Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/_CI5_4aNxKaEPWYHOcyZKAbyObU.roa
File: _CI5_4aNxKaEPWYHOcyZKAbyObU.roa (raw, json)
Hash identifier: X5MyuI8Ww88wubWEkkjHn57GLRoFZnT3Qc6Lwjl782U=
Subject key identifier: FC:22:39:FF:86:8D:C4:A6:84:3D:66:07:39:CC:99:28:06:F2:39:B5
Certificate issuer: /CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Certificate serial: 019A0C3DB9CB6410E778FD985B5EEE42548D
Authority key identifier: 22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/_CI5_4aNxKaEPWYHOcyZKAbyObU.roa
Signing time: Wed 22 Oct 2025 14:06:03 +0000
ROA not before: Wed 22 Oct 2025 14:06:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 109.166.36.0/24 maxlen: 24
109.166.37.0/24 maxlen: 24
109.166.38.0/24 maxlen: 24
151.248.68.0/24 maxlen: 24
151.248.69.0/24 maxlen: 24
178.212.203.0/24 maxlen: 24
178.212.204.0/24 maxlen: 24
178.212.205.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.mft
rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0c:3d:b9:cb:64:10:e7:78:fd:98:5b:5e:ee:42:54:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Validity
Not Before: Oct 22 14:06:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fc2239ff868dc4a6843d660739cc992806f239b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:8c:c9:bc:96:40:5a:73:0a:4a:75:d9:2d:ce:
6a:2f:00:1c:4d:59:9f:5d:24:7f:e8:4a:2d:31:19:
78:90:c2:4e:a4:ba:03:a8:e8:d9:7b:98:4e:32:92:
c6:11:ab:35:66:27:96:ef:17:5d:66:54:07:32:2c:
16:0e:93:18:38:eb:ca:d2:d9:42:7c:5d:14:84:c1:
04:9d:99:e4:79:d5:f9:bf:9a:f4:b4:c1:89:69:37:
04:6b:aa:0f:b7:7c:bd:10:09:65:09:f8:e9:ef:a3:
2e:c6:6a:a0:b1:55:ec:44:03:9f:ce:eb:f6:b2:3c:
4b:ba:c2:e5:68:ea:2d:ff:60:7e:17:3d:53:5a:c3:
49:97:85:59:0b:5a:51:04:8f:08:1c:62:e4:d0:e3:
03:6e:ab:ae:ee:af:cb:9a:54:7e:e6:71:70:0c:20:
5a:07:64:d5:cc:a4:16:48:d1:bd:d6:0a:2e:73:83:
35:20:f5:4f:cc:b1:59:11:81:6f:7c:0e:53:cd:4c:
f8:97:64:1b:92:aa:59:63:73:3e:a8:1e:d4:a5:d5:
42:c4:0e:6a:a6:d7:9a:ea:ae:b2:19:5c:0c:0c:19:
86:e2:2b:a0:52:c6:c5:16:a1:b1:ef:04:10:54:9d:
ac:50:31:d2:f1:70:a3:d8:8d:82:a5:ef:90:dc:52:
c6:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:22:39:FF:86:8D:C4:A6:84:3D:66:07:39:CC:99:28:06:F2:39:B5
X509v3 Authority Key Identifier:
keyid:22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/_CI5_4aNxKaEPWYHOcyZKAbyObU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.166.36.0-109.166.38.255
151.248.68.0/23
178.212.203.0-178.212.205.255
