Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/CxYhcTEny6fkQ5daG0MgV2eUscE.roa
File: CxYhcTEny6fkQ5daG0MgV2eUscE.roa (raw, json)
Hash identifier: h2mr/LJq0lKgXVNhXz/iTdbrgyOyw0MZYo1s19nxbvM=
Subject key identifier: 0B:16:21:71:31:27:CB:A7:E4:43:97:5A:1B:43:20:57:67:94:B1:C1
Certificate issuer: /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial: 019A0DC1E9AEA46E800DEECA1E0A9DD48CF1
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/CxYhcTEny6fkQ5daG0MgV2eUscE.roa
Signing time: Wed 22 Oct 2025 21:10:03 +0000
ROA not before: Wed 22 Oct 2025 21:10:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214238
IP address blocks: 94.158.189.0/24 maxlen: 24
157.22.41.0/24 maxlen: 24
157.22.50.0/24 maxlen: 24
157.22.58.0/24 maxlen: 24
157.22.97.0/24 maxlen: 24
157.22.106.0/24 maxlen: 24
157.22.116.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 24 Oct 2025 21:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0d:c1:e9:ae:a4:6e:80:0d:ee:ca:1e:0a:9d:d4:8c:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Validity
Not Before: Oct 22 21:10:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0b1621713127cba7e443975a1b4320576794b1c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:9e:df:c4:20:07:77:5d:67:63:91:65:1d:04:
d3:a4:31:71:ff:0c:fd:e9:90:3c:80:99:b6:5b:6e:
d7:32:c1:5a:16:12:fa:c9:12:d4:da:b7:c0:7a:9e:
38:96:37:12:b8:87:ee:1c:a3:c8:dc:bf:f6:8b:0e:
4f:28:6a:10:12:ab:10:37:fc:ba:4b:a4:77:51:b6:
37:f2:a6:de:a8:97:c9:90:85:3d:4f:23:04:4a:6c:
ee:fe:37:c6:97:fd:84:21:6e:30:aa:1a:02:3b:13:
f3:38:59:0b:5f:88:05:55:d2:65:60:2a:b4:18:9f:
4c:bd:6b:00:2e:ef:eb:8e:16:be:a0:24:6a:1b:87:
b2:50:c4:e1:f2:5e:53:b0:07:0b:a2:23:1a:50:39:
3c:46:5a:ea:4f:1e:2e:1f:d7:38:5d:71:c7:33:1a:
e7:b3:a2:f1:4e:04:0d:7a:0a:91:c9:b3:da:c4:9a:
f1:b6:9f:99:81:46:5b:64:01:80:fb:7f:ae:77:34:
a3:d6:e3:92:46:b1:1d:4b:eb:8f:0d:e4:bb:72:bc:
26:2d:12:5a:b9:79:26:ee:cb:9d:6f:d6:07:2b:bc:
35:a3:9a:bd:7c:c6:6b:e8:55:7b:62:19:9b:59:d0:
6b:7e:f4:a7:95:e4:71:37:35:0d:13:b0:6f:b5:9e:
13:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:16:21:71:31:27:CB:A7:E4:43:97:5A:1B:43:20:57:67:94:B1:C1
X509v3 Authority Key Identifier:
keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/CxYhcTEny6fkQ5daG0MgV2eUscE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.158.189.0/24
157.22.41.0/24
157.22.50.0/24
157.22.58.0/24
157.22.97.0/24
157.22.106.0/24
157.22.116.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:02:e9:74:a4:67:04:2e:58:d0:cf:65:b3:c1:dd:60:01:08:
37:f1:81:63:1a:da:43:9c:93:07:39:92:02:bc:1f:0d:76:90:
62:09:59:ae:99:05:a3:d1:25:01:73:93:1f:63:65:10:0c:9a:
e3:4b:0d:12:12:18:ec:58:ba:b5:ce:7c:83:1d:10:dc:8b:22:
31:6d:65:9e:52:29:67:1c:4c:00:4e:c0:f5:5a:7b:62:64:f7:
cc:da:71:8c:a2:ed:ad:34:e8:8d:54:bb:af:5c:f5:0f:f7:c1:
2f:6f:0b:30:6e:8c:40:1e:ca:de:07:53:c0:0d:b5:62:42:a9:
27:84:7d:c6:b3:76:59:d9:50:8e:9d:36:e2:a1:b6:a5:7d:e3:
46:49:94:de:0d:e2:5c:32:dc:47:35:3e:f7:8e:c8:35:09:2d:
72:5e:a0:2c:04:17:bc:ac:96:14:3c:42:d8:89:3b:da:4b:cb:
ed:e1:12:98:85:15:61:f6:1b:d3:1e:d0:92:57:b8:cb:1b:0e:
80:04:dd:28:41:49:dc:a9:8c:58:b0:fb:84:d4:c7:ab:6c:eb:
95:13:68:56:63:34:d5:b4:7e:5c:98:24:d3:0a:75:81:08:b4:
b3:49:3d:ae:c4:7e:32:de:78:af:b4:83:cb:e1:28:79:98:27:
d5:46:ee:07
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZoNwemupG6ADe7KHgqd1IzxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUxMDIyMjExMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjE2MjE3MTMxMjdjYmE3ZTQ0Mzk3NWExYjQzMjA1NzY3OTRiMWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ7fxCAHd11nY5FlHQTTpDFx/wz9
6ZA8gJm2W27XMsFaFhL6yRLU2rfAep44ljcSuIfuHKPI3L/2iw5PKGoQEqsQN/y6
S6R3UbY38qbeqJfJkIU9TyMESmzu/jfGl/2EIW4wqhoCOxPzOFkLX4gFVdJlYCq0
GJ9MvWsALu/rjha+oCRqG4eyUMTh8l5TsAcLoiMaUDk8RlrqTx4uH9c4XXHHMxrn
s6LxTgQNegqRybPaxJrxtp+ZgUZbZAGA+3+udzSj1uOSRrEdS+uPDeS7crwmLRJa
uXkm7sudb9YHK7w1o5q9fMZr6FV7YhmbWdBrfvSnleRxNzUNE7BvtZ4T/QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFAsWIXExJ8un5EOXWhtDIFdnlLHBMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvQ3hZaGNURW55NmZrUTVkYUcwTWdWMmVVc2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAXp69AwQA
nRYpAwQAnRYyAwQAnRY6AwQAnRZhAwQAnRZqAwQAnRZ0MA0GCSqGSIb3DQEBCwUA
A4IBAQBbAul0pGcELljQz2Wzwd1gAQg38YFjGtpDnJMHOZICvB8NdpBiCVmumQWj
0SUBc5MfY2UQDJrjSw0SEhjsWLq1znyDHRDciyIxbWWeUilnHEwATsD1WntiZPfM
2nGMou2tNOiNVLuvXPUP98EvbwswboxAHsreB1PADbViQqknhH3Gs3ZZ2VCOnTbi
obalfeNGSZTeDeJcMtxHNT73jsg1CS1yXqAsBBe8rJYUPELYiTvaS8vt4RKYhRVh
9hvTHtCSV7jLGw6ABN0oQUncqYxYsPuE1MerbOuVE2hWYzTVtH5cmCTTCnWBCLSz
ST2uxH4y3nivtIPL4Sh5mCfVRu4H
-----END CERTIFICATE-----
Generated at Fri Oct 24 03:13:19 2025 by rpki-client