Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/fkFOu25-CLt_pqgxFyon0OGUb4o.roa
File: fkFOu25-CLt_pqgxFyon0OGUb4o.roa (raw, json)
Hash identifier: sKSFZUpWtwcAyL2D36Fml5sLNaF1815anfn4zderbaw=
Subject key identifier: 7E:41:4E:BB:6E:7E:08:BB:7F:A6:A8:31:17:2A:27:D0:E1:94:6F:8A
Certificate issuer: /CN=bfd070b0c9add92972fefc566c112d93717c4d6c
Certificate serial: 019A725FE1DF0B6D6458DAB0EC8C75A66B7F
Authority key identifier: BF:D0:70:B0:C9:AD:D9:29:72:FE:FC:56:6C:11:2D:93:71:7C:4D:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/fkFOu25-CLt_pqgxFyon0OGUb4o.roa
Signing time: Tue 11 Nov 2025 10:04:37 +0000
ROA not before: Tue 11 Nov 2025 10:04:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49586
IP address blocks: 137.221.24.0/21 maxlen: 21
137.221.25.64/27 maxlen: 27
137.221.25.112/28 maxlen: 28
185.7.132.0/22 maxlen: 22
188.95.240.0/21 maxlen: 21
188.95.240.64/26 maxlen: 26
188.95.240.72/30 maxlen: 30
188.95.240.208/29 maxlen: 29
188.95.240.216/29 maxlen: 29
188.95.240.248/29 maxlen: 29
188.95.242.16/30 maxlen: 31
188.95.242.254/31 maxlen: 31
2a00:10b0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.crl
rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.mft
rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:72:5f:e1:df:0b:6d:64:58:da:b0:ec:8c:75:a6:6b:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfd070b0c9add92972fefc566c112d93717c4d6c
Validity
Not Before: Nov 11 10:04:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7e414ebb6e7e08bb7fa6a831172a27d0e1946f8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:43:de:93:bb:c4:29:00:42:17:63:14:eb:33:
88:f4:07:67:08:f5:00:4c:b6:ae:f4:73:a3:08:2d:
3c:3b:24:57:80:2d:97:23:7e:d1:6c:cd:4c:c4:d5:
a0:94:e8:f5:48:d2:78:b8:09:40:70:3e:56:33:b8:
23:2c:6a:ef:73:eb:f4:a8:c5:de:f1:74:8d:75:49:
23:cd:cf:d3:42:ea:ad:df:04:a2:e2:d7:46:a3:ca:
96:d6:13:d6:a3:a3:2a:5d:65:16:4e:2f:35:8f:47:
75:6f:dc:7a:68:fb:a6:7b:87:53:03:85:43:00:70:
a4:f2:64:be:10:3a:fe:52:43:5c:b4:ab:52:c4:2f:
8a:2b:a1:47:ed:63:b1:c9:d1:b6:f6:57:10:1d:9f:
13:a0:34:97:0e:c8:bc:3d:08:51:10:5f:8a:31:a2:
d8:27:46:99:c1:3f:e0:d6:b0:bf:bb:75:15:28:4c:
47:c9:26:fb:12:15:8b:96:e3:fb:5a:61:21:b4:ac:
41:bc:13:d1:86:3a:dc:f6:cf:75:f9:9b:d9:72:12:
18:3b:30:18:ab:3e:23:34:26:d5:e6:a1:32:ea:2d:
05:08:c9:ed:c1:47:00:3a:7a:2d:ab:eb:cb:cc:b5:
aa:29:b7:91:0c:40:f9:a9:cf:39:bc:ee:75:35:ef:
e1:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:41:4E:BB:6E:7E:08:BB:7F:A6:A8:31:17:2A:27:D0:E1:94:6F:8A
X509v3 Authority Key Identifier:
keyid:BF:D0:70:B0:C9:AD:D9:29:72:FE:FC:56:6C:11:2D:93:71:7C:4D:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/fkFOu25-CLt_pqgxFyon0OGUb4o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
