Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/o-Nr4-sBGweIbD_LNh1zAVf96rI.roa
File: o-Nr4-sBGweIbD_LNh1zAVf96rI.roa (raw, json)
Hash identifier: +ihCqeUxG7jpp6ma2DfHDdl7PPQXWBRp2SHtLryABk8=
Subject key identifier: A3:E3:6B:E3:EB:01:1B:07:88:6C:3F:CB:36:1D:73:01:57:FD:EA:B2
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019A00E3C85DD7A0E449DC0A97C43BD2F03E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/o-Nr4-sBGweIbD_LNh1zAVf96rI.roa
Signing time: Mon 20 Oct 2025 09:11:59 +0000
ROA not before: Mon 20 Oct 2025 09:11:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42831
IP address blocks: 82.152.72.0/24 maxlen: 24
82.153.66.0/24 maxlen: 24
109.176.165.0/24 maxlen: 24
213.218.213.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 07:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:00:e3:c8:5d:d7:a0:e4:49:dc:0a:97:c4:3b:d2:f0:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Oct 20 09:11:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a3e36be3eb011b07886c3fcb361d730157fdeab2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:5d:0c:06:c5:c8:20:d8:2b:2c:fd:9b:e9:59:
f1:d6:0b:72:30:34:94:b0:89:e4:43:94:1b:2c:06:
c0:13:cf:6c:7e:e3:60:78:d9:61:8c:66:0d:70:f1:
4f:c7:5b:1d:9f:3e:ac:db:9e:7b:65:e6:b6:e1:6f:
88:6f:9c:12:e3:7c:51:f8:02:2c:6b:0d:36:ff:59:
0d:96:b6:00:56:47:26:f7:43:8b:6a:c7:66:cd:16:
85:d1:fe:54:46:18:9a:65:6e:70:f4:65:01:49:34:
f5:ea:51:e6:ad:57:06:b2:4e:07:7c:7a:df:35:e7:
a1:c6:4c:e7:99:dd:a8:2d:46:ed:2c:1c:98:b2:af:
cb:e0:40:ac:6f:f8:f1:85:d0:45:16:92:7f:4c:8a:
ca:e0:24:03:34:4f:ab:e4:75:51:dc:8f:7e:9f:e3:
b8:0d:7f:9a:2a:16:e0:ae:72:e8:6a:af:fd:82:49:
d9:99:40:dc:c1:42:34:5e:b8:0a:54:c3:f2:ab:86:
1c:de:f5:d6:28:b4:cf:12:79:af:b5:a9:6e:6a:3f:
18:e3:15:8c:27:8f:16:12:2f:8a:82:0a:7d:8a:28:
f5:76:d2:75:c8:62:ff:08:ab:32:a0:c2:18:04:95:
5e:a3:7f:1e:5a:05:3b:17:68:62:cb:d6:ac:14:79:
04:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:E3:6B:E3:EB:01:1B:07:88:6C:3F:CB:36:1D:73:01:57:FD:EA:B2
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/o-Nr4-sBGweIbD_LNh1zAVf96rI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.72.0/24
82.153.66.0/24
109.176.165.0/24
213.218.213.0/24
Signature Algorithm: sha256WithRSAEncryption
82:00:bd:bf:13:93:b0:c4:71:fc:4d:af:e7:7c:5f:85:d3:2a:
34:76:23:e8:7e:64:8f:e0:25:9b:1f:f4:ee:97:e2:c6:19:2d:
3f:21:d7:ca:14:a2:02:ea:4a:73:cb:a9:81:00:09:99:0b:68:
5e:d3:10:6a:c1:e7:5e:4f:db:9c:61:a5:11:0f:83:e0:12:0f:
ec:00:94:8e:e7:d0:b3:d9:6a:c5:57:8f:ba:3a:2e:a5:91:ec:
ed:c8:df:62:37:d6:01:0c:92:08:e9:4c:5d:9c:1f:ea:a9:72:
0b:2f:3e:ba:13:b9:95:b9:53:5a:8e:50:d0:9c:eb:82:82:ef:
c2:7b:18:4c:52:45:38:d1:84:ee:b0:4c:97:9a:c0:69:c7:07:
f2:e2:ca:c5:db:0e:98:ef:e6:21:8b:fc:01:1c:0f:7f:7e:a0:
42:be:94:9d:d6:b5:d2:d6:ad:27:df:9e:62:b7:e0:f1:d4:6e:
ea:e3:db:96:b8:0b:0d:a7:26:ad:ef:e8:71:94:95:39:9e:5f:
91:0a:eb:1a:21:92:03:a1:1f:2a:d7:b7:24:26:4d:ec:ed:3d:
44:9e:0a:f1:24:f5:fb:b0:49:c1:da:3e:b6:1f:87:4c:0e:34:
08:58:10:78:c1:3d:a9:4c:a4:98:40:f7:c8:1d:28:f5:41:8d:
a1:b3:c3:e2
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZoA48hd16DkSdwKl8Q70vA+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDIwMDkxMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2UzNmJlM2ViMDExYjA3ODg2YzNmY2IzNjFkNzMwMTU3ZmRlYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs10MBsXIINgrLP2b6Vnx1gtyMDSU
sInkQ5QbLAbAE89sfuNgeNlhjGYNcPFPx1sdnz6s2557Zea24W+Ib5wS43xR+AIs
aw02/1kNlrYAVkcm90OLasdmzRaF0f5URhiaZW5w9GUBSTT16lHmrVcGsk4HfHrf
Neehxkznmd2oLUbtLByYsq/L4ECsb/jxhdBFFpJ/TIrK4CQDNE+r5HVR3I9+n+O4
DX+aKhbgrnLoaq/9gknZmUDcwUI0XrgKVMPyq4Yc3vXWKLTPEnmvtaluaj8Y4xWM
J48WEi+Kggp9iij1dtJ1yGL/CKsyoMIYBJVeo38eWgU7F2hiy9asFHkEywIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKPja+PrARsHiGw/yzYdcwFX/eqyMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvby1OcjQtc0JHd2VJYkRfTE5oMXpBVmY5NnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUphIAwQA
UplCAwQAbbClAwQA1drVMA0GCSqGSIb3DQEBCwUAA4IBAQCCAL2/E5OwxHH8Ta/n
fF+F0yo0diPofmSP4CWbH/Tul+LGGS0/IdfKFKIC6kpzy6mBAAmZC2he0xBqwede
T9ucYaURD4PgEg/sAJSO59Cz2WrFV4+6Oi6lkeztyN9iN9YBDJII6UxdnB/qqXIL
Lz66E7mVuVNajlDQnOuCgu/CexhMUkU40YTusEyXmsBpxwfy4srF2w6Y7+Yhi/wB
HA9/fqBCvpSd1rXS1q0n355it+Dx1G7q49uWuAsNpyat7+hxlJU5nl+RCusaIZID
oR8q17ckJk3s7T1EngrxJPX7sEnB2j62H4dMDjQIWBB4wT2pTKSYQPfIHSj1QY2h
s8Pi
-----END CERTIFICATE-----
Generated at Tue Oct 21 13:58:25 2025 by rpki-client