Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/SGXEhyIKPmMOen6I1PkB3pLeCvY.roa
File: SGXEhyIKPmMOen6I1PkB3pLeCvY.roa (raw, json)
Hash identifier: 9EH2IzLvB2rKmrGF7xG6OifEC/3ZYYgbCersKE1ntGs=
Subject key identifier: 48:65:C4:87:22:0A:3E:63:0E:7A:7E:88:D4:F9:01:DE:92:DE:0A:F6
Certificate issuer: /CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Certificate serial: 019A06FDBB50E431F12629ADBE308413EC99
Authority key identifier: 22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/SGXEhyIKPmMOen6I1PkB3pLeCvY.roa
Signing time: Tue 21 Oct 2025 13:38:03 +0000
ROA not before: Tue 21 Oct 2025 13:38:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 91.219.17.0/24 maxlen: 24
91.219.18.0/23 maxlen: 23
91.232.182.0/24 maxlen: 24
91.232.184.0/24 maxlen: 24
91.232.185.0/24 maxlen: 24
91.233.192.0/24 maxlen: 24
109.166.36.0/22 maxlen: 24
151.248.68.0/23 maxlen: 24
176.118.80.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.mft
rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:06:fd:bb:50:e4:31:f1:26:29:ad:be:30:84:13:ec:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Validity
Not Before: Oct 21 13:38:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4865c487220a3e630e7a7e88d4f901de92de0af6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:9b:b4:42:2f:11:f1:cd:57:3c:8d:e9:c4:1b:
2d:e1:7f:84:52:ce:d1:c4:90:ee:c7:8f:3f:65:1e:
67:be:0a:36:ff:ea:ec:7b:ce:ea:3e:88:95:da:12:
fa:a5:7f:98:9c:df:42:83:03:b7:0d:95:51:4d:6a:
9b:66:b6:98:12:00:24:ce:73:10:49:54:cf:6d:e3:
1e:ac:b7:74:e2:79:cf:e4:28:b1:0a:ec:83:fb:db:
85:f2:5f:37:e8:c5:b3:51:af:b6:2c:28:47:47:ec:
5d:77:22:96:8d:e4:6f:c0:0b:6d:07:f9:bc:a2:0a:
0c:55:27:ee:62:3c:d4:4d:ed:82:c1:66:3a:e2:41:
e8:49:dd:af:a5:34:e3:92:a0:a7:69:5d:43:61:2d:
71:ae:68:81:1b:22:04:28:7d:b2:21:16:21:ff:eb:
09:b7:de:82:ec:89:d0:e0:0f:4f:a1:e7:b1:9f:7f:
97:5a:20:0e:1f:26:97:ec:d5:3f:4e:13:77:05:a1:
9a:0d:c2:a0:94:27:17:e3:bf:be:97:20:13:c9:7a:
f0:1b:02:c9:0c:66:98:ee:e8:f1:fc:84:80:5a:45:
69:40:13:a1:10:40:53:6a:8f:64:f7:81:ad:ff:9f:
a4:32:cd:53:44:e9:34:6e:9d:7d:71:0e:93:1b:9a:
fd:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:65:C4:87:22:0A:3E:63:0E:7A:7E:88:D4:F9:01:DE:92:DE:0A:F6
X509v3 Authority Key Identifier:
keyid:22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/SGXEhyIKPmMOen6I1PkB3pLeCvY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.219.17.0-91.219.19.255
91.232.182.0/24
91.232.184.0/23
91.233.192.0/24
109.166.36.0/22
