Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/K9PLN0Mx9KSVfAUc7Qjw_86sv3Y.roa
File: K9PLN0Mx9KSVfAUc7Qjw_86sv3Y.roa (raw, json)
Hash identifier: nvtEhmdyAuZ8hz+uRdNqZ/FXffGTJmzBafh4IY6I77s=
Subject key identifier: 2B:D3:CB:37:43:31:F4:A4:95:7C:05:1C:ED:08:F0:FF:CE:AC:BF:76
Certificate issuer: /CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
Certificate serial: 019908CB77D4172BF9B2F2060D61246599AC
Authority key identifier: E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/K9PLN0Mx9KSVfAUc7Qjw_86sv3Y.roa
Signing time: Tue 02 Sep 2025 04:59:36 +0000
ROA not before: Tue 02 Sep 2025 04:59:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21497
IP address blocks: 5.207.0.0/16 maxlen: 17
31.144.0.0/16 maxlen: 19
46.133.0.0/16 maxlen: 19
77.52.0.0/16 maxlen: 18
80.255.64.0/20 maxlen: 21
88.214.64.0/18 maxlen: 19
89.209.0.0/16 maxlen: 19
95.109.128.0/17 maxlen: 18
128.124.0.0/16 maxlen: 19
178.133.0.0/16 maxlen: 19
2a00:f50::/30 maxlen: 32
2a00:f50::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl
rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.mft
rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 01:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:08:cb:77:d4:17:2b:f9:b2:f2:06:0d:61:24:65:99:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
Validity
Not Before: Sep 2 04:59:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2bd3cb374331f4a4957c051ced08f0ffceacbf76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:ce:62:1a:10:4a:05:09:37:e9:13:51:d6:92:
9b:80:9f:79:24:c1:7a:65:88:74:26:28:75:15:0a:
a6:a4:86:02:d1:cb:84:df:8f:47:ce:06:0a:29:41:
7f:9d:8f:ce:08:05:f8:41:19:05:d2:a0:ff:1e:3b:
8a:48:74:ca:62:bb:ae:85:e5:96:3f:77:e2:54:bc:
92:42:15:63:85:77:00:5c:ad:cb:09:c4:85:3d:53:
c7:b0:1c:f4:be:d1:dc:dc:b7:e1:9a:f4:de:10:ab:
1a:fe:f6:ba:01:4d:7f:d2:94:44:42:3f:28:a5:47:
e2:ad:1b:b3:cf:14:46:4c:c6:46:68:98:ce:3b:a3:
11:86:1a:86:71:51:39:ed:4c:33:27:c7:f7:e5:77:
96:52:7e:7a:a1:d7:92:1f:99:e0:fb:98:6b:2b:03:
fd:1a:c7:95:8a:9b:e4:32:9f:33:fd:92:6f:c1:e8:
3e:b2:50:93:22:de:c8:42:7f:81:c0:6c:e0:22:cd:
06:44:14:df:84:41:15:ed:8c:ca:f4:b7:17:d5:1d:
bb:6c:a8:69:b7:6d:6a:92:ca:10:b0:73:09:55:af:
cf:ff:d6:40:4b:fc:df:14:7c:be:c1:2c:66:f7:af:
70:bb:f0:df:df:ab:73:78:01:4f:69:a5:84:94:6c:
56:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:D3:CB:37:43:31:F4:A4:95:7C:05:1C:ED:08:F0:FF:CE:AC:BF:76
X509v3 Authority Key Identifier:
keyid:E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/K9PLN0Mx9KSVfAUc7Qjw_86sv3Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.207.0.0/16
31.144.0.0/16
46.133.0.0/16
