Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/ppcuybJ2dVTx8Oi4Rb_BK3tcepQ.roa
File: ppcuybJ2dVTx8Oi4Rb_BK3tcepQ.roa (raw, json)
Hash identifier: kVGDPxLEKz3xBW5mOWtq1nIn17YH7foWW8L0WvSguOY=
Subject key identifier: A6:97:2E:C9:B2:76:75:54:F1:F0:E8:B8:45:BF:C1:2B:7B:5C:7A:94
Certificate issuer: /CN=878abb29977a65b140cacb6e72ab24ceddd4e8c5
Certificate serial: 019952B19BA52993438A970E87D4E8067DBC
Authority key identifier: 87:8A:BB:29:97:7A:65:B1:40:CA:CB:6E:72:AB:24:CE:DD:D4:E8:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/ppcuybJ2dVTx8Oi4Rb_BK3tcepQ.roa
Signing time: Tue 16 Sep 2025 13:23:15 +0000
ROA not before: Tue 16 Sep 2025 13:23:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 984
IP address blocks: 45.8.28.0/24 maxlen: 24
45.8.31.0/24 maxlen: 24
45.9.109.0/24 maxlen: 24
45.10.211.0/24 maxlen: 24
45.80.112.0/24 maxlen: 24
193.108.47.0/24 maxlen: 24
193.164.222.0/24 maxlen: 24
193.164.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.crl
rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.mft
rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:52:b1:9b:a5:29:93:43:8a:97:0e:87:d4:e8:06:7d:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=878abb29977a65b140cacb6e72ab24ceddd4e8c5
Validity
Not Before: Sep 16 13:23:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a6972ec9b2767554f1f0e8b845bfc12b7b5c7a94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:6c:42:1d:e4:b3:60:08:ff:e4:2c:70:eb:06:
5b:43:01:98:3f:88:1a:71:f9:ba:d9:84:70:bd:38:
11:7f:ca:0c:d8:6f:2b:45:92:35:e4:a6:3a:7e:dd:
96:00:ed:11:df:8a:e9:df:f1:53:f9:84:84:df:d4:
2b:49:db:9e:33:ac:7e:18:96:db:b8:e8:5b:cd:d1:
4b:a0:6c:7a:86:19:24:9a:a9:07:cc:b7:a2:b1:5b:
8d:68:ea:63:1f:5a:bb:27:05:23:bf:d4:46:10:50:
7d:35:39:37:98:c6:2a:7a:a1:a4:f5:8a:bb:95:07:
54:b0:24:ad:a7:87:b0:cf:71:87:c5:35:df:47:cb:
8a:be:49:c3:45:7a:cf:10:f9:ec:35:6d:fd:f5:c0:
7d:f7:cd:03:a0:93:d5:59:f3:01:16:2a:9d:8e:26:
ad:09:26:8d:17:53:c7:1d:65:7c:4a:1e:21:36:3c:
a7:5a:96:56:93:46:58:58:e2:f9:a5:a2:84:aa:4b:
fd:a0:d0:a2:02:5b:a0:fd:7d:e7:27:11:9e:7b:b4:
07:26:fd:af:3f:e4:90:11:46:17:9a:f9:ff:3d:d1:
39:3b:57:1e:db:af:09:c8:cd:8e:13:b9:c3:e9:a3:
32:58:78:db:0a:ce:2a:6a:72:88:ef:d6:a1:e6:54:
6e:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:97:2E:C9:B2:76:75:54:F1:F0:E8:B8:45:BF:C1:2B:7B:5C:7A:94
X509v3 Authority Key Identifier:
keyid:87:8A:BB:29:97:7A:65:B1:40:CA:CB:6E:72:AB:24:CE:DD:D4:E8:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/ppcuybJ2dVTx8Oi4Rb_BK3tcepQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.28.0/24
45.8.31.0/24
45.9.109.0/24
45.10.211.0/24
45.80.112.0/24
