Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/oQiFmtl24734RSqM0slFnUvS99U.roa
File: oQiFmtl24734RSqM0slFnUvS99U.roa (raw, json)
Hash identifier: MFXe9cidNLOe9j5SZ0lyBdbhZ14xaNGzMBVKRn7ZRfk=
Subject key identifier: A1:08:85:9A:D9:76:E3:BD:F8:45:2A:8C:D2:C9:45:9D:4B:D2:F7:D5
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019904B41D5F3D60E175DB9E895B2E4B59FC
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/oQiFmtl24734RSqM0slFnUvS99U.roa
Signing time: Mon 01 Sep 2025 09:55:36 +0000
ROA not before: Mon 01 Sep 2025 09:55:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211434
IP address blocks: 192.36.200.0/24 maxlen: 24
192.71.206.0/24 maxlen: 24
193.181.200.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 10 Sep 2025 07:02:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:04:b4:1d:5f:3d:60:e1:75:db:9e:89:5b:2e:4b:59:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Sep 1 09:55:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a108859ad976e3bdf8452a8cd2c9459d4bd2f7d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:39:8c:53:65:04:75:1c:90:90:17:38:5c:28:
5a:c3:67:99:1d:a5:b7:fb:3e:d4:4b:77:a2:b4:c7:
47:de:df:b1:93:49:02:71:90:c8:10:c7:4d:24:2d:
67:30:f6:37:77:f7:b7:90:a6:96:18:9b:73:9b:de:
f6:42:c5:5a:5c:f5:2d:69:e6:4f:69:42:c3:b1:73:
c3:ce:ae:9b:de:c0:71:07:39:ec:6e:8d:a7:50:ec:
5f:23:33:fc:b3:c1:3c:c9:9d:8e:2d:c5:e2:db:1e:
2c:c3:9f:6b:5e:1d:b4:41:c5:7a:74:85:98:c4:4e:
d3:e5:19:82:3c:d0:40:a3:9b:53:d2:65:f4:93:ad:
bf:38:0a:60:fe:df:93:f0:ad:84:6f:96:cd:be:8d:
a8:8a:e7:0b:9e:b7:61:c1:5a:44:a4:35:75:e3:2f:
4e:ff:1a:55:82:b8:db:af:be:22:37:b0:ac:9c:18:
c8:d2:da:ba:d0:1d:10:01:5e:99:e9:7d:a2:31:86:
dd:2b:22:5d:84:fd:90:06:28:35:d2:90:1d:49:e7:
24:b6:e4:8c:ab:f0:be:41:f0:68:9a:04:3f:4b:8f:
01:a5:8f:12:2e:53:43:95:ee:12:34:ec:17:d7:5d:
50:46:de:bd:e1:ed:be:e4:b2:be:c4:b6:78:9a:f4:
01:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:08:85:9A:D9:76:E3:BD:F8:45:2A:8C:D2:C9:45:9D:4B:D2:F7:D5
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/oQiFmtl24734RSqM0slFnUvS99U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.200.0/24
192.71.206.0/24
193.181.200.0/21
Signature Algorithm: sha256WithRSAEncryption
bf:47:8b:ea:78:ca:7f:61:62:ca:5b:c6:68:7b:22:35:c2:09:
52:74:48:db:56:6c:bf:81:64:fa:97:83:fe:96:01:a3:90:31:
74:e2:61:b2:1f:61:3e:66:68:40:9e:94:89:b0:4e:fd:a9:80:
59:c1:ff:8f:3a:af:77:58:79:0c:99:c6:d8:5b:29:3a:87:97:
05:1c:ce:64:8b:7a:bc:fd:6e:1d:0b:a4:62:f6:2f:1d:0e:89:
ba:a8:88:47:e2:85:f9:39:ae:5a:1e:cd:3a:ed:3d:0f:c6:eb:
7f:af:b1:f5:3e:54:8c:79:67:4e:cb:41:52:92:b7:b9:55:d1:
d9:67:36:37:3f:1d:d1:d3:c1:34:0e:ce:2e:65:be:a1:bc:b1:
b5:b4:d4:f8:74:fc:30:8e:09:74:cb:1e:05:95:e2:01:22:ee:
43:ef:61:64:8c:1f:57:cf:25:04:47:f8:d4:53:8a:05:9c:1f:
86:b3:91:d5:15:ba:82:52:5f:ab:c3:a2:83:f2:88:94:1b:67:
21:c0:4f:98:8c:b4:c9:02:f3:e8:25:76:57:1c:3a:42:2a:35:
da:d0:05:65:b3:0c:ca:51:8d:3b:a1:59:8b:1d:51:6c:84:15:
27:fc:e4:d4:a2:41:c8:d9:c5:a4:72:60:fe:06:df:c3:52:8a:
75:58:c8:47
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkEtB1fPWDhddueiVsuS1n8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwOTAxMDk1NTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTA4ODU5YWQ5NzZlM2JkZjg0NTJhOGNkMmM5NDU5ZDRiZDJmN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzmMU2UEdRyQkBc4XChaw2eZHaW3
+z7US3eitMdH3t+xk0kCcZDIEMdNJC1nMPY3d/e3kKaWGJtzm972QsVaXPUtaeZP
aULDsXPDzq6b3sBxBznsbo2nUOxfIzP8s8E8yZ2OLcXi2x4sw59rXh20QcV6dIWY
xE7T5RmCPNBAo5tT0mX0k62/OApg/t+T8K2Eb5bNvo2oiucLnrdhwVpEpDV14y9O
/xpVgrjbr74iN7CsnBjI0tq60B0QAV6Z6X2iMYbdKyJdhP2QBig10pAdSecktuSM
q/C+QfBomgQ/S48BpY8SLlNDle4SNOwX111QRt694e2+5LK+xLZ4mvQB7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKEIhZrZduO9+EUqjNLJRZ1L0vfVMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvb1FpRm10bDI0NzM0UlNxTTBzbEZuVXZTOTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwCTIAwQA
wEfOAwQDwbXIMA0GCSqGSIb3DQEBCwUAA4IBAQC/R4vqeMp/YWLKW8ZoeyI1wglS
dEjbVmy/gWT6l4P+lgGjkDF04mGyH2E+ZmhAnpSJsE79qYBZwf+POq93WHkMmcbY
Wyk6h5cFHM5ki3q8/W4dC6Ri9i8dDom6qIhH4oX5Oa5aHs067T0Pxut/r7H1PlSM
eWdOy0FSkre5VdHZZzY3Px3R08E0Ds4uZb6hvLG1tNT4dPwwjgl0yx4FleIBIu5D
72FkjB9XzyUER/jUU4oFnB+Gs5HVFbqCUl+rw6KD8oiUG2chwE+YjLTJAvPoJXZX
HDpCKjXa0AVlswzKUY07oVmLHVFshBUn/OTUokHI2cWkcmD+Bt/DUop1WMhH
-----END CERTIFICATE-----
Generated at Tue Sep 9 13:15:16 2025 by rpki-client