Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/pOIWxKcdmhqjCV5w5POl9_2JyY4.roa
File: pOIWxKcdmhqjCV5w5POl9_2JyY4.roa (raw, json)
Hash identifier: n0yy3OyjCswMBJj55eSTCAuqwQeLoykODrZnbzLuaaU=
Subject key identifier: A4:E2:16:C4:A7:1D:9A:1A:A3:09:5E:70:E4:F3:A5:F7:FD:89:C9:8E
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 0199DF0BD343ACB4BDB7C113E28230766613
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/pOIWxKcdmhqjCV5w5POl9_2JyY4.roa
Signing time: Mon 13 Oct 2025 19:28:38 +0000
ROA not before: Mon 13 Oct 2025 19:28:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199967
IP address blocks: 91.246.192.0/24 maxlen: 24
91.246.193.0/24 maxlen: 24
91.246.194.0/24 maxlen: 24
91.246.195.0/24 maxlen: 24
176.113.180.0/24 maxlen: 24
176.113.181.0/24 maxlen: 24
176.113.182.0/24 maxlen: 24
176.113.183.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:01:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:df:0b:d3:43:ac:b4:bd:b7:c1:13:e2:82:30:76:66:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Oct 13 19:28:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a4e216c4a71d9a1aa3095e70e4f3a5f7fd89c98e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:4c:36:41:86:f3:ce:db:d7:da:0b:f0:ac:40:
61:73:ff:fd:51:72:ee:fc:73:5d:65:a8:ca:58:bb:
b2:de:4c:ba:6a:16:31:d8:d5:33:ac:5d:7e:40:47:
2a:6d:11:83:26:a6:5e:ef:3e:8a:18:47:86:f0:31:
4b:d9:59:46:ea:2c:94:fb:74:f7:9b:a6:e6:94:e9:
f9:8a:b2:11:0b:bc:7e:df:8c:c3:09:10:a0:09:dc:
9f:e5:1d:e7:bb:81:5f:62:56:ce:74:d4:5e:3a:79:
02:61:55:b4:41:d0:69:eb:65:74:62:3d:f5:23:04:
e3:05:ec:a6:9f:c2:de:0e:7e:77:55:c3:24:50:54:
03:ca:44:d9:48:c1:24:4a:c2:78:16:64:18:a7:e6:
bc:dc:d4:29:e6:72:bc:9e:fe:d3:f1:03:c1:b8:f5:
1c:ea:ca:68:ce:78:60:a4:bd:8d:6b:ca:39:e3:34:
4f:2b:8f:e9:f1:cd:c7:e8:b3:19:09:ca:fe:3e:97:
07:8c:de:1b:8a:04:f0:6d:f8:69:dc:61:81:4c:94:
de:fd:29:06:31:3b:af:62:46:94:82:dd:a0:54:dc:
1c:a1:5a:de:57:bc:ac:65:25:ec:82:80:59:f0:97:
3c:cb:e0:d9:75:50:11:af:6a:0d:23:63:c7:da:19:
a4:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:E2:16:C4:A7:1D:9A:1A:A3:09:5E:70:E4:F3:A5:F7:FD:89:C9:8E
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/pOIWxKcdmhqjCV5w5POl9_2JyY4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.246.192.0/22
176.113.180.0/22
Signature Algorithm: sha256WithRSAEncryption
87:8d:ec:99:04:73:ce:72:c8:37:7a:fa:dc:b8:31:b9:f0:2a:
9e:54:bb:81:d1:ef:17:9f:ee:2a:81:7a:41:e2:6c:93:51:5f:
ca:19:53:29:79:66:4c:77:f2:af:9f:66:9c:15:20:21:81:1c:
dc:99:c1:cf:f5:aa:2d:32:a6:2e:11:37:f8:97:71:9c:81:55:
49:aa:df:cf:b9:cc:3d:42:b7:9b:19:3c:b0:b3:a1:6e:e7:7d:
5d:49:65:b1:86:e8:38:2f:fe:8e:da:28:f6:c1:5a:ee:ec:f0:
8c:d0:c2:54:59:76:fa:d2:74:43:67:45:91:90:ff:c1:cf:89:
3f:52:b3:c5:a8:7c:a1:90:da:69:dd:0a:42:d4:67:72:32:e6:
cb:5d:fd:c8:92:bd:ad:f0:ca:51:7a:02:6f:d7:b8:cd:15:ca:
3c:10:64:d5:ff:d0:05:7c:59:38:37:d8:68:83:df:87:6f:fd:
ba:31:47:ca:4d:a6:65:a8:e3:77:a5:2a:ce:b0:96:9c:3e:14:
8e:3e:5e:a3:13:c7:b9:f7:6a:7a:bf:57:56:5b:fa:5b:fe:76:
c8:af:35:50:67:95:1c:17:41:29:b7:3e:bf:9c:d0:cb:0f:3c:
76:d7:69:c3:fe:9b:93:5a:d5:4f:3e:a9:5b:d7:72:1d:9a:3c:
bd:85:78:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnfC9NDrLS9t8ET4oIwdmYTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUxMDEzMTkyODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGUyMTZjNGE3MWQ5YTFhYTMwOTVlNzBlNGYzYTVmN2ZkODljOThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0w2QYbzztvX2gvwrEBhc//9UXLu
/HNdZajKWLuy3ky6ahYx2NUzrF1+QEcqbRGDJqZe7z6KGEeG8DFL2VlG6iyU+3T3
m6bmlOn5irIRC7x+34zDCRCgCdyf5R3nu4FfYlbOdNReOnkCYVW0QdBp62V0Yj31
IwTjBeymn8LeDn53VcMkUFQDykTZSMEkSsJ4FmQYp+a83NQp5nK8nv7T8QPBuPUc
6spoznhgpL2Na8o54zRPK4/p8c3H6LMZCcr+PpcHjN4bigTwbfhp3GGBTJTe/SkG
MTuvYkaUgt2gVNwcoVreV7ysZSXsgoBZ8Jc8y+DZdVARr2oNI2PH2hmk8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKTiFsSnHZoaowlecOTzpff9icmOMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvcE9JV3hLY2RtaHFqQ1Y1dzVQT2w5XzJKeVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW/bAAwQC
sHG0MA0GCSqGSIb3DQEBCwUAA4IBAQCHjeyZBHPOcsg3evrcuDG58CqeVLuB0e8X
n+4qgXpB4myTUV/KGVMpeWZMd/Kvn2acFSAhgRzcmcHP9aotMqYuETf4l3GcgVVJ
qt/Pucw9QrebGTyws6Fu531dSWWxhug4L/6O2ij2wVru7PCM0MJUWXb60nRDZ0WR
kP/Bz4k/UrPFqHyhkNpp3QpC1GdyMubLXf3Ikr2t8MpRegJv17jNFco8EGTV/9AF
fFk4N9hog9+Hb/26MUfKTaZlqON3pSrOsJacPhSOPl6jE8e592p6v1dWW/pb/nbI
rzVQZ5UcF0Eptz6/nNDLDzx212nD/puTWtVPPqlb13Idmjy9hXgi
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:54:22 2025 by rpki-client