151.248.68.0/23
176.118.80.0/21
Signature Algorithm: sha256WithRSAEncryption
7d:a8:74:ad:ac:0b:75:83:ea:d1:80:5b:7d:d7:2a:63:60:11:
91:2a:e5:8d:da:bb:2a:3f:a6:75:58:40:c6:27:35:b0:6a:41:
0a:09:b8:c6:c0:38:f1:ad:d8:e8:fb:10:f1:b8:80:c9:b6:8e:
8c:54:30:2e:6d:a3:7b:a0:9f:00:7b:54:26:af:19:ac:76:7d:
24:ce:9b:dc:b7:24:c6:ec:ad:aa:59:30:25:04:86:f5:30:d8:
29:99:da:52:47:35:c2:94:7a:dd:c7:7e:8b:42:b3:23:64:ca:
a0:42:d3:e4:cb:6a:a9:98:df:9c:04:be:19:86:fb:f8:63:4f:
aa:95:0b:c6:a1:a6:c7:25:b2:3c:08:fd:c8:31:00:ab:59:7d:
6d:8d:b7:88:61:1d:5b:d8:e8:91:dd:de:1c:73:4d:4d:1d:7e:
2f:5a:e9:8a:8f:dd:83:0a:89:45:3a:0b:13:da:1d:09:d8:e5:
99:37:c7:2e:e2:ba:e6:83:48:2d:56:b1:59:ad:c3:6b:b3:03:
19:0e:29:68:7c:3c:f4:e0:6c:b5:ca:c8:3f:cc:36:3e:4d:bb:
2a:c7:63:c8:76:8a:e7:92:cd:91:52:c1:95:f8:17:cf:88:43:
8d:25:f3:10:a1:8f:02:6a:dd:29:1f:7b:fd:b5:cf:0f:e9:52:
c8:45:8e:ec
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZoG/btQ5DHxJimtvjCEE+yZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjJjMmU3YmMxZGE1NGQ5MTljYTViNTk0MWQzNzg4OTJi
MmNjYjIwHhcNMjUxMDIxMTMzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODY1YzQ4NzIyMGEzZTYzMGU3YTdlODhkNGY5MDFkZTkyZGUwYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJu0Qi8R8c1XPI3pxBst4X+EUs7R
xJDux48/ZR5nvgo2/+rse87qPoiV2hL6pX+YnN9CgwO3DZVRTWqbZraYEgAkznMQ
SVTPbeMerLd04nnP5CixCuyD+9uF8l836MWzUa+2LChHR+xddyKWjeRvwAttB/m8
ogoMVSfuYjzUTe2CwWY64kHoSd2vpTTjkqCnaV1DYS1xrmiBGyIEKH2yIRYh/+sJ
t96C7InQ4A9Poeexn3+XWiAOHyaX7NU/ThN3BaGaDcKglCcX47++lyATyXrwGwLJ
DGaY7ujx/ISAWkVpQBOhEEBTao9k94Gt/5+kMs1TROk0bp19cQ6TG5r9VQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFEhlxIciCj5jDnp+iNT5Ad6S3gr2MB8GA1UdIwQY
MBaAFCLywue8HaVNkZyltZQdN4iSssyyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUt
MDJkZWY2ZTg0YzkxLzEvU0dYRWh5SUtQbU1PZW42STFQa0IzcExlQ3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUtMDJkZWY2ZTg0Yzkx
LzEvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBABb2xED
BAJb2xADBABb6LYDBAFb6LgDBABb6cADBAJtpiQDBAGX+EQDBAOwdlAwDQYJKoZI
hvcNAQELBQADggEBAH2odK2sC3WD6tGAW33XKmNgEZEq5Y3auyo/pnVYQMYnNbBq
QQoJuMbAOPGt2Oj7EPG4gMm2joxUMC5to3ugnwB7VCavGax2fSTOm9y3JMbsrapZ
MCUEhvUw2CmZ2lJHNcKUet3HfotCsyNkyqBC0+TLaqmY35wEvhmG+/hjT6qVC8ah
psclsjwI/cgxAKtZfW2Nt4hhHVvY6JHd3hxzTU0dfi9a6YqP3YMKiUU6CxPaHQnY
5Zk3xy7iuuaDSC1WsVmtw2uzAxkOKWh8PPTgbLXKyD/MNj5NuyrHY8h2iueSzZFS
wZX4F8+IQ40l8xChjwJq3Skfe/21zw/pUshFjuw=
-----END CERTIFICATE-----
Generated at Tue Oct 28 02:34:55 2025 by rpki-client