Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/Cx0Wc_hxcpd0is7XF0LK-KtzFdY.roa
File: Cx0Wc_hxcpd0is7XF0LK-KtzFdY.roa (raw, json)
Hash identifier: 3aEd1MzE4wxCft0r0lHTBK1f538fKR5Xo3LF5iBw5Y0=
Subject key identifier: 0B:1D:16:73:F8:71:72:97:74:8A:CE:D7:17:42:CA:F8:AB:73:15:D6
Certificate issuer: /CN=72bd83f5275bd09e8d33b429881eb2f96b6d9de1
Certificate serial: 0199FE4EC4B8217B49792227F2E41688901D
Authority key identifier: 72:BD:83:F5:27:5B:D0:9E:8D:33:B4:29:88:1E:B2:F9:6B:6D:9D:E1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cr2D9Sdb0J6NM7QpiB6y-WttneE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/Cx0Wc_hxcpd0is7XF0LK-KtzFdY.roa
Signing time: Sun 19 Oct 2025 21:09:58 +0000
ROA not before: Sun 19 Oct 2025 21:09:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1257
IP address blocks: 185.45.120.0/23 maxlen: 23
185.45.122.0/24 maxlen: 24
185.45.123.0/24 maxlen: 24
2a01:7ee0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/cr2D9Sdb0J6NM7QpiB6y-WttneE.crl
rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/cr2D9Sdb0J6NM7QpiB6y-WttneE.mft
rsync://rpki.ripe.net/repository/DEFAULT/cr2D9Sdb0J6NM7QpiB6y-WttneE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 16:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:fe:4e:c4:b8:21:7b:49:79:22:27:f2:e4:16:88:90:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72bd83f5275bd09e8d33b429881eb2f96b6d9de1
Validity
Not Before: Oct 19 21:09:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0b1d1673f8717297748aced71742caf8ab7315d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:45:54:dc:f7:19:f8:d8:45:9f:ac:e0:48:c0:
f6:b9:b1:76:e8:84:3c:75:5c:64:3e:32:5c:ff:c2:
a2:6d:c8:22:32:6d:8f:b6:b6:79:11:17:cf:97:2e:
9b:42:4e:84:3f:f2:66:b9:8f:ae:a6:bf:88:0f:f0:
94:ae:68:bc:90:ea:3a:0b:9d:30:2e:65:6c:3d:77:
9d:24:0a:59:51:fd:41:a1:0a:f9:65:fa:4b:db:62:
c0:b7:8d:a3:5f:42:9f:b5:ac:fa:24:97:0e:54:a4:
f3:dd:96:95:5e:5f:f6:75:ee:37:26:46:61:1a:77:
93:af:f2:81:bc:73:90:c1:d1:97:49:a8:35:74:64:
96:3e:05:bd:5d:87:81:ba:89:d3:04:97:a8:49:37:
77:4b:5b:55:81:30:d2:9f:85:43:ac:8d:81:d8:50:
d6:fa:dd:1b:4b:5f:0f:a4:8c:6f:e4:ab:08:ed:b6:
17:50:d4:fa:a9:9c:bb:43:07:ab:da:6c:e2:9d:60:
4b:9e:76:c8:f9:89:15:63:78:a2:17:8c:e2:d6:05:
fa:fb:59:e5:26:0c:89:7c:80:6b:dc:c8:90:f2:d7:
6a:1a:5b:73:52:d7:77:18:b8:db:2e:28:03:af:6d:
90:59:d5:d1:77:5a:66:58:de:f3:c6:78:fe:43:2a:
b5:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:1D:16:73:F8:71:72:97:74:8A:CE:D7:17:42:CA:F8:AB:73:15:D6
X509v3 Authority Key Identifier:
keyid:72:BD:83:F5:27:5B:D0:9E:8D:33:B4:29:88:1E:B2:F9:6B:6D:9D:E1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cr2D9Sdb0J6NM7QpiB6y-WttneE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/Cx0Wc_hxcpd0is7XF0LK-KtzFdY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/cr2D9Sdb0J6NM7QpiB6y-WttneE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.45.120.0/22
