Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/k2zVIiwdTRAvcuIEhqj4cmMmGVQ.roa
File: k2zVIiwdTRAvcuIEhqj4cmMmGVQ.roa (raw, json)
Hash identifier: f6fiju9NCn/GwpDLcVhQnZ97ECOZ0vtJQ1vpuQYEjA4=
Subject key identifier: 93:6C:D5:22:2C:1D:4D:10:2F:72:E2:04:86:A8:F8:72:63:26:19:54
Certificate issuer: /CN=ef54d9e41ea5e2d161b7c4cdb2e4702c4f248e14
Certificate serial: 019A1015C01E4E4D66B15242BE79160C264F
Authority key identifier: EF:54:D9:E4:1E:A5:E2:D1:61:B7:C4:CD:B2:E4:70:2C:4F:24:8E:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/k2zVIiwdTRAvcuIEhqj4cmMmGVQ.roa
Signing time: Thu 23 Oct 2025 08:00:52 +0000
ROA not before: Thu 23 Oct 2025 08:00:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203217
IP address blocks: 93.180.216.0/21 maxlen: 24
138.124.156.0/22 maxlen: 24
144.86.228.0/22 maxlen: 24
185.20.196.0/22 maxlen: 24
185.138.120.0/22 maxlen: 24
185.254.12.0/22 maxlen: 24
195.133.220.0/22 maxlen: 24
199.74.188.0/22 maxlen: 24
199.74.190.0/23 maxlen: 23
199.74.190.0/24 maxlen: 24
199.74.191.0/24 maxlen: 24
2a0b:1880::/29 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 11:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:10:15:c0:1e:4e:4d:66:b1:52:42:be:79:16:0c:26:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef54d9e41ea5e2d161b7c4cdb2e4702c4f248e14
Validity
Not Before: Oct 23 08:00:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=936cd5222c1d4d102f72e20486a8f87263261954
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:f4:63:3a:ba:bc:73:67:c5:21:ff:3b:f0:7f:
98:9c:f3:e8:78:d3:84:4a:79:58:1c:ec:23:46:33:
04:20:34:50:b9:44:62:6e:3c:44:1e:5c:63:e6:53:
5a:c6:6a:3a:33:49:28:3b:cd:18:5b:c1:ae:7a:da:
e0:f2:79:f0:ac:78:75:9f:9e:a6:a5:e3:c7:43:8c:
fc:ca:af:39:66:5b:c2:15:f0:f0:ba:40:23:92:64:
f4:f9:1b:1b:9a:95:45:d5:40:0a:47:f3:45:a5:d0:
16:9e:f2:b0:4d:10:03:59:f1:d0:29:5b:a1:7c:65:
40:12:69:35:7b:9d:88:cd:cf:d9:ad:34:a4:6c:7b:
7f:bf:f1:45:1c:35:b7:d6:19:0e:bb:54:5a:d3:ab:
bf:c6:9b:60:1a:a8:3f:ca:a5:6b:b1:5e:37:80:a0:
02:44:17:ad:ac:08:50:e5:4c:04:e2:07:a0:f5:2a:
47:77:b2:67:97:71:61:8a:15:24:5b:2b:a2:8f:d3:
97:0e:d2:eb:28:f9:9b:8b:bf:6e:a4:d2:f3:35:c7:
05:7a:da:2d:06:76:f4:77:04:9d:e0:ef:1f:4a:52:
6b:20:19:bb:07:38:02:f6:a4:48:d5:33:5d:a8:13:
ea:37:dc:0b:42:ab:89:c3:8c:43:52:ff:c5:73:c3:
0e:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:6C:D5:22:2C:1D:4D:10:2F:72:E2:04:86:A8:F8:72:63:26:19:54
X509v3 Authority Key Identifier:
keyid:EF:54:D9:E4:1E:A5:E2:D1:61:B7:C4:CD:B2:E4:70:2C:4F:24:8E:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/k2zVIiwdTRAvcuIEhqj4cmMmGVQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.180.216.0/21
138.124.156.0/22
144.86.228.0/22
185.20.196.0/22
185.138.120.0/22
