Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/pR_XA8ri2dteC6nQ2RyLXH7tE2w.roa
File: pR_XA8ri2dteC6nQ2RyLXH7tE2w.roa (raw, json)
Hash identifier: DnMiXEP8GZTyXWepthdtygEAT723jjbDWGvE97iLTIw=
Subject key identifier: A5:1F:D7:03:CA:E2:D9:DB:5E:0B:A9:D0:D9:1C:8B:5C:7E:ED:13:6C
Certificate issuer: /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial: 0199137F747A3E069FFE848444B3555BB953
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/pR_XA8ri2dteC6nQ2RyLXH7tE2w.roa
Signing time: Thu 04 Sep 2025 06:52:24 +0000
ROA not before: Thu 04 Sep 2025 06:52:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 37.49.145.0/24 maxlen: 24
37.49.151.0/24 maxlen: 24
94.74.147.0/24 maxlen: 24
109.203.160.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 11:14:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:13:7f:74:7a:3e:06:9f:fe:84:84:44:b3:55:5b:b9:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Validity
Not Before: Sep 4 06:52:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a51fd703cae2d9db5e0ba9d0d91c8b5c7eed136c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:fd:a0:9b:7c:80:64:4c:a8:44:cc:92:38:06:
48:6c:67:f6:01:e4:de:ba:5b:dd:a9:bc:e9:58:62:
fe:ec:68:c6:fc:20:1e:47:d2:f4:0b:eb:a2:8a:b8:
dc:71:32:e0:1b:8c:6f:31:e6:ab:46:48:39:3f:5b:
13:83:d7:3d:dc:8a:fe:4a:69:23:e5:ca:aa:76:01:
9c:a0:7f:08:68:b0:ee:4a:1d:8e:64:f6:da:bd:a0:
31:58:99:0e:46:1a:6c:61:3c:44:6b:9c:7c:f4:d8:
bb:d5:89:8b:bd:39:04:6e:ed:1e:b4:2c:55:b4:05:
ee:f3:0a:5d:b4:ea:2b:d1:b0:97:48:d1:f2:59:d3:
c7:0e:16:c6:f0:0a:e0:34:8e:d6:73:e1:8c:a4:a8:
b3:27:f2:18:e9:1f:c5:08:21:d5:77:7e:32:02:14:
9e:66:12:37:55:b0:82:51:db:f0:52:83:99:a8:ab:
6b:28:84:8c:bf:5c:dc:7c:71:17:84:e8:60:56:18:
24:5a:72:9b:b6:a1:f3:4b:bc:ed:8d:06:f5:33:c2:
0c:ff:cf:46:fc:6b:d2:a4:a7:0d:d6:74:9e:09:9f:
b6:d7:b6:7d:10:fc:d8:a1:94:8e:4c:8c:a1:12:ae:
18:7a:e3:cb:da:e4:73:c9:89:78:92:81:aa:f0:93:
08:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:1F:D7:03:CA:E2:D9:DB:5E:0B:A9:D0:D9:1C:8B:5C:7E:ED:13:6C
X509v3 Authority Key Identifier:
keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/pR_XA8ri2dteC6nQ2RyLXH7tE2w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.49.145.0/24
37.49.151.0/24
94.74.147.0/24
109.203.160.0/24
Signature Algorithm: sha256WithRSAEncryption
08:31:04:ad:f3:f3:7b:83:63:cb:d9:e9:d1:80:b6:53:17:55:
80:9c:e4:fc:e5:7e:a1:c9:f9:cb:2a:e5:c6:ce:ba:3e:d6:91:
a9:2d:72:fc:b4:8e:bf:0d:6c:b3:dd:46:bd:b0:c9:32:f9:f4:
c3:de:c8:8c:e9:ac:ee:f5:3c:b5:b9:71:db:a6:23:30:75:f5:
ad:38:35:d6:4c:63:41:81:f6:c8:23:3b:17:52:08:a6:19:73:
db:22:d8:d1:53:6b:53:7e:5a:c6:51:76:51:22:36:a2:12:08:
88:21:4a:4c:11:d7:4b:46:2a:59:11:4f:ac:07:d9:41:23:71:
cf:60:7f:13:22:7e:78:9e:5f:48:22:0f:ce:5c:51:0a:f8:10:
7a:2d:db:b7:4f:11:f8:25:0b:d0:2b:91:37:4b:36:d2:aa:c7:
96:c1:12:7d:2a:90:4a:ab:60:e6:a5:57:ef:e9:17:6a:d8:4a:
68:40:07:8e:76:90:61:9c:ae:b1:dc:0d:86:7b:00:a3:ee:17:
c3:ae:56:80:f8:2c:c9:2e:48:2c:cb:b6:89:50:a9:d5:de:b1:
73:54:99:1b:d7:0b:f1:38:16:c5:78:37:c3:e0:00:52:b6:6d:
d9:fc:c8:6e:a0:ef:0f:23:c4:38:e2:8a:75:9f:c5:a6:c8:74:
5d:ad:ea:08
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZkTf3R6Pgaf/oSERLNVW7lTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUwOTA0MDY1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTFmZDcwM2NhZTJkOWRiNWUwYmE5ZDBkOTFjOGI1YzdlZWQxMzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArf2gm3yAZEyoRMySOAZIbGf2AeTe
ulvdqbzpWGL+7GjG/CAeR9L0C+uiirjccTLgG4xvMearRkg5P1sTg9c93Ir+Smkj
5cqqdgGcoH8IaLDuSh2OZPbavaAxWJkORhpsYTxEa5x89Ni71YmLvTkEbu0etCxV
tAXu8wpdtOor0bCXSNHyWdPHDhbG8ArgNI7Wc+GMpKizJ/IY6R/FCCHVd34yAhSe
ZhI3VbCCUdvwUoOZqKtrKISMv1zcfHEXhOhgVhgkWnKbtqHzS7ztjQb1M8IM/89G
/GvSpKcN1nSeCZ+217Z9EPzYoZSOTIyhEq4YeuPL2uRzyYl4koGq8JMIkQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKUf1wPK4tnbXgup0Nkci1x+7RNsMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvcFJfWEE4cmkyZHRlQzZuUTJSeUxYSDd0RTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJTGRAwQA
JTGXAwQAXkqTAwQAbcugMA0GCSqGSIb3DQEBCwUAA4IBAQAIMQSt8/N7g2PL2enR
gLZTF1WAnOT85X6hyfnLKuXGzro+1pGpLXL8tI6/DWyz3Ua9sMky+fTD3siM6azu
9Ty1uXHbpiMwdfWtODXWTGNBgfbIIzsXUgimGXPbItjRU2tTflrGUXZRIjaiEgiI
IUpMEddLRipZEU+sB9lBI3HPYH8TIn54nl9IIg/OXFEK+BB6Ldu3TxH4JQvQK5E3
SzbSqseWwRJ9KpBKq2DmpVfv6Rdq2EpoQAeOdpBhnK6x3A2GewCj7hfDrlaA+CzJ
Lkgsy7aJUKnV3rFzVJkb1wvxOBbFeDfD4ABStm3Z/MhuoO8PI8Q44op1n8WmyHRd
reoI
-----END CERTIFICATE-----
Generated at Sat Sep 6 20:46:22 2025 by rpki-client