Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/0ztpdIPZKD6tLdnP79sm1hMOXpI.roa
File: 0ztpdIPZKD6tLdnP79sm1hMOXpI.roa (raw, json)
Hash identifier: V+undJDS0h8d8CYJ+c34sHP0OtxUuBa8a+o8Uohmb0E=
Subject key identifier: D3:3B:69:74:83:D9:28:3E:AD:2D:D9:CF:EF:DB:26:D6:13:0E:5E:92
Certificate issuer: /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial: 019914461F9A6026A0A974754ADCB04CE86B
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/0ztpdIPZKD6tLdnP79sm1hMOXpI.roa
Signing time: Thu 04 Sep 2025 10:29:23 +0000
ROA not before: Thu 04 Sep 2025 10:29:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34984
IP address blocks: 45.10.148.0/24 maxlen: 24
185.169.181.0/24 maxlen: 24
185.174.22.0/24 maxlen: 24
185.174.23.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 02:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:14:46:1f:9a:60:26:a0:a9:74:75:4a:dc:b0:4c:e8:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Validity
Not Before: Sep 4 10:29:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d33b697483d9283ead2dd9cfefdb26d6130e5e92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:ad:a6:40:98:ec:22:2c:6d:e0:96:d0:df:94:
3f:14:1f:3d:90:50:c1:82:88:0d:61:64:8f:a7:77:
1a:b6:2e:49:9e:56:8b:48:26:4b:ea:c2:7f:d4:ff:
77:eb:1b:79:c9:3d:9f:5e:d1:b7:54:40:a2:39:15:
88:0e:2e:c9:74:5d:c8:bb:4f:14:ec:b1:45:fb:1a:
0c:15:65:3b:2d:57:fc:3a:f9:6b:39:27:fc:35:8d:
8a:64:88:ce:05:71:09:41:ad:00:bb:41:af:9a:25:
32:a1:df:a4:a4:9c:44:ac:cb:05:ec:e0:b3:a1:74:
9a:4b:d7:b6:14:5e:37:9a:9c:6c:88:c1:cf:79:09:
b1:c8:f9:ea:c2:fc:6e:3e:56:dd:97:f1:9f:23:e2:
e0:64:c7:2c:a5:c1:59:5f:79:d7:2f:f9:bf:3e:da:
72:f7:4a:8e:fd:57:f0:c2:ee:3a:66:a0:d6:83:be:
f5:ff:dc:f8:8e:da:aa:0a:49:6d:07:56:3e:d8:e4:
e8:0f:14:5b:74:55:33:c6:77:8c:5a:20:1e:a0:88:
fe:d0:9f:06:83:62:83:0f:3d:bc:b7:97:91:6f:df:
58:5a:d4:34:78:f6:d9:48:61:08:86:26:6b:98:2d:
ac:4c:20:4f:ee:12:79:b1:43:d9:a1:79:86:d6:12:
18:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:3B:69:74:83:D9:28:3E:AD:2D:D9:CF:EF:DB:26:D6:13:0E:5E:92
X509v3 Authority Key Identifier:
keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/0ztpdIPZKD6tLdnP79sm1hMOXpI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.148.0/24
185.169.181.0/24
185.174.22.0/23
Signature Algorithm: sha256WithRSAEncryption
2d:07:60:96:69:20:1d:2d:c6:aa:cd:a9:ba:68:6b:1d:cb:f1:
b7:a6:ab:98:f3:f6:9a:9d:93:11:e5:b0:e2:7f:05:eb:2f:20:
3a:44:56:77:f9:44:60:f2:6e:21:4f:c2:f9:62:4e:30:1b:ba:
45:2b:6f:1b:83:57:0d:72:44:13:9b:6f:dd:52:8b:7b:5e:ff:
bb:a2:d7:04:a8:89:ed:0b:72:59:82:fa:0d:7b:49:cc:11:1a:
5d:1e:f1:49:90:ac:43:8b:ad:f6:3b:6f:13:4c:84:f3:08:6b:
be:3c:37:ca:3e:5e:40:bf:50:f0:98:a6:4d:55:63:4a:ff:38:
21:6c:62:91:89:eb:b2:38:c8:8f:0d:40:c0:b2:cc:64:26:2e:
8e:90:b8:ee:d7:38:9c:1f:8e:03:82:6e:63:79:79:00:ed:76:
98:38:cd:de:3b:d4:0a:af:40:f8:cc:03:92:be:11:5f:88:84:
e1:be:c2:0f:dd:1a:c6:69:c3:27:0f:e9:9a:6f:43:f0:60:32:
c1:e1:a5:bb:bb:f0:9c:ab:dc:c4:86:55:ea:b6:01:8e:6c:ac:
2a:54:71:90:fc:16:da:66:35:52:fc:6b:38:49:2d:cd:f7:55:
f5:63:3b:f4:80:12:e4:6a:64:40:0e:ca:11:e7:35:c4:04:68:
69:bf:be:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkURh+aYCagqXR1StywTOhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjUwOTA0MTAyOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzNiNjk3NDgzZDkyODNlYWQyZGQ5Y2ZlZmRiMjZkNjEzMGU1ZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxq2mQJjsIixt4JbQ35Q/FB89kFDB
gogNYWSPp3cati5JnlaLSCZL6sJ/1P936xt5yT2fXtG3VECiORWIDi7JdF3Iu08U
7LFF+xoMFWU7LVf8OvlrOSf8NY2KZIjOBXEJQa0Au0GvmiUyod+kpJxErMsF7OCz
oXSaS9e2FF43mpxsiMHPeQmxyPnqwvxuPlbdl/GfI+LgZMcspcFZX3nXL/m/Ptpy
90qO/Vfwwu46ZqDWg771/9z4jtqqCkltB1Y+2OToDxRbdFUzxneMWiAeoIj+0J8G
g2KDDz28t5eRb99YWtQ0ePbZSGEIhiZrmC2sTCBP7hJ5sUPZoXmG1hIYLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNM7aXSD2Sg+rS3Zz+/bJtYTDl6SMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvMHp0cGRJUFpLRDZ0TGRuUDc5c20xaE1PWHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQqUAwQA
uam1AwQBua4WMA0GCSqGSIb3DQEBCwUAA4IBAQAtB2CWaSAdLcaqzam6aGsdy/G3
pquY8/aanZMR5bDifwXrLyA6RFZ3+URg8m4hT8L5Yk4wG7pFK28bg1cNckQTm2/d
Uot7Xv+7otcEqIntC3JZgvoNe0nMERpdHvFJkKxDi632O28TTITzCGu+PDfKPl5A
v1DwmKZNVWNK/zghbGKRieuyOMiPDUDAssxkJi6OkLju1zicH44Dgm5jeXkA7XaY
OM3eO9QKr0D4zAOSvhFfiIThvsIP3RrGacMnD+mab0PwYDLB4aW7u/Ccq9zEhlXq
tgGObKwqVHGQ/BbaZjVS/Gs4SS3N91X1Yzv0gBLkamRADsoR5zXEBGhpv761
-----END CERTIFICATE-----
Generated at Sat Sep 6 10:05:47 2025 by rpki-client