Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/Mv9wQiaEyUk3-XuVJoSinHpzB2g.roa
File: Mv9wQiaEyUk3-XuVJoSinHpzB2g.roa (raw, json)
Hash identifier: ZIu/bU0ql4U4qIOYcI80NNWYWWCG67vptIw8Gwe6w3Q=
Subject key identifier: 32:FF:70:42:26:84:C9:49:37:F9:7B:95:26:84:A2:9C:7A:73:07:68
Certificate issuer: /CN=311445353a0823edaef12a3a3356fa8098e15eac
Certificate serial: 019A53B2E126E278F7A720799C6071C62789
Authority key identifier: 31:14:45:35:3A:08:23:ED:AE:F1:2A:3A:33:56:FA:80:98:E1:5E:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MRRFNToII-2u8So6M1b6gJjhXqw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/Mv9wQiaEyUk3-XuVJoSinHpzB2g.roa
Signing time: Wed 05 Nov 2025 11:07:03 +0000
ROA not before: Wed 05 Nov 2025 11:07:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205037
IP address blocks: 161.51.255.0/24 maxlen: 24
193.23.163.0/24 maxlen: 24
2001:67c:1820::/48 maxlen: 48
2001:67c:2c6c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/MRRFNToII-2u8So6M1b6gJjhXqw.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/MRRFNToII-2u8So6M1b6gJjhXqw.mft
rsync://rpki.ripe.net/repository/DEFAULT/MRRFNToII-2u8So6M1b6gJjhXqw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:53:b2:e1:26:e2:78:f7:a7:20:79:9c:60:71:c6:27:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=311445353a0823edaef12a3a3356fa8098e15eac
Validity
Not Before: Nov 5 11:07:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=32ff70422684c94937f97b952684a29c7a730768
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:32:a5:c4:b9:97:31:9a:0d:44:8f:dc:17:90:
77:bd:08:15:60:6c:18:b6:6e:06:16:9e:09:8d:f7:
4c:28:3f:53:8f:10:df:5f:99:8c:2b:a1:c9:69:d9:
da:a7:56:c6:fb:34:2f:f1:06:e0:0f:d6:1d:43:0d:
29:bd:24:3e:6f:26:f2:ca:11:44:2a:9e:d8:6d:a0:
9b:a9:2b:6c:bf:80:67:72:a6:3d:da:36:c1:41:39:
7f:8d:4c:c3:33:15:45:72:b3:76:39:2d:75:f2:e6:
d1:bd:5c:ca:1a:5a:50:42:46:2e:b9:5d:81:3b:4f:
99:5d:29:56:d2:c6:c4:3e:7a:89:d5:19:d6:c6:c1:
50:e3:6c:81:50:58:b6:b3:4d:e6:af:4f:74:80:59:
f1:29:d6:e5:44:36:c6:76:9b:8d:e4:95:12:0d:6b:
b3:cb:40:c7:d0:2e:56:6c:cd:d3:6b:9b:55:bb:33:
8d:58:03:5a:df:a6:30:92:ad:84:58:a6:1b:7b:28:
6d:c2:cd:65:a0:a9:67:cd:6c:10:9c:9c:f7:3d:8e:
0d:97:45:8f:7a:aa:51:f5:ac:d8:8e:a7:2c:ab:06:
71:63:9f:87:2a:e9:cb:a6:c8:4c:cd:2f:2c:1b:9a:
b4:54:d4:4b:10:8c:a3:00:de:4e:72:92:22:1d:40:
7b:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:FF:70:42:26:84:C9:49:37:F9:7B:95:26:84:A2:9C:7A:73:07:68
X509v3 Authority Key Identifier:
keyid:31:14:45:35:3A:08:23:ED:AE:F1:2A:3A:33:56:FA:80:98:E1:5E:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MRRFNToII-2u8So6M1b6gJjhXqw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/Mv9wQiaEyUk3-XuVJoSinHpzB2g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/69b08d-7c97-432f-b4bf-51e821d23141/1/MRRFNToII-2u8So6M1b6gJjhXqw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
