Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/m34wpv1djv5OUhOedxPInANtick.roa
File: m34wpv1djv5OUhOedxPInANtick.roa (raw, json)
Hash identifier: EO6pq0kHyzYppUrZqczz/X5OrxzJpbhjI7FnjHX9OD0=
Subject key identifier: 9B:7E:30:A6:FD:5D:8E:FE:4E:52:13:9E:77:13:C8:9C:03:6D:89:C9
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 019A002E82A7E27BCCB6D55D91EB7CEC1BD6
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/m34wpv1djv5OUhOedxPInANtick.roa
Signing time: Mon 20 Oct 2025 05:53:59 +0000
ROA not before: Mon 20 Oct 2025 05:53:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 163.5.28.0/24 maxlen: 24
163.5.136.0/24 maxlen: 24
163.5.157.0/24 maxlen: 24
163.5.161.0/24 maxlen: 24
163.5.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 08:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:00:2e:82:a7:e2:7b:cc:b6:d5:5d:91:eb:7c:ec:1b:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Oct 20 05:53:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9b7e30a6fd5d8efe4e52139e7713c89c036d89c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:d5:59:2a:7d:63:8f:93:38:76:5d:54:7b:6b:
f9:27:55:ec:74:70:bd:09:6d:9c:0f:68:83:a1:d8:
b2:d8:ac:b3:df:83:bf:cd:ac:49:a4:95:6f:b1:55:
89:ff:79:64:cd:d0:d0:af:9b:03:16:41:2f:e0:bc:
1b:b8:d8:11:2d:0a:86:04:14:42:87:f4:35:bc:18:
27:a0:4d:5c:b7:8a:cf:e9:e4:dc:89:44:4d:1d:f2:
4c:d7:1e:89:60:ee:d2:e1:b2:eb:1a:13:02:a2:fb:
a4:42:32:35:f6:3e:7b:75:dc:36:47:83:2a:d8:06:
7b:49:86:ad:e4:ca:8a:d4:30:6d:36:e3:1f:fe:b5:
96:59:a9:42:3d:1e:19:5d:8a:6a:2a:44:ae:0f:47:
b6:67:3a:85:d3:70:9b:5f:dc:ea:92:2d:62:f9:af:
46:49:ff:7c:49:7d:0c:f4:19:5d:7b:ec:2a:4e:fc:
e2:7e:b1:72:68:1e:e7:86:8b:b4:9b:d6:67:71:f1:
5b:92:cd:58:88:c9:a8:35:ad:5f:3d:5a:ef:23:e2:
0d:07:57:5a:c2:37:45:ff:e7:96:85:35:44:d9:f4:
bd:cc:46:a6:cc:10:c4:d9:55:4c:12:88:f4:8c:b2:
5b:c6:9f:cc:e7:e4:a2:e9:22:a0:02:4d:9a:77:6a:
d1:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:7E:30:A6:FD:5D:8E:FE:4E:52:13:9E:77:13:C8:9C:03:6D:89:C9
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/m34wpv1djv5OUhOedxPInANtick.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.28.0/24
163.5.136.0/24
163.5.157.0/24
163.5.161.0/24
163.5.223.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:d8:5e:f9:04:c7:fb:36:e3:2a:7d:62:9a:41:eb:78:72:dd:
56:bb:db:7e:a3:c6:09:83:8a:12:a1:73:de:8f:f4:ad:9f:d4:
3d:55:cb:80:c2:1a:21:60:9c:f1:a8:8f:68:db:e0:1a:ee:a7:
6d:e9:d7:2f:45:4b:75:8c:d9:72:98:af:3d:e4:57:b4:80:0a:
3e:10:d3:a5:34:ce:b6:35:2a:da:a6:f2:f5:a5:3e:b5:b4:cc:
15:8e:28:e5:1e:2a:ee:39:34:77:0b:5a:eb:bd:b6:c1:06:29:
cd:12:93:cd:88:0b:88:ef:aa:7b:0e:21:09:bc:7b:fb:dd:97:
86:77:47:fa:ad:c6:b7:76:18:b4:b6:13:db:6b:f2:b4:c5:08:
6a:9f:1b:5f:34:f0:5e:1f:a8:25:7b:ba:81:0c:7e:ad:d9:58:
d1:1c:7e:20:3d:67:e7:a6:e8:b0:a8:a9:b7:26:16:4f:38:cb:
fe:9f:e2:b2:bd:89:7d:41:a6:1f:aa:b0:10:44:8c:96:d3:30:
a2:2f:7e:3e:a4:55:e4:c2:74:1c:ed:c0:cc:b5:9d:f1:5d:3f:
c2:d1:42:54:4b:6c:b5:d0:00:53:1f:7c:87:e7:53:95:81:0e:
9b:cc:8d:31:6e:9e:10:ee:2b:0f:3e:22:d4:3f:d6:24:46:ca:
b9:92:41:32
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZoALoKn4nvMttVdket87BvWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUxMDIwMDU1MzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjdlMzBhNmZkNWQ4ZWZlNGU1MjEzOWU3NzEzYzg5YzAzNmQ4OWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dVZKn1jj5M4dl1Ue2v5J1XsdHC9
CW2cD2iDodiy2Kyz34O/zaxJpJVvsVWJ/3lkzdDQr5sDFkEv4LwbuNgRLQqGBBRC
h/Q1vBgnoE1ct4rP6eTciURNHfJM1x6JYO7S4bLrGhMCovukQjI19j57ddw2R4Mq
2AZ7SYat5MqK1DBtNuMf/rWWWalCPR4ZXYpqKkSuD0e2ZzqF03CbX9zqki1i+a9G
Sf98SX0M9Blde+wqTvzifrFyaB7nhou0m9ZncfFbks1YiMmoNa1fPVrvI+INB1da
wjdF/+eWhTVE2fS9zEamzBDE2VVMEoj0jLJbxp/M5+Si6SKgAk2ad2rR3wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJt+MKb9XY7+TlITnncTyJwDbYnJMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbTM0d3B2MWRqdjVPVWhPZWR4UEluQU50aWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAowUcAwQA
owWIAwQAowWdAwQAowWhAwQAowXfMA0GCSqGSIb3DQEBCwUAA4IBAQA62F75BMf7
NuMqfWKaQet4ct1Wu9t+o8YJg4oSoXPej/Stn9Q9VcuAwhohYJzxqI9o2+Aa7qdt
6dcvRUt1jNlymK895Fe0gAo+ENOlNM62NSrapvL1pT61tMwVjijlHiruOTR3C1rr
vbbBBinNEpPNiAuI76p7DiEJvHv73ZeGd0f6rca3dhi0thPba/K0xQhqnxtfNPBe
H6gle7qBDH6t2VjRHH4gPWfnpuiwqKm3JhZPOMv+n+KyvYl9QaYfqrAQRIyW0zCi
L34+pFXkwnQc7cDMtZ3xXT/C0UJUS2y10ABTH3yH51OVgQ6bzI0xbp4Q7isPPiLU
P9YkRsq5kkEy
-----END CERTIFICATE-----
Generated at Tue Oct 21 16:46:53 2025 by rpki-client