Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/Ds_T7z2eAuOuFCzHRhlzfYXGjb4.roa
File: Ds_T7z2eAuOuFCzHRhlzfYXGjb4.roa (raw, json)
Hash identifier: cLlWynMElotly4lbt+uGb5ABtvFUqbDO+jkIaaP5eAA=
Subject key identifier: 0E:CF:D3:EF:3D:9E:02:E3:AE:14:2C:C7:46:19:73:7D:85:C6:8D:BE
Certificate issuer: /CN=082b54b05af5e3e8743e7bf4af41ea622bb09411
Certificate serial: 019A5372F43E1F5ADE339A2612CFEEE82172
Authority key identifier: 08:2B:54:B0:5A:F5:E3:E8:74:3E:7B:F4:AF:41:EA:62:2B:B0:94:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CCtUsFr14-h0Pnv0r0HqYiuwlBE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/Ds_T7z2eAuOuFCzHRhlzfYXGjb4.roa
Signing time: Wed 05 Nov 2025 09:57:13 +0000
ROA not before: Wed 05 Nov 2025 09:57:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43534
IP address blocks: 91.197.92.0/22 maxlen: 22
91.197.92.0/24 maxlen: 24
91.197.93.0/24 maxlen: 24
91.197.94.0/24 maxlen: 24
91.197.95.0/24 maxlen: 24
193.163.48.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/CCtUsFr14-h0Pnv0r0HqYiuwlBE.crl
rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/CCtUsFr14-h0Pnv0r0HqYiuwlBE.mft
rsync://rpki.ripe.net/repository/DEFAULT/CCtUsFr14-h0Pnv0r0HqYiuwlBE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:53:72:f4:3e:1f:5a:de:33:9a:26:12:cf:ee:e8:21:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=082b54b05af5e3e8743e7bf4af41ea622bb09411
Validity
Not Before: Nov 5 09:57:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0ecfd3ef3d9e02e3ae142cc74619737d85c68dbe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:55:78:eb:77:83:f3:15:28:b3:95:7a:9e:51:
28:0f:fd:94:6d:23:a5:90:cc:1f:fa:a6:6f:aa:80:
e9:49:e9:6b:27:4b:00:b4:2d:14:ed:64:9a:88:30:
a8:42:53:e7:f3:4f:f2:8f:25:ff:1e:f4:a7:a4:d3:
ef:33:52:4c:7b:04:6d:69:91:18:e6:d2:74:89:62:
f7:a9:a9:d8:32:36:e8:ec:6c:2d:83:0b:ed:95:c0:
1f:ab:2b:b4:7a:3a:15:94:db:31:1e:b7:7e:27:aa:
83:5f:4e:af:52:05:07:57:48:5a:ac:b2:f9:52:f2:
ac:f1:56:10:bd:f9:97:b0:6b:16:a0:49:a4:b3:45:
e8:37:78:63:6c:bf:79:c5:ef:10:84:bc:d7:b1:91:
12:0d:79:a4:5e:ae:0b:fd:44:5f:e1:73:d4:88:35:
ae:d9:37:24:2c:15:85:b2:9f:63:e7:44:0d:85:3e:
aa:ab:e9:00:6f:ca:5a:65:37:dc:e5:80:71:a4:73:
5b:02:11:03:c4:59:cf:b3:a6:e8:97:63:8f:2c:42:
b8:40:a0:ff:d0:8a:7a:71:e3:84:cf:c4:e8:ce:86:
cc:e4:d0:d9:58:31:93:24:c4:04:77:e9:0a:30:44:
89:ec:c5:6d:79:2b:12:e0:4e:c7:85:4f:e3:35:39:
a9:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:CF:D3:EF:3D:9E:02:E3:AE:14:2C:C7:46:19:73:7D:85:C6:8D:BE
X509v3 Authority Key Identifier:
keyid:08:2B:54:B0:5A:F5:E3:E8:74:3E:7B:F4:AF:41:EA:62:2B:B0:94:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CCtUsFr14-h0Pnv0r0HqYiuwlBE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/Ds_T7z2eAuOuFCzHRhlzfYXGjb4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/CCtUsFr14-h0Pnv0r0HqYiuwlBE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.197.92.0/22
