Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/2UhYLcd2j-KdAauqxCqQQx52q2U.roa
File: 2UhYLcd2j-KdAauqxCqQQx52q2U.roa (raw, json)
Hash identifier: MFZ2OT0V1ZDMTvLmKJXIXyij1pz5j8dbnfqUGRmXftA=
Subject key identifier: D9:48:58:2D:C7:76:8F:E2:9D:01:AB:AA:C4:2A:90:43:1E:76:AB:65
Certificate issuer: /CN=3e25ab6985f79ca9de06e98e8b9da245d8559ab6
Certificate serial: 019901CBC7AB08078EC31ADECB37599B44E4
Authority key identifier: 3E:25:AB:69:85:F7:9C:A9:DE:06:E9:8E:8B:9D:A2:45:D8:55:9A:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PiWraYX3nKneBumOi52iRdhVmrY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/2UhYLcd2j-KdAauqxCqQQx52q2U.roa
Signing time: Sun 31 Aug 2025 20:22:36 +0000
ROA not before: Sun 31 Aug 2025 20:22:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43260
IP address blocks: 91.151.94.0/24 maxlen: 24
185.137.98.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/PiWraYX3nKneBumOi52iRdhVmrY.crl
rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/PiWraYX3nKneBumOi52iRdhVmrY.mft
rsync://rpki.ripe.net/repository/DEFAULT/PiWraYX3nKneBumOi52iRdhVmrY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 05:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:01:cb:c7:ab:08:07:8e:c3:1a:de:cb:37:59:9b:44:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e25ab6985f79ca9de06e98e8b9da245d8559ab6
Validity
Not Before: Aug 31 20:22:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d948582dc7768fe29d01abaac42a90431e76ab65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:7b:b5:84:77:eb:0e:e3:aa:82:4a:2d:ef:63:
39:c6:f2:a9:b8:cd:3f:45:e3:7a:df:1e:fb:d9:96:
99:17:25:eb:70:20:83:d3:af:ce:a8:63:42:37:f5:
19:fd:02:1f:2a:0d:fc:e6:de:3f:1c:0c:11:1d:ad:
84:80:95:2d:62:af:b5:2b:c4:85:88:28:58:70:d6:
29:69:7a:7f:2f:4c:1c:94:2f:62:fb:cc:b8:85:0e:
c4:cd:d9:90:2d:ea:46:38:32:65:45:25:5c:44:b7:
7b:fd:6c:50:f3:aa:e4:24:5f:ca:91:d8:aa:9b:cd:
8b:aa:00:47:aa:c8:fa:14:65:c5:58:b1:77:be:a6:
20:8f:03:fb:6e:17:d6:55:dd:76:f0:00:8a:9d:6e:
2e:df:5d:e3:87:b0:7f:6d:32:d3:24:05:31:79:d0:
d6:99:21:1a:12:d0:c0:2d:3e:b5:69:0a:84:6b:d1:
dc:d7:2d:1e:93:2a:8a:8a:4c:c0:7d:4c:46:c1:0f:
44:c2:9a:1e:e7:22:3c:fc:d9:5b:be:3c:aa:37:01:
b3:7b:d3:d5:ef:63:aa:07:2f:52:24:63:d3:9b:dc:
25:64:a9:98:d2:52:54:1f:dc:71:bb:13:00:7a:b1:
d0:99:35:f3:e5:a7:e9:dc:ed:13:20:7f:61:a9:98:
f7:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:48:58:2D:C7:76:8F:E2:9D:01:AB:AA:C4:2A:90:43:1E:76:AB:65
X509v3 Authority Key Identifier:
keyid:3E:25:AB:69:85:F7:9C:A9:DE:06:E9:8E:8B:9D:A2:45:D8:55:9A:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiWraYX3nKneBumOi52iRdhVmrY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/2UhYLcd2j-KdAauqxCqQQx52q2U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/PiWraYX3nKneBumOi52iRdhVmrY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.151.94.0/24
