Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/w89P4aOYJSIpjxXH3F1qUwrYwG8.roa
File: w89P4aOYJSIpjxXH3F1qUwrYwG8.roa (raw, json)
Hash identifier: VwwE3O0gcp61cCcoyzXJgH2L9ssH8GuxbE9nzSsokkM=
Subject key identifier: C3:CF:4F:E1:A3:98:25:22:29:8F:15:C7:DC:5D:6A:53:0A:D8:C0:6F
Certificate issuer: /CN=0b453b410d3586a6237a951eef3b03f4c44118f0
Certificate serial: 0199341D36723EAF7B822D511241F3F35B4C
Authority key identifier: 0B:45:3B:41:0D:35:86:A6:23:7A:95:1E:EF:3B:03:F4:C4:41:18:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C0U7QQ01hqYjepUe7zsD9MRBGPA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/w89P4aOYJSIpjxXH3F1qUwrYwG8.roa
Signing time: Wed 10 Sep 2025 14:52:33 +0000
ROA not before: Wed 10 Sep 2025 14:52:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44477
IP address blocks: 91.228.10.0/24 maxlen: 24
146.19.80.0/24 maxlen: 24
185.65.105.0/24 maxlen: 24
185.248.144.0/24 maxlen: 24
2a12:6500::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/C0U7QQ01hqYjepUe7zsD9MRBGPA.crl
rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/C0U7QQ01hqYjepUe7zsD9MRBGPA.mft
rsync://rpki.ripe.net/repository/DEFAULT/C0U7QQ01hqYjepUe7zsD9MRBGPA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 19 Sep 2025 14:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:34:1d:36:72:3e:af:7b:82:2d:51:12:41:f3:f3:5b:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b453b410d3586a6237a951eef3b03f4c44118f0
Validity
Not Before: Sep 10 14:52:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c3cf4fe1a3982522298f15c7dc5d6a530ad8c06f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:d9:e0:95:e0:a4:51:21:9c:26:96:44:6f:78:
e9:29:4e:53:4e:79:31:57:5d:66:c0:ef:e4:ed:02:
17:5b:ad:17:16:7b:bb:87:c2:3f:e6:e1:d6:05:aa:
09:de:b8:10:2b:f6:5a:99:6a:aa:2b:4c:17:2f:56:
18:24:2b:46:6a:5c:1b:74:f0:34:83:e6:df:56:de:
51:46:e5:36:68:9c:5a:fc:15:6f:5f:ad:02:ec:6c:
29:18:02:ad:36:83:40:2c:43:9f:c2:bf:f2:b3:54:
30:f0:fa:23:fc:44:72:ac:7a:6f:80:a8:b0:11:2e:
b3:f3:84:90:78:33:7a:44:81:e0:fa:54:13:a5:8b:
b7:14:55:04:43:fa:d0:6d:ff:36:15:78:dc:c6:ad:
d9:95:04:25:4d:93:cf:5d:60:ea:21:4e:d3:49:af:
07:27:cc:c7:ab:cf:8e:66:e4:5c:49:ef:b7:ab:2c:
03:00:1c:45:06:b4:85:80:76:87:db:70:36:e0:e0:
da:3f:ac:a2:9e:49:a2:f1:aa:ad:c2:70:46:10:64:
8c:60:5b:e5:46:b6:8d:b7:23:16:81:bd:f9:9b:66:
fd:c8:f3:4b:ab:17:68:c7:3a:36:6e:cb:eb:12:a1:
33:80:89:a6:9e:af:1e:57:92:94:98:2b:c1:e8:c3:
32:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:CF:4F:E1:A3:98:25:22:29:8F:15:C7:DC:5D:6A:53:0A:D8:C0:6F
X509v3 Authority Key Identifier:
keyid:0B:45:3B:41:0D:35:86:A6:23:7A:95:1E:EF:3B:03:F4:C4:41:18:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C0U7QQ01hqYjepUe7zsD9MRBGPA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/w89P4aOYJSIpjxXH3F1qUwrYwG8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d63f8e-4b1a-48bf-87eb-29fa47b68093/1/C0U7QQ01hqYjepUe7zsD9MRBGPA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.228.10.0/24
