Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/nQfDN2BNm4A4MzSJamUhdNR1U_E.roa
File: nQfDN2BNm4A4MzSJamUhdNR1U_E.roa (raw, json)
Hash identifier: MPBz910o9n0fsR7PzMBiEwHloN5/mz2/C67YkQPH0Ns=
Subject key identifier: 9D:07:C3:37:60:4D:9B:80:38:33:34:89:6A:65:21:74:D4:75:53:F1
Certificate issuer: /CN=66306e3acf3eb903cc73973fb62860b663516c93
Certificate serial: 019A59F67DDC17FC2CA39C2FD300124C9929
Authority key identifier: 66:30:6E:3A:CF:3E:B9:03:CC:73:97:3F:B6:28:60:B6:63:51:6C:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZjBuOs8-uQPMc5c_tihgtmNRbJM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/nQfDN2BNm4A4MzSJamUhdNR1U_E.roa
Signing time: Thu 06 Nov 2025 16:18:37 +0000
ROA not before: Thu 06 Nov 2025 16:18:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203979
IP address blocks: 80.173.204.0/24 maxlen: 24
80.173.205.0/24 maxlen: 24
80.173.206.0/24 maxlen: 24
80.173.207.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/ZjBuOs8-uQPMc5c_tihgtmNRbJM.crl
rsync://rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/ZjBuOs8-uQPMc5c_tihgtmNRbJM.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZjBuOs8-uQPMc5c_tihgtmNRbJM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:59:f6:7d:dc:17:fc:2c:a3:9c:2f:d3:00:12:4c:99:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66306e3acf3eb903cc73973fb62860b663516c93
Validity
Not Before: Nov 6 16:18:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9d07c337604d9b80383334896a652174d47553f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:11:5f:37:b1:3c:fc:31:7d:73:dc:7a:04:94:
d8:67:1c:d4:48:a3:46:c9:ef:a7:00:1e:6e:eb:cb:
5b:65:d7:3a:47:3d:9d:6d:d5:6c:cc:d8:6e:e1:62:
09:82:b5:67:66:17:c2:74:10:6c:dc:7d:01:46:8c:
90:f6:15:86:f0:ac:66:a3:7a:5b:a8:2b:d0:7e:92:
25:72:15:84:2f:30:fc:4a:43:8f:78:d6:7a:c0:df:
3a:e7:50:63:b5:86:5d:d1:c1:e0:a4:67:03:ee:fb:
ea:66:3d:12:df:8b:11:63:41:4a:04:92:bd:b2:ae:
c1:db:8a:b6:51:98:7c:f2:83:52:de:c2:14:a8:f9:
f1:01:bf:4c:cb:1e:1f:7b:b1:9b:39:8f:ac:eb:dc:
d6:3c:1e:5b:a5:5e:51:79:1a:6c:9e:5b:a5:93:ea:
c4:ae:16:b6:01:b2:fa:24:2a:10:29:f0:2d:ba:86:
4e:de:a6:b6:62:d0:a8:76:8e:36:41:c3:56:c2:64:
4a:f6:6b:1a:76:90:60:37:e4:e0:11:d3:2e:77:2b:
c5:b0:36:49:e1:f4:00:7a:e6:a9:86:c5:e1:9e:a3:
e9:60:25:75:ec:99:ae:22:ca:e4:18:51:db:c5:10:
bd:fa:69:30:6a:3a:6b:e5:92:cb:2b:3c:2e:db:c9:
90:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:07:C3:37:60:4D:9B:80:38:33:34:89:6A:65:21:74:D4:75:53:F1
X509v3 Authority Key Identifier:
keyid:66:30:6E:3A:CF:3E:B9:03:CC:73:97:3F:B6:28:60:B6:63:51:6C:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZjBuOs8-uQPMc5c_tihgtmNRbJM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/nQfDN2BNm4A4MzSJamUhdNR1U_E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/ZjBuOs8-uQPMc5c_tihgtmNRbJM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.173.204.0/22
