Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/LRjhpublITbkzp9nNP83XbUIWwo.roa
File: LRjhpublITbkzp9nNP83XbUIWwo.roa (raw, json)
Hash identifier: 9zFFGanMhP03p9xbTOM6OfPtSIy0tPbYuQhef8H3Zqo=
Subject key identifier: 2D:18:E1:A6:E6:E5:21:36:E4:CE:9F:67:34:FF:37:5D:B5:08:5B:0A
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 019A5E50B0AE83F5BDB4D13714AD078C440E
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/LRjhpublITbkzp9nNP83XbUIWwo.roa
Signing time: Fri 07 Nov 2025 12:35:37 +0000
ROA not before: Fri 07 Nov 2025 12:35:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48678
IP address blocks: 2.56.108.0/24 maxlen: 24
2.56.109.0/24 maxlen: 24
5.181.87.0/24 maxlen: 24
45.13.190.0/24 maxlen: 24
45.81.113.0/24 maxlen: 24
45.81.115.0/24 maxlen: 24
45.88.139.0/24 maxlen: 24
45.94.170.0/24 maxlen: 24
45.132.181.0/24 maxlen: 24
45.132.183.0/24 maxlen: 24
45.144.213.0/24 maxlen: 24
85.209.120.0/24 maxlen: 24
193.57.41.0/24 maxlen: 24
194.15.52.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Nov 2025 12:35:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:5e:50:b0:ae:83:f5:bd:b4:d1:37:14:ad:07:8c:44:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Nov 7 12:35:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2d18e1a6e6e52136e4ce9f6734ff375db5085b0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:ee:1a:d5:f5:c5:2d:3c:b8:f5:95:15:9b:dd:
bf:82:ed:84:fb:bf:17:d9:ae:7b:1a:fb:0a:d3:71:
42:a3:d8:f2:0e:48:e3:b6:75:e7:56:8e:c6:e3:b7:
7b:7b:36:cb:7e:24:86:0a:cb:31:34:25:9f:74:fe:
51:f4:8f:bf:26:3a:03:5f:ec:d0:55:52:bc:d3:82:
a6:f7:e3:fc:84:f2:3e:aa:c4:30:d5:c7:75:11:6b:
10:1a:57:6d:77:ba:44:7a:df:c1:53:ed:d9:8c:6e:
80:ca:86:97:54:9a:c8:ba:ad:f4:58:08:21:dd:2f:
b1:f2:ec:4d:d4:1f:c5:5a:26:09:19:dd:ed:21:51:
78:fa:21:9e:50:9c:69:79:f2:1b:d0:9f:38:b4:28:
63:06:e1:65:61:cf:52:d4:05:59:ee:34:35:92:41:
66:ae:b6:17:b8:ef:09:e0:37:84:06:b1:ea:02:50:
ca:12:9a:9a:52:74:d0:05:82:50:e5:27:2c:e8:ca:
65:81:38:c2:da:80:2c:3a:6b:91:65:20:26:01:b3:
2c:50:f7:18:22:55:49:6f:f0:36:93:67:bb:95:20:
24:0c:a4:7f:00:40:7d:54:6a:a5:02:c1:81:47:ca:
f1:6a:ac:f8:52:95:12:47:2b:5e:ff:7d:40:fb:4f:
a7:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:18:E1:A6:E6:E5:21:36:E4:CE:9F:67:34:FF:37:5D:B5:08:5B:0A
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/LRjhpublITbkzp9nNP83XbUIWwo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.108.0/23
5.181.87.0/24
45.13.190.0/24
