Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/AT5TmEkiiJBd_bSx7xZG3a38GJc.roa
File: AT5TmEkiiJBd_bSx7xZG3a38GJc.roa (raw, json)
Hash identifier: OB2dZiNfc7hnjdg0dN3N3YX6pb7B/UCp7LsV+HK6l0g=
Subject key identifier: 01:3E:53:98:49:22:88:90:5D:FD:B4:B1:EF:16:46:DD:AD:FC:18:97
Certificate issuer: /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial: 01992F3B592F81FDCCD35A5C649255765267
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/AT5TmEkiiJBd_bSx7xZG3a38GJc.roa
Signing time: Tue 09 Sep 2025 16:07:22 +0000
ROA not before: Tue 09 Sep 2025 16:07:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62240
IP address blocks: 45.151.143.0/24 maxlen: 24
85.208.11.0/24 maxlen: 24
94.229.212.0/24 maxlen: 24
94.229.214.0/24 maxlen: 24
94.229.215.0/24 maxlen: 24
94.229.216.0/24 maxlen: 24
94.229.217.0/24 maxlen: 24
94.229.218.0/24 maxlen: 24
94.229.219.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 16 Sep 2025 08:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:2f:3b:59:2f:81:fd:cc:d3:5a:5c:64:92:55:76:52:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Validity
Not Before: Sep 9 16:07:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=013e5398492288905dfdb4b1ef1646ddadfc1897
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:5e:e8:e8:4e:2f:07:7b:6f:41:b6:67:32:b7:
84:46:03:88:7c:e7:29:f4:88:1f:7f:0e:12:f0:f2:
03:be:e2:8a:1a:e9:78:65:63:ba:e8:7c:bb:da:aa:
f3:16:d6:dc:2d:6c:fa:bb:36:ea:8d:97:55:cf:ec:
98:e8:3c:a3:64:d0:d1:e0:83:9d:81:dd:24:83:b8:
59:ce:51:8d:6c:5f:62:a0:59:db:d7:8f:45:41:86:
7a:e9:2c:19:7f:7f:14:81:10:37:24:2c:65:7d:38:
8f:02:b6:96:f0:40:40:ea:c1:6c:cb:b9:b1:21:9c:
30:33:c3:40:2e:14:dd:b3:bf:89:b5:db:26:f9:85:
a4:aa:07:61:da:4e:a0:08:17:9b:16:af:4c:db:79:
60:27:bd:4c:7d:6b:7a:da:ad:df:43:bd:ec:d6:a8:
f0:cd:ea:94:1f:b8:a8:27:91:ff:09:99:d0:f3:b1:
39:db:50:3c:46:98:78:65:a9:1a:24:a3:fd:ba:aa:
22:de:14:73:72:af:3f:8a:e2:2e:01:9e:8d:e3:a6:
2c:28:90:7b:3b:36:62:52:96:a9:42:50:a5:58:70:
2b:91:86:f5:1c:c7:3d:3e:93:21:2c:74:e1:9b:49:
45:b6:bb:25:5b:7c:b2:46:c7:ed:83:48:bc:62:c9:
15:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:3E:53:98:49:22:88:90:5D:FD:B4:B1:EF:16:46:DD:AD:FC:18:97
X509v3 Authority Key Identifier:
keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/AT5TmEkiiJBd_bSx7xZG3a38GJc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.143.0/24
85.208.11.0/24
94.229.212.0/24
94.229.214.0-94.229.219.255
Signature Algorithm: sha256WithRSAEncryption
78:1b:1c:21:24:c9:32:c7:77:f5:79:ed:fb:d0:c8:69:d9:0c:
ab:09:ac:3a:94:68:11:07:c6:16:2e:fc:ea:85:1b:43:62:f0:
5f:87:31:80:cf:84:53:c7:f1:a3:b4:fb:3c:76:74:44:90:04:
1c:e7:e8:88:55:ec:f2:be:44:c6:3e:6b:de:ff:4f:70:b0:86:
7a:f6:6e:c1:f3:97:a4:aa:08:94:08:75:01:31:3e:6c:3e:2c:
5a:20:3b:c3:97:57:a3:c4:cc:44:73:7d:22:70:20:a1:42:5b:
c9:97:4d:9c:82:47:7e:0c:38:4c:e7:e7:49:9a:e6:7b:d1:61:
a3:00:97:f5:ee:ab:4c:eb:f7:3a:1f:76:a7:31:a1:e9:1c:56:
44:95:68:60:75:91:d4:1c:1a:fb:f0:e9:2c:c4:79:ec:d4:49:
7b:f0:9d:26:16:e6:c3:11:4c:fc:71:d0:28:1b:2e:aa:f3:ea:
e5:9b:fc:cf:55:20:e3:d9:cf:09:2e:a7:28:50:77:c4:e2:37:
87:29:87:34:0d:a4:0e:fb:db:0b:be:ae:0b:7f:47:d0:aa:70:
15:39:ed:5f:73:35:09:56:9c:e1:80:f9:38:4b:d4:1f:89:6b:
d5:46:16:12:20:57:e2:a7:62:24:78:ad:65:ad:01:22:4c:74:
5c:45:2f:d4
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZkvO1kvgf3M01pcZJJVdlJnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwOTA5MTYwNzIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTNlNTM5ODQ5MjI4ODkwNWRmZGI0YjFlZjE2NDZkZGFkZmMxODk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp17o6E4vB3tvQbZnMreERgOIfOcp
9Igffw4S8PIDvuKKGul4ZWO66Hy72qrzFtbcLWz6uzbqjZdVz+yY6DyjZNDR4IOd
gd0kg7hZzlGNbF9ioFnb149FQYZ66SwZf38UgRA3JCxlfTiPAraW8EBA6sFsy7mx
IZwwM8NALhTds7+Jtdsm+YWkqgdh2k6gCBebFq9M23lgJ71MfWt62q3fQ73s1qjw
zeqUH7ioJ5H/CZnQ87E521A8Rph4ZakaJKP9uqoi3hRzcq8/iuIuAZ6N46YsKJB7
OzZiUpapQlClWHArkYb1HMc9PpMhLHThm0lFtrslW3yyRsftg0i8YskVqQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAE+U5hJIoiQXf20se8WRt2t/BiXMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQVQ1VG1Fa2lpSkJkX2JTeDd4WkczYTM4R0pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQALZePAwQA
VdALAwQAXuXUMAwDBAFe5dYDBAJe5dgwDQYJKoZIhvcNAQELBQADggEBAHgbHCEk
yTLHd/V57fvQyGnZDKsJrDqUaBEHxhYu/OqFG0Ni8F+HMYDPhFPH8aO0+zx2dESQ
BBzn6IhV7PK+RMY+a97/T3Cwhnr2bsHzl6SqCJQIdQExPmw+LFogO8OXV6PEzERz
fSJwIKFCW8mXTZyCR34MOEzn50ma5nvRYaMAl/Xuq0zr9zofdqcxoekcVkSVaGB1
kdQcGvvw6SzEeezUSXvwnSYW5sMRTPxx0CgbLqrz6uWb/M9VIOPZzwkupyhQd8Ti
N4cphzQNpA772wu+rgt/R9CqcBU57V9zNQlWnOGA+ThL1B+Ja9VGFhIgV+KnYiR4
rWWtASJMdFxFL9Q=
-----END CERTIFICATE-----
Generated at Mon Sep 15 13:50:27 2025 by rpki-client