Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/m9vPm-d9Bn3AvjU_sT4O0RluO24.roa
File: m9vPm-d9Bn3AvjU_sT4O0RluO24.roa (raw, json)
Hash identifier: PrKxYqblNncLjZ55IZv6YJdkcJQzYP8xUBPb8KCfnvw=
Subject key identifier: 9B:DB:CF:9B:E7:7D:06:7D:C0:BE:35:3F:B1:3E:0E:D1:19:6E:3B:6E
Certificate issuer: /CN=8194ea3ced4f13710d34044cfcb3d1d56c550862
Certificate serial: 019A5474F7D9C086CBFA502A7813F0979498
Authority key identifier: 81:94:EA:3C:ED:4F:13:71:0D:34:04:4C:FC:B3:D1:D5:6C:55:08:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gZTqPO1PE3ENNARM_LPR1WxVCGI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/m9vPm-d9Bn3AvjU_sT4O0RluO24.roa
Signing time: Wed 05 Nov 2025 14:39:03 +0000
ROA not before: Wed 05 Nov 2025 14:39:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198760
IP address blocks: 37.221.232.0/21 maxlen: 24
45.157.216.0/22 maxlen: 24
81.172.80.0/21 maxlen: 24
87.236.162.0/24 maxlen: 24
89.21.68.0/22 maxlen: 24
157.97.80.0/22 maxlen: 24
185.25.24.0/22 maxlen: 24
185.163.252.0/22 maxlen: 24
185.208.116.0/22 maxlen: 24
185.228.116.0/22 maxlen: 24
185.236.116.0/22 maxlen: 24
185.241.88.0/22 maxlen: 24
193.254.32.0/20 maxlen: 24
2a04:c80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/gZTqPO1PE3ENNARM_LPR1WxVCGI.crl
rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/gZTqPO1PE3ENNARM_LPR1WxVCGI.mft
rsync://rpki.ripe.net/repository/DEFAULT/gZTqPO1PE3ENNARM_LPR1WxVCGI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 05:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:54:74:f7:d9:c0:86:cb:fa:50:2a:78:13:f0:97:94:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8194ea3ced4f13710d34044cfcb3d1d56c550862
Validity
Not Before: Nov 5 14:39:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9bdbcf9be77d067dc0be353fb13e0ed1196e3b6e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:82:97:7d:5f:65:17:c4:96:b9:d3:c5:3c:1c:
d2:09:d3:19:6b:51:fc:de:54:01:de:7d:cc:60:91:
ab:e1:88:fd:46:61:bf:bb:cb:36:f9:af:ff:cf:3c:
7b:f5:9c:a4:71:1d:c8:7e:38:19:9f:30:ed:96:3f:
8b:68:3c:5e:ba:41:86:75:1c:42:4a:01:47:b8:fb:
6c:f4:3c:1b:bb:59:5b:be:d5:dd:ac:b7:c0:27:fd:
64:e8:0f:49:54:e5:3e:5e:91:a3:58:be:7b:a5:eb:
39:51:d0:f3:2e:fe:cf:22:0f:66:3a:d8:68:a3:e3:
3b:2a:70:73:1e:52:f1:09:0f:13:3d:f0:a9:24:8b:
45:ec:9a:40:a2:06:39:9e:08:4a:81:91:93:f8:32:
34:f5:6d:02:39:0b:46:21:09:dc:4f:82:5e:48:2f:
70:cc:dc:69:00:6a:a1:2d:fe:07:ac:17:40:30:f6:
46:6f:ee:f8:f3:42:ad:34:bd:1b:ef:bf:60:0a:97:
2a:d1:50:94:d0:4b:01:9f:e4:55:7f:46:f3:c5:1a:
51:01:41:4f:0d:cd:e8:3c:2f:29:ac:16:d4:de:ef:
b2:8a:5c:7b:1c:83:a4:54:54:62:f3:c8:7d:1c:46:
4d:86:9b:26:7c:0e:a6:f7:2f:2b:f7:e5:0a:30:b4:
8d:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:DB:CF:9B:E7:7D:06:7D:C0:BE:35:3F:B1:3E:0E:D1:19:6E:3B:6E
X509v3 Authority Key Identifier:
keyid:81:94:EA:3C:ED:4F:13:71:0D:34:04:4C:FC:B3:D1:D5:6C:55:08:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZTqPO1PE3ENNARM_LPR1WxVCGI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/m9vPm-d9Bn3AvjU_sT4O0RluO24.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3da6fd-5f10-4058-bc02-23724bab2227/1/gZTqPO1PE3ENNARM_LPR1WxVCGI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.232.0/21
