Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/T9GI8EAV6rY4ewZOPHNLp1nr-Xs.roa
File: T9GI8EAV6rY4ewZOPHNLp1nr-Xs.roa (raw, json)
Hash identifier: /Gs+MIN9DqwyaoaMpnSQfu6noNxSgiy4Ndw97dxKgQ4=
Subject key identifier: 4F:D1:88:F0:40:15:EA:B6:38:7B:06:4E:3C:73:4B:A7:59:EB:F9:7B
Certificate issuer: /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial: 019A06955E54669FC746FD70AC172002132D
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/T9GI8EAV6rY4ewZOPHNLp1nr-Xs.roa
Signing time: Tue 21 Oct 2025 11:44:03 +0000
ROA not before: Tue 21 Oct 2025 11:44:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41124
IP address blocks: 31.148.208.0/22 maxlen: 24
93.171.64.0/21 maxlen: 24
93.171.228.0/23 maxlen: 24
95.47.32.0/22 maxlen: 24
95.47.192.0/22 maxlen: 24
146.120.124.0/22 maxlen: 24
146.120.152.0/22 maxlen: 24
146.120.176.0/22 maxlen: 24
146.158.24.0/22 maxlen: 24
146.158.64.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 23 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:06:95:5e:54:66:9f:c7:46:fd:70:ac:17:20:02:13:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Validity
Not Before: Oct 21 11:44:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4fd188f04015eab6387b064e3c734ba759ebf97b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:ad:c8:27:a2:2e:a6:91:62:23:fc:4b:99:c7:
48:17:c1:dc:80:f9:f6:c9:38:82:f5:98:42:09:f9:
c4:f0:3f:9a:91:ee:b0:28:a5:c2:b6:d0:95:fd:d2:
1b:ab:dd:56:8a:6f:b3:f9:72:c7:2b:ee:ea:3c:be:
42:9c:88:3e:d4:6a:e9:b1:f0:0f:e8:6f:88:b2:63:
87:12:39:4f:12:e4:d9:89:46:97:93:e9:1f:85:57:
fc:99:eb:dd:41:6d:1c:26:f1:3e:36:17:14:94:a1:
30:9f:5d:69:ed:5b:4e:ce:7c:7d:82:25:e1:f6:fd:
0d:40:5a:56:49:34:62:91:60:0c:f4:18:8a:4d:84:
90:78:0a:8e:4b:15:08:5c:63:0a:18:35:70:8d:1e:
94:5f:cc:45:67:60:71:9a:97:f9:e8:01:fe:4e:76:
a6:73:53:31:55:09:91:e7:94:5c:8e:a3:50:13:8b:
59:f3:ad:3f:9b:e5:98:45:52:4a:7e:3f:f1:e5:72:
ac:6b:f4:98:cf:d6:30:2b:41:83:f1:4b:c9:90:6b:
82:05:ac:34:19:20:6c:50:57:7e:33:25:b0:3b:66:
16:50:9a:6f:1f:90:9d:7b:7f:c9:a4:13:82:68:f3:
2c:08:1e:e1:96:54:e8:8e:c9:8a:a8:bd:94:cf:f9:
3e:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:D1:88:F0:40:15:EA:B6:38:7B:06:4E:3C:73:4B:A7:59:EB:F9:7B
X509v3 Authority Key Identifier:
keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/T9GI8EAV6rY4ewZOPHNLp1nr-Xs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.148.208.0/22
