Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/dF7YZ7xhhmrQW1zMuEQT2F67QgM.roa
File: dF7YZ7xhhmrQW1zMuEQT2F67QgM.roa (raw, json)
Hash identifier: UM139eCTeIEHK7o36JJKhXZkKIHCIOEh5IFneXZnhNg=
Subject key identifier: 74:5E:D8:67:BC:61:86:6A:D0:5B:5C:CC:B8:44:13:D8:5E:BB:42:03
Certificate issuer: /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial: 0199C3EA6E277EA1237A40B473A07F9C6E80
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/dF7YZ7xhhmrQW1zMuEQT2F67QgM.roa
Signing time: Wed 08 Oct 2025 13:02:24 +0000
ROA not before: Wed 08 Oct 2025 13:02:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213069
IP address blocks: 195.234.191.0/24 maxlen: 24
195.238.240.0/24 maxlen: 24
2a10:ef04:1002::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 19 Oct 2025 16:28:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c3:ea:6e:27:7e:a1:23:7a:40:b4:73:a0:7f:9c:6e:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
Validity
Not Before: Oct 8 13:02:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=745ed867bc61866ad05b5cccb84413d85ebb4203
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:c5:ea:89:b7:a3:00:01:4d:3b:15:79:06:e8:
0e:4b:66:af:c2:fb:39:7e:33:3d:61:b3:de:0e:7a:
6f:ee:03:8d:59:2a:f1:64:74:d5:8a:66:59:ab:c1:
fc:58:4a:49:71:cc:e8:2d:fc:02:5c:2d:d6:83:d4:
54:0d:cd:d0:88:c5:20:95:7d:3f:45:fa:e5:30:2b:
28:0b:c2:c1:a1:03:a6:b9:a1:7e:19:79:09:7a:b7:
0e:87:2a:98:db:ac:24:58:fa:8d:e6:2e:d9:d7:bd:
d1:8d:70:22:ee:6f:a8:87:50:5f:a6:f9:d2:c8:11:
d5:50:4d:00:ca:e4:89:f0:0e:70:a5:6f:9e:96:ff:
92:be:d0:fd:cd:9b:96:fb:7a:33:d9:cc:74:82:d1:
67:37:4d:ec:c7:06:74:9b:00:e3:2b:1e:a9:17:a3:
9d:62:16:15:d2:31:bc:6c:fe:72:87:bb:df:f2:6a:
3d:96:a6:aa:d6:b5:cf:39:38:90:b0:18:8d:37:84:
29:9d:f1:95:ed:9b:1b:8e:7e:07:a4:51:c9:a9:47:
b5:69:72:9d:6f:71:70:be:84:59:ea:e4:1d:43:77:
53:99:61:e0:5e:97:f9:2f:92:6b:5f:0d:0d:e5:66:
82:c4:94:ed:58:49:fe:ce:2b:8d:b2:7b:fe:f6:ca:
b0:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:5E:D8:67:BC:61:86:6A:D0:5B:5C:CC:B8:44:13:D8:5E:BB:42:03
X509v3 Authority Key Identifier:
keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/dF7YZ7xhhmrQW1zMuEQT2F67QgM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.234.191.0/24
195.238.240.0/24
IPv6:
2a10:ef04:1002::/48
Signature Algorithm: sha256WithRSAEncryption
32:89:e6:8e:5a:a9:32:3b:46:57:b9:f0:d7:80:23:be:e8:64:
32:a4:c1:fd:16:fb:d7:40:84:f4:93:22:02:e0:84:4e:a0:c6:
22:b9:cb:6f:9d:fa:0c:5a:10:c7:4e:29:bf:39:85:aa:49:ec:
40:2e:ea:d9:b9:07:5c:52:00:49:6c:d3:e7:e4:21:7d:8d:43:
6b:e9:92:12:e1:ab:02:37:ee:65:9b:45:cf:0a:f8:41:19:66:
05:a1:6e:3f:bf:81:8f:5a:95:6b:a9:a8:42:4b:7e:85:51:aa:
8a:e4:c1:ae:22:d1:bf:41:8a:94:a2:9d:81:58:1c:5c:99:e2:
a1:75:b3:ef:ac:4e:f2:7c:ca:b9:db:59:88:42:dc:ad:27:dc:
41:2f:3a:05:2f:97:15:e8:40:6b:5e:e4:99:27:27:ab:30:4b:
f5:87:d6:0b:62:f2:9c:1a:d2:d9:2b:41:51:ff:46:91:90:52:
4f:32:b9:7c:1b:7a:9c:40:ca:50:31:53:3e:73:33:c5:b5:32:
69:a5:e3:d3:5c:a9:67:8c:7d:37:7e:93:9c:fd:5a:74:3e:d1:
75:76:69:3a:64:bf:8d:e7:e3:f8:87:7e:7f:6d:10:18:0e:2e:
9e:3e:06:8a:b7:92:81:12:b1:6b:ed:f0:f6:6f:13:50:89:1f:
ba:9e:7d:94
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZnD6m4nfqEjekC0c6B/nG6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjUxMDA4MTMwMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDVlZDg2N2JjNjE4NjZhZDA1YjVjY2NiODQ0MTNkODVlYmI0MjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsXqibejAAFNOxV5BugOS2avwvs5
fjM9YbPeDnpv7gONWSrxZHTVimZZq8H8WEpJcczoLfwCXC3Wg9RUDc3QiMUglX0/
RfrlMCsoC8LBoQOmuaF+GXkJercOhyqY26wkWPqN5i7Z173RjXAi7m+oh1BfpvnS
yBHVUE0AyuSJ8A5wpW+elv+SvtD9zZuW+3oz2cx0gtFnN03sxwZ0mwDjKx6pF6Od
YhYV0jG8bP5yh7vf8mo9lqaq1rXPOTiQsBiNN4QpnfGV7Zsbjn4HpFHJqUe1aXKd
b3FwvoRZ6uQdQ3dTmWHgXpf5L5JrXw0N5WaCxJTtWEn+ziuNsnv+9sqwnwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHRe2Ge8YYZq0FtczLhEE9heu0IDMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvZEY3WVo3eGhobXJRVzF6TXVFUVQyRjY3UWdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAw+q/AwQA
w+7wMA8EAgACMAkDBwAqEO8EEAIwDQYJKoZIhvcNAQELBQADggEBADKJ5o5aqTI7
Rle58NeAI77oZDKkwf0W+9dAhPSTIgLghE6gxiK5y2+d+gxaEMdOKb85hapJ7EAu
6tm5B1xSAEls0+fkIX2NQ2vpkhLhqwI37mWbRc8K+EEZZgWhbj+/gY9alWupqEJL
foVRqorkwa4i0b9BipSinYFYHFyZ4qF1s++sTvJ8yrnbWYhC3K0n3EEvOgUvlxXo
QGte5JknJ6swS/WH1gti8pwa0tkrQVH/RpGQUk8yuXwbepxAylAxUz5zM8W1Mmml
49NcqWeMfTd+k5z9WnQ+0XV2aTpkv43n4/iHfn9tEBgOLp4+Boq3koESsWvt8PZv
E1CJH7qefZQ=
-----END CERTIFICATE-----
Generated at Sat Oct 18 22:40:39 2025 by rpki-client