Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/A91919fCX_a822lNKhVIAX3e5mY.roa
File: A91919fCX_a822lNKhVIAX3e5mY.roa (raw, json)
Hash identifier: 2pIrcBXjdPb2dxkLwzk2PBAJJyryzhxlEdm/0Y8hlMU=
Subject key identifier: 03:DD:7D:D7:D7:C2:5F:F6:BC:DB:69:4D:2A:15:48:01:7D:DE:E6:66
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 0199190B70D8920B632969E945198DE48B9E
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/A91919fCX_a822lNKhVIAX3e5mY.roa
Signing time: Fri 05 Sep 2025 08:43:24 +0000
ROA not before: Fri 05 Sep 2025 08:43:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208825
IP address blocks: 46.8.32.0/24 maxlen: 24
95.182.109.0/24 maxlen: 24
95.182.111.0/24 maxlen: 24
109.248.38.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 01:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:19:0b:70:d8:92:0b:63:29:69:e9:45:19:8d:e4:8b:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Sep 5 08:43:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=03dd7dd7d7c25ff6bcdb694d2a1548017ddee666
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:20:cd:b4:ed:b0:70:87:76:6c:b9:6a:59:12:
9e:0f:71:89:1a:31:bc:09:0c:8c:0e:5a:33:a8:3c:
21:bf:f5:e4:8b:87:41:24:a7:b5:74:fe:77:b4:ae:
fd:dc:a6:6a:6e:bf:48:9e:1e:0e:51:1f:88:ae:00:
19:4c:5a:3f:26:ac:1e:bc:0e:a4:f7:92:86:f8:89:
95:c0:86:3f:f7:9c:b6:b2:ae:8e:9b:36:e9:c2:f0:
9a:b3:6a:af:76:74:8c:90:37:ad:d5:e2:08:4d:8a:
19:74:73:3f:10:08:ba:d2:91:2a:92:7c:14:71:d4:
c6:ee:12:ef:da:bd:0a:e7:2c:e5:aa:07:4f:ae:d1:
6d:99:68:5d:0d:39:af:e5:c8:84:7b:bd:9a:be:27:
9b:ad:0f:ff:fd:f8:20:87:21:6c:34:2f:ce:98:da:
99:b1:f1:3d:15:29:5f:f1:2b:1e:e0:69:94:bf:39:
3c:6c:24:7b:ab:14:98:51:70:d0:45:68:e6:4f:da:
55:50:21:a8:0a:55:64:bd:fa:2c:b8:bf:42:96:37:
f4:cb:ee:e5:d0:68:25:a7:fd:c6:18:66:25:86:c6:
e4:83:56:16:18:40:c1:47:97:12:a7:69:34:cb:65:
78:97:5d:a5:56:f7:55:f2:5b:fb:a3:d7:81:3e:a6:
bd:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:DD:7D:D7:D7:C2:5F:F6:BC:DB:69:4D:2A:15:48:01:7D:DE:E6:66
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/A91919fCX_a822lNKhVIAX3e5mY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.8.32.0/24
95.182.109.0/24
95.182.111.0/24
109.248.38.0/23
Signature Algorithm: sha256WithRSAEncryption
4b:d0:93:f7:93:bd:a5:17:df:9a:d0:b2:6c:85:ef:c2:e6:d1:
fe:77:1d:a0:97:ab:aa:f6:db:98:f7:4b:0c:5b:9b:c7:46:b2:
8c:78:03:f1:64:1a:2d:15:a5:81:71:bf:bb:32:c6:d1:3e:c7:
11:17:9a:d6:45:d1:47:c1:d4:8d:13:8e:de:c4:9b:8b:07:3b:
5e:6f:f6:11:22:ec:dc:c8:64:34:e2:48:c1:7e:30:ec:a4:40:
eb:08:87:00:be:62:cf:83:dd:82:72:2f:e3:5a:1d:33:f4:fd:
b7:a7:30:3f:52:4a:37:62:e9:61:d6:6f:d1:58:19:5e:9f:c1:
20:a4:21:1b:ec:63:f2:31:f6:15:6e:92:ce:c1:82:28:9e:16:
bb:b6:95:73:92:bb:fb:6b:31:37:1f:19:d0:69:44:6c:91:87:
0a:47:12:63:18:5c:d2:6d:e6:9d:7e:b5:60:0c:c6:b0:b5:a4:
00:3f:82:e9:2a:a4:00:9c:e3:a5:03:9f:44:1c:07:07:8d:e5:
c6:6c:60:59:5e:5d:1b:8d:12:30:3b:52:92:92:d0:bf:cb:91:
47:09:f1:ff:93:d8:cc:67:b9:95:fd:b6:44:fb:53:05:e1:7d:
a1:6c:3b:2f:ca:71:e9:5d:48:7c:d1:be:27:e7:01:2a:9a:ea:
1d:98:ab:62
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZkZC3DYkgtjKWnpRRmN5IueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwOTA1MDg0MzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2RkN2RkN2Q3YzI1ZmY2YmNkYjY5NGQyYTE1NDgwMTdkZGVlNjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCDNtO2wcId2bLlqWRKeD3GJGjG8
CQyMDlozqDwhv/Xki4dBJKe1dP53tK793KZqbr9Inh4OUR+IrgAZTFo/JqwevA6k
95KG+ImVwIY/95y2sq6OmzbpwvCas2qvdnSMkDet1eIITYoZdHM/EAi60pEqknwU
cdTG7hLv2r0K5yzlqgdPrtFtmWhdDTmv5ciEe72aviebrQ///fgghyFsNC/OmNqZ
sfE9FSlf8Sse4GmUvzk8bCR7qxSYUXDQRWjmT9pVUCGoClVkvfosuL9Cljf0y+7l
0Gglp/3GGGYlhsbkg1YWGEDBR5cSp2k0y2V4l12lVvdV8lv7o9eBPqa9fQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAPdfdfXwl/2vNtpTSoVSAF93uZmMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvQTkxOTE5ZkNYX2E4MjJsTktoVklBWDNlNW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALgggAwQA
X7ZtAwQAX7ZvAwQBbfgmMA0GCSqGSIb3DQEBCwUAA4IBAQBL0JP3k72lF9+a0LJs
he/C5tH+dx2gl6uq9tuY90sMW5vHRrKMeAPxZBotFaWBcb+7MsbRPscRF5rWRdFH
wdSNE47exJuLBzteb/YRIuzcyGQ04kjBfjDspEDrCIcAvmLPg92Cci/jWh0z9P23
pzA/Uko3Yulh1m/RWBlen8EgpCEb7GPyMfYVbpLOwYIonha7tpVzkrv7azE3HxnQ
aURskYcKRxJjGFzSbeadfrVgDMawtaQAP4LpKqQAnOOlA59EHAcHjeXGbGBZXl0b
jRIwO1KSktC/y5FHCfH/k9jMZ7mV/bZE+1MF4X2hbDsvynHpXUh80b4n5wEqmuod
mKti
-----END CERTIFICATE-----
Generated at Mon Sep 8 10:05:16 2025 by rpki-client