77.52.0.0/16
80.255.64.0/20
88.214.64.0/18
89.209.0.0/16
95.109.128.0/17
128.124.0.0/16
178.133.0.0/16
IPv6:
2a00:f50::/30
Signature Algorithm: sha256WithRSAEncryption
1b:44:ea:4a:3f:14:32:0e:a9:cb:41:4a:de:57:73:4f:aa:b3:
a0:91:0f:32:aa:52:f7:6d:69:c9:fa:fd:b1:76:88:a9:bc:8e:
32:6f:33:ab:ea:94:a3:3a:66:9d:7c:b9:72:64:1d:50:1a:f1:
7b:a9:f3:1a:3b:3c:99:15:a9:ff:4f:67:f0:6f:56:00:a4:e1:
28:46:e1:b4:f1:73:6d:42:50:f7:2a:16:0d:2f:27:98:58:af:
ca:d5:2f:b6:86:9e:08:09:ac:e3:64:56:11:11:a1:5a:d1:1f:
14:c1:a6:0d:a7:c5:e1:ff:8e:35:70:c8:f4:ed:00:39:76:e7:
66:8f:2b:bc:45:68:63:07:bc:b5:db:d9:76:4d:e0:e5:eb:eb:
14:51:42:ef:9f:42:25:12:cf:d2:54:45:00:14:e9:2a:d8:c9:
9d:d3:ec:b4:17:d8:4c:8a:e7:fe:97:b9:30:a8:06:68:25:d2:
5f:ab:b7:ad:da:7b:ce:9e:76:d3:93:60:08:21:40:b1:8d:92:
11:cd:09:68:75:e5:c2:fe:27:14:83:bd:64:58:07:bc:62:8e:
85:2c:82:db:41:f8:4e:85:2f:9c:58:13:b9:b5:27:7f:59:1e:
93:b6:eb:65:9a:a8:d7:26:3f:c0:60:2e:f8:9a:25:9b:63:fa:
c9:e9:ee:25
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZkIy3fUFyv5svIGDWEkZZmsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxY2FkYzhhNDIxYzFmMjJmMWUyOTA0Y2NmZGJiY2VjNWRi
ZTFiMTEwHhcNMjUwOTAyMDQ1OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmQzY2IzNzQzMzFmNGE0OTU3YzA1MWNlZDA4ZjBmZmNlYWNiZjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyM5iGhBKBQk36RNR1pKbgJ95JMF6
ZYh0Jih1FQqmpIYC0cuE349HzgYKKUF/nY/OCAX4QRkF0qD/HjuKSHTKYruuheWW
P3fiVLySQhVjhXcAXK3LCcSFPVPHsBz0vtHc3LfhmvTeEKsa/va6AU1/0pREQj8o
pUfirRuzzxRGTMZGaJjOO6MRhhqGcVE57UwzJ8f35XeWUn56odeSH5ng+5hrKwP9
GseVipvkMp8z/ZJvweg+slCTIt7IQn+BwGzgIs0GRBTfhEEV7YzK9LcX1R27bKhp
t21qksoQsHMJVa/P/9ZAS/zfFHy+wSxm969wu/Df36tzeAFPaaWElGxWIwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFCvTyzdDMfSklXwFHO0I8P/OrL92MB8GA1UdIwQY
MBaAFOHK3IpCHB8i8eKQTM/bvOxdvhsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQt
NzQyZGMwYzk3MGMwLzEvSzlQTE4wTXg5S1NWZkFVYzdRandfODZzdjNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQtNzQyZGMwYzk3MGMw
LzEvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDA7BAIAATA1AwMABc8DAwAf
kAMDAC6FAwMATTQDBARQ/0ADBAZY1kADAwBZ0QMEB19tgAMDAIB8AwMAsoUwDQQC
AAIwBwMFAioAD1AwDQYJKoZIhvcNAQELBQADggEBABtE6ko/FDIOqctBSt5Xc0+q
s6CRDzKqUvdtacn6/bF2iKm8jjJvM6vqlKM6Zp18uXJkHVAa8Xup8xo7PJkVqf9P
Z/BvVgCk4ShG4bTxc21CUPcqFg0vJ5hYr8rVL7aGnggJrONkVhERoVrRHxTBpg2n
xeH/jjVwyPTtADl252aPK7xFaGMHvLXb2XZN4OXr6xRRQu+fQiUSz9JURQAU6SrY
yZ3T7LQX2EyK5/6XuTCoBmgl0l+rt63ae86edtOTYAghQLGNkhHNCWh15cL+JxSD
vWRYB7xijoUsgttB+E6FL5xYE7m1J39ZHpO262WaqNcmP8BgLviaJZtj+snp7iU=
-----END CERTIFICATE-----
Generated at Mon Sep 8 05:43:27 2025 by rpki-client