Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/VkHPLM35qWNgOy26GyJX6k6al3A.roa
File: VkHPLM35qWNgOy26GyJX6k6al3A.roa (raw, json)
Hash identifier: 20bhOqJNPSbUMdewMMRIxTejz5YSyJ7V5gIz3TofX5I=
Subject key identifier: 56:41:CF:2C:CD:F9:A9:63:60:3B:2D:BA:1B:22:57:EA:4E:9A:97:70
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 019919F5D2B480A70B0B4EB4560950D7A2BB
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/VkHPLM35qWNgOy26GyJX6k6al3A.roa
Signing time: Fri 05 Sep 2025 12:59:24 +0000
ROA not before: Fri 05 Sep 2025 12:59:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215242
IP address blocks: 2.56.111.0/24 maxlen: 24
45.94.169.0/24 maxlen: 24
45.138.180.0/24 maxlen: 24
45.151.3.0/24 maxlen: 24
77.83.37.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 20 Sep 2025 16:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:19:f5:d2:b4:80:a7:0b:0b:4e:b4:56:09:50:d7:a2:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Sep 5 12:59:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5641cf2ccdf9a963603b2dba1b2257ea4e9a9770
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:4d:b9:6f:34:50:bd:53:63:6c:60:b6:bd:af:
f1:d7:b1:bf:67:b1:30:61:d5:6b:63:0b:0d:11:15:
80:24:61:64:39:8b:73:8e:be:ac:94:39:80:67:40:
2c:10:2f:70:31:00:78:73:9d:6a:c1:6d:52:43:81:
cb:2a:f0:3f:0a:b8:44:66:3d:f7:ac:c4:38:91:f5:
bd:e6:2b:14:ea:28:aa:1b:03:ce:c5:bf:cc:da:d6:
e9:bd:f2:38:84:7d:7e:f8:a1:22:a1:83:3e:af:23:
a0:ec:b1:51:da:6f:a0:68:df:64:28:13:da:0c:3a:
66:c3:59:82:76:08:31:a6:b7:c3:52:3a:42:53:e5:
8c:3e:8f:8d:35:24:07:62:46:dd:19:7c:26:af:ca:
8e:aa:25:5f:e8:43:26:47:d8:2d:fd:84:80:a8:04:
1c:be:50:7d:75:c9:85:3e:f5:f5:6c:9e:a9:02:de:
bb:f5:e7:d5:44:58:bf:23:3c:49:ba:35:d4:74:93:
47:98:b8:c0:d1:a9:46:97:5d:ff:61:e7:83:f3:cd:
42:97:d0:c0:f4:03:9c:44:57:67:cd:cc:2b:ce:06:
1d:41:7b:11:46:49:87:50:34:c5:24:37:b7:5e:1e:
8a:62:af:cd:01:24:27:99:54:92:66:ab:78:24:ee:
69:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:41:CF:2C:CD:F9:A9:63:60:3B:2D:BA:1B:22:57:EA:4E:9A:97:70
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/VkHPLM35qWNgOy26GyJX6k6al3A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.111.0/24
45.94.169.0/24
45.138.180.0/24
45.151.3.0/24
77.83.37.0/24
Signature Algorithm: sha256WithRSAEncryption
aa:27:27:c5:c9:3d:d1:68:e1:aa:06:30:8e:b9:3a:32:d6:7d:
de:e6:b4:11:25:79:9f:d9:1b:47:03:6e:fd:16:9f:32:ca:4d:
6e:11:e4:13:9e:ec:58:86:37:18:e4:66:95:9c:2a:06:c9:50:
1a:1a:ff:a7:8d:e3:f0:f4:14:d9:60:d2:3c:65:90:49:47:a5:
e2:c0:b0:e3:d7:40:bf:0e:63:f4:69:35:93:50:32:95:0d:08:
22:82:b0:04:bc:00:32:bb:d4:1a:50:16:98:5e:7d:dc:88:10:
69:17:97:94:84:55:78:56:ef:9d:f7:4f:b0:e1:fa:c4:70:03:
07:3e:77:cd:71:d5:95:06:2f:c8:10:ee:49:b6:25:8c:5e:59:
ca:e5:b6:fe:a0:d9:07:23:7b:3c:04:bf:a8:44:31:e9:52:d7:
25:12:45:f5:87:6d:f3:cb:68:27:07:df:4e:c1:86:f9:6b:1b:
69:a5:ab:a3:62:cf:df:ee:17:9c:31:6b:27:56:50:e3:e5:86:
42:47:0b:c7:9d:1c:8d:b8:9b:a3:58:e5:cf:4d:c5:06:7b:cd:
86:0b:8a:04:c0:9d:22:30:5b:b7:fa:af:fe:aa:a9:fe:7d:98:
b0:ed:36:27:8b:40:c0:ec:60:e8:ce:cc:b3:a8:58:f7:f0:4b:
1e:98:4c:21
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZkZ9dK0gKcLC060VglQ16K7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwOTA1MTI1OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjQxY2YyY2NkZjlhOTYzNjAzYjJkYmExYjIyNTdlYTRlOWE5NzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm025bzRQvVNjbGC2va/x17G/Z7Ew
YdVrYwsNERWAJGFkOYtzjr6slDmAZ0AsEC9wMQB4c51qwW1SQ4HLKvA/CrhEZj33
rMQ4kfW95isU6iiqGwPOxb/M2tbpvfI4hH1++KEioYM+ryOg7LFR2m+gaN9kKBPa
DDpmw1mCdggxprfDUjpCU+WMPo+NNSQHYkbdGXwmr8qOqiVf6EMmR9gt/YSAqAQc
vlB9dcmFPvX1bJ6pAt679efVRFi/IzxJujXUdJNHmLjA0alGl13/YeeD881Cl9DA
9AOcRFdnzcwrzgYdQXsRRkmHUDTFJDe3Xh6KYq/NASQnmVSSZqt4JO5p6wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFZBzyzN+aljYDstuhsiV+pOmpdwMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvVmtIUExNMzVxV05nT3kyNkd5Slg2azZhbDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAAjhvAwQA
LV6pAwQALYq0AwQALZcDAwQATVMlMA0GCSqGSIb3DQEBCwUAA4IBAQCqJyfFyT3R
aOGqBjCOuToy1n3e5rQRJXmf2RtHA279Fp8yyk1uEeQTnuxYhjcY5GaVnCoGyVAa
Gv+njePw9BTZYNI8ZZBJR6XiwLDj10C/DmP0aTWTUDKVDQgigrAEvAAyu9QaUBaY
Xn3ciBBpF5eUhFV4Vu+d90+w4frEcAMHPnfNcdWVBi/IEO5JtiWMXlnK5bb+oNkH
I3s8BL+oRDHpUtclEkX1h23zy2gnB99OwYb5axtppaujYs/f7hecMWsnVlDj5YZC
RwvHnRyNuJujWOXPTcUGe82GC4oEwJ0iMFu3+q/+qqn+fZiw7TYni0DA7GDozsyz
qFj38EsemEwh
-----END CERTIFICATE-----
Generated at Sat Sep 20 00:05:31 2025 by rpki-client