Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/16oTEEIl27CKEl8kDFBVV2e74TM.roa
File: 16oTEEIl27CKEl8kDFBVV2e74TM.roa (raw, json)
Hash identifier: GFSywM1HF3ONg0Q2eIpgomzVpl6N7IMaPhzlqTk/u0I=
Subject key identifier: D7:AA:13:10:42:25:DB:B0:8A:12:5F:24:0C:50:55:57:67:BB:E1:33
Certificate issuer: /CN=d39123880f427446d5ff07cef9633e86dc49198d
Certificate serial: 019A6CB11C62F0D965A4642D3AD809C75664
Authority key identifier: D3:91:23:88:0F:42:74:46:D5:FF:07:CE:F9:63:3E:86:DC:49:19:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/05EjiA9CdEbV_wfO-WM-htxJGY0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/16oTEEIl27CKEl8kDFBVV2e74TM.roa
Signing time: Mon 10 Nov 2025 07:35:37 +0000
ROA not before: Mon 10 Nov 2025 07:35:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210792
IP address blocks: 45.153.76.0/22 maxlen: 23
45.153.76.0/23 maxlen: 23
158.255.79.0/24 maxlen: 24
2a11:ba80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/05EjiA9CdEbV_wfO-WM-htxJGY0.crl
rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/05EjiA9CdEbV_wfO-WM-htxJGY0.mft
rsync://rpki.ripe.net/repository/DEFAULT/05EjiA9CdEbV_wfO-WM-htxJGY0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:6c:b1:1c:62:f0:d9:65:a4:64:2d:3a:d8:09:c7:56:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d39123880f427446d5ff07cef9633e86dc49198d
Validity
Not Before: Nov 10 07:35:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d7aa13104225dbb08a125f240c50555767bbe133
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:be:c7:24:86:0e:ca:39:4a:79:3d:15:be:f8:
83:c9:75:b7:01:7a:08:4b:5f:28:a6:f5:0a:1f:da:
65:19:f6:ec:62:b3:f8:36:cb:f2:8f:6f:93:0b:e7:
a7:3a:b9:a1:a5:0c:07:3b:df:5e:07:b1:33:3b:ec:
dc:6f:5e:b3:0c:f5:71:9c:90:2f:f9:bd:1e:cd:6b:
c4:35:c4:45:cd:f6:46:26:b5:cf:c5:3c:a1:b8:59:
8d:3e:76:2f:21:a8:02:ff:04:8b:c5:aa:f7:11:82:
e6:f3:5e:f2:e9:43:28:a9:73:83:29:f7:c7:cd:65:
b9:d2:63:0e:b4:5e:99:c1:fc:a9:96:78:9b:32:b6:
c1:5c:ed:f2:05:f9:f5:bb:61:d4:69:cc:35:c3:9b:
69:e4:8d:34:9d:e6:32:82:c3:68:7b:f4:14:d1:ac:
69:5e:9b:b8:d0:f4:f6:e2:3e:fd:47:a9:84:7a:77:
b0:75:b3:49:98:05:eb:65:96:f5:1d:bc:a9:63:d1:
59:2c:95:31:74:42:8d:59:79:d3:3c:f0:28:a7:f8:
9e:77:36:b0:77:3a:74:f8:7e:e7:60:04:a1:21:0d:
93:4f:3d:f6:40:84:a9:f6:8e:0b:a5:42:9d:32:4d:
b2:ca:b2:8f:7b:7b:8e:0d:dc:90:06:1a:ec:05:ca:
79:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:AA:13:10:42:25:DB:B0:8A:12:5F:24:0C:50:55:57:67:BB:E1:33
X509v3 Authority Key Identifier:
keyid:D3:91:23:88:0F:42:74:46:D5:FF:07:CE:F9:63:3E:86:DC:49:19:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/05EjiA9CdEbV_wfO-WM-htxJGY0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/16oTEEIl27CKEl8kDFBVV2e74TM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/05EjiA9CdEbV_wfO-WM-htxJGY0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.153.76.0/22