IPv6:
2a01:7ee0::/48
Signature Algorithm: sha256WithRSAEncryption
8d:5b:a7:d4:23:9c:81:98:64:f0:4a:9e:f0:59:6e:58:61:50:
07:46:2e:af:76:76:55:b4:a6:82:22:40:55:27:b0:68:b3:4d:
c1:ba:28:c7:ea:02:48:a1:fc:70:1f:d9:ae:b9:44:30:5a:fa:
fa:c1:53:29:01:30:45:dc:4e:99:24:9e:f4:c5:ba:84:4c:58:
82:26:c5:72:9d:8a:9a:6c:fe:c1:b9:80:51:ce:60:96:d3:12:
38:69:88:ad:bc:74:9d:04:48:c7:69:ed:f3:4e:25:c5:af:b7:
11:ac:2e:6b:54:3a:35:4e:93:5a:10:9a:5a:be:01:5c:80:83:
53:7d:a9:c8:5d:60:14:55:43:a6:fd:47:d8:c4:7d:f0:ce:b8:
f9:ff:a8:ed:e3:eb:b4:4b:f8:85:b3:a5:19:23:af:7b:f7:d4:
b2:50:0b:f5:2c:49:53:9c:76:8a:cb:3d:64:3f:fb:0a:69:50:
d3:7c:91:8c:85:59:db:02:8d:ff:28:ce:6d:26:57:62:2c:61:
0b:10:e6:06:21:2a:82:9c:c2:9d:4e:5e:f0:b5:bd:12:b4:71:
56:3c:c2:c9:17:ae:f2:c3:90:15:f6:be:a9:22:b3:b9:f5:76:
9f:43:ae:1d:fa:2b:87:4b:25:0f:89:c8:65:e9:eb:83:b9:a2:
30:02:74:22
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZn+TsS4IXtJeSIn8uQWiJAdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYmQ4M2Y1Mjc1YmQwOWU4ZDMzYjQyOTg4MWViMmY5NmI2
ZDlkZTEwHhcNMjUxMDE5MjEwOTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjFkMTY3M2Y4NzE3Mjk3NzQ4YWNlZDcxNzQyY2FmOGFiNzMxNWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEVU3PcZ+NhFn6zgSMD2ubF26IQ8
dVxkPjJc/8KibcgiMm2PtrZ5ERfPly6bQk6EP/JmuY+upr+ID/CUrmi8kOo6C50w
LmVsPXedJApZUf1BoQr5ZfpL22LAt42jX0Kftaz6JJcOVKTz3ZaVXl/2de43JkZh
GneTr/KBvHOQwdGXSag1dGSWPgW9XYeBuonTBJeoSTd3S1tVgTDSn4VDrI2B2FDW
+t0bS18PpIxv5KsI7bYXUNT6qZy7Qwer2mzinWBLnnbI+YkVY3iiF4zi1gX6+1nl
JgyJfIBr3MiQ8tdqGltzUtd3GLjbLigDr22QWdXRd1pmWN7zxnj+Qyq1OwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAsdFnP4cXKXdIrO1xdCyvircxXWMB8GA1UdIwQY
MBaAFHK9g/UnW9CejTO0KYgesvlrbZ3hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3IyRDlTZGIwSjZOTTdRcGlCNnktV3R0bmVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xOGM2YmEtN2I3MS00NDY2LWJiMzMt
MDA1ODc3ZGE4MDI2LzEvQ3gwV2NfaHhjcGQwaXM3WEYwTEstS3R6RmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xOGM2YmEtN2I3MS00NDY2LWJiMzMtMDA1ODc3ZGE4MDI2
LzEvY3IyRDlTZGIwSjZOTTdRcGlCNnktV3R0bmVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuS14MA8E
AgACMAkDBwAqAX7gAAAwDQYJKoZIhvcNAQELBQADggEBAI1bp9QjnIGYZPBKnvBZ
blhhUAdGLq92dlW0poIiQFUnsGizTcG6KMfqAkih/HAf2a65RDBa+vrBUykBMEXc
TpkknvTFuoRMWIImxXKdipps/sG5gFHOYJbTEjhpiK28dJ0ESMdp7fNOJcWvtxGs
LmtUOjVOk1oQmlq+AVyAg1N9qchdYBRVQ6b9R9jEffDOuPn/qO3j67RL+IWzpRkj
r3v31LJQC/UsSVOcdorLPWQ/+wppUNN8kYyFWdsCjf8ozm0mV2IsYQsQ5gYhKoKc
wp1OXvC1vRK0cVY8wskXrvLDkBX2vqkis7n1dp9Drh36K4dLJQ+JyGXp64O5ojAC
dCI=
-----END CERTIFICATE-----
Generated at Tue Oct 28 02:15:33 2025 by rpki-client