193.163.48.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:55:87:13:40:69:f1:40:56:77:26:fa:6f:d9:f7:09:db:c7:
90:13:7b:e7:aa:e3:6d:65:db:eb:e7:61:fd:19:e2:88:8b:5f:
a6:ab:4c:61:63:67:7a:66:79:ac:7f:92:b5:58:14:62:bd:48:
ea:97:c4:f5:7a:b7:4b:62:15:e8:72:25:e3:f7:47:fc:69:6f:
be:97:ba:95:77:89:f6:37:90:89:6b:aa:37:68:da:aa:1b:04:
e3:3a:55:99:9a:72:1d:c9:b5:20:98:fd:81:c7:b4:2d:f3:7c:
b2:e2:7f:53:ed:94:8e:c8:b9:b9:13:7c:83:78:4a:52:e6:4d:
79:14:00:6a:0b:45:fb:72:64:34:26:24:92:1f:ce:c9:1a:77:
cb:7a:f3:22:bc:c7:15:5b:4b:cd:2d:22:20:ed:f4:ff:51:14:
3b:48:d9:f4:ad:d0:a7:de:a8:c4:77:10:f8:35:12:29:48:fc:
9c:60:fa:d1:38:5e:f6:e7:85:86:b6:49:15:2e:2f:eb:b9:f3:
0f:2f:68:fd:5f:ac:bc:84:c7:e1:d5:6f:80:03:92:ac:6a:d0:
9f:0b:1e:4c:98:65:1e:75:f3:3e:73:dd:92:67:6e:ea:14:d6:
08:b5:65:5d:ec:be:d1:a5:d6:46:d2:c2:6b:92:ba:4a:60:3a:
e9:36:d0:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpTcvQ+H1reM5omEs/u6CFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MmI1NGIwNWFmNWUzZTg3NDNlN2JmNGFmNDFlYTYyMmJi
MDk0MTEwHhcNMjUxMTA1MDk1NzEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWNmZDNlZjNkOWUwMmUzYWUxNDJjYzc0NjE5NzM3ZDg1YzY4ZGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFV463eD8xUos5V6nlEoD/2UbSOl
kMwf+qZvqoDpSelrJ0sAtC0U7WSaiDCoQlPn80/yjyX/HvSnpNPvM1JMewRtaZEY
5tJ0iWL3qanYMjbo7GwtgwvtlcAfqyu0ejoVlNsxHrd+J6qDX06vUgUHV0harLL5
UvKs8VYQvfmXsGsWoEmks0XoN3hjbL95xe8QhLzXsZESDXmkXq4L/URf4XPUiDWu
2TckLBWFsp9j50QNhT6qq+kAb8paZTfc5YBxpHNbAhEDxFnPs6bol2OPLEK4QKD/
0Ip6ceOEz8TozobM5NDZWDGTJMQEd+kKMESJ7MVteSsS4E7HhU/jNTmpHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA7P0+89ngLjrhQsx0YZc32Fxo2+MB8GA1UdIwQY
MBaAFAgrVLBa9ePodD579K9B6mIrsJQRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0N0VXNGcjE0LWgwUG52MHIwSHFZaXV3bEJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8wOTAwYTEtOTI0Zi00OTZhLWFkNGMt
MTk1MDYwNjcxYTBjLzEvRHNfVDd6MmVBdU91RkN6SFJobHpmWVhHamI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8wOTAwYTEtOTI0Zi00OTZhLWFkNGMtMTk1MDYwNjcxYTBj
LzEvQ0N0VXNGcjE0LWgwUG52MHIwSHFZaXV3bEJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8VcAwQA
waMwMA0GCSqGSIb3DQEBCwUAA4IBAQCNVYcTQGnxQFZ3Jvpv2fcJ28eQE3vnquNt
Zdvr52H9GeKIi1+mq0xhY2d6Znmsf5K1WBRivUjql8T1erdLYhXociXj90f8aW++
l7qVd4n2N5CJa6o3aNqqGwTjOlWZmnIdybUgmP2Bx7Qt83yy4n9T7ZSOyLm5E3yD
eEpS5k15FABqC0X7cmQ0JiSSH87JGnfLevMivMcVW0vNLSIg7fT/URQ7SNn0rdCn
3qjEdxD4NRIpSPycYPrROF7254WGtkkVLi/rufMPL2j9X6y8hMfh1W+AA5KsatCf
Cx5MmGUedfM+c92SZ27qFNYItWVd7L7RpdZG0sJrkrpKYDrpNtDK
-----END CERTIFICATE-----
Generated at Tue Nov 11 15:16:23 2025 by rpki-client