137.221.24.0/21
185.7.132.0/22
188.95.240.0/21
IPv6:
2a00:10b0::/29
Signature Algorithm: sha256WithRSAEncryption
16:81:13:40:76:05:6f:cd:e8:2e:8c:9f:1d:6e:7d:e2:6d:fd:
66:0f:fa:ab:b0:31:5d:51:d1:ef:73:fb:99:ee:14:a3:6c:63:
3e:b5:70:8e:60:f2:ee:05:57:03:dc:83:0b:d7:17:a3:ad:6c:
1c:46:48:0f:29:47:cc:0c:87:3b:38:63:d9:82:8e:6b:dd:78:
a5:c8:41:31:6c:c5:55:81:6c:03:ea:c6:5f:9e:28:65:d1:9b:
d3:42:69:40:5e:0d:4d:44:07:e2:98:b4:3f:79:55:9c:89:69:
43:fc:82:2a:92:ad:1d:50:3b:00:3c:26:1e:d3:0a:66:0d:04:
c3:7e:e9:9e:77:f7:20:ac:4b:2d:e6:a7:05:a7:db:a5:f6:19:
d8:80:20:b6:d2:5a:a4:1d:41:59:22:b1:4d:73:49:22:44:d6:
f3:93:ef:dd:1f:f4:c4:55:d8:cd:c9:69:1a:e0:f7:2a:65:a0:
92:4c:62:8e:cc:c5:d1:64:b4:6c:07:c8:a0:1a:24:0c:52:36:
5c:fe:f0:de:c5:45:86:5c:c0:5f:73:e1:ab:89:bb:a3:0f:f1:
9e:b5:66:33:e9:35:ab:5b:d3:ec:bd:c5:56:6d:fe:28:ca:2d:
9e:67:99:78:c5:ec:60:82:93:f3:20:50:62:9f:78:47:4a:47:
f1:66:f2:61
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZpyX+HfC21kWNqw7Ix1pmt/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDA3MGIwYzlhZGQ5Mjk3MmZlZmM1NjZjMTEyZDkzNzE3
YzRkNmMwHhcNMjUxMTExMTAwNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQxNGViYjZlN2UwOGJiN2ZhNmE4MzExNzJhMjdkMGUxOTQ2ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUPek7vEKQBCF2MU6zOI9AdnCPUA
TLau9HOjCC08OyRXgC2XI37RbM1MxNWglOj1SNJ4uAlAcD5WM7gjLGrvc+v0qMXe
8XSNdUkjzc/TQuqt3wSi4tdGo8qW1hPWo6MqXWUWTi81j0d1b9x6aPume4dTA4VD
AHCk8mS+EDr+UkNctKtSxC+KK6FH7WOxydG29lcQHZ8ToDSXDsi8PQhREF+KMaLY
J0aZwT/g1rC/u3UVKExHySb7EhWLluP7WmEhtKxBvBPRhjrc9s91+ZvZchIYOzAY
qz4jNCbV5qEy6i0FCMntwUcAOnotq+vLzLWqKbeRDED5qc85vO51Ne/hCQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFH5BTrtufgi7f6aoMRcqJ9DhlG+KMB8GA1UdIwQY
MBaAFL/QcLDJrdkpcv78VmwRLZNxfE1sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlCd3NNbXQyU2x5X3Z4V2JCRXRrM0Y4VFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xOTU0MjctNDQyNS00NTU2LTllYTYt
NTNjY2E4MWU5MjI0LzEvZmtGT3UyNS1DTHRfcHFneEZ5b24wT0dVYjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xOTU0MjctNDQyNS00NTU2LTllYTYtNTNjY2E4MWU5MjI0
LzEvdjlCd3NNbXQyU2x5X3Z4V2JCRXRrM0Y4VFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDid0YAwQC
uQeEAwQDvF/wMA0EAgACMAcDBQMqABCwMA0GCSqGSIb3DQEBCwUAA4IBAQAWgRNA
dgVvzegujJ8dbn3ibf1mD/qrsDFdUdHvc/uZ7hSjbGM+tXCOYPLuBVcD3IML1xej
rWwcRkgPKUfMDIc7OGPZgo5r3XilyEExbMVVgWwD6sZfnihl0ZvTQmlAXg1NRAfi
mLQ/eVWciWlD/IIqkq0dUDsAPCYe0wpmDQTDfumed/cgrEst5qcFp9ul9hnYgCC2
0lqkHUFZIrFNc0kiRNbzk+/dH/TEVdjNyWka4PcqZaCSTGKOzMXRZLRsB8igGiQM
UjZc/vDexUWGXMBfc+GribujD/GetWYz6TWrW9PsvcVWbf4oyi2eZ5l4xexggpPz
IFBin3hHSkfxZvJh
-----END CERTIFICATE-----
Generated at Tue Nov 11 15:23:46 2025 by rpki-client