Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/LmPONTc9HmVEIaZZvQPVO26vfh8.roa
File: LmPONTc9HmVEIaZZvQPVO26vfh8.roa (raw, json)
Hash identifier: lRth17RD7iKMs6kGp5r7R3SAvY0lyXyyl+l0LsJd7xM=
Subject key identifier: 2E:63:CE:35:37:3D:1E:65:44:21:A6:59:BD:03:D5:3B:6E:AF:7E:1F
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 0199152F969628D70B5A6D36C43D24A1F4F4
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/LmPONTc9HmVEIaZZvQPVO26vfh8.roa
Signing time: Thu 04 Sep 2025 14:44:24 +0000
ROA not before: Thu 04 Sep 2025 14:44:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.86.6.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
193.35.153.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 02:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:15:2f:96:96:28:d7:0b:5a:6d:36:c4:3d:24:a1:f4:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Sep 4 14:44:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2e63ce35373d1e654421a659bd03d53b6eaf7e1f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:fa:2f:24:ea:81:8a:1a:02:0f:5f:10:b2:99:
63:90:74:6f:d8:b4:1e:26:4d:eb:c2:0b:d3:ca:4b:
ed:ae:55:29:d3:8a:a4:00:7e:86:f2:2a:54:64:61:
a3:71:14:49:e3:80:07:15:16:59:07:7a:5c:65:01:
90:d1:2b:15:cc:3f:72:3f:2e:72:90:22:cf:e1:72:
22:8f:c4:59:00:c8:9c:54:26:68:0a:71:c4:d1:88:
70:a8:49:37:24:03:7c:bb:f7:48:3d:ca:cd:41:42:
3e:00:99:4b:47:7f:e1:2c:74:d6:2b:e8:20:b5:a3:
81:b5:dd:da:d9:4e:72:f6:aa:d5:20:61:0b:90:8e:
c1:9a:a7:f0:15:53:5a:ee:b0:e9:50:d0:35:46:8f:
3c:dd:a3:9e:e7:68:bf:ba:03:ee:25:c0:e5:09:6a:
ba:05:ae:38:64:c8:e9:ff:71:c4:58:09:52:89:d4:
6d:71:00:b4:9a:80:c1:24:c4:40:f3:37:07:ce:af:
17:ab:e3:4a:be:2a:20:87:9c:41:d9:40:84:87:39:
4b:8f:98:29:d1:0e:84:a2:19:6e:2a:6a:19:25:e9:
e9:d1:ae:2c:4d:ea:1d:81:96:e4:a1:0e:ab:37:d2:
c4:ad:cf:2a:2b:95:54:3a:55:96:b1:3e:9b:ec:dd:
65:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:63:CE:35:37:3D:1E:65:44:21:A6:59:BD:03:D5:3B:6E:AF:7E:1F
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/LmPONTc9HmVEIaZZvQPVO26vfh8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.86.6.0/24
185.254.28.0/24
193.35.153.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:ba:dc:23:85:55:1e:4d:1d:19:bf:7c:9f:e2:9d:89:3c:8d:
9c:b9:46:84:85:cd:d0:3b:c1:f9:8a:ea:23:df:2b:e3:ea:bb:
90:28:7c:da:c4:a0:54:bb:d4:1f:18:80:86:e9:ef:bc:51:eb:
bd:4e:07:19:ab:3b:79:b8:b0:e9:5b:2f:5d:83:a1:55:26:a4:
33:da:55:cb:6f:39:cc:3e:54:f7:c4:1b:6f:98:b3:7f:c2:22:
08:8c:3a:fc:7e:f9:c9:f6:10:70:65:53:de:46:df:83:42:f9:
0b:dd:db:b7:78:05:ac:17:7c:29:1b:50:73:51:58:f4:83:5b:
e3:6f:1a:76:58:a1:78:31:c4:db:bd:41:c3:c9:18:db:56:47:
ff:c0:80:bc:ff:8a:f5:00:b2:52:12:29:fd:92:82:01:a2:73:
7c:2e:1a:73:af:a9:6e:06:3e:85:16:5b:02:17:10:01:b2:71:
4b:ff:77:ba:94:00:42:e2:2f:a9:dd:5a:6b:d8:f8:b1:a2:ba:
44:ea:89:80:5d:36:a5:7f:5f:e6:85:bf:44:fb:f8:f4:62:7e:
4c:85:91:c9:ad:16:ff:d2:81:19:95:2d:7c:dd:31:09:33:d2:
fc:ca:50:57:43:eb:1d:04:09:01:7c:3e:72:69:19:56:2e:63:
84:e4:6f:e5
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZkVL5aWKNcLWm02xD0kofT0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwOTA0MTQ0NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTYzY2UzNTM3M2QxZTY1NDQyMWE2NTliZDAzZDUzYjZlYWY3ZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fovJOqBihoCD18QspljkHRv2LQe
Jk3rwgvTykvtrlUp04qkAH6G8ipUZGGjcRRJ44AHFRZZB3pcZQGQ0SsVzD9yPy5y
kCLP4XIij8RZAMicVCZoCnHE0YhwqEk3JAN8u/dIPcrNQUI+AJlLR3/hLHTWK+gg
taOBtd3a2U5y9qrVIGELkI7BmqfwFVNa7rDpUNA1Ro883aOe52i/ugPuJcDlCWq6
Ba44ZMjp/3HEWAlSidRtcQC0moDBJMRA8zcHzq8Xq+NKviogh5xB2UCEhzlLj5gp
0Q6EohluKmoZJenp0a4sTeodgZbkoQ6rN9LErc8qK5VUOlWWsT6b7N1lwwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFC5jzjU3PR5lRCGmWb0D1Ttur34fMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvTG1QT05UYzlIbVZFSWFaWnZRUFZPMjZ2Zmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBABt7DED
BAJt7DADBAC5VgYDBAC5/hwDBADBI5kwDQYJKoZIhvcNAQELBQADggEBAA263COF
VR5NHRm/fJ/inYk8jZy5RoSFzdA7wfmK6iPfK+Pqu5AofNrEoFS71B8YgIbp77xR
671OBxmrO3m4sOlbL12DoVUmpDPaVctvOcw+VPfEG2+Ys3/CIgiMOvx++cn2EHBl
U95G34NC+Qvd27d4BawXfCkbUHNRWPSDW+NvGnZYoXgxxNu9QcPJGNtWR//AgLz/
ivUAslISKf2SggGic3wuGnOvqW4GPoUWWwIXEAGycUv/d7qUAELiL6ndWmvY+LGi
ukTqiYBdNqV/X+aFv0T7+PRifkyFkcmtFv/SgRmVLXzdMQkz0vzKUFdD6x0ECQF8
PnJpGVYuY4Tkb+U=
-----END CERTIFICATE-----
Generated at Sat Sep 6 10:05:49 2025 by rpki-client