45.157.216.0/22
81.172.80.0/21
87.236.162.0/24
89.21.68.0/22
157.97.80.0/22
185.25.24.0/22
185.163.252.0/22
185.208.116.0/22
185.228.116.0/22
185.236.116.0/22
185.241.88.0/22
193.254.32.0/20
IPv6:
2a04:c80::/29
Signature Algorithm: sha256WithRSAEncryption
05:51:88:cf:cc:dc:6e:96:e9:2d:02:ab:25:e5:6d:4a:1e:fb:
e9:2d:53:46:d1:c9:61:c2:35:79:60:6f:d5:2f:a9:78:48:fd:
59:09:11:62:28:af:00:4d:0e:f8:d9:72:b6:96:27:fe:96:75:
ad:ea:a2:76:b6:7e:ef:ef:cb:25:93:5a:17:00:cc:3b:4d:40:
ca:da:a0:e4:84:af:ab:2d:b6:bf:71:85:ed:bb:e5:80:5f:3d:
9b:30:96:5d:9f:f1:40:0d:09:3a:5c:69:85:91:5b:a9:5e:88:
3c:38:30:a6:d3:56:86:73:a5:ae:61:7c:d4:69:1b:2f:16:5e:
1e:a7:b6:4f:41:8b:fb:85:82:e3:fb:43:8f:8a:5b:04:43:8d:
9f:41:87:0f:77:cc:c0:4a:57:8e:f3:98:96:44:0a:a1:c9:e4:
11:51:75:ec:d0:70:03:9c:a0:8a:47:8d:f5:e8:36:86:60:d5:
9e:38:10:cd:09:8c:14:32:ee:e6:81:dc:87:a2:4c:7c:31:c2:
36:5e:22:18:ff:e7:71:a6:b3:4a:d0:93:bc:a8:5e:8e:4f:c3:
56:2d:6f:03:05:89:fc:4b:24:db:5c:80:15:24:c1:fa:02:f0:
28:66:ed:eb:d1:02:e5:f2:4e:1f:1b:82:16:1e:4f:3c:b8:a3:
d3:0f:f1:6e
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAZpUdPfZwIbL+lAqeBPwl5SYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTRlYTNjZWQ0ZjEzNzEwZDM0MDQ0Y2ZjYjNkMWQ1NmM1
NTA4NjIwHhcNMjUxMTA1MTQzOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmRiY2Y5YmU3N2QwNjdkYzBiZTM1M2ZiMTNlMGVkMTE5NmUzYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4KXfV9lF8SWudPFPBzSCdMZa1H8
3lQB3n3MYJGr4Yj9RmG/u8s2+a//zzx79ZykcR3IfjgZnzDtlj+LaDxeukGGdRxC
SgFHuPts9Dwbu1lbvtXdrLfAJ/1k6A9JVOU+XpGjWL57pes5UdDzLv7PIg9mOtho
o+M7KnBzHlLxCQ8TPfCpJItF7JpAogY5nghKgZGT+DI09W0COQtGIQncT4JeSC9w
zNxpAGqhLf4HrBdAMPZGb+7480KtNL0b779gCpcq0VCU0EsBn+RVf0bzxRpRAUFP
Dc3oPC8prBbU3u+yilx7HIOkVFRi88h9HEZNhpsmfA6m9y8r9+UKMLSNYwIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFJvbz5vnfQZ9wL41P7E+DtEZbjtuMB8GA1UdIwQY
MBaAFIGU6jztTxNxDTQETPyz0dVsVQhiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pUcVBPMVBFM0VOTkFSTV9MUFIxV3hWQ0dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zZGE2ZmQtNWYxMC00MDU4LWJjMDIt
MjM3MjRiYWIyMjI3LzEvbTl2UG0tZDlCbjNBdmpVX3NUNE8wUmx1TzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zZGE2ZmQtNWYxMC00MDU4LWJjMDItMjM3MjRiYWIyMjI3
LzEvZ1pUcVBPMVBFM0VOTkFSTV9MUFIxV3hWQ0dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQDJd3oAwQC
LZ3YAwQDUaxQAwQAV+yiAwQCWRVEAwQCnWFQAwQCuRkYAwQCuaP8AwQCudB0AwQC
ueR0AwQCuex0AwQCufFYAwQEwf4gMA0EAgACMAcDBQMqBAyAMA0GCSqGSIb3DQEB
CwUAA4IBAQAFUYjPzNxuluktAqsl5W1KHvvpLVNG0clhwjV5YG/VL6l4SP1ZCRFi
KK8ATQ742XK2lif+lnWt6qJ2tn7v78slk1oXAMw7TUDK2qDkhK+rLba/cYXtu+WA
Xz2bMJZdn/FADQk6XGmFkVupXog8ODCm01aGc6WuYXzUaRsvFl4ep7ZPQYv7hYLj
+0OPilsEQ42fQYcPd8zASleO85iWRAqhyeQRUXXs0HADnKCKR4316DaGYNWeOBDN
CYwUMu7mgdyHokx8McI2XiIY/+dxprNK0JO8qF6OT8NWLW8DBYn8SyTbXIAVJMH6
AvAoZu3r0QLl8k4fG4IWHk88uKPTD/Fu
-----END CERTIFICATE-----
Generated at Tue Nov 11 14:21:47 2025 by rpki-client