Signature Algorithm: sha256WithRSAEncryption
be:04:98:23:e5:8b:73:63:7d:64:a0:c4:33:dc:64:fb:f1:6b:
72:4b:0f:9e:6e:b6:fc:de:98:50:97:28:98:8f:d6:3e:da:90:
c0:1b:13:b4:09:d0:12:fb:77:8e:f3:ae:7f:3d:ba:e8:09:e0:
f4:15:49:65:39:d4:10:b9:47:63:d5:f1:88:d9:4f:77:a8:10:
a9:83:94:92:58:63:3d:4a:b6:fe:b7:0e:3f:d3:0b:c1:c2:22:
a4:8c:63:f8:c9:5c:72:99:4f:bb:63:32:30:40:cf:d7:eb:7f:
21:4b:da:11:89:39:cc:ae:d1:27:55:f4:4e:d4:3b:7f:8b:5d:
97:35:ff:8c:44:02:5d:fc:b1:70:40:7a:6c:c1:ca:6f:06:05:
93:0e:2d:82:ee:6b:0d:37:48:f9:40:22:12:53:dc:a3:42:27:
a6:7b:21:3b:0c:99:dc:ea:6d:2d:72:00:89:72:da:3c:fb:54:
f7:37:52:b1:ea:86:e6:7f:5d:0c:20:e9:ba:f5:cd:3d:a9:9c:
42:66:62:1f:4a:2d:a6:22:95:3c:ac:cd:27:99:ea:8c:73:b5:
fd:00:1d:dd:8b:fc:6d:5b:45:37:ee:06:0c:33:73:61:38:61:
22:24:e7:50:05:e3:3e:0e:b2:e2:bd:6c:2f:68:ab:74:50:d0:
21:c9:a7:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpZ9n3cF/wso5wv0wASTJkpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MzA2ZTNhY2YzZWI5MDNjYzczOTczZmI2Mjg2MGI2NjM1
MTZjOTMwHhcNMjUxMTA2MTYxODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDA3YzMzNzYwNGQ5YjgwMzgzMzM0ODk2YTY1MjE3NGQ0NzU1M2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhFfN7E8/DF9c9x6BJTYZxzUSKNG
ye+nAB5u68tbZdc6Rz2dbdVszNhu4WIJgrVnZhfCdBBs3H0BRoyQ9hWG8Kxmo3pb
qCvQfpIlchWELzD8SkOPeNZ6wN8651BjtYZd0cHgpGcD7vvqZj0S34sRY0FKBJK9
sq7B24q2UZh88oNS3sIUqPnxAb9Myx4fe7GbOY+s69zWPB5bpV5ReRpsnlulk+rE
rha2AbL6JCoQKfAtuoZO3qa2YtCodo42QcNWwmRK9msadpBgN+TgEdMudyvFsDZJ
4fQAeuaphsXhnqPpYCV17JmuIsrkGFHbxRC9+mkwajpr5ZLLKzwu28mQowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0HwzdgTZuAODM0iWplIXTUdVPxMB8GA1UdIwQY
MBaAFGYwbjrPPrkDzHOXP7YoYLZjUWyTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmpCdU9zOC11UVBNYzVjX3RpaGd0bU5SYkpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82NGRhYmItN2EwMS00MGQ1LWE1ODct
ZWUyN2NiY2E3NDdlLzEvblFmRE4yQk5tNEE0TXpTSmFtVWhkTlIxVV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82NGRhYmItN2EwMS00MGQ1LWE1ODctZWUyN2NiY2E3NDdl
LzEvWmpCdU9zOC11UVBNYzVjX3RpaGd0bU5SYkpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUK3MMA0G
CSqGSIb3DQEBCwUAA4IBAQC+BJgj5YtzY31koMQz3GT78WtySw+ebrb83phQlyiY
j9Y+2pDAGxO0CdAS+3eO865/PbroCeD0FUllOdQQuUdj1fGI2U93qBCpg5SSWGM9
Srb+tw4/0wvBwiKkjGP4yVxymU+7YzIwQM/X638hS9oRiTnMrtEnVfRO1Dt/i12X
Nf+MRAJd/LFwQHpswcpvBgWTDi2C7msNN0j5QCISU9yjQiemeyE7DJnc6m0tcgCJ
cto8+1T3N1Kx6obmf10MIOm69c09qZxCZmIfSi2mIpU8rM0nmeqMc7X9AB3di/xt
W0U37gYMM3NhOGEiJOdQBeM+DrLivWwvaKt0UNAhyadp
-----END CERTIFICATE-----
Generated at Tue Nov 11 15:16:08 2025 by rpki-client