193.108.47.0/24
193.164.222.0/23
Signature Algorithm: sha256WithRSAEncryption
55:4a:ac:39:c9:12:f7:a2:d8:40:ed:80:6b:0e:b2:aa:8a:50:
6d:39:1f:ea:be:4a:c2:23:2b:03:0f:43:47:e9:66:d0:97:75:
6c:87:72:e1:25:98:c7:ec:b9:f7:24:1a:0c:4c:14:d4:21:58:
ff:e5:9f:ea:46:a8:69:c1:e1:79:d1:e2:f1:dd:ea:20:42:5d:
3e:1b:ad:4c:d4:5e:2e:e6:d9:52:18:82:76:e2:0c:d0:d3:1b:
95:39:3d:47:fa:96:95:0a:44:84:c7:09:68:26:ef:2c:52:47:
00:95:aa:e2:2a:27:83:fa:38:bd:90:e7:7f:96:1d:de:7c:95:
81:62:94:94:0e:01:1d:5b:50:35:fa:6e:ca:b1:eb:71:f9:4b:
7e:6c:15:69:d1:71:1a:2a:7f:e2:39:88:36:df:01:74:50:66:
e3:8f:2f:40:da:3a:79:5c:68:30:ac:7e:e9:82:a9:a6:9b:f5:
03:42:66:44:5c:41:e8:5f:72:95:8a:8c:50:f1:ef:7b:a2:ff:
d8:9b:ef:6e:1d:8e:d6:f0:b5:35:2d:e5:46:e0:4e:e5:cf:78:
79:81:43:36:97:d5:54:22:40:cc:d9:d0:c9:a6:1f:9e:8c:3e:
38:e3:98:c2:c6:b0:c2:75:e0:41:a7:a2:1b:e0:71:8a:c8:5c:
5f:dd:f5:a6
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZlSsZulKZNDipcOh9ToBn28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OGFiYjI5OTc3YTY1YjE0MGNhY2I2ZTcyYWIyNGNlZGRk
NGU4YzUwHhcNMjUwOTE2MTMyMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjk3MmVjOWIyNzY3NTU0ZjFmMGU4Yjg0NWJmYzEyYjdiNWM3YTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWxCHeSzYAj/5Cxw6wZbQwGYP4ga
cfm62YRwvTgRf8oM2G8rRZI15KY6ft2WAO0R34rp3/FT+YSE39QrSdueM6x+GJbb
uOhbzdFLoGx6hhkkmqkHzLeisVuNaOpjH1q7JwUjv9RGEFB9NTk3mMYqeqGk9Yq7
lQdUsCStp4ewz3GHxTXfR8uKvknDRXrPEPnsNW399cB9980DoJPVWfMBFiqdjiat
CSaNF1PHHWV8Sh4hNjynWpZWk0ZYWOL5paKEqkv9oNCiAlug/X3nJxGee7QHJv2v
P+SQEUYXmvn/PdE5O1ce268JyM2OE7nD6aMyWHjbCs4qanKI79ah5lRuZwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKaXLsmydnVU8fDouEW/wSt7XHqUMB8GA1UdIwQY
MBaAFIeKuymXemWxQMrLbnKrJM7d1OjFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDRxN0taZDZaYkZBeXN0dWNxc2t6dDNVNk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wNmI4ZjUtMWE3Ni00NWY4LWI5N2Et
YWM4NjQ3ZDA1NThhLzEvcHBjdXliSjJkVlR4OE9pNFJiX0JLM3RjZXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wNmI4ZjUtMWE3Ni00NWY4LWI5N2EtYWM4NjQ3ZDA1NThh
LzEvaDRxN0taZDZaYkZBeXN0dWNxc2t6dDNVNk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALQgcAwQA
LQgfAwQALQltAwQALQrTAwQALVBwAwQAwWwvAwQBwaTeMA0GCSqGSIb3DQEBCwUA
A4IBAQBVSqw5yRL3othA7YBrDrKqilBtOR/qvkrCIysDD0NH6WbQl3Vsh3LhJZjH
7Ln3JBoMTBTUIVj/5Z/qRqhpweF50eLx3eogQl0+G61M1F4u5tlSGIJ24gzQ0xuV
OT1H+paVCkSExwloJu8sUkcAlariKieD+ji9kOd/lh3efJWBYpSUDgEdW1A1+m7K
setx+Ut+bBVp0XEaKn/iOYg23wF0UGbjjy9A2jp5XGgwrH7pgqmmm/UDQmZEXEHo
X3KVioxQ8e97ov/Ym+9uHY7W8LU1LeVG4E7lz3h5gUM2l9VUIkDM2dDJph+ejD44
45jCxrDCdeBBp6Ib4HGKyFxf3fWm
-----END CERTIFICATE-----
Generated at Sun Oct 19 16:10:29 2025 by rpki-client