185.137.98.0/24
Signature Algorithm: sha256WithRSAEncryption
67:0c:ef:73:f7:ee:41:28:73:17:11:34:c6:91:e4:e9:df:e5:
6f:c3:da:08:69:fd:aa:c3:8b:a5:cd:62:fd:e8:88:af:0a:0c:
48:5c:ee:39:64:24:21:d8:5a:6a:60:42:d8:6b:dc:01:fc:bd:
4a:e5:ee:3f:87:3b:dd:db:ff:31:9f:3e:43:8e:48:49:9d:9c:
c9:60:0a:6b:be:5c:02:11:d6:7f:9e:14:c3:83:0c:a3:12:96:
0e:de:f4:28:e3:bb:b5:47:82:92:9d:12:6a:5a:88:73:85:b6:
b3:55:28:08:23:37:21:4e:5b:1a:a7:c6:0b:04:9e:41:91:92:
26:b4:3e:b5:72:37:80:cc:e7:92:0c:e7:60:a3:76:32:f2:eb:
a5:4c:3d:b0:c4:84:7b:bd:55:b4:2b:d9:6f:cd:bd:79:f2:95:
46:09:b7:b2:39:5f:c2:99:b4:d4:4d:de:62:2b:a5:37:bd:9b:
21:ce:7d:e2:c7:f0:5c:5e:b1:02:84:3c:b6:4a:e3:e4:ee:54:
38:fd:c9:9c:7c:22:0f:e5:4b:fa:2d:7a:49:31:e2:98:bc:d6:
35:33:9b:6f:87:47:13:9a:38:1c:c9:e4:32:db:9a:15:d1:f7:
ee:34:94:2c:64:58:59:e0:3d:52:d3:5a:66:4f:08:0e:0e:d1:
b0:53:b5:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkBy8erCAeOwxreyzdZm0TkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjVhYjY5ODVmNzljYTlkZTA2ZTk4ZThiOWRhMjQ1ZDg1
NTlhYjYwHhcNMjUwODMxMjAyMjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQ4NTgyZGM3NzY4ZmUyOWQwMWFiYWFjNDJhOTA0MzFlNzZhYjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3u1hHfrDuOqgkot72M5xvKpuM0/
ReN63x772ZaZFyXrcCCD06/OqGNCN/UZ/QIfKg385t4/HAwRHa2EgJUtYq+1K8SF
iChYcNYpaXp/L0wclC9i+8y4hQ7EzdmQLepGODJlRSVcRLd7/WxQ86rkJF/Kkdiq
m82LqgBHqsj6FGXFWLF3vqYgjwP7bhfWVd128ACKnW4u313jh7B/bTLTJAUxedDW
mSEaEtDALT61aQqEa9Hc1y0ekyqKikzAfUxGwQ9Ewpoe5yI8/NlbvjyqNwGze9PV
72OqBy9SJGPTm9wlZKmY0lJUH9xxuxMAerHQmTXz5afp3O0TIH9hqZj3ZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNlIWC3Hdo/inQGrqsQqkEMedqtlMB8GA1UdIwQY
MBaAFD4lq2mF95yp3gbpjoudokXYVZq2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlXcmFZWDNuS25lQnVtT2k1MmlSZGhWbXJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8yMmQxNzUtYzcxZC00NjM3LWEwOTAt
YjE5YWQ1NDU1YmZkLzEvMlVoWUxjZDJqLUtkQWF1cXhDcVFReDUycTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8yMmQxNzUtYzcxZC00NjM3LWEwOTAtYjE5YWQ1NDU1YmZk
LzEvUGlXcmFZWDNuS25lQnVtT2k1MmlSZGhWbXJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW5deAwQA
uYliMA0GCSqGSIb3DQEBCwUAA4IBAQBnDO9z9+5BKHMXETTGkeTp3+Vvw9oIaf2q
w4ulzWL96IivCgxIXO45ZCQh2FpqYELYa9wB/L1K5e4/hzvd2/8xnz5DjkhJnZzJ
YAprvlwCEdZ/nhTDgwyjEpYO3vQo47u1R4KSnRJqWohzhbazVSgIIzchTlsap8YL
BJ5BkZImtD61cjeAzOeSDOdgo3Yy8uulTD2wxIR7vVW0K9lvzb158pVGCbeyOV/C
mbTUTd5iK6U3vZshzn3ix/BcXrEChDy2SuPk7lQ4/cmcfCIP5Uv6LXpJMeKYvNY1
M5tvh0cTmjgcyeQy25oV0ffuNJQsZFhZ4D1S01pmTwgODtGwU7Ve
-----END CERTIFICATE-----
Generated at Sun Sep 7 12:25:12 2025 by rpki-client