Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/0kA2_ewOMVMAEYLVnBFhn9DnxNQ.roa
File: 0kA2_ewOMVMAEYLVnBFhn9DnxNQ.roa (raw, json)
Hash identifier: VLhUVQVXXK/9mGvNIufCMC2i+nvhDBmLPb4hciIr/qU=
Subject key identifier: D2:40:36:FD:EC:0E:31:53:00:11:82:D5:9C:11:61:9F:D0:E7:C4:D4
Certificate issuer: /CN=51cf732a8a7439e9280f23ef57849814af195ae0
Certificate serial: 019A6F31FA24375DA5A889E899794C3612C0
Authority key identifier: 51:CF:73:2A:8A:74:39:E9:28:0F:23:EF:57:84:98:14:AF:19:5A:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Uc9zKop0OekoDyPvV4SYFK8ZWuA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/0kA2_ewOMVMAEYLVnBFhn9DnxNQ.roa
Signing time: Mon 10 Nov 2025 19:15:37 +0000
ROA not before: Mon 10 Nov 2025 19:15:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 5.199.0.0/17 maxlen: 24
91.246.26.0/23 maxlen: 24
185.169.120.0/22 maxlen: 24
212.74.32.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/Uc9zKop0OekoDyPvV4SYFK8ZWuA.crl
rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/Uc9zKop0OekoDyPvV4SYFK8ZWuA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Uc9zKop0OekoDyPvV4SYFK8ZWuA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 04:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:6f:31:fa:24:37:5d:a5:a8:89:e8:99:79:4c:36:12:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=51cf732a8a7439e9280f23ef57849814af195ae0
Validity
Not Before: Nov 10 19:15:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d24036fdec0e3153001182d59c11619fd0e7c4d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:9e:fb:3b:82:e5:f8:61:fc:fb:3f:03:e1:62:
52:29:eb:98:ca:46:50:51:ce:6f:fa:27:3a:c9:60:
f7:fa:22:f0:a1:99:f8:0e:b8:35:ec:b8:57:d6:7d:
87:d3:f3:18:bd:d0:41:23:e5:dc:f6:eb:29:63:d3:
cc:0f:c8:ec:89:df:f8:40:94:35:15:f4:7e:5b:6d:
b3:f6:93:f6:3d:13:90:6e:59:ca:36:68:c3:f0:ef:
e5:ec:9a:af:5f:5d:ee:5d:75:a2:a8:3c:60:31:97:
e8:43:dc:28:9c:d6:9d:b5:01:7d:65:f5:a6:4d:dd:
68:4b:ad:bd:e1:68:db:02:31:28:a0:55:6c:7d:5c:
c6:80:0b:5b:8d:22:e4:92:d1:65:36:00:46:6e:44:
62:af:2d:0c:a3:8c:4f:95:cf:6d:df:fa:ca:08:ca:
c6:05:64:88:1b:98:52:e6:4d:ac:f3:77:e3:9e:17:
2e:3c:36:fc:d4:4a:a6:3b:03:04:96:f4:43:22:4e:
88:40:05:11:37:46:5b:4b:d8:65:1b:00:c7:b3:97:
b6:be:f0:b6:70:0e:ad:0c:49:63:29:6d:c4:6a:55:
fc:8b:21:2a:3e:d9:83:9e:99:f4:e2:d0:1b:c9:70:
b4:c6:fa:82:aa:f7:3e:3f:9f:4c:d5:90:02:8f:00:
f6:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:40:36:FD:EC:0E:31:53:00:11:82:D5:9C:11:61:9F:D0:E7:C4:D4
X509v3 Authority Key Identifier:
keyid:51:CF:73:2A:8A:74:39:E9:28:0F:23:EF:57:84:98:14:AF:19:5A:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uc9zKop0OekoDyPvV4SYFK8ZWuA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/0kA2_ewOMVMAEYLVnBFhn9DnxNQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/Uc9zKop0OekoDyPvV4SYFK8ZWuA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.199.0.0/17