45.81.113.0/24
45.81.115.0/24
45.88.139.0/24
45.94.170.0/24
45.132.181.0/24
45.132.183.0/24
45.144.213.0/24
85.209.120.0/24
193.57.41.0/24
194.15.52.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:7d:0b:b1:c0:55:0e:77:2f:ca:b6:26:3c:8b:1c:e9:b5:96:
b2:39:eb:29:85:05:0a:87:94:f3:c8:f4:f6:4b:16:0b:17:56:
8a:60:64:6a:37:33:d2:f5:cb:35:35:c5:a3:51:97:09:9a:74:
e8:a4:4c:74:02:32:35:c7:fa:c9:e1:76:4c:8a:1d:c3:16:e9:
d7:fc:8f:c5:19:80:44:c9:44:a6:9e:c4:4a:d8:fa:70:c1:db:
5a:67:85:b9:da:5d:29:ff:aa:a9:f3:17:74:02:b9:71:b5:ea:
7a:6a:e1:a1:1d:31:7f:be:33:f6:c6:94:8e:f3:ed:39:8c:ee:
a1:fa:dd:7b:b5:e9:7c:fb:c8:1b:94:ae:29:f4:b7:6b:54:7e:
ad:16:cc:a8:31:47:0e:b3:4a:5f:ac:7f:cb:4c:de:ef:d7:96:
50:6d:33:2a:dd:dd:41:83:20:7f:f9:46:ce:50:aa:68:f8:8f:
62:d5:68:e5:44:5b:d4:82:6f:00:8a:c0:4c:bd:cc:86:de:2b:
40:13:c7:bb:8f:17:cc:91:9d:e5:63:a9:0e:17:8a:90:52:f2:
06:b5:1a:56:ef:f8:90:43:90:50:7f:62:79:07:09:8b:3e:6c:
4d:07:35:d9:db:31:12:fc:f8:26:21:c6:ea:31:22:81:2a:5f:
9a:fc:51:0d
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZpeULCug/W9tNE3FK0HjEQOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUxMTA3MTIzNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDE4ZTFhNmU2ZTUyMTM2ZTRjZTlmNjczNGZmMzc1ZGI1MDg1YjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u4a1fXFLTy49ZUVm92/gu2E+78X
2a57GvsK03FCo9jyDkjjtnXnVo7G47d7ezbLfiSGCssxNCWfdP5R9I+/JjoDX+zQ
VVK804Km9+P8hPI+qsQw1cd1EWsQGldtd7pEet/BU+3ZjG6AyoaXVJrIuq30WAgh
3S+x8uxN1B/FWiYJGd3tIVF4+iGeUJxpefIb0J84tChjBuFlYc9S1AVZ7jQ1kkFm
rrYXuO8J4DeEBrHqAlDKEpqaUnTQBYJQ5Scs6MplgTjC2oAsOmuRZSAmAbMsUPcY
IlVJb/A2k2e7lSAkDKR/AEB9VGqlAsGBR8rxaqz4UpUSRyte/31A+0+newIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFC0Y4abm5SE25M6fZzT/N121CFsKMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvTFJqaHB1YmxJVGJrenA5bk5QODNYYlVJV3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQBAjhsAwQA
BbVXAwQALQ2+AwQALVFxAwQALVFzAwQALViLAwQALV6qAwQALYS1AwQALYS3AwQA
LZDVAwQAVdF4AwQAwTkpAwQAwg80MA0GCSqGSIb3DQEBCwUAA4IBAQCafQuxwFUO
dy/KtiY8ixzptZayOesphQUKh5TzyPT2SxYLF1aKYGRqNzPS9cs1NcWjUZcJmnTo
pEx0AjI1x/rJ4XZMih3DFunX/I/FGYBEyUSmnsRK2PpwwdtaZ4W52l0p/6qp8xd0
Arlxtep6auGhHTF/vjP2xpSO8+05jO6h+t17tel8+8gblK4p9LdrVH6tFsyoMUcO
s0pfrH/LTN7v15ZQbTMq3d1BgyB/+UbOUKpo+I9i1WjlRFvUgm8AisBMvcyG3itA
E8e7jxfMkZ3lY6kOF4qQUvIGtRpW7/iQQ5BQf2J5BwmLPmxNBzXZ2zES/PgmIcbq
MSKBKl+a/FEN
-----END CERTIFICATE-----
Generated at Fri Nov 7 18:48:39 2025 by rpki-client