Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/MTFqs6mA7KUnw1QvYWNmKm0YqCY.roa
File: MTFqs6mA7KUnw1QvYWNmKm0YqCY.roa (raw, json)
Hash identifier: q+PYR9H4ojp55utjjPF/ZBfxUxgnsX2OKoLSnPQgWVE=
Subject key identifier: 31:31:6A:B3:A9:80:EC:A5:27:C3:54:2F:61:63:66:2A:6D:18:A8:26
Certificate issuer: /CN=713b9404a0c43223addc8ea1b10ab74b777a2a01
Certificate serial: 019A0071561D1CC1D62F4DF415E316354592
Authority key identifier: 71:3B:94:04:A0:C4:32:23:AD:DC:8E:A1:B1:0A:B7:4B:77:7A:2A:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cTuUBKDEMiOt3I6hsQq3S3d6KgE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/MTFqs6mA7KUnw1QvYWNmKm0YqCY.roa
Signing time: Mon 20 Oct 2025 07:06:58 +0000
ROA not before: Mon 20 Oct 2025 07:06:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51013
IP address blocks: 45.10.97.0/24 maxlen: 24
81.95.108.0/23 maxlen: 24
81.95.108.0/24 maxlen: 24
81.95.109.0/24 maxlen: 24
2a02:4a8:10::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/cTuUBKDEMiOt3I6hsQq3S3d6KgE.crl
rsync://rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/cTuUBKDEMiOt3I6hsQq3S3d6KgE.mft
rsync://rpki.ripe.net/repository/DEFAULT/cTuUBKDEMiOt3I6hsQq3S3d6KgE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Oct 2025 03:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:00:71:56:1d:1c:c1:d6:2f:4d:f4:15:e3:16:35:45:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=713b9404a0c43223addc8ea1b10ab74b777a2a01
Validity
Not Before: Oct 20 07:06:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=31316ab3a980eca527c3542f6163662a6d18a826
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:33:ba:92:76:ef:8c:c8:a4:bb:e8:84:6b:01:
4c:08:a0:46:a5:23:d6:1b:4c:de:f7:22:a1:7b:bf:
c7:37:60:d5:69:fc:1c:a6:ca:5c:fd:3d:7f:0f:6e:
8f:ef:27:c1:e3:39:cd:d5:01:42:49:b4:2b:28:94:
60:b0:5f:b7:61:c4:e9:48:c6:0a:79:dd:fa:db:e9:
d7:c8:05:e4:d8:98:2a:2d:fd:2c:ba:7f:44:76:63:
a5:e4:a7:f9:32:59:d4:8c:0d:48:d5:b8:36:09:44:
ad:4b:15:ed:35:94:d0:9b:11:bd:bd:d0:7e:fb:b2:
34:40:e7:41:72:67:d7:04:28:61:c6:8c:13:f6:be:
8a:21:cb:8d:18:27:15:22:d6:18:a0:e7:01:46:8e:
16:da:cc:e2:bb:2f:5c:fc:94:34:65:50:75:df:0c:
08:a9:c6:f8:8b:f7:63:0d:02:d1:a9:83:ca:0c:ca:
e8:2a:61:8c:99:19:f0:f1:68:33:8f:1e:5c:c5:c1:
11:10:1b:76:10:8f:1f:8d:13:00:ab:9a:3a:0a:cb:
6b:3d:36:23:79:26:76:c1:e5:b5:46:32:50:dc:2a:
7d:00:ff:09:ed:b0:db:4a:db:bb:1f:94:3f:92:e7:
4e:55:09:86:3a:ea:37:e8:43:42:60:e9:15:d8:4d:
af:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:31:6A:B3:A9:80:EC:A5:27:C3:54:2F:61:63:66:2A:6D:18:A8:26
X509v3 Authority Key Identifier:
keyid:71:3B:94:04:A0:C4:32:23:AD:DC:8E:A1:B1:0A:B7:4B:77:7A:2A:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cTuUBKDEMiOt3I6hsQq3S3d6KgE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/MTFqs6mA7KUnw1QvYWNmKm0YqCY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7ec7a2-8318-462f-966e-7a531d483747/1/cTuUBKDEMiOt3I6hsQq3S3d6KgE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.97.0/24