Signature Algorithm: sha256WithRSAEncryption
7e:d2:e8:08:a5:8a:19:5b:d2:f4:b8:be:73:28:68:7f:12:d4:
48:15:97:9d:b5:a6:c8:56:89:3b:d3:66:a2:b9:8f:bf:ff:c2:
df:4a:31:26:57:ed:dc:7a:5e:0b:76:2c:62:1e:17:b7:ed:7c:
b8:9b:f1:da:4e:e3:29:8b:56:c3:26:b9:b7:f7:41:06:c5:49:
13:d0:61:e0:64:b8:64:a9:da:3e:fe:2b:50:fd:f2:9a:4b:12:
90:6b:f7:ca:b1:de:c7:d0:08:af:86:64:24:d5:33:9b:45:10:
fd:41:a4:ab:69:c7:cf:4a:35:1e:96:52:6f:46:cf:c2:4b:bf:
59:a3:f3:7f:db:5f:ff:c4:a0:d7:36:5d:71:a5:33:22:b7:04:
64:c4:ea:ae:0f:9d:28:f1:0b:d7:76:c2:6d:44:4c:ef:45:c6:
3f:8a:12:68:73:02:02:fd:3f:17:de:04:28:65:c1:f4:fa:20:
76:a2:ce:66:cf:df:1b:84:56:5b:79:15:c5:a1:ae:62:d7:01:
e9:38:0d:08:ca:4b:54:9c:1e:75:78:a5:05:16:22:6f:9f:b3:
9f:c3:ca:cf:3c:ad:f0:aa:ba:32:b5:ee:4c:aa:39:9b:81:78:
2a:98:e0:1b:28:e9:c2:03:ab:88:bd:03:bb:4c:4f:26:1d:43:
22:cb:e3:f2
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZoMPbnLZBDneP2YW17uQlSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjJjMmU3YmMxZGE1NGQ5MTljYTViNTk0MWQzNzg4OTJi
MmNjYjIwHhcNMjUxMDIyMTQwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzIyMzlmZjg2OGRjNGE2ODQzZDY2MDczOWNjOTkyODA2ZjIzOWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YzJvJZAWnMKSnXZLc5qLwAcTVmf
XSR/6EotMRl4kMJOpLoDqOjZe5hOMpLGEas1ZieW7xddZlQHMiwWDpMYOOvK0tlC
fF0UhMEEnZnkedX5v5r0tMGJaTcEa6oPt3y9EAllCfjp76MuxmqgsVXsRAOfzuv2
sjxLusLlaOot/2B+Fz1TWsNJl4VZC1pRBI8IHGLk0OMDbquu7q/LmlR+5nFwDCBa
B2TVzKQWSNG91gouc4M1IPVPzLFZEYFvfA5TzUz4l2QbkqpZY3M+qB7UpdVCxA5q
ptea6q6yGVwMDBmG4iugUsbFFqGx7wQQVJ2sUDHS8XCj2I2Cpe+Q3FLGYQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFPwiOf+GjcSmhD1mBznMmSgG8jm1MB8GA1UdIwQY
MBaAFCLywue8HaVNkZyltZQdN4iSssyyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUt
MDJkZWY2ZTg0YzkxLzEvX0NJNV80YU54S2FFUFdZSE9jeVpLQWJ5T2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUtMDJkZWY2ZTg0Yzkx
LzEvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAJtpiQD
BABtpiYDBAGX+EQwDAMEALLUywMEAbLUzDANBgkqhkiG9w0BAQsFAAOCAQEAftLo
CKWKGVvS9Li+cyhofxLUSBWXnbWmyFaJO9NmormPv//C30oxJlft3HpeC3YsYh4X
t+18uJvx2k7jKYtWwya5t/dBBsVJE9Bh4GS4ZKnaPv4rUP3ymksSkGv3yrHex9AI
r4ZkJNUzm0UQ/UGkq2nHz0o1HpZSb0bPwku/WaPzf9tf/8Sg1zZdcaUzIrcEZMTq
rg+dKPEL13bCbURM70XGP4oSaHMCAv0/F94EKGXB9PogdqLOZs/fG4RWW3kVxaGu
YtcB6TgNCMpLVJwedXilBRYib5+zn8PKzzyt8Kq6MrXuTKo5m4F4KpjgGyjpwgOr
iL0Du0xPJh1DIsvj8g==
-----END CERTIFICATE-----
Generated at Tue Oct 28 02:34:56 2025 by rpki-client