Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/O5jVNQO8nxMopLkQjhKtnXIwjK4.roa
File: O5jVNQO8nxMopLkQjhKtnXIwjK4.roa (raw, json)
Hash identifier: bk5CA6HpOyjgqnMm5ypfeRTZvYufF4If6ZXNBIeT5K4=
Subject key identifier: 3B:98:D5:35:03:BC:9F:13:28:A4:B9:10:8E:12:AD:9D:72:30:8C:AE
Certificate issuer: /CN=1331334c8a35da66b44d909347a643ee44191aaf
Certificate serial: 01990E73D533D81648A2FF724F0099DC1631
Authority key identifier: 13:31:33:4C:8A:35:DA:66:B4:4D:90:93:47:A6:43:EE:44:19:1A:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EzEzTIo12ma0TZCTR6ZD7kQZGq8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/O5jVNQO8nxMopLkQjhKtnXIwjK4.roa
Signing time: Wed 03 Sep 2025 07:21:36 +0000
ROA not before: Wed 03 Sep 2025 07:21:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24824
IP address blocks: 185.44.48.0/22 maxlen: 22
185.44.48.0/23 maxlen: 23
185.44.50.0/23 maxlen: 23
194.107.0.0/20 maxlen: 20
194.107.8.0/23 maxlen: 23
194.107.12.0/23 maxlen: 23
194.107.14.0/23 maxlen: 23
2a00:f720::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/EzEzTIo12ma0TZCTR6ZD7kQZGq8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/EzEzTIo12ma0TZCTR6ZD7kQZGq8.mft
rsync://rpki.ripe.net/repository/DEFAULT/EzEzTIo12ma0TZCTR6ZD7kQZGq8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 19:01:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0e:73:d5:33:d8:16:48:a2:ff:72:4f:00:99:dc:16:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1331334c8a35da66b44d909347a643ee44191aaf
Validity
Not Before: Sep 3 07:21:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b98d53503bc9f1328a4b9108e12ad9d72308cae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:d7:38:7b:40:ee:9e:63:cd:df:5d:7b:af:9c:
03:f1:30:c1:2b:bb:92:fe:72:5b:3c:37:36:0b:7a:
2b:6b:61:1f:48:af:8d:3d:c6:e6:36:c4:05:e1:bd:
c3:e9:90:f4:d4:0e:78:16:7b:25:65:d7:d9:0a:15:
26:b0:4a:bf:e8:f1:d6:6b:6c:38:f0:19:21:11:ea:
4b:ce:5d:b9:e0:0c:c7:1b:f3:59:1d:59:48:9f:50:
dc:cf:fa:08:e8:9b:aa:84:81:ca:dc:22:2f:d4:35:
4e:dc:c1:2a:dd:dd:5f:d2:73:4e:ee:74:68:4e:48:
63:d9:7d:e1:f4:84:83:f1:c5:c2:3c:76:de:cf:f5:
ab:b8:cf:0e:8a:f0:28:13:e8:4b:a1:9e:20:59:53:
19:4c:d8:08:1a:f8:11:1c:05:f9:70:29:8d:e5:5b:
63:76:4e:f2:79:2d:7e:52:41:7a:ef:05:c7:91:61:
7b:fc:ec:37:96:2b:9c:c1:c6:24:e0:fb:a2:c0:4c:
fb:cd:e0:00:1d:d8:53:2b:fd:c6:c8:7b:18:61:46:
bf:ee:e3:6f:10:a3:65:99:3a:eb:5b:44:1b:1b:ec:
fc:2c:41:15:8a:07:1f:a8:72:5e:0f:7a:f7:7a:52:
84:a0:4b:0b:8f:04:09:71:5f:3a:44:fa:09:9c:8b:
07:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:98:D5:35:03:BC:9F:13:28:A4:B9:10:8E:12:AD:9D:72:30:8C:AE
X509v3 Authority Key Identifier:
