Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/7274ff-2516-42da-95d5-5aabde311fdb/1/_MzRbBxyGoy9PEsWIvACK-CtNic.roa
File: _MzRbBxyGoy9PEsWIvACK-CtNic.roa (raw, json)
Hash identifier: 08IFLLSc5HylsTSbFSeyhHQH9IHTjqat4y1TvqrHWhc=
Subject key identifier: FC:CC:D1:6C:1C:72:1A:8C:BD:3C:4B:16:22:F0:02:2B:E0:AD:36:27
Certificate issuer: /CN=22ce6f80d7670973d32ec4745301011217468822
Certificate serial: 019A71AB86583B392C9DFA9B9E5FC4D57E6D
Authority key identifier: 22:CE:6F:80:D7:67:09:73:D3:2E:C4:74:53:01:01:12:17:46:88:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Is5vgNdnCXPTLsR0UwEBEhdGiCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/7274ff-2516-42da-95d5-5aabde311fdb/1/_MzRbBxyGoy9PEsWIvACK-CtNic.roa
Signing time: Tue 11 Nov 2025 06:47:37 +0000
ROA not before: Tue 11 Nov 2025 06:47:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209305
IP address blocks: 85.209.232.0/24 maxlen: 24
2a09:a140::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/7274ff-2516-42da-95d5-5aabde311fdb/1/Is5vgNdnCXPTLsR0UwEBEhdGiCI.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/7274ff-2516-42da-95d5-5aabde311fdb/1/Is5vgNdnCXPTLsR0UwEBEhdGiCI.mft
rsync://rpki.ripe.net/repository/DEFAULT/Is5vgNdnCXPTLsR0UwEBEhdGiCI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 06:47:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:71:ab:86:58:3b:39:2c:9d:fa:9b:9e:5f:c4:d5:7e:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22ce6f80d7670973d32ec4745301011217468822
Validity
Not Before: Nov 11 06:47:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fcccd16c1c721a8cbd3c4b1622f0022be0ad3627
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:f3:c6:99:65:e5:e8:99:63:33:47:6c:b5:4f:
6b:1d:67:69:ce:e5:4d:fb:f0:16:15:96:ee:6d:d1:
7e:03:a4:a4:8f:2c:90:34:cf:9e:6e:10:f1:77:16:
a4:40:4e:d4:66:b8:ea:61:a8:8c:63:82:2a:ef:2a:
9f:94:2a:c9:c1:0e:78:36:b0:86:9e:f2:e8:a9:90:
82:15:e2:e6:51:c6:83:3b:17:73:17:53:2c:45:38:
19:12:73:fe:a5:9c:ce:99:c1:0b:b8:ec:35:47:cc:
bb:da:c5:ab:7d:5d:36:f1:b4:18:1e:c2:e9:b9:04:
be:c6:e2:46:98:67:70:3f:8d:cc:4d:85:a7:ba:7c:
22:37:2e:d9:86:35:50:0f:3e:fe:f0:5f:ea:db:b7:
95:5a:33:dc:e2:fd:30:f9:00:8e:41:0f:f2:65:bf:
aa:61:f5:b0:7b:a5:7e:01:e7:51:6c:25:46:d4:4a:
b2:93:b7:74:e2:00:92:fc:d3:53:71:2e:9c:fc:be:
d2:69:b6:e6:09:99:1e:65:1e:59:f6:69:c4:42:33:
e1:79:e0:53:ad:4d:58:9c:e6:30:3c:42:78:14:55:
3a:3b:15:e0:aa:d6:07:33:8f:72:32:93:e8:65:f4:
21:9a:35:94:82:46:9a:8c:e7:ca:c6:c8:76:7b:cd:
33:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:CC:D1:6C:1C:72:1A:8C:BD:3C:4B:16:22:F0:02:2B:E0:AD:36:27
X509v3 Authority Key Identifier:
keyid:22:CE:6F:80:D7:67:09:73:D3:2E:C4:74:53:01:01:12:17:46:88:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Is5vgNdnCXPTLsR0UwEBEhdGiCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7274ff-2516-42da-95d5-5aabde311fdb/1/_MzRbBxyGoy9PEsWIvACK-CtNic.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7274ff-2516-42da-95d5-5aabde311fdb/1/Is5vgNdnCXPTLsR0UwEBEhdGiCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.232.0/24
IPv6:
2a09:a140::/29
Signature Algorithm: sha256WithRSAEncryption
03:d9:5f:08:d2:18:a4:97:ca:2c:3a:82:96:fe:89:dc:f6:0d:
95:c5:e0:0e:db:46:91:35:05:cb:fd:81:b4:32:f0:ee:18:f7:
54:0c:39:b3:c3:38:2c:de:d4:16:2b:7b:92:f2:6b:49:5b:41:
16:39:ed:0b:23:34:51:b1:bb:bc:e0:7d:88:6a:d6:f4:e4:4d:
eb:5a:d3:c2:8d:cf:76:45:91:14:d5:3d:1a:a9:1d:f3:20:3c:
2f:9f:8a:53:61:03:ca:71:cf:4d:36:eb:10:dd:51:d5:0a:4e:
41:cc:2b:20:c2:64:59:1d:96:82:85:8f:bc:09:aa:1b:ca:94:
49:2d:94:92:6a:0a:fc:ac:67:fd:ea:37:b4:6a:f5:5b:30:8b:
e7:dd:44:49:71:af:d3:98:e7:a8:17:0b:d4:7c:ef:9b:3b:53:
06:09:ab:5d:40:3f:68:13:72:b9:e9:34:b9:e1:b3:a6:3d:78:
79:cf:85:00:51:9d:b3:27:9c:03:10:12:84:49:4a:30:a6:24:
59:c5:f7:99:18:7f:08:fa:5c:e6:e5:9d:9a:d4:23:4e:12:d6:
24:23:31:18:b8:3a:0d:d3:cc:85:4c:64:97:46:7e:bb:9a:42:
31:38:f9:e9:fa:92:21:fd:b9:90:e5:2b:57:60:05:42:d1:e1:
69:89:94:68
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZpxq4ZYOzksnfqbnl/E1X5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyY2U2ZjgwZDc2NzA5NzNkMzJlYzQ3NDUzMDEwMTEyMTc0
Njg4MjIwHhcNMjUxMTExMDY0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2NjZDE2YzFjNzIxYThjYmQzYzRiMTYyMmYwMDIyYmUwYWQzNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvPGmWXl6JljM0dstU9rHWdpzuVN
+/AWFZbubdF+A6SkjyyQNM+ebhDxdxakQE7UZrjqYaiMY4Iq7yqflCrJwQ54NrCG
nvLoqZCCFeLmUcaDOxdzF1MsRTgZEnP+pZzOmcELuOw1R8y72sWrfV028bQYHsLp
uQS+xuJGmGdwP43MTYWnunwiNy7ZhjVQDz7+8F/q27eVWjPc4v0w+QCOQQ/yZb+q
YfWwe6V+AedRbCVG1Eqyk7d04gCS/NNTcS6c/L7SabbmCZkeZR5Z9mnEQjPheeBT
rU1YnOYwPEJ4FFU6OxXgqtYHM49yMpPoZfQhmjWUgkaajOfKxsh2e80zjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPzM0WwcchqMvTxLFiLwAivgrTYnMB8GA1UdIwQY
MBaAFCLOb4DXZwlz0y7EdFMBARIXRogiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXM1dmdOZG5DWFBUTHNSMFV3RUJFaGRHaUNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi83Mjc0ZmYtMjUxNi00MmRhLTk1ZDUt
NWFhYmRlMzExZmRiLzEvX016UmJCeHlHb3k5UEVzV0l2QUNLLUN0TmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi83Mjc0ZmYtMjUxNi00MmRhLTk1ZDUtNWFhYmRlMzExZmRi
LzEvSXM1dmdOZG5DWFBUTHNSMFV3RUJFaGRHaUNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAVdHoMA0E
AgACMAcDBQMqCaFAMA0GCSqGSIb3DQEBCwUAA4IBAQAD2V8I0hikl8osOoKW/onc
9g2VxeAO20aRNQXL/YG0MvDuGPdUDDmzwzgs3tQWK3uS8mtJW0EWOe0LIzRRsbu8
4H2Iatb05E3rWtPCjc92RZEU1T0aqR3zIDwvn4pTYQPKcc9NNusQ3VHVCk5BzCsg
wmRZHZaChY+8CaobypRJLZSSagr8rGf96je0avVbMIvn3URJca/TmOeoFwvUfO+b
O1MGCatdQD9oE3K56TS54bOmPXh5z4UAUZ2zJ5wDEBKESUowpiRZxfeZGH8I+lzm
5Z2a1CNOEtYkIzEYuDoN08yFTGSXRn67mkIxOPnp+pIh/bmQ5StXYAVC0eFpiZRo
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:56:22 2025 by rpki-client