185.254.12.0/22
195.133.220.0/22
199.74.188.0/22
IPv6:
2a0b:1880::/29
Signature Algorithm: sha256WithRSAEncryption
b3:b1:3d:24:1c:8b:f4:93:d1:58:f5:6f:ec:be:bb:4f:2e:04:
03:17:65:80:7f:ee:11:a6:29:40:35:69:e2:a6:7b:ba:8c:0a:
e1:da:d2:e0:57:bb:f7:c9:eb:6e:83:1c:0b:41:08:e9:a4:48:
8f:36:7e:56:d4:6a:d6:ce:d9:a5:61:a0:f2:1f:13:85:85:58:
70:29:a4:c9:2f:25:4d:8b:68:e9:88:6b:26:84:71:9a:2c:e4:
29:44:b0:5d:97:24:ce:ff:90:8f:e8:52:c6:a3:ac:d2:df:46:
8b:ab:80:73:eb:9f:8a:bc:23:ac:c8:36:a5:16:ff:2f:54:93:
7f:6a:87:f2:77:e8:db:6e:5d:42:f4:9d:e4:81:77:8b:4c:25:
83:43:c3:80:5b:1b:0e:ea:3c:c1:73:1e:78:94:80:f3:da:00:
c7:e9:a1:0e:2f:b3:8b:b7:cc:b3:5c:51:26:9c:93:c1:9c:1c:
0c:33:87:9a:71:42:ed:2d:6c:65:80:28:8b:a9:08:d8:0c:78:
9e:78:a4:b9:c4:50:18:b5:49:ec:c5:5c:6f:35:b4:26:1b:8b:
a9:47:e2:2c:f5:13:ea:93:7a:60:29:b6:02:3f:f2:8a:46:4c:
75:c0:01:65:2d:b2:3c:c1:27:10:2c:81:fe:88:d7:fd:23:f2:
81:3e:69:6f
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZoQFcAeTk1msVJCvnkWDCZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTRkOWU0MWVhNWUyZDE2MWI3YzRjZGIyZTQ3MDJjNGYy
NDhlMTQwHhcNMjUxMDIzMDgwMDUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzZjZDUyMjJjMWQ0ZDEwMmY3MmUyMDQ4NmE4Zjg3MjYzMjYxOTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvRjOrq8c2fFIf878H+YnPPoeNOE
SnlYHOwjRjMEIDRQuURibjxEHlxj5lNaxmo6M0koO80YW8Guetrg8nnwrHh1n56m
pePHQ4z8yq85ZlvCFfDwukAjkmT0+RsbmpVF1UAKR/NFpdAWnvKwTRADWfHQKVuh
fGVAEmk1e52Izc/ZrTSkbHt/v/FFHDW31hkOu1Ra06u/xptgGqg/yqVrsV43gKAC
RBetrAhQ5UwE4geg9SpHd7Jnl3FhihUkWyuij9OXDtLrKPmbi79upNLzNccFetot
Bnb0dwSd4O8fSlJrIBm7BzgC9qRI1TNdqBPqN9wLQquJw4xDUv/Fc8MOhwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFJNs1SIsHU0QL3LiBIao+HJjJhlUMB8GA1UdIwQY
MBaAFO9U2eQepeLRYbfEzbLkcCxPJI4UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFUWjVCNmw0dEZodDhUTnN1UndMRThramhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lYzAwZTItY2JkYS00YjMyLThjMzIt
ZmJjNmZjYjVlN2E2LzEvazJ6Vklpd2RUUkF2Y3VJRWhxajRjbU1tR1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lYzAwZTItY2JkYS00YjMyLThjMzItZmJjNmZjYjVlN2E2
LzEvNzFUWjVCNmw0dEZodDhUTnN1UndMRThramhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDXbTYAwQC
inycAwQCkFbkAwQCuRTEAwQCuYp4AwQCuf4MAwQCw4XcAwQCx0q8MA0EAgACMAcD
BQMqCxiAMA0GCSqGSIb3DQEBCwUAA4IBAQCzsT0kHIv0k9FY9W/svrtPLgQDF2WA
f+4RpilANWnipnu6jArh2tLgV7v3yetugxwLQQjppEiPNn5W1GrWztmlYaDyHxOF
hVhwKaTJLyVNi2jpiGsmhHGaLOQpRLBdlyTO/5CP6FLGo6zS30aLq4Bz65+KvCOs
yDalFv8vVJN/aofyd+jbbl1C9J3kgXeLTCWDQ8OAWxsO6jzBcx54lIDz2gDH6aEO
L7OLt8yzXFEmnJPBnBwMM4eacULtLWxlgCiLqQjYDHieeKS5xFAYtUnsxVxvNbQm
G4upR+Is9RPqk3pgKbYCP/KKRkx1wAFlLbI8wScQLIH+iNf9I/KBPmlv
-----END CERTIFICATE-----
Generated at Mon Oct 27 18:13:50 2025 by rpki-client