Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/DBeutfdGN6-nsik-J7EKtzdzgug.roa
File: DBeutfdGN6-nsik-J7EKtzdzgug.roa (raw, json)
Hash identifier: rSGIe460ofzpwJUY3MOtl5l8cQMj+FOwHoTbjc8T+uk=
Subject key identifier: 0C:17:AE:B5:F7:46:37:AF:A7:B2:29:3E:27:B1:0A:B7:37:73:82:E8
Certificate issuer: /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial: 019A48CB70745A34D6E2DCEB1777141F4CDB
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/DBeutfdGN6-nsik-J7EKtzdzgug.roa
Signing time: Mon 03 Nov 2025 08:18:03 +0000
ROA not before: Mon 03 Nov 2025 08:18:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 95.170.19.0/24 maxlen: 24
95.170.22.0/24 maxlen: 24
95.170.23.0/24 maxlen: 24
95.170.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 04 Nov 2025 15:12:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:48:cb:70:74:5a:34:d6:e2:dc:eb:17:77:14:1f:4c:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Validity
Not Before: Nov 3 08:18:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0c17aeb5f74637afa7b2293e27b10ab7377382e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:2d:e4:f5:55:9d:47:0f:2c:5f:2c:aa:4a:99:
d0:88:ec:d5:1e:61:d0:7d:14:c4:33:ad:c0:9b:02:
0a:98:8c:c5:17:47:22:cc:4e:ad:9e:13:35:a6:f0:
b2:10:e8:b1:41:72:c5:9d:ea:b6:da:a7:aa:c9:97:
7b:1a:c8:f6:0c:9e:58:2d:f2:66:fe:55:ff:9a:3f:
e5:dc:21:55:e5:49:63:97:6b:59:c3:be:4b:8b:f5:
5a:68:7a:21:c4:e0:b0:fd:c6:99:d8:dc:08:0b:29:
e4:ad:9f:cd:6f:ba:4c:73:43:71:6a:26:20:68:83:
cf:36:35:29:1b:28:80:30:72:fe:18:7b:60:0b:f0:
cf:db:a2:ba:7e:2a:b6:58:5e:58:61:b7:1d:99:5f:
d2:e3:0e:41:18:16:2a:b6:8a:d0:7d:66:d2:51:0b:
37:b8:4e:e7:8e:87:06:ed:0c:e3:39:08:92:b9:57:
e8:68:f6:b2:58:3b:7e:13:f4:e5:ea:e7:00:68:2f:
76:a0:80:e8:b1:60:c9:76:16:fe:15:9c:b8:a0:92:
aa:56:3b:b1:73:15:62:4b:76:f1:eb:a1:c7:00:32:
95:60:25:69:db:61:a5:7f:b0:2c:7f:5f:f7:cd:92:
40:a3:c6:16:59:c0:38:1d:e6:9b:61:af:41:e1:70:
27:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:17:AE:B5:F7:46:37:AF:A7:B2:29:3E:27:B1:0A:B7:37:73:82:E8
X509v3 Authority Key Identifier:
keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/DBeutfdGN6-nsik-J7EKtzdzgug.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.170.19.0/24
95.170.22.0/23
95.170.28.0/24
Signature Algorithm: sha256WithRSAEncryption
98:7f:b6:79:63:60:0f:30:4a:cf:d9:6f:38:68:2c:3f:d7:8c:
df:b9:41:37:36:fc:03:1a:ab:e0:17:95:4d:82:3e:da:05:58:
4a:7e:5c:9c:e5:2c:ee:9b:9f:e2:90:5d:65:a6:0e:6f:78:57:
9f:34:f1:bf:82:ad:9c:6c:0f:04:0a:3f:d7:c0:25:a6:2b:3a:
4b:32:7d:cd:06:de:3a:5d:7d:28:db:32:f8:c9:0a:84:88:89:
d0:0d:44:9a:14:e0:2c:c5:2b:ba:77:84:55:c0:c0:9c:2c:10:
49:6f:64:ee:0f:1d:f5:7c:b7:4a:78:dd:48:63:6b:3a:ed:57:
53:9c:eb:04:7a:bf:56:a6:09:dd:22:e3:b9:ae:61:d1:ca:e8:
f0:5f:01:85:ee:1c:d5:00:f0:b0:b4:a0:0f:9b:c9:33:a4:69:
ea:50:5c:cf:51:75:00:67:25:ce:da:6e:0e:68:66:6d:ab:af:
33:20:5b:73:eb:93:fb:ba:cf:21:c3:4e:72:5c:92:18:b3:75:
06:55:9e:d7:86:90:0a:58:d1:3b:20:13:ee:fb:e8:4c:df:8a:
57:91:ab:7d:6b:3d:ac:73:f7:16:88:5c:ec:1c:8d:95:e3:9d:
24:d6:58:23:1f:40:9b:14:64:8e:13:27:ba:5e:2f:a3:95:ac:
9d:07:6d:5f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZpIy3B0WjTW4tzrF3cUH0zbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUxMTAzMDgxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzE3YWViNWY3NDYzN2FmYTdiMjI5M2UyN2IxMGFiNzM3NzM4MmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi3k9VWdRw8sXyyqSpnQiOzVHmHQ
fRTEM63AmwIKmIzFF0cizE6tnhM1pvCyEOixQXLFneq22qeqyZd7Gsj2DJ5YLfJm
/lX/mj/l3CFV5Uljl2tZw75Li/VaaHohxOCw/caZ2NwICynkrZ/Nb7pMc0NxaiYg
aIPPNjUpGyiAMHL+GHtgC/DP26K6fiq2WF5YYbcdmV/S4w5BGBYqtorQfWbSUQs3
uE7njocG7QzjOQiSuVfoaPayWDt+E/Tl6ucAaC92oIDosWDJdhb+FZy4oJKqVjux
cxViS3bx66HHADKVYCVp22Glf7Asf1/3zZJAo8YWWcA4HeabYa9B4XAnVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAwXrrX3Rjevp7IpPiexCrc3c4LoMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvREJldXRmZEdONi1uc2lrLUo3RUt0emR6Z3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAX6oTAwQB
X6oWAwQAX6ocMA0GCSqGSIb3DQEBCwUAA4IBAQCYf7Z5Y2APMErP2W84aCw/14zf
uUE3NvwDGqvgF5VNgj7aBVhKflyc5Szum5/ikF1lpg5veFefNPG/gq2cbA8ECj/X
wCWmKzpLMn3NBt46XX0o2zL4yQqEiInQDUSaFOAsxSu6d4RVwMCcLBBJb2TuDx31
fLdKeN1IY2s67VdTnOsEer9WpgndIuO5rmHRyujwXwGF7hzVAPCwtKAPm8kzpGnq
UFzPUXUAZyXO2m4OaGZtq68zIFtz65P7us8hw05yXJIYs3UGVZ7XhpAKWNE7IBPu
++hM34pXkat9az2sc/cWiFzsHI2V450k1lgjH0CbFGSOEye6Xi+jlaydB21f
-----END CERTIFICATE-----
Generated at Mon Nov 3 23:16:29 2025 by rpki-client