Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/nEOWg7Kmd6qTqNCYh_hqhP0HHz4.roa
File: nEOWg7Kmd6qTqNCYh_hqhP0HHz4.roa (raw, json)
Hash identifier: NGhjwZyIl+7tDpzWRbOKaVY9nx0e4i5L5ak98QKmrxE=
Subject key identifier: 9C:43:96:83:B2:A6:77:AA:93:A8:D0:98:87:F8:6A:84:FD:07:1F:3E
Certificate issuer: /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial: 0198F748223E81A6846AE2B7A07D83CE923B
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/nEOWg7Kmd6qTqNCYh_hqhP0HHz4.roa
Signing time: Fri 29 Aug 2025 19:22:36 +0000
ROA not before: Fri 29 Aug 2025 19:22:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6205
IP address blocks: 2.56.152.0/24 maxlen: 24
2.56.153.0/24 maxlen: 24
2.56.154.0/24 maxlen: 24
2.56.155.0/24 maxlen: 24
185.242.160.0/24 maxlen: 24
185.242.161.0/24 maxlen: 24
185.242.162.0/24 maxlen: 24
185.242.163.0/24 maxlen: 24
195.85.216.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 14:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f7:48:22:3e:81:a6:84:6a:e2:b7:a0:7d:83:ce:92:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Validity
Not Before: Aug 29 19:22:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9c439683b2a677aa93a8d09887f86a84fd071f3e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:75:f3:5d:92:fa:d5:c7:fc:89:90:00:36:ef:
ea:2a:9b:e7:58:50:af:86:f5:65:8e:9e:1a:bd:68:
74:85:6b:94:c7:75:11:2d:e4:f6:c6:37:a2:b4:56:
5f:29:a6:0b:f0:6f:24:bc:b1:c2:b6:bf:d0:e4:a4:
c2:06:62:53:c9:c0:e5:18:b6:e6:ef:43:32:09:79:
06:54:37:e7:3e:2c:55:c9:ba:0e:26:db:d1:bc:4f:
38:28:a3:ab:24:3c:36:19:7d:67:5e:af:af:89:c5:
e8:4d:71:3c:24:cc:57:7d:e9:66:e7:16:4c:e4:e7:
f3:ce:c5:d0:14:20:16:cd:1b:d6:4b:71:d6:48:2f:
71:e5:74:1b:10:2a:fb:d2:9f:f1:f5:22:71:5e:3e:
26:d0:d3:65:6f:f3:bd:e9:5b:8c:72:55:6b:82:26:
5d:cf:c0:3d:1b:35:75:74:91:a0:2f:53:e7:d3:43:
53:f0:d0:b2:3b:4c:07:c8:5c:52:ae:88:2b:c5:52:
2d:5a:8c:53:88:9e:bd:4a:28:c1:15:0a:50:da:30:
14:7c:d2:2d:5c:12:31:18:68:3b:f9:37:1e:95:79:
05:cb:7e:bc:23:8d:f9:af:e9:4c:73:ef:05:07:7f:
bd:45:cd:f7:d3:2f:bd:e8:b5:34:32:62:54:85:61:
f8:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:43:96:83:B2:A6:77:AA:93:A8:D0:98:87:F8:6A:84:FD:07:1F:3E
X509v3 Authority Key Identifier:
keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/nEOWg7Kmd6qTqNCYh_hqhP0HHz4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.152.0/22
185.242.160.0/22
195.85.216.0/24
Signature Algorithm: sha256WithRSAEncryption
26:1f:35:a8:1f:b4:e8:96:9a:e9:8f:b8:aa:45:94:08:54:72:
5b:b0:72:37:97:87:69:b4:e5:fc:17:e1:83:d1:99:7a:eb:54:
c8:ab:6d:28:9d:09:8d:82:da:2f:93:5f:a1:55:f3:ec:c4:1f:
94:14:4d:b2:c1:31:54:12:4c:d8:2d:13:a6:a9:72:0a:1f:ad:
3f:28:af:b8:83:6d:71:84:eb:79:a6:55:17:0f:78:b6:1e:47:
45:db:d2:3f:32:08:5c:ac:89:07:60:e7:20:59:ce:ea:0d:d3:
f1:ff:af:d8:57:9b:c6:0f:88:c7:69:19:d3:89:df:f4:99:d8:
dc:d5:75:d4:e1:b9:20:e4:eb:85:a1:d7:b3:71:9d:f0:d3:f5:
db:2b:05:b4:a9:e7:40:94:d6:f8:2b:ab:cc:35:3c:80:34:c6:
67:8a:d3:fd:69:88:7b:47:22:37:87:09:7c:b2:3f:e6:62:b4:
59:01:1c:da:f5:94:ad:d5:cc:d1:a4:76:62:cc:fc:eb:9e:c8:
49:a2:ce:3b:12:60:0b:44:85:04:77:1c:af:7f:90:73:2d:8e:
d4:f6:e9:dd:97:c1:b2:ad:1a:f6:1b:4b:24:15:e2:0a:cc:06:
39:01:be:1b:1f:4e:c1:26:2a:22:f5:d3:c3:aa:bc:7a:d0:31:
3d:96:e2:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZj3SCI+gaaEauK3oH2DzpI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjUwODI5MTkyMjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzQzOTY4M2IyYTY3N2FhOTNhOGQwOTg4N2Y4NmE4NGZkMDcxZjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3XzXZL61cf8iZAANu/qKpvnWFCv
hvVljp4avWh0hWuUx3URLeT2xjeitFZfKaYL8G8kvLHCtr/Q5KTCBmJTycDlGLbm
70MyCXkGVDfnPixVyboOJtvRvE84KKOrJDw2GX1nXq+vicXoTXE8JMxXfelm5xZM
5OfzzsXQFCAWzRvWS3HWSC9x5XQbECr70p/x9SJxXj4m0NNlb/O96VuMclVrgiZd
z8A9GzV1dJGgL1Pn00NT8NCyO0wHyFxSrogrxVItWoxTiJ69SijBFQpQ2jAUfNIt
XBIxGGg7+TcelXkFy368I435r+lMc+8FB3+9Rc330y+96LU0MmJUhWH4wwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJxDloOypneqk6jQmIf4aoT9Bx8+MB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvbkVPV2c3S21kNnFUcU5DWWhfaHFoUDBISHo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjiYAwQC
ufKgAwQAw1XYMA0GCSqGSIb3DQEBCwUAA4IBAQAmHzWoH7Tolprpj7iqRZQIVHJb
sHI3l4dptOX8F+GD0Zl661TIq20onQmNgtovk1+hVfPsxB+UFE2ywTFUEkzYLROm
qXIKH60/KK+4g21xhOt5plUXD3i2HkdF29I/MghcrIkHYOcgWc7qDdPx/6/YV5vG
D4jHaRnTid/0mdjc1XXU4bkg5OuFodezcZ3w0/XbKwW0qedAlNb4K6vMNTyANMZn
itP9aYh7RyI3hwl8sj/mYrRZARza9ZSt1czRpHZizPzrnshJos47EmALRIUEdxyv
f5BzLY7U9undl8GyrRr2G0skFeIKzAY5Ab4bH07BJioi9dPDqrx60DE9luLQ
-----END CERTIFICATE-----
Generated at Mon Sep 8 19:11:02 2025 by rpki-client