Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/k1RkiO-oYIsdIxPMb4yp4wi06vw.roa
File: k1RkiO-oYIsdIxPMb4yp4wi06vw.roa (raw, json)
Hash identifier: MCgag/nnrriwvetJZ3hm9uP9KJjRl+UaPWHYQ89ULn8=
Subject key identifier: 93:54:64:88:EF:A8:60:8B:1D:23:13:CC:6F:8C:A9:E3:08:B4:EA:FC
Certificate issuer: /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial: 01992913B800309826A0866238CD51D52900
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/k1RkiO-oYIsdIxPMb4yp4wi06vw.roa
Signing time: Mon 08 Sep 2025 11:26:22 +0000
ROA not before: Mon 08 Sep 2025 11:26:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33823
IP address blocks: 89.39.203.0/24 maxlen: 24
2a0e:4840::/32 maxlen: 48
2a0e:4844::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 10 Sep 2025 08:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:29:13:b8:00:30:98:26:a0:86:62:38:cd:51:d5:29:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Validity
Not Before: Sep 8 11:26:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=93546488efa8608b1d2313cc6f8ca9e308b4eafc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:a1:76:9c:a5:3a:c0:e5:6a:04:7b:64:a8:d3:
b4:e2:68:d6:72:11:7a:87:7d:e4:05:41:c4:96:bc:
fc:a2:e5:8b:3a:81:15:0c:eb:a2:0f:76:96:31:ec:
0b:bd:2d:3f:6f:ce:cb:55:4e:3e:0a:8e:3b:8f:e4:
45:fd:4f:bb:fb:2c:6f:df:2e:4d:64:0d:72:c1:dc:
36:b4:7f:66:2e:4e:ea:40:5b:93:01:7a:1e:c4:62:
02:c2:27:cc:e7:d9:95:04:d0:84:31:6d:44:3d:b3:
e1:e6:0e:9c:af:72:a2:70:ab:6f:f5:f6:6b:61:2c:
c6:3a:37:08:a4:0b:02:33:2e:26:26:c5:25:38:ed:
11:b4:38:da:c4:0e:2f:6e:ea:8d:c6:58:f1:cc:bc:
5f:7b:df:d8:2d:3d:bd:59:7b:3a:76:64:9f:79:7f:
03:22:1e:18:25:1a:db:cd:36:f1:49:ed:5b:0f:8b:
e0:1e:1e:dd:4c:d4:8e:18:33:4d:73:a8:9b:eb:b6:
bd:7a:b1:74:62:3d:35:40:9e:c8:16:5f:1b:61:33:
54:0e:55:ef:f2:ca:69:15:b1:3a:3c:e7:a5:3e:c9:
71:45:f8:06:36:6b:2f:37:e5:fb:9c:7b:8b:64:1d:
88:98:46:05:68:c2:ef:8d:3e:5d:1d:2d:10:ff:3a:
bb:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:54:64:88:EF:A8:60:8B:1D:23:13:CC:6F:8C:A9:E3:08:B4:EA:FC
X509v3 Authority Key Identifier:
keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/k1RkiO-oYIsdIxPMb4yp4wi06vw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.39.203.0/24
IPv6:
2a0e:4840::/32
2a0e:4844::/32
Signature Algorithm: sha256WithRSAEncryption
19:26:b0:08:13:5c:cd:a0:c2:c8:ae:32:d6:cc:81:95:41:e4:
9a:c0:95:38:1f:a2:d8:ad:09:3b:bb:82:ac:65:16:49:f7:65:
b6:26:01:e4:a1:8d:7a:1f:67:8e:58:1f:ca:9d:ba:6f:48:10:
9d:91:da:a9:45:e6:48:3d:2d:2b:e8:b8:2b:15:c2:b3:c8:af:
f3:71:46:cc:49:41:bb:dd:fb:f0:04:ff:e8:ed:16:e3:29:83:
e8:1c:c9:23:21:cf:1c:0f:aa:23:4f:a2:2b:d7:c0:c9:5e:2b:
a8:ce:a3:4f:dd:65:e8:fd:cf:11:ed:6c:33:e2:f5:f9:07:89:
0b:ab:7b:bb:59:8b:c7:5b:fc:c9:00:33:3b:d0:e7:36:85:d2:
19:52:df:f9:4e:15:93:8f:54:b1:a7:82:02:05:db:a1:a1:aa:
d4:26:82:44:38:15:d0:f0:01:38:3e:24:2e:f6:74:33:05:de:
57:f4:84:3b:4b:20:5c:22:0a:45:cf:2e:1f:a8:81:2f:7c:8c:
51:b8:1c:42:d7:0e:99:ae:26:cc:53:d2:6e:66:df:f5:bc:34:
96:f0:09:e5:bf:e9:91:58:23:98:7a:21:5b:a8:12:e3:f3:4d:
8b:a7:4e:c7:c3:ff:67:09:6a:f3:17:cf:8a:15:57:be:f0:20:
eb:b3:c7:fc
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZkpE7gAMJgmoIZiOM1R1SkAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwOTA4MTEyNjIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzU0NjQ4OGVmYTg2MDhiMWQyMzEzY2M2ZjhjYTllMzA4YjRlYWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqF2nKU6wOVqBHtkqNO04mjWchF6
h33kBUHElrz8ouWLOoEVDOuiD3aWMewLvS0/b87LVU4+Co47j+RF/U+7+yxv3y5N
ZA1ywdw2tH9mLk7qQFuTAXoexGICwifM59mVBNCEMW1EPbPh5g6cr3KicKtv9fZr
YSzGOjcIpAsCMy4mJsUlOO0RtDjaxA4vbuqNxljxzLxfe9/YLT29WXs6dmSfeX8D
Ih4YJRrbzTbxSe1bD4vgHh7dTNSOGDNNc6ib67a9erF0Yj01QJ7IFl8bYTNUDlXv
8sppFbE6POelPslxRfgGNmsvN+X7nHuLZB2ImEYFaMLvjT5dHS0Q/zq76QIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJNUZIjvqGCLHSMTzG+MqeMItOr8MB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvazFSa2lPLW9ZSXNkSXhQTWI0eXA0d2kwNnZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAWSfLMBQE
AgACMA4DBQAqDkhAAwUAKg5IRDANBgkqhkiG9w0BAQsFAAOCAQEAGSawCBNczaDC
yK4y1syBlUHkmsCVOB+i2K0JO7uCrGUWSfdltiYB5KGNeh9njlgfyp26b0gQnZHa
qUXmSD0tK+i4KxXCs8iv83FGzElBu9378AT/6O0W4ymD6BzJIyHPHA+qI0+iK9fA
yV4rqM6jT91l6P3PEe1sM+L1+QeJC6t7u1mLx1v8yQAzO9DnNoXSGVLf+U4Vk49U
saeCAgXboaGq1CaCRDgV0PABOD4kLvZ0MwXeV/SEO0sgXCIKRc8uH6iBL3yMUbgc
QtcOma4mzFPSbmbf9bw0lvAJ5b/pkVgjmHohW6gS4/NNi6dOx8P/Zwlq8xfPihVX
vvAg67PH/A==
-----END CERTIFICATE-----
Generated at Tue Sep 9 17:41:04 2025 by rpki-client