Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/peFNs9o1tsBGwnwboXKeedD2GlM.roa
File: peFNs9o1tsBGwnwboXKeedD2GlM.roa (raw, json)
Hash identifier: Dmic12i1kcUbMMXMNmS8BrjxjQvM2y0e2GWo+yQ4WH0=
Subject key identifier: A5:E1:4D:B3:DA:35:B6:C0:46:C2:7C:1B:A1:72:9E:79:D0:F6:1A:53
Certificate issuer: /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial: 019A06FBE6465DB69EF634709FD392FD2B2F
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/peFNs9o1tsBGwnwboXKeedD2GlM.roa
Signing time: Tue 21 Oct 2025 13:36:03 +0000
ROA not before: Tue 21 Oct 2025 13:36:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204800
IP address blocks: 103.138.189.0/24 maxlen: 24
192.250.228.0/24 maxlen: 24
192.250.235.0/24 maxlen: 24
198.38.91.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Oct 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:06:fb:e6:46:5d:b6:9e:f6:34:70:9f:d3:92:fd:2b:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Validity
Not Before: Oct 21 13:36:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a5e14db3da35b6c046c27c1ba1729e79d0f61a53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:8c:73:9a:fb:a4:c2:41:3b:ad:35:b5:08:31:
2c:72:0f:1b:f2:d1:be:9a:a6:55:07:7c:27:9b:4b:
52:a5:30:b7:14:3e:26:bb:d3:0b:40:a5:ae:2c:f4:
74:74:98:f0:5c:a1:80:89:a9:45:97:91:1d:ef:95:
e7:87:ba:dc:03:60:27:93:8a:ab:fe:9f:0e:9e:50:
83:2a:e3:36:59:1f:4d:88:6b:b8:50:b6:22:6e:ed:
51:01:a4:9b:7b:64:0c:64:80:a3:f1:d7:87:4b:22:
53:f9:34:dd:36:87:76:dd:b9:94:c9:50:0b:e6:c4:
91:f3:f6:e7:ff:24:17:68:5e:90:52:90:64:b8:7c:
3b:33:0d:09:03:c0:e8:ca:4b:5d:be:c7:eb:f6:8e:
00:0c:f6:98:6f:48:ea:aa:7c:e7:63:77:2a:de:79:
0e:47:92:e0:48:eb:cb:e5:12:fc:c5:b5:32:f6:83:
6f:e8:ba:0b:00:ca:cd:e3:a9:a1:74:04:4b:ca:0c:
90:6e:38:b9:af:2e:61:8c:e0:3c:e5:ae:6c:f1:f9:
ff:c9:8f:26:e4:ed:b9:7c:c0:1a:ae:ce:89:23:84:
6d:49:25:8d:e1:fc:50:78:f8:72:50:2d:4d:8d:c7:
59:a0:1f:eb:42:0e:a1:01:8c:d9:31:32:9f:2e:06:
77:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:E1:4D:B3:DA:35:B6:C0:46:C2:7C:1B:A1:72:9E:79:D0:F6:1A:53
X509v3 Authority Key Identifier:
keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/peFNs9o1tsBGwnwboXKeedD2GlM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.138.189.0/24
192.250.228.0/24
192.250.235.0/24
198.38.91.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:07:8a:53:2b:9a:2b:be:a7:2a:dd:fc:05:d4:92:42:b7:fd:
28:3c:62:62:46:a5:b0:74:15:d3:ce:d8:48:8a:4f:6d:12:55:
6d:1f:f3:ad:fd:7f:f8:2d:95:16:2f:09:0d:b2:f3:0e:71:96:
f3:6f:32:6b:ac:97:10:31:38:d3:78:60:1b:cb:bb:71:82:b0:
69:f8:35:af:6a:dd:b8:b9:e9:3a:3c:98:10:aa:6d:64:a8:ce:
9e:e4:c4:6c:aa:90:ab:c8:2a:37:e7:6b:8d:42:a3:b7:15:65:
1d:15:01:bd:42:1c:5b:6f:4a:16:c5:c0:cf:9b:6c:c5:02:4f:
b8:31:94:ee:44:23:7f:e8:fe:1a:9c:30:a5:cb:e8:24:b3:94:
24:bd:8b:c4:39:9f:1d:be:d8:a9:c0:bf:1e:14:7b:cd:a0:49:
a8:17:c4:43:f0:65:99:7a:b2:0a:62:71:ec:6b:f1:c0:05:a9:
96:bb:3e:c6:33:03:05:7c:11:f0:0b:35:77:cd:c4:bc:3e:1f:
a1:42:bd:89:bd:87:86:e2:46:9f:61:32:e4:fc:e2:ff:f6:12:
11:39:2a:20:09:09:d5:45:f4:90:49:fe:b1:34:80:e9:e0:74:
5d:03:23:3c:a9:ce:10:e5:b1:90:0e:35:c5:2a:88:38:24:4a:
cd:fa:81:c3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZoG++ZGXbae9jRwn9OS/SsvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjUxMDIxMTMzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWUxNGRiM2RhMzViNmMwNDZjMjdjMWJhMTcyOWU3OWQwZjYxYTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoxzmvukwkE7rTW1CDEscg8b8tG+
mqZVB3wnm0tSpTC3FD4mu9MLQKWuLPR0dJjwXKGAialFl5Ed75Xnh7rcA2Ank4qr
/p8OnlCDKuM2WR9NiGu4ULYibu1RAaSbe2QMZICj8deHSyJT+TTdNod23bmUyVAL
5sSR8/bn/yQXaF6QUpBkuHw7Mw0JA8Doyktdvsfr9o4ADPaYb0jqqnznY3cq3nkO
R5LgSOvL5RL8xbUy9oNv6LoLAMrN46mhdARLygyQbji5ry5hjOA85a5s8fn/yY8m
5O25fMAars6JI4RtSSWN4fxQePhyUC1NjcdZoB/rQg6hAYzZMTKfLgZ3ewIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKXhTbPaNbbARsJ8G6FynnnQ9hpTMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvcGVGTnM5bzF0c0JHd253Ym9YS2VlZEQyR2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAZ4q9AwQA
wPrkAwQAwPrrAwQAxiZbMA0GCSqGSIb3DQEBCwUAA4IBAQCPB4pTK5orvqcq3fwF
1JJCt/0oPGJiRqWwdBXTzthIik9tElVtH/Ot/X/4LZUWLwkNsvMOcZbzbzJrrJcQ
MTjTeGAby7txgrBp+DWvat24uek6PJgQqm1kqM6e5MRsqpCryCo352uNQqO3FWUd
FQG9Qhxbb0oWxcDPm2zFAk+4MZTuRCN/6P4anDCly+gks5QkvYvEOZ8dvtipwL8e
FHvNoEmoF8RD8GWZerIKYnHsa/HABamWuz7GMwMFfBHwCzV3zcS8Ph+hQr2JvYeG
4kafYTLk/OL/9hIROSogCQnVRfSQSf6xNIDp4HRdAyM8qc4Q5bGQDjXFKog4JErN
+oHD
-----END CERTIFICATE-----
Generated at Sun Oct 26 17:32:10 2025 by rpki-client