91.246.26.0/23
185.169.120.0/22
212.74.32.0/19
Signature Algorithm: sha256WithRSAEncryption
2b:ae:bc:b4:20:d6:55:89:4a:c2:9b:cb:6f:f4:c0:b5:2d:22:
2b:05:0e:ce:02:43:d2:db:23:7e:6b:43:ee:ca:f1:32:8b:d7:
81:79:e0:57:0c:9e:89:4c:31:e4:26:60:50:99:2b:ef:c9:1a:
89:f1:58:86:c3:43:b7:e8:78:d5:3f:d0:4a:f2:94:87:03:aa:
e9:02:0d:49:56:da:58:3e:11:dd:08:d1:bf:d8:7e:e6:2e:bf:
86:9d:9a:02:b5:c8:ad:9e:a2:ec:a3:9e:5e:bf:7f:02:fc:2f:
63:c4:b4:27:73:81:62:c3:5d:b3:95:a2:2d:b1:7f:04:45:50:
3b:88:eb:2b:59:7d:86:3a:9f:35:18:13:78:95:5a:e5:0b:87:
ef:c7:45:81:36:04:87:cd:3a:8b:7a:de:7d:d5:02:58:5a:88:
a4:92:0a:84:3a:e2:c7:98:c1:40:3e:00:fe:59:94:ae:33:ec:
f8:6c:5c:94:86:f2:37:c8:2c:fb:8d:37:cc:d6:ef:18:f4:42:
51:bf:78:f3:2b:ac:d6:66:ba:8f:1e:5f:ee:e7:ff:c4:6e:76:
59:06:2a:7a:c5:a7:cc:ea:49:73:8d:68:97:79:76:34:0d:0e:
f7:40:ec:b7:86:fb:38:4e:51:12:c5:6a:e0:ee:10:84:a5:14:
68:91:0c:d4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZpvMfokN12lqInomXlMNhLAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxY2Y3MzJhOGE3NDM5ZTkyODBmMjNlZjU3ODQ5ODE0YWYx
OTVhZTAwHhcNMjUxMTEwMTkxNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQwMzZmZGVjMGUzMTUzMDAxMTgyZDU5YzExNjE5ZmQwZTdjNGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJ77O4Ll+GH8+z8D4WJSKeuYykZQ
Uc5v+ic6yWD3+iLwoZn4Drg17LhX1n2H0/MYvdBBI+Xc9uspY9PMD8jsid/4QJQ1
FfR+W22z9pP2PROQblnKNmjD8O/l7JqvX13uXXWiqDxgMZfoQ9wonNadtQF9ZfWm
Td1oS6294WjbAjEooFVsfVzGgAtbjSLkktFlNgBGbkRiry0Mo4xPlc9t3/rKCMrG
BWSIG5hS5k2s83fjnhcuPDb81EqmOwMElvRDIk6IQAURN0ZbS9hlGwDHs5e2vvC2
cA6tDEljKW3EalX8iyEqPtmDnpn04tAbyXC0xvqCqvc+P59M1ZACjwD2qwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNJANv3sDjFTABGC1ZwRYZ/Q58TUMB8GA1UdIwQY
MBaAFFHPcyqKdDnpKA8j71eEmBSvGVrgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWM5ektvcDBPZWtvRHlQdlY0U1lGSzhaV3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy85YTY2MzgtYzhmZC00M2NmLWIxYzQt
YjA3MWM3ZWZkOTE1LzEvMGtBMl9ld09NVk1BRVlMVm5CRmhuOURueE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy85YTY2MzgtYzhmZC00M2NmLWIxYzQtYjA3MWM3ZWZkOTE1
LzEvVWM5ektvcDBPZWtvRHlQdlY0U1lGSzhaV3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQHBccAAwQB
W/YaAwQCual4AwQF1EogMA0GCSqGSIb3DQEBCwUAA4IBAQArrry0INZViUrCm8tv
9MC1LSIrBQ7OAkPS2yN+a0PuyvEyi9eBeeBXDJ6JTDHkJmBQmSvvyRqJ8ViGw0O3
6HjVP9BK8pSHA6rpAg1JVtpYPhHdCNG/2H7mLr+GnZoCtcitnqLso55ev38C/C9j
xLQnc4Fiw12zlaItsX8ERVA7iOsrWX2GOp81GBN4lVrlC4fvx0WBNgSHzTqLet59
1QJYWoikkgqEOuLHmMFAPgD+WZSuM+z4bFyUhvI3yCz7jTfM1u8Y9EJRv3jzK6zW
ZrqPHl/u5//EbnZZBip6xafM6klzjWiXeXY0DQ73QOy3hvs4TlESxWrg7hCEpRRo
kQzU
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:10:14 2025 by rpki-client