Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2s2C2JaHxWMdYx5R-58VUznArJI.roa
File: 2s2C2JaHxWMdYx5R-58VUznArJI.roa (raw, json)
Hash identifier: ZV2j98lVeyQ5b5cZN7lOPb1RHUFfpMkx9k9WCzDptg4=
Subject key identifier: DA:CD:82:D8:96:87:C5:63:1D:63:1E:51:FB:9F:15:53:39:C0:AC:92
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 019A6DE49A4088866CC58B4C3A44F47809BA
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2s2C2JaHxWMdYx5R-58VUznArJI.roa
Signing time: Mon 10 Nov 2025 13:11:29 +0000
ROA not before: Mon 10 Nov 2025 13:11:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3257
IP address blocks: 195.40.22.0/23 maxlen: 23
195.40.24.0/23 maxlen: 23
212.134.20.0/24 maxlen: 24
212.134.27.0/24 maxlen: 24
212.135.6.0/23 maxlen: 23
213.177.252.0/24 maxlen: 24
213.177.253.0/24 maxlen: 24
213.177.254.0/24 maxlen: 24
213.177.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 14:56:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:6d:e4:9a:40:88:86:6c:c5:8b:4c:3a:44:f4:78:09:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Nov 10 13:11:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dacd82d89687c5631d631e51fb9f155339c0ac92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:26:42:f0:ed:c9:fe:a9:9c:30:e8:d1:0a:2c:
8f:09:20:0d:f3:9e:e7:64:59:38:c1:46:c2:5c:51:
9a:c0:15:0f:2b:c5:02:f2:e3:b2:87:e5:cd:96:ee:
e3:4c:ae:73:72:22:94:63:df:37:47:05:c8:37:e1:
a0:ed:24:45:49:c1:02:04:5e:53:3d:58:51:3f:aa:
89:f5:66:96:75:1d:e9:ed:a1:66:f5:8b:bb:b8:e8:
ac:e2:1c:db:9f:03:6a:ca:ee:2d:e0:aa:cb:49:79:
fb:75:42:f9:c4:df:36:2f:d9:25:89:71:fb:f1:11:
2d:0a:45:cd:5e:22:43:75:31:72:c7:81:1d:23:53:
d1:45:80:ad:9c:00:a0:32:af:9b:11:9a:fc:81:2e:
b0:bb:4e:30:60:ae:60:b6:f0:8e:52:fb:2f:fc:77:
c0:a6:a6:f2:7b:fd:94:be:e7:a1:42:6f:1b:e3:65:
ee:e0:5b:ef:14:ee:09:83:98:af:f9:96:f0:ff:a6:
a1:03:5e:0e:08:c8:2b:7b:d1:8a:b0:a8:3e:7a:4b:
88:74:83:47:9e:a5:c8:4f:9f:cd:9a:14:ae:65:eb:
9e:f6:79:b5:08:bf:32:44:9b:b1:64:b2:52:4c:80:
a5:1c:4a:55:c8:fe:ff:36:39:67:d5:52:ef:76:21:
60:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:CD:82:D8:96:87:C5:63:1D:63:1E:51:FB:9F:15:53:39:C0:AC:92
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2s2C2JaHxWMdYx5R-58VUznArJI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.40.22.0-195.40.25.255
212.134.20.0/24
212.134.27.0/24
212.135.6.0/23
213.177.252.0/22
Signature Algorithm: sha256WithRSAEncryption
b0:6e:3e:74:9f:1c:12:7c:c3:20:a3:bc:e7:a0:3a:d9:45:c1:
ff:33:65:06:4d:2a:46:fa:9e:98:a5:11:33:2b:82:87:31:98:
f0:6a:ec:65:25:9e:0e:47:8f:5b:6c:2c:c8:44:44:ba:8b:fb:
92:5a:8e:d7:11:e7:1d:4d:8e:41:69:e7:33:05:d1:ab:94:bf:
4c:10:27:c5:a0:0f:ff:02:a3:a1:bc:b9:1e:c6:75:81:59:0b:
67:83:7f:35:e8:ba:a7:4a:81:79:60:ce:23:61:c7:27:5b:fc:
d7:81:95:36:53:34:21:29:a0:04:61:41:74:3c:d2:a9:b0:1d:
10:6e:6c:df:5f:13:bd:ad:2e:37:46:26:a8:46:1f:be:a6:91:
d6:bb:09:d1:95:38:ee:1f:12:1e:02:23:1a:88:8f:bb:fa:1f:
77:7c:a3:d6:da:d8:49:7b:37:01:d2:3a:37:eb:e2:5f:3b:90:
c9:79:b2:da:b7:64:67:e6:9b:c3:b4:28:97:25:40:84:88:b7:
41:1e:5a:5f:32:9f:45:22:46:d3:ca:69:01:10:aa:00:cc:c9:
ca:37:fe:1c:95:71:58:1d:73:ef:69:cc:70:4e:e5:14:63:bf:
14:c9:a8:36:d2:4b:b2:cf:97:3e:6c:4b:06:80:00:a1:7d:3b:
35:1a:3f:92
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZpt5JpAiIZsxYtMOkT0eAm6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMTEwMTMxMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWNkODJkODk2ODdjNTYzMWQ2MzFlNTFmYjlmMTU1MzM5YzBhYzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiZC8O3J/qmcMOjRCiyPCSAN857n
ZFk4wUbCXFGawBUPK8UC8uOyh+XNlu7jTK5zciKUY983RwXIN+Gg7SRFScECBF5T
PVhRP6qJ9WaWdR3p7aFm9Yu7uOis4hzbnwNqyu4t4KrLSXn7dUL5xN82L9kliXH7
8REtCkXNXiJDdTFyx4EdI1PRRYCtnACgMq+bEZr8gS6wu04wYK5gtvCOUvsv/HfA
pqbye/2UvuehQm8b42Xu4FvvFO4Jg5iv+Zbw/6ahA14OCMgre9GKsKg+ekuIdINH
nqXIT5/NmhSuZeue9nm1CL8yRJuxZLJSTIClHEpVyP7/Njln1VLvdiFgdwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFNrNgtiWh8VjHWMeUfufFVM5wKySMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvMnMyQzJKYUh4V01kWXg1Ui01OFZVem5BckpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBAHDKBYD
BAHDKBgDBADUhhQDBADUhhsDBAHUhwYDBALVsfwwDQYJKoZIhvcNAQELBQADggEB
ALBuPnSfHBJ8wyCjvOegOtlFwf8zZQZNKkb6npilETMrgocxmPBq7GUlng5Hj1ts
LMhERLqL+5JajtcR5x1NjkFp5zMF0auUv0wQJ8WgD/8Co6G8uR7GdYFZC2eDfzXo
uqdKgXlgziNhxydb/NeBlTZTNCEpoARhQXQ80qmwHRBubN9fE72tLjdGJqhGH76m
kda7CdGVOO4fEh4CIxqIj7v6H3d8o9ba2El7NwHSOjfr4l87kMl5stq3ZGfmm8O0
KJclQISIt0EeWl8yn0UiRtPKaQEQqgDMyco3/hyVcVgdc+9pzHBO5RRjvxTJqDbS
S7LPlz5sSwaAAKF9OzUaP5I=
-----END CERTIFICATE-----
Generated at Mon Nov 17 23:51:32 2025 by rpki-client