146.19.80.0/24
185.65.105.0/24
185.248.144.0/24
IPv6:
2a12:6500::/32
Signature Algorithm: sha256WithRSAEncryption
29:8d:5c:a0:44:44:d9:5b:83:5b:ed:ab:ab:d9:fc:34:dc:78:
81:44:b2:8f:9d:87:ad:8a:aa:9b:89:d3:e7:19:20:94:ca:36:
9c:b6:01:35:c6:df:b6:99:c7:0c:b1:a9:1e:f1:da:88:95:99:
4e:72:40:06:23:9f:9f:95:22:12:dc:b2:c5:4a:a7:3d:75:cf:
07:f8:89:86:54:ef:3e:2a:78:ea:8f:a0:bf:76:26:3d:bc:e4:
06:a6:f6:55:29:31:79:7f:74:dd:2a:53:48:54:cd:b8:9d:2c:
68:db:60:da:2d:a9:85:55:88:18:f0:f8:ce:d6:7b:e3:65:a9:
d6:d9:aa:0e:9e:59:79:6c:d2:9b:1a:6f:7e:58:a2:6d:37:52:
27:0a:40:78:88:10:b2:27:4d:b1:ca:8e:fa:99:a3:c8:80:a9:
6b:c4:2e:1f:7d:39:b5:e2:ba:95:c5:00:b4:10:74:2c:43:ac:
9c:50:57:78:57:98:b7:c0:af:59:b7:81:62:e1:84:39:e7:6a:
63:69:6f:2d:fd:d0:0c:7c:4a:98:37:91:6c:58:ba:2e:d5:67:
e3:b3:70:e5:12:8d:13:8b:97:f4:e3:68:6a:37:f8:22:03:e1:
35:61:60:d1:a7:0e:35:a4:d0:a6:ca:40:75:74:92:29:fc:9f:
22:b4:6f:57
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZk0HTZyPq97gi1REkHz81tMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNDUzYjQxMGQzNTg2YTYyMzdhOTUxZWVmM2IwM2Y0YzQ0
MTE4ZjAwHhcNMjUwOTEwMTQ1MjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2NmNGZlMWEzOTgyNTIyMjk4ZjE1YzdkYzVkNmE1MzBhZDhjMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydngleCkUSGcJpZEb3jpKU5TTnkx
V11mwO/k7QIXW60XFnu7h8I/5uHWBaoJ3rgQK/ZamWqqK0wXL1YYJCtGalwbdPA0
g+bfVt5RRuU2aJxa/BVvX60C7GwpGAKtNoNALEOfwr/ys1Qw8Poj/ERyrHpvgKiw
ES6z84SQeDN6RIHg+lQTpYu3FFUEQ/rQbf82FXjcxq3ZlQQlTZPPXWDqIU7TSa8H
J8zHq8+OZuRcSe+3qywDABxFBrSFgHaH23A24ODaP6yinkmi8aqtwnBGEGSMYFvl
RraNtyMWgb35m2b9yPNLqxdoxzo2bsvrEqEzgImmnq8eV5KUmCvB6MMyuQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMPPT+GjmCUiKY8Vx9xdalMK2MBvMB8GA1UdIwQY
MBaAFAtFO0ENNYamI3qVHu87A/TEQRjwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzBVN1FRMDFocVlqZXBVZTd6c0Q5TVJCR1BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9kNjNmOGUtNGIxYS00OGJmLTg3ZWIt
MjlmYTQ3YjY4MDkzLzEvdzg5UDRhT1lKU0lwanhYSDNGMXFVd3JZd0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9kNjNmOGUtNGIxYS00OGJmLTg3ZWItMjlmYTQ3YjY4MDkz
LzEvQzBVN1FRMDFocVlqZXBVZTd6c0Q5TVJCR1BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAW+QKAwQA
khNQAwQAuUFpAwQAufiQMA0EAgACMAcDBQAqEmUAMA0GCSqGSIb3DQEBCwUAA4IB
AQApjVygRETZW4Nb7aur2fw03HiBRLKPnYetiqqbidPnGSCUyjactgE1xt+2mccM
sake8dqIlZlOckAGI5+flSIS3LLFSqc9dc8H+ImGVO8+Knjqj6C/diY9vOQGpvZV
KTF5f3TdKlNIVM24nSxo22DaLamFVYgY8PjO1nvjZanW2aoOnll5bNKbGm9+WKJt
N1InCkB4iBCyJ02xyo76maPIgKlrxC4ffTm14rqVxQC0EHQsQ6ycUFd4V5i3wK9Z
t4Fi4YQ552pjaW8t/dAMfEqYN5FsWLou1Wfjs3DlEo0Ti5f042hqN/giA+E1YWDR
pw41pNCmykB1dJIp/J8itG9X
-----END CERTIFICATE-----
Generated at Fri Sep 19 00:03:43 2025 by rpki-client