Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/Nb7ozGCs4cnadtvwcHuAidPsgXQ.roa
File: Nb7ozGCs4cnadtvwcHuAidPsgXQ.roa (raw, json)
Hash identifier: YLzYcUyAj2a6IUa85qWOCTHXYX25r1+rZRI8mIu/zB4=
Subject key identifier: 35:BE:E8:CC:60:AC:E1:C9:DA:76:DB:F0:70:7B:80:89:D3:EC:81:74
Certificate issuer: /CN=bea6ca03a8c135ceeae232c937c1ee0bab87e782
Certificate serial: 019A01C510197BF291172B76F64899BF20B4
Authority key identifier: BE:A6:CA:03:A8:C1:35:CE:EA:E2:32:C9:37:C1:EE:0B:AB:87:E7:82
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/Nb7ozGCs4cnadtvwcHuAidPsgXQ.roa
Signing time: Mon 20 Oct 2025 13:18:03 +0000
ROA not before: Mon 20 Oct 2025 13:18:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209055
IP address blocks: 45.8.40.0/22 maxlen: 22
45.8.40.0/24 maxlen: 24
45.8.41.0/24 maxlen: 24
45.8.42.0/24 maxlen: 24
2a0e:7d00::/29 maxlen: 32
2a0e:7d00::/32 maxlen: 32
2a0e:7d01::/32 maxlen: 32
2a0e:7d02::/32 maxlen: 32
2a0e:7d03::/32 maxlen: 32
2a0e:7d04::/32 maxlen: 32
2a0e:7d05::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.crl
rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.mft
rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:18:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:01:c5:10:19:7b:f2:91:17:2b:76:f6:48:99:bf:20:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bea6ca03a8c135ceeae232c937c1ee0bab87e782
Validity
Not Before: Oct 20 13:18:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35bee8cc60ace1c9da76dbf0707b8089d3ec8174
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:e5:48:f0:07:b6:d3:91:21:34:c8:b3:b5:a0:
ec:78:8e:d0:58:4d:45:cf:45:4d:9e:de:45:89:cb:
c3:22:45:e8:b6:42:7d:ec:cf:67:34:0c:0a:40:01:
a3:a1:cb:06:b9:56:ab:37:bc:aa:79:87:85:6b:4b:
83:22:ed:3e:e7:31:fd:75:cd:58:27:07:e7:ad:bd:
de:6b:1d:96:6b:e5:f0:5b:b1:4e:3c:d2:fe:00:98:
a4:5a:6a:8b:72:3d:8f:83:a5:12:8d:94:cf:cc:1b:
b8:3e:9d:5c:01:e3:56:e8:a0:01:58:b5:ab:70:6f:
a0:59:e5:c9:18:2d:b5:70:37:2d:7a:9d:61:8e:fa:
b5:c5:70:60:d2:f8:c7:4f:87:d9:0c:9e:72:3b:c2:
d9:49:48:8d:53:5a:d0:49:3f:42:e3:ec:a0:ec:16:
50:d7:fb:0e:af:cd:38:ee:c7:c9:71:e8:83:55:7c:
50:df:09:f4:e8:cd:7c:68:1b:50:e0:be:ba:22:44:
ba:79:30:8c:4a:c2:e0:fa:11:c1:67:00:11:1c:cd:
a5:df:0d:2c:ed:c9:8e:f9:2f:7d:7c:c2:cf:b1:9e:
c5:b8:b4:aa:dd:80:90:32:e2:33:79:93:03:b6:0e:
1e:e3:96:0c:87:44:87:9d:c7:81:4a:02:3e:f8:ae:
95:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:BE:E8:CC:60:AC:E1:C9:DA:76:DB:F0:70:7B:80:89:D3:EC:81:74
X509v3 Authority Key Identifier:
keyid:BE:A6:CA:03:A8:C1:35:CE:EA:E2:32:C9:37:C1:EE:0B:AB:87:E7:82
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/Nb7ozGCs4cnadtvwcHuAidPsgXQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.40.0/22
