAHoMEli8AuFmd5OMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdWU3bkhaR0J0WENvQWVnd1NXTHdDNFdaM2s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagDBAAt
QuQDBAAtQucDBAAtVFkDBAAtWfcDBAAtjZ4DBABRoe4DBABSc9MDBAFV2YIDBABX
eFcDBABXeH4DBABXeKYDBABXePUDBAJXeYQDBABXeaUDBABbXBsDBANbXPgDBAFc
d8QDBABc+TIDBABde20DBABemq0DBABenK8DBACy1+8DBADBGdgDBADB3mIDBADC
H94DBADCN7oDBADCqa8DBADUcykwDQYJKoZIhvcNAQELBQADggEBAIrdwp5qFf5a
5qvFNKcJzyL7Rg5SATNpxC/hmU2MtPxRwg202pR6qw6WBA0w+6V+4/sKsvDBfHFu
33F5WTcwnPVodcBTKDt/cin0J3llFcGm45nQfgZgGEeWD7z/wHb614jFo+7xWSK1
03MeK812gN7vU4TxRkw8v6HsK/gd++nMcMAf9USZSiPPt2ucQE7i7nzQvmQY51qk
quSK5OZx/4LPGn6sXrSnvGy/vpkrcnnFCQog0etDCoon9FI6/qr/KMsCO1yMV8va
ndJsaVzhvpRCsYJDOiaof97KvnpRt2REIkaxEM60JNZEeS86zcNAB1tZeevF7zn4
6zJfNtfc2Qs=
-----END CERTIFICATE-----
Generated at Tue Nov 18 00:16:17 2025 by rpki-client