158.255.79.0/24
IPv6:
2a11:ba80::/29
Signature Algorithm: sha256WithRSAEncryption
83:51:90:2c:1b:ec:0f:be:e9:69:73:06:c0:4d:ce:89:85:b9:
e2:21:20:27:33:fa:4c:51:51:2c:0f:3a:34:0e:f9:49:37:cb:
d8:e2:60:93:c1:bb:30:53:3f:a6:f4:38:c3:6f:86:48:f0:bf:
00:34:0b:45:32:da:af:bd:2a:1e:d6:42:d2:07:88:df:c2:39:
fc:a3:13:6c:68:27:fe:22:e3:5d:fe:97:68:64:1c:30:b6:07:
a8:31:6f:fb:a0:2a:ca:77:77:4a:65:29:bc:76:ec:ad:eb:ac:
b4:33:40:cb:11:0b:0e:d6:13:87:84:a8:e0:fe:be:f0:c2:0c:
43:75:44:1c:32:78:05:e6:52:ef:e2:35:2a:57:32:dd:13:49:
36:ba:4a:18:2f:b2:4f:c3:b8:22:73:f5:e2:3f:75:0c:ab:78:
43:09:ce:0a:42:9a:dc:12:9b:d3:6c:e1:ba:e4:bc:1c:70:9d:
89:50:03:43:38:47:25:2b:e4:f7:1e:f6:b2:cb:a9:c8:57:a6:
46:49:98:29:60:c7:75:83:01:ce:b6:d5:d5:10:4f:47:f6:7e:
47:71:d6:12:b4:2a:cf:72:1b:fd:02:37:32:4b:44:b9:65:c6:
f3:bd:5d:4b:ad:0d:a3:48:1e:b6:92:4c:d7:92:05:25:d7:7c:
d1:29:43:e8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZpssRxi8NllpGQtOtgJx1ZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzOTEyMzg4MGY0Mjc0NDZkNWZmMDdjZWY5NjMzZTg2ZGM0
OTE5OGQwHhcNMjUxMTEwMDczNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2FhMTMxMDQyMjVkYmIwOGExMjVmMjQwYzUwNTU1NzY3YmJlMTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt77HJIYOyjlKeT0VvviDyXW3AXoI
S18opvUKH9plGfbsYrP4Nsvyj2+TC+enOrmhpQwHO99eB7EzO+zcb16zDPVxnJAv
+b0ezWvENcRFzfZGJrXPxTyhuFmNPnYvIagC/wSLxar3EYLm817y6UMoqXODKffH
zWW50mMOtF6ZwfyplnibMrbBXO3yBfn1u2HUacw1w5tp5I00neYygsNoe/QU0axp
Xpu40PT24j79R6mEenewdbNJmAXrZZb1HbypY9FZLJUxdEKNWXnTPPAop/iedzaw
dzp0+H7nYAShIQ2TTz32QISp9o4LpUKdMk2yyrKPe3uODdyQBhrsBcp5dwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNeqExBCJduwihJfJAxQVVdnu+EzMB8GA1UdIwQY
MBaAFNORI4gPQnRG1f8HzvljPobcSRmNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDVFamlBOUNkRWJWX3dmTy1XTS1odHhKR1kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NjFiODQtMTE0ZC00OTI5LWI2ODQt
Y2NhMGFkMjY4NWNhLzEvMTZvVEVFSWwyN0NLRWw4a0RGQlZWMmU3NFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82NjFiODQtMTE0ZC00OTI5LWI2ODQtY2NhMGFkMjY4NWNh
LzEvMDVFamlBOUNkRWJWX3dmTy1XTS1odHhKR1kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLZlMAwQA
nv9PMA0EAgACMAcDBQMqEbqAMA0GCSqGSIb3DQEBCwUAA4IBAQCDUZAsG+wPvulp
cwbATc6JhbniISAnM/pMUVEsDzo0DvlJN8vY4mCTwbswUz+m9DjDb4ZI8L8ANAtF
MtqvvSoe1kLSB4jfwjn8oxNsaCf+IuNd/pdoZBwwtgeoMW/7oCrKd3dKZSm8duyt
66y0M0DLEQsO1hOHhKjg/r7wwgxDdUQcMngF5lLv4jUqVzLdE0k2ukoYL7JPw7gi
c/XiP3UMq3hDCc4KQprcEpvTbOG65LwccJ2JUANDOEclK+T3Hvayy6nIV6ZGSZgp
YMd1gwHOttXVEE9H9n5HcdYStCrPchv9AjcyS0S5ZcbzvV1LrQ2jSB62kkzXkgUl
13zRKUPo
-----END CERTIFICATE-----
Generated at Tue Nov 11 15:53:13 2025 by rpki-client