IPv6:
2a0e:7d00::/29
Signature Algorithm: sha256WithRSAEncryption
97:8b:b6:df:f1:d2:13:90:a5:4d:84:04:a1:b1:66:46:6d:9e:
b2:6b:0c:c5:f7:f6:fb:06:0f:71:48:89:ff:39:02:43:46:21:
2c:d5:26:bc:2b:bd:57:5c:e4:af:c5:a7:9c:7f:1e:7c:c4:f2:
77:4d:0a:5a:08:69:ef:32:d4:c3:9c:90:4c:4f:e1:a1:c4:ea:
78:b7:0e:e6:bb:f9:27:3e:4f:34:2e:ce:ba:ed:45:4d:53:99:
24:0d:26:4d:93:8b:e8:cf:2b:ff:0e:92:71:95:8e:b5:e3:1b:
cb:30:ac:46:64:4d:b4:2d:06:dc:49:01:0c:d4:73:e8:7c:2f:
13:f9:f7:65:51:9c:fb:ae:a4:6c:c8:27:38:9d:68:f4:cd:0c:
a3:ab:04:69:76:ad:22:d7:08:77:b6:7e:74:8f:1d:e7:7a:cb:
d1:f7:7a:08:b3:0c:2d:31:d7:d6:22:51:76:69:fe:70:c3:c0:
2a:be:36:b5:25:26:e6:23:fb:1a:73:33:1a:fc:b1:84:da:1e:
2c:32:ac:96:d8:9a:ef:18:cd:bb:9c:c8:25:e9:e2:f3:d1:a7:
40:39:b9:60:de:f9:05:38:50:c1:26:98:0b:66:7f:17:5d:41:
5c:c6:83:31:b8:2b:a0:41:df:2c:36:f8:4e:cc:d4:41:1e:4f:
4d:2f:89:9c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoBxRAZe/KRFyt29kiZvyC0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTZjYTAzYThjMTM1Y2VlYWUyMzJjOTM3YzFlZTBiYWI4
N2U3ODIwHhcNMjUxMDIwMTMxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWJlZThjYzYwYWNlMWM5ZGE3NmRiZjA3MDdiODA4OWQzZWM4MTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6eVI8Ae205EhNMiztaDseI7QWE1F
z0VNnt5FicvDIkXotkJ97M9nNAwKQAGjocsGuVarN7yqeYeFa0uDIu0+5zH9dc1Y
Jwfnrb3eax2Wa+XwW7FOPNL+AJikWmqLcj2Pg6USjZTPzBu4Pp1cAeNW6KABWLWr
cG+gWeXJGC21cDctep1hjvq1xXBg0vjHT4fZDJ5yO8LZSUiNU1rQST9C4+yg7BZQ
1/sOr8047sfJceiDVXxQ3wn06M18aBtQ4L66IkS6eTCMSsLg+hHBZwARHM2l3w0s
7cmO+S99fMLPsZ7FuLSq3YCQMuIzeZMDtg4e45YMh0SHnceBSgI++K6VJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDW+6MxgrOHJ2nbb8HB7gInT7IF0MB8GA1UdIwQY
MBaAFL6mygOowTXO6uIyyTfB7gurh+eCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFiS0E2akJOYzdxNGpMSk44SHVDNnVINTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iYzY1ZjYtMGMzYi00MDRlLWJmYWQt
OWZhNDIyOGMwMmVhLzEvTmI3b3pHQ3M0Y25hZHR2d2NIdUFpZFBzZ1hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iYzY1ZjYtMGMzYi00MDRlLWJmYWQtOWZhNDIyOGMwMmVh
LzEvdnFiS0E2akJOYzdxNGpMSk44SHVDNnVINTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQgoMA0E
AgACMAcDBQMqDn0AMA0GCSqGSIb3DQEBCwUAA4IBAQCXi7bf8dITkKVNhAShsWZG
bZ6yawzF9/b7Bg9xSIn/OQJDRiEs1Sa8K71XXOSvxaecfx58xPJ3TQpaCGnvMtTD
nJBMT+GhxOp4tw7mu/knPk80Ls667UVNU5kkDSZNk4vozyv/DpJxlY614xvLMKxG
ZE20LQbcSQEM1HPofC8T+fdlUZz7rqRsyCc4nWj0zQyjqwRpdq0i1wh3tn50jx3n
esvR93oIswwtMdfWIlF2af5ww8Aqvja1JSbmI/saczMa/LGE2h4sMqyW2JrvGM27
nMgl6eLz0adAOblg3vkFOFDBJpgLZn8XXUFcxoMxuCugQd8sNvhOzNRBHk9NL4mc
-----END CERTIFICATE-----
Generated at Mon Oct 20 22:17:06 2025 by rpki-client