Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/r9hxqmD0gUNcwPfjCYlZEBGSxBo.roa
File: r9hxqmD0gUNcwPfjCYlZEBGSxBo.roa (raw, json)
Hash identifier: zBiX/c+pjyBrWwwCxlUmFq5xFdn6htcFMAiTP/ZMW2c=
Subject key identifier: AF:D8:71:AA:60:F4:81:43:5C:C0:F7:E3:09:89:59:10:11:92:C4:1A
Certificate issuer: /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial: 0198BC41C7DF913006D82E164C3D7589D3CD
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/r9hxqmD0gUNcwPfjCYlZEBGSxBo.roa
Signing time: Mon 18 Aug 2025 08:18:04 +0000
ROA not before: Mon 18 Aug 2025 08:18:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 174
IP address blocks: 194.39.216.0/24 maxlen: 24
2a0c:9e06::/32 maxlen: 32
2a0e:a944::/32 maxlen: 32
2a0e:a945::/32 maxlen: 32
2a0e:a946::/32 maxlen: 32
2a0e:a947::/32 maxlen: 32
2a0f:3b80::/32 maxlen: 32
2a0f:3b81::/32 maxlen: 32
2a0f:3b82::/32 maxlen: 32
2a0f:3b83::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 20 Aug 2025 23:01:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:bc:41:c7:df:91:30:06:d8:2e:16:4c:3d:75:89:d3:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Validity
Not Before: Aug 18 08:18:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=afd871aa60f481435cc0f7e3098959101192c41a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:e9:e3:4f:01:e9:38:6b:cb:a7:8d:3e:15:f5:
1c:6c:5e:ad:ed:3e:b8:15:10:37:84:69:0e:ea:2f:
cd:25:75:41:0b:30:44:10:db:c8:a9:dc:09:aa:7d:
49:ca:16:62:55:61:ca:ac:cf:cf:f2:d8:02:e6:eb:
79:91:d2:fa:79:82:bc:d8:20:be:99:c1:fb:44:f0:
29:bd:94:10:7f:db:0f:d5:40:ea:7e:ee:b6:aa:5c:
4a:0b:54:d6:49:20:4f:57:2d:d9:2e:39:3c:5e:53:
fc:ef:0a:44:fc:db:e2:d4:d2:2d:e5:17:a2:81:dc:
0d:e3:47:76:55:bb:32:72:ef:8b:d5:22:b4:97:0d:
84:cf:ef:5a:d6:b9:f0:e1:ad:a8:e5:fc:10:ff:26:
a6:6c:f1:a5:19:50:b9:26:c1:32:2c:5f:ee:57:8e:
e9:19:bb:48:2f:af:e8:58:c9:f7:b0:12:f2:55:ac:
b0:bb:9b:c7:70:32:68:51:4c:a5:66:60:75:67:cd:
a1:83:5e:2d:90:39:f6:ec:2a:d9:89:09:b1:2e:4b:
e0:89:39:ba:26:81:df:d7:66:99:b9:95:42:48:b8:
ec:dd:a2:7d:d9:d3:7a:38:5e:90:19:d6:e0:a1:d4:
03:ad:5a:be:6b:ed:db:f0:58:88:80:c6:ea:f0:05:
15:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:D8:71:AA:60:F4:81:43:5C:C0:F7:E3:09:89:59:10:11:92:C4:1A
X509v3 Authority Key Identifier:
keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/r9hxqmD0gUNcwPfjCYlZEBGSxBo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.39.216.0/24
IPv6:
2a0c:9e06::/32
2a0e:a944::/30
2a0f:3b80::/30
Signature Algorithm: sha256WithRSAEncryption
3c:ba:af:7c:23:03:9a:35:e5:07:84:83:c2:33:0c:4a:59:b0:
04:aa:6f:0b:72:9d:05:a3:db:7e:d6:62:aa:87:2f:67:51:a7:
e4:b2:b6:5f:2a:ca:da:f4:5d:4e:eb:4e:3c:71:75:60:44:16:
96:c1:d3:cd:81:57:67:bd:e7:46:e0:d3:28:ff:ed:83:82:6e:
24:bd:d4:70:f1:1c:c3:bb:94:d4:69:a8:70:0f:9f:b4:38:c2:
32:8c:b3:aa:4a:9b:27:02:b9:ef:c9:b4:4a:d1:41:94:70:ab:
f4:a2:49:22:87:ca:e5:2c:c2:ac:a8:fa:9d:fe:ac:2d:01:7c:
46:f7:8d:21:59:01:8c:a2:4b:42:d8:e6:63:ff:32:6a:e9:e7:
ba:60:7d:d5:dc:c9:6f:df:e6:cb:d5:b1:e4:ac:c7:4b:b0:7e:
46:44:8b:c8:c2:39:a8:ff:2a:51:a9:f6:e8:7a:7a:0b:fc:9a:
6c:29:7f:bc:28:a8:86:12:b1:11:03:e5:25:02:e0:ff:c6:c9:
14:95:01:28:87:d2:9b:33:35:ff:81:b4:20:cb:2e:f8:d9:d9:
54:31:d0:f5:2b:d6:50:59:2a:92:fb:8d:d2:05:00:57:0b:e6:
7b:d8:ac:17:65:f5:a7:89:22:e1:28:e4:bb:73:50:34:e5:1b:
b3:36:e9:79
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZi8QcffkTAG2C4WTD11idPNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwODE4MDgxODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQ4NzFhYTYwZjQ4MTQzNWNjMGY3ZTMwOTg5NTkxMDExOTJjNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+njTwHpOGvLp40+FfUcbF6t7T64
FRA3hGkO6i/NJXVBCzBEENvIqdwJqn1JyhZiVWHKrM/P8tgC5ut5kdL6eYK82CC+
mcH7RPApvZQQf9sP1UDqfu62qlxKC1TWSSBPVy3ZLjk8XlP87wpE/Nvi1NIt5Rei
gdwN40d2Vbsycu+L1SK0lw2Ez+9a1rnw4a2o5fwQ/yambPGlGVC5JsEyLF/uV47p
GbtIL6/oWMn3sBLyVaywu5vHcDJoUUylZmB1Z82hg14tkDn27CrZiQmxLkvgiTm6
JoHf12aZuZVCSLjs3aJ92dN6OF6QGdbgodQDrVq+a+3b8FiIgMbq8AUVnwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFK/Ycapg9IFDXMD34wmJWRARksQaMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvcjloeHFtRDBnVU5jd1BmakNZbFpFQkdTeEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAMBAIAATAGAwQAwifYMBsE
AgACMBUDBQAqDJ4GAwUCKg6pRAMFAioPO4AwDQYJKoZIhvcNAQELBQADggEBADy6
r3wjA5o15QeEg8IzDEpZsASqbwtynQWj237WYqqHL2dRp+Sytl8qytr0XU7rTjxx
dWBEFpbB082BV2e950bg0yj/7YOCbiS91HDxHMO7lNRpqHAPn7Q4wjKMs6pKmycC
ue/JtErRQZRwq/SiSSKHyuUswqyo+p3+rC0BfEb3jSFZAYyiS0LY5mP/Mmrp57pg
fdXcyW/f5svVseSsx0uwfkZEi8jCOaj/KlGp9uh6egv8mmwpf7woqIYSsRED5SUC
4P/GyRSVASiH0pszNf+BtCDLLvjZ2VQx0PUr1lBZKpL7jdIFAFcL5nvYrBdl9aeJ
IuEo5LtzUDTlG7M26Xk=
-----END CERTIFICATE-----
Generated at Wed Aug 20 08:48:09 2025 by rpki-client