81.95.108.0/23
IPv6:
2a02:4a8:10::/48
Signature Algorithm: sha256WithRSAEncryption
36:ec:55:cc:23:fb:c5:de:06:15:79:b3:c4:26:3d:21:4a:23:
9d:7e:b6:57:b4:01:49:b3:41:9d:ab:14:19:e6:26:03:02:b5:
72:3a:1f:64:ed:a9:bd:e9:ff:20:07:b2:7a:f9:c2:f6:30:7e:
c8:ae:68:00:c3:49:f6:04:d6:f7:60:af:83:ae:fb:5a:a0:7d:
82:84:55:e3:41:6f:d9:86:11:ba:f9:5c:b2:1a:45:bf:66:61:
ba:d7:83:be:ae:96:07:54:94:12:d1:e2:94:63:46:ce:86:e7:
41:90:47:90:3e:c4:f1:67:35:07:64:0d:28:46:fc:9f:15:76:
a9:45:43:a1:5b:8c:89:c8:95:99:a4:28:d4:a8:ab:ec:c5:2d:
52:30:99:1d:56:d4:ab:f2:18:43:a9:0b:ef:36:4c:d6:0d:e3:
14:14:a7:64:d7:58:a2:74:16:cf:5f:ec:c9:eb:ea:fd:27:58:
cc:0a:24:72:4c:06:32:8a:08:e6:43:a1:6c:ce:fc:4d:61:35:
5d:92:ae:89:aa:f6:a0:8c:4e:84:e6:0d:8a:ea:37:f4:2c:7a:
6a:ae:c7:a0:80:41:4c:c0:28:92:42:dd:ba:83:ce:c3:ac:e8:
9d:f4:3c:ba:40:51:00:ab:51:f1:f6:df:d2:13:cd:a7:b0:4a:
65:3c:04:da
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZoAcVYdHMHWL030FeMWNUWSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxM2I5NDA0YTBjNDMyMjNhZGRjOGVhMWIxMGFiNzRiNzc3
YTJhMDEwHhcNMjUxMDIwMDcwNjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTMxNmFiM2E5ODBlY2E1MjdjMzU0MmY2MTYzNjYyYTZkMThhODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTO6knbvjMiku+iEawFMCKBGpSPW
G0ze9yKhe7/HN2DVafwcpspc/T1/D26P7yfB4znN1QFCSbQrKJRgsF+3YcTpSMYK
ed362+nXyAXk2JgqLf0sun9EdmOl5Kf5MlnUjA1I1bg2CUStSxXtNZTQmxG9vdB+
+7I0QOdBcmfXBChhxowT9r6KIcuNGCcVItYYoOcBRo4W2sziuy9c/JQ0ZVB13wwI
qcb4i/djDQLRqYPKDMroKmGMmRnw8Wgzjx5cxcEREBt2EI8fjRMAq5o6CstrPTYj
eSZ2weW1RjJQ3Cp9AP8J7bDbStu7H5Q/kudOVQmGOuo36ENCYOkV2E2vjwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDExarOpgOylJ8NUL2FjZiptGKgmMB8GA1UdIwQY
MBaAFHE7lASgxDIjrdyOobEKt0t3eioBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1R1VUJLREVNaU90M0k2aHNRcTNTM2Q2S2dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83ZWM3YTItODMxOC00NjJmLTk2NmUt
N2E1MzFkNDgzNzQ3LzEvTVRGcXM2bUE3S1VudzFRdllXTm1LbTBZcUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83ZWM3YTItODMxOC00NjJmLTk2NmUtN2E1MzFkNDgzNzQ3
LzEvY1R1VUJLREVNaU90M0k2aHNRcTNTM2Q2S2dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQALQphAwQB
UV9sMA8EAgACMAkDBwAqAgSoABAwDQYJKoZIhvcNAQELBQADggEBADbsVcwj+8Xe
BhV5s8QmPSFKI51+tle0AUmzQZ2rFBnmJgMCtXI6H2Ttqb3p/yAHsnr5wvYwfsiu
aADDSfYE1vdgr4Ou+1qgfYKEVeNBb9mGEbr5XLIaRb9mYbrXg76ulgdUlBLR4pRj
Rs6G50GQR5A+xPFnNQdkDShG/J8VdqlFQ6FbjInIlZmkKNSoq+zFLVIwmR1W1Kvy
GEOpC+82TNYN4xQUp2TXWKJ0Fs9f7Mnr6v0nWMwKJHJMBjKKCOZDoWzO/E1hNV2S
romq9qCMToTmDYrqN/Qsemqux6CAQUzAKJJC3bqDzsOs6J30PLpAUQCrUfH239IT
zaewSmU8BNo=
-----END CERTIFICATE-----
Generated at Sun Oct 26 11:26:11 2025 by rpki-client