keyid:13:31:33:4C:8A:35:DA:66:B4:4D:90:93:47:A6:43:EE:44:19:1A:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EzEzTIo12ma0TZCTR6ZD7kQZGq8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/O5jVNQO8nxMopLkQjhKtnXIwjK4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a4aa47-80ae-4ffd-81de-a7e3e8a5736c/1/EzEzTIo12ma0TZCTR6ZD7kQZGq8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.44.48.0/22
194.107.0.0/20
IPv6:
2a00:f720::/32
Signature Algorithm: sha256WithRSAEncryption
6a:17:7b:2c:6c:0d:dd:15:61:d5:51:aa:a9:08:5d:ed:c6:44:
1e:68:fa:c3:d4:69:f0:8a:a5:74:3c:7e:f7:15:54:32:d8:eb:
c6:34:90:53:04:d4:ea:78:33:53:3e:88:e2:8a:2f:15:18:d5:
67:92:f0:7c:b4:17:f0:5c:8a:ec:7a:49:24:4f:3a:77:53:7f:
ad:a4:66:69:f0:43:ea:63:e5:fe:b2:7a:e3:76:19:20:25:78:
9f:ce:70:ae:4a:7d:5d:1d:33:3e:01:90:8f:60:10:1a:28:33:
54:64:f8:85:f8:7e:c3:cf:59:33:b5:c6:8b:a6:32:22:30:6c:
02:ee:c4:05:3b:dd:ae:1a:ee:bd:8b:84:74:2c:8f:8f:1e:94:
ff:f2:ae:37:cc:da:a4:59:0e:fa:7c:f8:5d:ba:7d:b4:0e:fc:
be:6b:76:09:53:0b:73:4c:f7:42:12:9f:9a:20:61:6d:63:bd:
49:32:c8:95:47:cd:fe:35:e4:1a:16:fa:be:63:89:5a:82:ca:
70:11:f8:dd:b7:89:ab:ad:f2:6e:71:63:3c:f5:86:42:2a:fd:
e8:74:22:f5:5f:f0:66:ce:96:1b:c5:e0:11:67:47:94:13:27:
71:f5:ab:4f:50:c9:b2:3c:70:0c:26:47:02:2c:1a:df:ef:d1:
ee:f3:07:52
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZkOc9Uz2BZIov9yTwCZ3BYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMzEzMzRjOGEzNWRhNjZiNDRkOTA5MzQ3YTY0M2VlNDQx
OTFhYWYwHhcNMjUwOTAzMDcyMTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjk4ZDUzNTAzYmM5ZjEzMjhhNGI5MTA4ZTEyYWQ5ZDcyMzA4Y2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNc4e0DunmPN3117r5wD8TDBK7uS
/nJbPDc2C3ora2EfSK+NPcbmNsQF4b3D6ZD01A54FnslZdfZChUmsEq/6PHWa2w4
8BkhEepLzl254AzHG/NZHVlIn1Dcz/oI6JuqhIHK3CIv1DVO3MEq3d1f0nNO7nRo
Tkhj2X3h9ISD8cXCPHbez/WruM8OivAoE+hLoZ4gWVMZTNgIGvgRHAX5cCmN5Vtj
dk7yeS1+UkF67wXHkWF7/Ow3liucwcYk4PuiwEz7zeAAHdhTK/3GyHsYYUa/7uNv
EKNlmTrrW0QbG+z8LEEVigcfqHJeD3r3elKEoEsLjwQJcV86RPoJnIsH7wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDuY1TUDvJ8TKKS5EI4SrZ1yMIyuMB8GA1UdIwQY
MBaAFBMxM0yKNdpmtE2Qk0emQ+5EGRqvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXpFelRJbzEybWEwVFpDVFI2WkQ3a1FaR3E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hNGFhNDctODBhZS00ZmZkLTgxZGUt
YTdlM2U4YTU3MzZjLzEvTzVqVk5RTzhueE1vcExrUWpoS3RuWEl3aks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hNGFhNDctODBhZS00ZmZkLTgxZGUtYTdlM2U4YTU3MzZj
LzEvRXpFelRJbzEybWEwVFpDVFI2WkQ3a1FaR3E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuSwwAwQE
wmsAMA0EAgACMAcDBQAqAPcgMA0GCSqGSIb3DQEBCwUAA4IBAQBqF3ssbA3dFWHV
UaqpCF3txkQeaPrD1GnwiqV0PH73FVQy2OvGNJBTBNTqeDNTPojiii8VGNVnkvB8
tBfwXIrsekkkTzp3U3+tpGZp8EPqY+X+snrjdhkgJXifznCuSn1dHTM+AZCPYBAa
KDNUZPiF+H7Dz1kztcaLpjIiMGwC7sQFO92uGu69i4R0LI+PHpT/8q43zNqkWQ76
fPhdun20Dvy+a3YJUwtzTPdCEp+aIGFtY71JMsiVR83+NeQaFvq+Y4lagspwEfjd
t4mrrfJucWM89YZCKv3odCL1X/BmzpYbxeARZ0eUEydx9atPUMmyPHAMJkcCLBrf
79Hu8wdS
-----END CERTIFICATE-----
Generated at Mon Sep 8 05:11:02 2025 by rpki-client