93.171.64.0/21
93.171.228.0/23
95.47.32.0/22
95.47.192.0/22
146.120.124.0/22
146.120.152.0/22
146.120.176.0/22
146.158.24.0/22
146.158.64.0/22
Signature Algorithm: sha256WithRSAEncryption
a1:59:b8:f9:f9:bf:98:4f:f4:b4:9f:fc:06:35:b7:b8:cf:0d:
11:3f:b9:55:3d:b1:b8:54:52:8c:96:1f:28:22:05:07:3b:2f:
38:a4:c2:cc:45:3d:4b:25:2d:de:8c:44:12:84:ab:81:3d:d4:
c5:0c:51:1d:9d:0d:93:cb:9c:3c:76:e1:6b:fd:36:13:13:53:
24:e0:a2:90:25:04:24:9d:e2:6f:f4:13:cb:fe:15:1e:0d:67:
7a:41:50:00:02:d3:20:45:28:cc:bc:62:43:d4:27:a5:7f:54:
9a:1e:59:fb:05:5d:11:38:da:de:32:bf:f4:c9:95:25:99:26:
e9:31:1f:75:67:54:27:74:d1:5c:a4:98:1b:c5:64:a4:5d:db:
3d:7d:de:fb:40:07:12:11:13:c8:2a:38:71:65:7f:70:e9:d0:
9e:c8:cf:7e:8c:7d:96:f8:b0:73:36:0b:04:8e:2c:b6:66:bf:
3b:a6:91:1c:fd:5f:b5:81:ec:61:d1:a8:fc:4f:bd:14:2f:eb:
43:41:46:95:99:7c:6e:2e:9e:4f:2a:ea:01:54:6d:7d:02:de:
04:55:c9:07:cd:67:99:e7:bf:7c:cb:f9:61:36:4e:1f:85:90:
74:cf:b6:0e:de:f7:cb:cb:01:3e:c2:06:e7:ae:7f:b4:17:23:
9b:07:34:89
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZoGlV5UZp/HRv1wrBcgAhMtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUxMDIxMTE0NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQxODhmMDQwMTVlYWI2Mzg3YjA2NGUzYzczNGJhNzU5ZWJmOTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAla3IJ6IuppFiI/xLmcdIF8HcgPn2
yTiC9ZhCCfnE8D+ake6wKKXCttCV/dIbq91Wim+z+XLHK+7qPL5CnIg+1GrpsfAP
6G+IsmOHEjlPEuTZiUaXk+kfhVf8mevdQW0cJvE+NhcUlKEwn11p7VtOznx9giXh
9v0NQFpWSTRikWAM9BiKTYSQeAqOSxUIXGMKGDVwjR6UX8xFZ2Bxmpf56AH+Tnam
c1MxVQmR55RcjqNQE4tZ860/m+WYRVJKfj/x5XKsa/SYz9YwK0GD8UvJkGuCBaw0
GSBsUFd+MyWwO2YWUJpvH5Cde3/JpBOCaPMsCB7hllTojsmKqL2Uz/k+twIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFE/RiPBAFeq2OHsGTjxzS6dZ6/l7MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvVDlHSThFQVY2clk0ZXdaT1BITkxwMW5yLVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCH5TQAwQD
XatAAwQBXavkAwQCXy8gAwQCXy/AAwQCknh8AwQCkniYAwQCkniwAwQCkp4YAwQC
kp5AMA0GCSqGSIb3DQEBCwUAA4IBAQChWbj5+b+YT/S0n/wGNbe4zw0RP7lVPbG4
VFKMlh8oIgUHOy84pMLMRT1LJS3ejEQShKuBPdTFDFEdnQ2Ty5w8duFr/TYTE1Mk
4KKQJQQkneJv9BPL/hUeDWd6QVAAAtMgRSjMvGJD1Celf1SaHln7BV0RONreMr/0
yZUlmSbpMR91Z1QndNFcpJgbxWSkXds9fd77QAcSERPIKjhxZX9w6dCeyM9+jH2W
+LBzNgsEjiy2Zr87ppEc/V+1gexh0aj8T70UL+tDQUaVmXxuLp5PKuoBVG19At4E
VckHzWeZ5798y/lhNk4fhZB0z7YO3vfLywE+wgbnrn+0FyObBzSJ
-----END CERTIFICATE-----
Generated at Wed Oct 22 22:01:25 2025 by rpki-client