Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/22fcde-720b-4f63-9c02-47d3087137f4/1/kex2GBjGMl8Z1Jc_Tt8qkx1g8WA.roa
File: kex2GBjGMl8Z1Jc_Tt8qkx1g8WA.roa (raw, json)
Hash identifier: cwNYaikHkwQsNv5tUW0M3CSYYScGJrOd1bg4QA4LyZ4=
Subject key identifier: 91:EC:76:18:18:C6:32:5F:19:D4:97:3F:4E:DF:2A:93:1D:60:F1:60
Certificate issuer: /CN=d0040765e474600e1bc7622a43663dd8d9fadc87
Certificate serial: 019A543D1F5DE9D3C717AD1A1E0C00A911D6
Authority key identifier: D0:04:07:65:E4:74:60:0E:1B:C7:62:2A:43:66:3D:D8:D9:FA:DC:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0AQHZeR0YA4bx2IqQ2Y92Nn63Ic.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/46/22fcde-720b-4f63-9c02-47d3087137f4/1/kex2GBjGMl8Z1Jc_Tt8qkx1g8WA.roa
Signing time: Wed 05 Nov 2025 13:38:03 +0000
ROA not before: Wed 05 Nov 2025 13:38:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209902
IP address blocks: 45.139.96.0/23 maxlen: 24
80.88.232.0/22 maxlen: 24
185.91.68.0/24 maxlen: 24
185.166.180.0/22 maxlen: 24
185.243.204.0/22 maxlen: 24
195.35.118.0/23 maxlen: 24
195.211.165.0/24 maxlen: 24
2a12:5140::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/46/22fcde-720b-4f63-9c02-47d3087137f4/1/0AQHZeR0YA4bx2IqQ2Y92Nn63Ic.crl
rsync://rpki.ripe.net/repository/DEFAULT/46/22fcde-720b-4f63-9c02-47d3087137f4/1/0AQHZeR0YA4bx2IqQ2Y92Nn63Ic.mft
rsync://rpki.ripe.net/repository/DEFAULT/0AQHZeR0YA4bx2IqQ2Y92Nn63Ic.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 04:01:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:54:3d:1f:5d:e9:d3:c7:17:ad:1a:1e:0c:00:a9:11:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0040765e474600e1bc7622a43663dd8d9fadc87
Validity
Not Before: Nov 5 13:38:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=91ec761818c6325f19d4973f4edf2a931d60f160
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:c3:1c:c8:eb:0a:1a:b8:b6:8c:6a:de:b9:92:
e8:a1:27:96:f5:54:b1:c9:93:f2:53:fa:25:9f:76:
58:86:ac:12:51:be:8b:74:24:52:da:60:19:72:78:
8d:2c:5d:a3:86:a3:37:fb:ac:ed:a7:02:c5:27:9a:
21:1f:39:a8:52:a6:64:58:06:70:4f:77:d1:d8:25:
0c:14:bb:cb:ee:c6:3f:83:44:0f:2b:95:f5:6b:42:
f0:57:ad:d4:1d:38:f7:ca:be:23:9d:93:31:b9:f5:
65:c3:56:89:e5:f7:d1:97:5c:fb:4e:3d:b1:fb:43:
b8:76:81:e5:f8:85:97:12:0b:a9:20:64:37:c5:40:
cb:f8:41:dc:c1:4b:2f:4d:12:fb:5f:96:65:dc:6d:
7b:dd:24:92:e5:ee:f4:3d:bd:38:83:c6:69:35:46:
f5:5b:61:52:b7:6c:4f:19:6a:7b:f6:60:8b:ed:b2:
9e:da:fa:75:dc:01:e8:6e:30:af:f7:10:fa:56:10:
20:3b:63:e0:21:c9:80:ea:7d:46:99:c5:68:10:c8:
81:76:ca:a3:db:57:c0:51:5c:06:fe:ec:f5:59:d6:
c2:74:d5:f0:d9:08:41:b9:26:e6:66:c8:76:b3:27:
b0:c9:5e:00:38:f0:a4:22:fc:86:4a:53:7b:29:47:
4a:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:EC:76:18:18:C6:32:5F:19:D4:97:3F:4E:DF:2A:93:1D:60:F1:60
X509v3 Authority Key Identifier:
keyid:D0:04:07:65:E4:74:60:0E:1B:C7:62:2A:43:66:3D:D8:D9:FA:DC:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0AQHZeR0YA4bx2IqQ2Y92Nn63Ic.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/22fcde-720b-4f63-9c02-47d3087137f4/1/kex2GBjGMl8Z1Jc_Tt8qkx1g8WA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/46/22fcde-720b-4f63-9c02-47d3087137f4/1/0AQHZeR0YA4bx2IqQ2Y92Nn63Ic.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.139.96.0/23
80.88.232.0/22
185.91.68.0/24
185.166.180.0/22
185.243.204.0/22
195.35.118.0/23
195.211.165.0/24
IPv6:
2a12:5140::/32
Signature Algorithm: sha256WithRSAEncryption
72:35:77:cd:cd:bb:aa:a3:1b:f2:9a:aa:64:7f:a1:9c:aa:87:
ea:54:ab:c5:15:46:e0:cb:0a:e8:d7:d3:4e:c1:64:b8:10:0b:
8b:b3:5d:e7:76:b1:0b:b3:bf:45:dd:36:fc:35:b8:65:3c:92:
94:6d:3b:67:02:1e:98:e5:62:77:f4:2d:15:5d:29:fe:73:79:
d3:e2:b2:93:bb:dd:1c:18:d3:25:c9:fc:e2:d3:eb:8f:d3:7a:
b2:38:77:00:bb:d4:9a:9f:60:28:01:a9:79:8f:f0:fe:1f:db:
40:68:d9:a2:28:79:61:a0:16:e1:09:60:6c:92:cd:aa:a8:5f:
e3:5c:d8:34:51:6d:4b:ca:6e:a0:a4:12:b4:92:ea:f0:97:b4:
3c:27:5a:cd:5d:9f:06:69:67:ab:24:e3:53:b3:47:05:7f:9e:
bf:d4:21:57:0a:32:cd:ba:cf:ed:bc:0a:82:1a:81:c8:93:be:
0b:38:ab:71:cb:d8:f1:bb:d6:3b:80:eb:ab:7c:c5:e4:77:5e:
79:84:b7:31:47:ac:21:a3:fa:cd:a1:08:f5:44:8a:fc:1f:e8:
bd:13:f4:e1:ca:55:f1:34:63:6b:a8:76:8b:84:34:5b:09:74:
4c:4e:08:67:ee:63:c8:0e:8c:57:7a:49:54:9b:41:60:20:2c:
15:16:13:0c
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZpUPR9d6dPHF60aHgwAqRHWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMDQwNzY1ZTQ3NDYwMGUxYmM3NjIyYTQzNjYzZGQ4ZDlm
YWRjODcwHhcNMjUxMTA1MTMzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWVjNzYxODE4YzYzMjVmMTlkNDk3M2Y0ZWRmMmE5MzFkNjBmMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucMcyOsKGri2jGreuZLooSeW9VSx
yZPyU/oln3ZYhqwSUb6LdCRS2mAZcniNLF2jhqM3+6ztpwLFJ5ohHzmoUqZkWAZw
T3fR2CUMFLvL7sY/g0QPK5X1a0LwV63UHTj3yr4jnZMxufVlw1aJ5ffRl1z7Tj2x
+0O4doHl+IWXEgupIGQ3xUDL+EHcwUsvTRL7X5Zl3G173SSS5e70Pb04g8ZpNUb1
W2FSt2xPGWp79mCL7bKe2vp13AHobjCv9xD6VhAgO2PgIcmA6n1GmcVoEMiBdsqj
21fAUVwG/uz1WdbCdNXw2QhBuSbmZsh2syewyV4AOPCkIvyGSlN7KUdK4wIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFJHsdhgYxjJfGdSXP07fKpMdYPFgMB8GA1UdIwQY
MBaAFNAEB2XkdGAOG8diKkNmPdjZ+tyHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFRSFplUjBZQTRieDJJcVEyWTkyTm42M0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8yMmZjZGUtNzIwYi00ZjYzLTljMDIt
NDdkMzA4NzEzN2Y0LzEva2V4MkdCakdNbDhaMUpjX1R0OHFreDFnOFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8yMmZjZGUtNzIwYi00ZjYzLTljMDItNDdkMzA4NzEzN2Y0
LzEvMEFRSFplUjBZQTRieDJJcVEyWTkyTm42M0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQBLYtgAwQC
UFjoAwQAuVtEAwQCuaa0AwQCufPMAwQBwyN2AwQAw9OlMA0EAgACMAcDBQAqElFA
MA0GCSqGSIb3DQEBCwUAA4IBAQByNXfNzbuqoxvymqpkf6GcqofqVKvFFUbgywro
19NOwWS4EAuLs13ndrELs79F3Tb8NbhlPJKUbTtnAh6Y5WJ39C0VXSn+c3nT4rKT
u90cGNMlyfzi0+uP03qyOHcAu9San2AoAal5j/D+H9tAaNmiKHlhoBbhCWBsks2q
qF/jXNg0UW1Lym6gpBK0kurwl7Q8J1rNXZ8GaWerJONTs0cFf56/1CFXCjLNus/t
vAqCGoHIk74LOKtxy9jxu9Y7gOurfMXkd155hLcxR6who/rNoQj1RIr8H+i9E/Th
ylXxNGNrqHaLhDRbCXRMTghn7mPIDoxXeklUm0FgICwVFhMM
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:57:47 2025 by rpki-client