Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/2Q7Citj0p3OdcVl7uqhsISED7cM.roa
File: 2Q7Citj0p3OdcVl7uqhsISED7cM.roa (raw, json)
Hash identifier: E8M0IO3Gnci/Jg+ekOq1tdi+rV0u7bvfLxQV6E+5KVA=
Subject key identifier: D9:0E:C2:8A:D8:F4:A7:73:9D:71:59:7B:BA:A8:6C:21:21:03:ED:C3
Certificate issuer: /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial: 019A02881230CE37784F7012F51CE65E23B7
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/2Q7Citj0p3OdcVl7uqhsISED7cM.roa
Signing time: Mon 20 Oct 2025 16:51:03 +0000
ROA not before: Mon 20 Oct 2025 16:51:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14576
IP address blocks: 45.145.128.0/23 maxlen: 23
193.187.92.0/22 maxlen: 22
193.202.12.0/22 maxlen: 22
193.202.84.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 26 Oct 2025 19:59:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:02:88:12:30:ce:37:78:4f:70:12:f5:1c:e6:5e:23:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Validity
Not Before: Oct 20 16:51:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d90ec28ad8f4a7739d71597bbaa86c212103edc3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:51:b2:fd:c0:26:66:33:55:92:a5:88:54:c7:
6a:25:f2:e3:1f:cf:4b:9f:54:f4:aa:f1:25:ac:ab:
78:1a:ce:eb:fe:ae:f4:3f:70:b2:f1:90:3f:04:20:
26:4b:3a:fa:fb:c3:4e:20:8c:3c:77:ce:64:db:23:
3e:4e:65:ef:c1:c7:d1:4c:7f:1b:a9:9e:fd:81:c5:
c6:fa:44:c8:bd:1c:01:15:d6:d3:d2:5e:67:fa:83:
b9:24:80:68:e3:73:eb:9f:d2:1a:0d:c2:e2:69:18:
31:55:80:40:77:72:98:66:0d:a0:5f:15:64:5b:8d:
dc:33:2b:0a:be:17:48:ab:38:16:70:82:8e:7d:7a:
8c:91:f3:74:73:96:bc:a2:c9:bf:73:6c:2a:4a:92:
5b:6b:9a:1f:72:97:9d:aa:e8:30:6d:37:44:3e:c4:
66:49:6c:ff:69:c7:06:17:5e:d5:10:30:a0:a4:8c:
2e:a1:26:a9:81:18:bb:44:03:43:0a:54:7f:e7:f9:
92:08:49:3a:8e:f9:39:a7:1f:40:e9:95:b1:ac:99:
7a:f7:c6:26:6a:8f:fa:ce:9e:e2:14:64:99:f9:3e:
0f:1d:ca:eb:a9:05:1d:46:a8:08:af:6e:d4:01:c5:
c8:a3:62:c0:9b:3d:03:ab:af:2f:bb:94:c1:43:4c:
b4:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:0E:C2:8A:D8:F4:A7:73:9D:71:59:7B:BA:A8:6C:21:21:03:ED:C3
X509v3 Authority Key Identifier:
keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/2Q7Citj0p3OdcVl7uqhsISED7cM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.145.128.0/23
193.187.92.0/22
193.202.12.0/22
193.202.84.0/22
Signature Algorithm: sha256WithRSAEncryption
56:97:6b:ee:4d:b0:df:29:47:a1:ed:e7:fc:8c:b8:b3:fe:41:
85:7f:24:39:bd:f8:b6:38:b9:08:5a:c6:a1:d7:f4:8e:d6:4e:
1c:b1:20:45:e1:57:50:27:4d:ec:a1:c6:93:db:4b:a2:e0:ff:
15:01:fb:8a:fd:ab:cc:58:43:99:e8:e3:86:9a:a5:ff:2e:07:
cb:2d:4a:2f:e2:3b:4f:a5:de:89:84:0f:93:7f:e4:9e:a9:bc:
b8:cc:59:04:41:3f:ee:97:72:e5:a4:d8:64:8b:fb:1d:89:5b:
fc:e3:18:5e:5b:5f:45:a9:5a:2e:0d:73:c9:7f:23:f3:d5:ef:
c5:a6:1a:ff:d8:4f:9b:1f:c8:b4:7e:52:fd:72:14:af:77:b3:
e9:5d:24:23:99:43:99:3e:d5:d9:17:87:d3:6a:cd:0a:8b:19:
d4:95:ff:df:0a:e6:98:f1:94:67:c6:cb:9d:64:a8:fb:98:66:
3b:64:8c:41:dd:f5:5c:52:f5:e4:e0:30:4d:4b:fe:87:8a:83:
3f:93:15:18:62:d7:a7:9b:59:0f:46:a0:a4:b8:60:19:7f:d3:
d1:8b:29:7d:05:50:4a:d6:a4:05:2f:f5:27:50:eb:64:2c:f3:
71:ec:e3:10:75:7e:1f:a0:12:26:dd:50:df:0e:7b:5e:fd:9a:
71:2f:3e:67
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZoCiBIwzjd4T3AS9RzmXiO3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjUxMDIwMTY1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTBlYzI4YWQ4ZjRhNzczOWQ3MTU5N2JiYWE4NmMyMTIxMDNlZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1Gy/cAmZjNVkqWIVMdqJfLjH89L
n1T0qvElrKt4Gs7r/q70P3Cy8ZA/BCAmSzr6+8NOIIw8d85k2yM+TmXvwcfRTH8b
qZ79gcXG+kTIvRwBFdbT0l5n+oO5JIBo43Prn9IaDcLiaRgxVYBAd3KYZg2gXxVk
W43cMysKvhdIqzgWcIKOfXqMkfN0c5a8osm/c2wqSpJba5ofcpedqugwbTdEPsRm
SWz/accGF17VEDCgpIwuoSapgRi7RANDClR/5/mSCEk6jvk5px9A6ZWxrJl698Ym
ao/6zp7iFGSZ+T4PHcrrqQUdRqgIr27UAcXIo2LAmz0Dq68vu5TBQ0y09QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNkOworY9KdznXFZe7qobCEhA+3DMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xLzJRN0NpdGowcDNPZGNWbDd1cWhzSVNFRDdjTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBAEtkYAD
BALBu1wDBALBygwDBALBylQwDQYJKoZIhvcNAQELBQADggEBAFaXa+5NsN8pR6Ht
5/yMuLP+QYV/JDm9+LY4uQhaxqHX9I7WThyxIEXhV1AnTeyhxpPbS6Lg/xUB+4r9
q8xYQ5no44aapf8uB8stSi/iO0+l3omED5N/5J6pvLjMWQRBP+6XcuWk2GSL+x2J
W/zjGF5bX0WpWi4Nc8l/I/PV78WmGv/YT5sfyLR+Uv1yFK93s+ldJCOZQ5k+1dkX
h9NqzQqLGdSV/98K5pjxlGfGy51kqPuYZjtkjEHd9VxS9eTgME1L/oeKgz+TFRhi
16ebWQ9GoKS4YBl/09GLKX0FUErWpAUv9SdQ62Qs83Hs4xB1fh+gEibdUN8Oe179
mnEvPmc=
-----END CERTIFICATE-----
Generated at Sun Oct 26 00:00:47 2025 by rpki-client