161.51.255.0/24
193.23.163.0/24
IPv6:
2001:67c:1820::/48
2001:67c:2c6c::/48
Signature Algorithm: sha256WithRSAEncryption
99:9a:2c:d7:f2:b5:61:30:87:5f:a3:24:6c:58:04:9a:f9:c0:
21:54:43:9d:44:94:02:6a:07:48:fd:e2:b8:51:cb:71:e8:a9:
4c:0a:0b:0a:97:a9:0e:11:a9:a0:c3:6f:c1:25:91:a5:d5:2d:
06:9b:ce:2d:7b:b4:35:c5:92:4b:1b:87:5c:da:64:6c:74:3f:
19:f6:fd:82:a7:e5:a9:77:00:f2:16:ac:d6:2a:87:eb:3b:68:
45:42:b9:95:a3:1c:dd:1f:ab:80:dc:05:0d:c7:f0:07:a1:61:
bc:97:a0:0d:28:4a:0d:c9:39:48:60:4b:ce:e8:26:fd:30:1a:
c6:1f:90:c8:9f:60:d3:62:c8:03:73:03:9d:8e:90:45:18:b2:
ef:9b:07:9c:4f:40:f3:de:99:35:27:85:70:3c:82:29:38:d9:
09:f6:a6:94:72:49:2f:dd:f5:3a:97:fa:15:48:5c:b1:be:2e:
83:ea:48:b6:76:1a:e9:e9:18:d2:5e:fd:30:31:bd:29:a6:40:
43:91:b4:f5:03:4d:c9:fa:ad:74:bc:9d:9f:65:1a:60:57:c5:
77:0b:7a:c4:98:c4:aa:5a:ff:0b:b3:db:0e:70:d0:2d:84:45:
f6:08:4f:eb:81:dd:dd:d2:ad:63:eb:bc:29:27:59:89:bc:f6:
1a:ba:4e:72
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZpTsuEm4nj3pyB5nGBxxieJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMTQ0NTM1M2EwODIzZWRhZWYxMmEzYTMzNTZmYTgwOThl
MTVlYWMwHhcNMjUxMTA1MTEwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmZmNzA0MjI2ODRjOTQ5MzdmOTdiOTUyNjg0YTI5YzdhNzMwNzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zKlxLmXMZoNRI/cF5B3vQgVYGwY
tm4GFp4JjfdMKD9TjxDfX5mMK6HJadnap1bG+zQv8QbgD9YdQw0pvSQ+bybyyhFE
Kp7YbaCbqStsv4BncqY92jbBQTl/jUzDMxVFcrN2OS118ubRvVzKGlpQQkYuuV2B
O0+ZXSlW0sbEPnqJ1RnWxsFQ42yBUFi2s03mr090gFnxKdblRDbGdpuN5JUSDWuz
y0DH0C5WbM3Ta5tVuzONWANa36Ywkq2EWKYbeyhtws1loKlnzWwQnJz3PY4Nl0WP
eqpR9azYjqcsqwZxY5+HKunLpshMzS8sG5q0VNRLEIyjAN5OcpIiHUB7lQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDL/cEImhMlJN/l7lSaEopx6cwdoMB8GA1UdIwQY
MBaAFDEURTU6CCPtrvEqOjNW+oCY4V6sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVJSRk5Ub0lJLTJ1OFNvNk0xYjZnSmpoWHF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni82OWIwOGQtN2M5Ny00MzJmLWI0YmYt
NTFlODIxZDIzMTQxLzEvTXY5d1FpYUV5VWszLVh1VkpvU2luSHB6QjJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni82OWIwOGQtN2M5Ny00MzJmLWI0YmYtNTFlODIxZDIzMTQx
LzEvTVJSRk5Ub0lJLTJ1OFNvNk0xYjZnSmpoWHF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQAoTP/AwQA
wRejMBgEAgACMBIDBwAgAQZ8GCADBwAgAQZ8LGwwDQYJKoZIhvcNAQELBQADggEB
AJmaLNfytWEwh1+jJGxYBJr5wCFUQ51ElAJqB0j94rhRy3HoqUwKCwqXqQ4RqaDD
b8ElkaXVLQabzi17tDXFkksbh1zaZGx0Pxn2/YKn5al3APIWrNYqh+s7aEVCuZWj
HN0fq4DcBQ3H8AehYbyXoA0oSg3JOUhgS87oJv0wGsYfkMifYNNiyANzA52OkEUY
su+bB5xPQPPemTUnhXA8gik42Qn2ppRySS/d9TqX+hVIXLG+LoPqSLZ2GunpGNJe
/TAxvSmmQEORtPUDTcn6rXS8nZ9lGmBXxXcLesSYxKpa/wuz2w5w0C2ERfYIT+uB
3d3SrWPrvCknWYm89hq6TnI=
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:10:07 2025 by rpki-client