Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/7697f5-448a-4c9a-959a-706dae51c401/1/cLXJPZRMjACNJWdbzWBHdJk4Gq0.roa
File: cLXJPZRMjACNJWdbzWBHdJk4Gq0.roa (raw, json)
Hash identifier: 67waz9BUSl1rmmTlp4M5HuhrKHWIN9dnMCNTzaYDP50=
Subject key identifier: 70:B5:C9:3D:94:4C:8C:00:8D:25:67:5B:CD:60:47:74:99:38:1A:AD
Certificate issuer: /CN=a2fee7eb40c5a45439502eb9f331befeac4f8d0c
Certificate serial: 019A066EEA0F0DD9F662C1CFFF0B9E34E9FC
Authority key identifier: A2:FE:E7:EB:40:C5:A4:54:39:50:2E:B9:F3:31:BE:FE:AC:4F:8D:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ov7n60DFpFQ5UC658zG-_qxPjQw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/7697f5-448a-4c9a-959a-706dae51c401/1/cLXJPZRMjACNJWdbzWBHdJk4Gq0.roa
Signing time: Tue 21 Oct 2025 11:02:03 +0000
ROA not before: Tue 21 Oct 2025 11:02:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198020
IP address blocks: 95.133.252.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/82/7697f5-448a-4c9a-959a-706dae51c401/1/ov7n60DFpFQ5UC658zG-_qxPjQw.crl
rsync://rpki.ripe.net/repository/DEFAULT/82/7697f5-448a-4c9a-959a-706dae51c401/1/ov7n60DFpFQ5UC658zG-_qxPjQw.mft
rsync://rpki.ripe.net/repository/DEFAULT/ov7n60DFpFQ5UC658zG-_qxPjQw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 23 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:06:6e:ea:0f:0d:d9:f6:62:c1:cf:ff:0b:9e:34:e9:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a2fee7eb40c5a45439502eb9f331befeac4f8d0c
Validity
Not Before: Oct 21 11:02:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=70b5c93d944c8c008d25675bcd60477499381aad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:fe:47:4a:d8:c3:9e:37:bd:96:e8:7b:ff:88:
74:6b:1d:30:01:34:cc:02:f8:3b:04:ca:51:e2:bc:
c3:61:cc:6c:c5:ef:00:85:9a:79:77:39:42:8e:d4:
af:3f:3d:3f:33:dd:3a:97:1a:63:73:81:1e:67:2e:
49:21:94:54:3b:d3:6a:c6:2a:cf:68:86:7c:9d:04:
0e:67:b6:da:42:04:24:8c:f5:20:12:81:43:86:01:
e9:9c:6d:cf:6d:78:ee:60:17:66:6a:33:a7:50:ff:
7f:63:18:fa:33:85:a9:1d:b5:65:83:49:b0:66:08:
3b:43:9c:b0:fc:91:bb:86:35:7a:91:17:bb:4b:e3:
fb:f8:62:c9:14:ce:22:ee:9e:95:cf:7b:3a:06:d0:
26:de:90:16:18:5e:a0:dc:64:0f:5f:02:ad:c8:2e:
0a:e5:ce:ed:99:46:f0:49:d4:d7:87:70:ef:c5:14:
c7:44:aa:5a:11:cf:6c:0a:12:39:0d:ae:c3:65:40:
90:e2:ba:1f:c5:15:ab:be:ea:4d:24:3e:ab:9f:0d:
4c:30:45:93:c6:ad:ca:48:a8:6f:0e:1b:52:88:d1:
c6:f8:2b:7f:96:fc:87:e7:9f:b9:63:47:6d:4b:6a:
69:c5:54:36:38:d1:1a:2a:16:66:0e:12:1f:df:57:
9f:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:B5:C9:3D:94:4C:8C:00:8D:25:67:5B:CD:60:47:74:99:38:1A:AD
X509v3 Authority Key Identifier:
keyid:A2:FE:E7:EB:40:C5:A4:54:39:50:2E:B9:F3:31:BE:FE:AC:4F:8D:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ov7n60DFpFQ5UC658zG-_qxPjQw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7697f5-448a-4c9a-959a-706dae51c401/1/cLXJPZRMjACNJWdbzWBHdJk4Gq0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7697f5-448a-4c9a-959a-706dae51c401/1/ov7n60DFpFQ5UC658zG-_qxPjQw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.133.252.0/22
Signature Algorithm: sha256WithRSAEncryption
5c:c2:f2:20:5c:5e:96:b8:c1:de:24:2a:ce:09:2c:a1:34:2b:
18:15:0c:03:ad:48:3c:f2:b3:d7:89:65:2c:c0:b0:38:90:88:
50:76:d5:9c:32:bd:fc:a7:37:b0:6f:93:60:51:85:c0:b4:53:
3c:de:9d:f8:1e:72:84:70:24:dc:ee:56:5b:7c:b9:02:a6:c4:
ea:64:18:2e:97:8a:ab:0d:06:14:28:87:6b:5a:16:16:74:3a:
94:06:5d:93:d5:9d:4a:41:32:e3:54:ae:04:5d:d1:5e:3d:39:
91:ea:9b:67:b7:1c:6d:02:26:e5:6e:e5:69:f5:32:1a:6a:8a:
c7:f8:dc:70:9f:b8:1d:59:df:85:52:84:cf:91:86:af:54:28:
f1:79:d5:fb:74:8f:d7:ff:0e:17:2a:dd:9b:be:ab:6a:06:35:
d2:a0:9d:dc:84:ce:32:9e:c5:16:f0:7f:c4:90:8f:b6:f2:a7:
e7:af:c0:d3:84:20:e5:98:cc:3b:95:3f:7d:00:10:dc:96:f6:
ea:9a:f1:ec:a7:09:05:37:ca:9b:d7:97:ea:c4:26:b6:ee:2d:
83:69:ef:39:de:2b:d0:57:81:28:6e:8e:8c:b6:67:87:79:84:
d4:6d:10:0d:44:58:8f:01:67:2e:e4:b7:43:47:0c:5c:ea:30:
3b:dc:37:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoGbuoPDdn2YsHP/wueNOn8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZmVlN2ViNDBjNWE0NTQzOTUwMmViOWYzMzFiZWZlYWM0
ZjhkMGMwHhcNMjUxMDIxMTEwMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGI1YzkzZDk0NGM4YzAwOGQyNTY3NWJjZDYwNDc3NDk5MzgxYWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/5HStjDnje9luh7/4h0ax0wATTM
Avg7BMpR4rzDYcxsxe8AhZp5dzlCjtSvPz0/M906lxpjc4EeZy5JIZRUO9NqxirP
aIZ8nQQOZ7baQgQkjPUgEoFDhgHpnG3PbXjuYBdmajOnUP9/Yxj6M4WpHbVlg0mw
Zgg7Q5yw/JG7hjV6kRe7S+P7+GLJFM4i7p6Vz3s6BtAm3pAWGF6g3GQPXwKtyC4K
5c7tmUbwSdTXh3DvxRTHRKpaEc9sChI5Da7DZUCQ4rofxRWrvupNJD6rnw1MMEWT
xq3KSKhvDhtSiNHG+Ct/lvyH55+5Y0dtS2ppxVQ2ONEaKhZmDhIf31efCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHC1yT2UTIwAjSVnW81gR3SZOBqtMB8GA1UdIwQY
MBaAFKL+5+tAxaRUOVAuufMxvv6sT40MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3Y3bjYwREZwRlE1VUM2NTh6Ry1fcXhQalF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi83Njk3ZjUtNDQ4YS00YzlhLTk1OWEt
NzA2ZGFlNTFjNDAxLzEvY0xYSlBaUk1qQUNOSldkYnpXQkhkSms0R3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi83Njk3ZjUtNDQ4YS00YzlhLTk1OWEtNzA2ZGFlNTFjNDAx
LzEvb3Y3bjYwREZwRlE1VUM2NTh6Ry1fcXhQalF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX4X8MA0G
CSqGSIb3DQEBCwUAA4IBAQBcwvIgXF6WuMHeJCrOCSyhNCsYFQwDrUg88rPXiWUs
wLA4kIhQdtWcMr38pzewb5NgUYXAtFM83p34HnKEcCTc7lZbfLkCpsTqZBgul4qr
DQYUKIdrWhYWdDqUBl2T1Z1KQTLjVK4EXdFePTmR6ptntxxtAiblbuVp9TIaaorH
+Nxwn7gdWd+FUoTPkYavVCjxedX7dI/X/w4XKt2bvqtqBjXSoJ3chM4ynsUW8H/E
kI+28qfnr8DThCDlmMw7lT99ABDclvbqmvHspwkFN8qb15fqxCa27i2Dae853ivQ
V4Eobo6MtmeHeYTUbRANRFiPAWcu5LdDRwxc6jA73Des
-----END CERTIFICATE-----
Generated at Wed Oct 22 16:27:58 2025 by rpki-client