Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/nKQffzVaC8uVNgTXixnx37_DL6s.roa
File: nKQffzVaC8uVNgTXixnx37_DL6s.roa (raw, json)
Hash identifier: pYAPWd/N9R42UtkBeCiR8wjtUnidTLisTp0Evm7U4aE=
Subject key identifier: 9C:A4:1F:7F:35:5A:0B:CB:95:36:04:D7:8B:19:F1:DF:BF:C3:2F:AB
Certificate issuer: /CN=293e0cd8b3e044edb823aef688aafb0b75de8675
Certificate serial: 019A267AF3026245649BB6E348C0237B7061
Authority key identifier: 29:3E:0C:D8:B3:E0:44:ED:B8:23:AE:F6:88:AA:FB:0B:75:DE:86:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KT4M2LPgRO24I672iKr7C3XehnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/nKQffzVaC8uVNgTXixnx37_DL6s.roa
Signing time: Mon 27 Oct 2025 16:23:03 +0000
ROA not before: Mon 27 Oct 2025 16:23:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51026
IP address blocks: 45.129.36.0/24 maxlen: 24
45.129.37.0/24 maxlen: 24
45.129.38.0/24 maxlen: 24
45.129.39.0/24 maxlen: 24
185.53.141.0/24 maxlen: 24
185.53.142.0/24 maxlen: 24
185.53.143.0/24 maxlen: 24
185.126.202.0/24 maxlen: 24
185.126.203.0/24 maxlen: 24
2a0a:2fc4::/32 maxlen: 32
2a0d:9680::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/KT4M2LPgRO24I672iKr7C3XehnU.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/KT4M2LPgRO24I672iKr7C3XehnU.mft
rsync://rpki.ripe.net/repository/DEFAULT/KT4M2LPgRO24I672iKr7C3XehnU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 14:12:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:26:7a:f3:02:62:45:64:9b:b6:e3:48:c0:23:7b:70:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=293e0cd8b3e044edb823aef688aafb0b75de8675
Validity
Not Before: Oct 27 16:23:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9ca41f7f355a0bcb953604d78b19f1dfbfc32fab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:c0:72:1a:92:cf:4c:c9:fe:f8:fa:70:9b:2f:
24:4e:e2:44:43:5b:6c:25:69:6a:42:72:4a:bc:10:
ae:46:ef:81:2b:53:2a:f0:eb:d9:e1:81:32:b9:12:
07:5c:e0:5e:e9:92:14:26:5d:fe:fb:ab:42:28:66:
00:59:da:45:18:7e:7d:47:e2:b7:36:bd:f7:1e:e0:
64:bd:c2:3e:2f:6f:db:7d:e3:77:c1:7d:55:dc:9a:
b9:cb:6e:96:ce:de:00:af:a3:ea:24:2f:f5:d1:76:
ec:82:2a:6d:c3:c4:dd:e2:fd:26:1b:d1:d3:b2:d0:
37:b3:cb:17:88:90:b6:07:b6:e1:7d:68:03:5a:5f:
29:ef:6b:62:0b:a7:06:67:e8:3c:27:9b:23:7b:58:
12:25:96:ee:9f:3b:d0:7c:a8:1d:40:ae:d8:af:df:
3b:6b:4e:f1:91:f5:03:1b:72:91:d7:87:25:3c:c5:
33:1d:36:2f:38:b4:0f:dd:6e:63:e0:4c:7a:df:a2:
17:9f:31:dc:5e:85:c7:5d:e6:60:98:7d:08:75:dd:
58:6a:19:32:90:3a:d6:1a:d8:90:87:fe:77:57:08:
a2:2d:20:fc:f4:df:1f:a7:13:ec:1c:e0:78:5d:bb:
e8:81:e7:da:4d:65:27:e2:44:72:cb:10:b1:8e:1e:
6f:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:A4:1F:7F:35:5A:0B:CB:95:36:04:D7:8B:19:F1:DF:BF:C3:2F:AB
X509v3 Authority Key Identifier:
keyid:29:3E:0C:D8:B3:E0:44:ED:B8:23:AE:F6:88:AA:FB:0B:75:DE:86:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KT4M2LPgRO24I672iKr7C3XehnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/nKQffzVaC8uVNgTXixnx37_DL6s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/KT4M2LPgRO24I672iKr7C3XehnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.36.0/22
185.53.141.0-185.53.143.255
185.126.202.0/23
IPv6:
2a0a:2fc4::/32
2a0d:9680::/48
Signature Algorithm: sha256WithRSAEncryption
85:3b:c2:94:d3:ae:48:69:b7:98:b7:e5:92:5c:c5:ff:7c:4c:
d2:bc:2f:dd:e7:84:69:c0:df:0d:28:a9:88:27:50:26:cb:34:
5b:57:27:b0:c3:d1:77:08:52:8f:1e:7f:b8:0e:6d:50:08:e8:
86:2f:90:ea:2a:8e:65:9a:0e:9c:c1:be:19:05:06:ea:40:97:
5d:fe:34:64:09:b9:b2:f1:4b:39:23:45:2a:3e:19:9d:10:b9:
69:19:46:10:4f:f8:74:7e:d0:31:a5:45:a8:dd:53:90:e5:9d:
c1:f1:6e:6c:33:52:2e:55:5c:80:e8:61:a2:bb:26:9f:f8:b1:
55:de:e9:b0:92:05:80:c3:11:45:ec:88:cc:39:e8:fe:19:d0:
d4:16:4f:c8:f2:db:eb:d3:59:84:1e:95:e6:1b:8a:08:27:0f:
ee:0c:fc:27:23:6c:a1:35:a0:1a:ed:f1:6c:78:34:62:cc:2a:
b0:ae:73:af:9b:25:ea:b1:6e:3d:d2:64:d7:99:da:05:97:bd:
d5:ee:82:33:e1:5f:53:d1:8d:d5:52:10:7b:ab:03:16:42:e1:
b0:98:28:4d:40:96:d4:d5:32:ac:54:2f:56:65:07:37:72:34:
31:88:a2:6e:7a:69:05:38:10:e6:5a:23:6a:d6:17:c9:f4:1b:
d8:ab:6b:e1
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZomevMCYkVkm7bjSMAje3BhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5M2UwY2Q4YjNlMDQ0ZWRiODIzYWVmNjg4YWFmYjBiNzVk
ZTg2NzUwHhcNMjUxMDI3MTYyMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E0MWY3ZjM1NWEwYmNiOTUzNjA0ZDc4YjE5ZjFkZmJmYzMyZmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsByGpLPTMn++Ppwmy8kTuJEQ1ts
JWlqQnJKvBCuRu+BK1Mq8OvZ4YEyuRIHXOBe6ZIUJl3++6tCKGYAWdpFGH59R+K3
Nr33HuBkvcI+L2/bfeN3wX1V3Jq5y26Wzt4Ar6PqJC/10Xbsgiptw8Td4v0mG9HT
stA3s8sXiJC2B7bhfWgDWl8p72tiC6cGZ+g8J5sje1gSJZbunzvQfKgdQK7Yr987
a07xkfUDG3KR14clPMUzHTYvOLQP3W5j4Ex636IXnzHcXoXHXeZgmH0Idd1Yahky
kDrWGtiQh/53VwiiLSD89N8fpxPsHOB4XbvogefaTWUn4kRyyxCxjh5vpQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFJykH381WgvLlTYE14sZ8d+/wy+rMB8GA1UdIwQY
MBaAFCk+DNiz4ETtuCOu9oiq+wt13oZ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1Q0TTJMUGdSTzI0STY3MmlLcjdDM1hlaG5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82ZGExYzItMjUyZC00YmQyLWI1NmMt
YmIyMTdjYzNiNzhkLzEvbktRZmZ6VmFDOHVWTmdUWGl4bngzN19ETDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82ZGExYzItMjUyZC00YmQyLWI1NmMtYmIyMTdjYzNiNzhk
LzEvS1Q0TTJMUGdSTzI0STY3MmlLcjdDM1hlaG5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAgBAIAATAaAwQCLYEkMAwD
BAC5NY0DBAS5NYADBAG5fsowFgQCAAIwEAMFACoKL8QDBwAqDZaAAAAwDQYJKoZI
hvcNAQELBQADggEBAIU7wpTTrkhpt5i35ZJcxf98TNK8L93nhGnA3w0oqYgnUCbL
NFtXJ7DD0XcIUo8ef7gObVAI6IYvkOoqjmWaDpzBvhkFBupAl13+NGQJubLxSzkj
RSo+GZ0QuWkZRhBP+HR+0DGlRajdU5DlncHxbmwzUi5VXIDoYaK7Jp/4sVXe6bCS
BYDDEUXsiMw56P4Z0NQWT8jy2+vTWYQeleYbiggnD+4M/CcjbKE1oBrt8Wx4NGLM
KrCuc6+bJeqxbj3SZNeZ2gWXvdXugjPhX1PRjdVSEHurAxZC4bCYKE1AltTVMqxU
L1ZlBzdyNDGIom56aQU4EOZaI2rWF8n0G9ira+E=
-----END CERTIFICATE-----
Generated at Tue Oct 28 21:39:58 2025 by rpki-client