Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/TPncixwYmIuz9n6NlFCy5PBctYI.roa
File: TPncixwYmIuz9n6NlFCy5PBctYI.roa (raw, json)
Hash identifier: bqnMZCbxZe22sZEzFpGwkUovZ3/EHTx4NnFW3vAG4K4=
Subject key identifier: 4C:F9:DC:8B:1C:18:98:8B:B3:F6:7E:8D:94:50:B2:E4:F0:5C:B5:82
Certificate issuer: /CN=c55aa35ddb50c90435eccf951f4db8407b6c9c91
Certificate serial: 019A0CD20A33D1A82EEA703DF5AC939EAE5E
Authority key identifier: C5:5A:A3:5D:DB:50:C9:04:35:EC:CF:95:1F:4D:B8:40:7B:6C:9C:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xVqjXdtQyQQ17M-VH024QHtsnJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/TPncixwYmIuz9n6NlFCy5PBctYI.roa
Signing time: Wed 22 Oct 2025 16:48:03 +0000
ROA not before: Wed 22 Oct 2025 16:48:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56700
IP address blocks: 91.198.92.0/24 maxlen: 24
2001:67c:3cc::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/xVqjXdtQyQQ17M-VH024QHtsnJE.crl
rsync://rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/xVqjXdtQyQQ17M-VH024QHtsnJE.mft
rsync://rpki.ripe.net/repository/DEFAULT/xVqjXdtQyQQ17M-VH024QHtsnJE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 04:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0c:d2:0a:33:d1:a8:2e:ea:70:3d:f5:ac:93:9e:ae:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c55aa35ddb50c90435eccf951f4db8407b6c9c91
Validity
Not Before: Oct 22 16:48:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4cf9dc8b1c18988bb3f67e8d9450b2e4f05cb582
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:ed:df:16:9b:4d:7f:25:9d:24:f7:5b:b7:af:
9e:f2:23:e8:37:66:3c:44:6b:b0:32:8d:76:7a:75:
c6:0e:e4:11:be:e3:8d:6f:53:f8:b0:a3:65:17:02:
9a:be:51:6a:63:8a:25:e8:bc:4b:f7:3d:21:14:af:
b7:09:44:80:b1:fc:0a:b7:72:f4:c6:66:79:00:19:
b7:50:46:b7:fb:63:13:e7:98:fc:9d:41:cf:ba:24:
21:0b:6f:67:e9:db:07:c1:1b:48:1f:c3:3e:0a:37:
e8:bb:56:d1:69:8f:cc:36:9b:b4:93:b3:da:1e:81:
ca:b5:6b:f4:22:74:67:80:bf:c8:73:61:71:44:c3:
d1:e4:32:b8:ba:36:90:78:df:c4:34:fa:ce:e7:2a:
29:c3:ee:29:fc:bb:21:8e:f7:d0:5f:4a:88:c6:31:
83:6d:4d:e5:ab:06:0b:1e:04:b9:ba:f5:12:a4:1f:
9f:ff:71:94:4c:87:cb:b1:16:e9:db:67:52:2b:7e:
4a:c6:14:f1:f7:ca:f2:10:d8:27:bc:0c:87:f7:c3:
fe:4a:aa:27:50:0d:c9:02:79:53:d7:f5:77:be:a5:
e9:63:6f:c4:71:e8:49:8e:aa:3a:c9:ac:03:19:cf:
36:08:9a:67:e7:b1:63:ba:ac:c5:78:e7:e9:4b:71:
7c:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:F9:DC:8B:1C:18:98:8B:B3:F6:7E:8D:94:50:B2:E4:F0:5C:B5:82
X509v3 Authority Key Identifier:
keyid:C5:5A:A3:5D:DB:50:C9:04:35:EC:CF:95:1F:4D:B8:40:7B:6C:9C:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xVqjXdtQyQQ17M-VH024QHtsnJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/TPncixwYmIuz9n6NlFCy5PBctYI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/xVqjXdtQyQQ17M-VH024QHtsnJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.92.0/24
IPv6:
2001:67c:3cc::/48
Signature Algorithm: sha256WithRSAEncryption
98:7a:0c:40:70:43:8f:44:09:fe:45:4b:ea:de:c0:f3:e2:78:
cb:d7:cb:9d:5f:b3:bb:69:87:d8:a5:29:66:cc:42:6b:d2:57:
e4:ec:43:8d:7f:ff:53:dc:d3:91:61:77:86:17:0f:cb:fa:4b:
8f:cb:6c:29:ce:38:11:3c:7c:fd:c1:d2:c3:57:83:3b:c6:33:
12:4a:78:bf:cb:d0:b0:93:8a:75:77:d1:e4:84:c6:67:ca:8c:
56:82:54:00:d1:c6:a6:c9:4f:10:04:75:fb:3f:e1:79:76:c8:
9e:6e:b4:e8:bf:73:51:74:23:6a:3f:be:db:c9:4c:41:85:22:
9a:f0:51:51:cc:91:ae:c2:9b:3a:f3:62:55:cb:f2:19:f7:ce:
7a:a5:8b:aa:77:ec:d1:fb:dc:3b:b1:f9:f1:9b:c8:bb:8a:f3:
0a:6d:f6:42:ad:57:17:0e:3e:42:65:2d:14:96:b5:2f:a6:24:
f2:88:b9:e4:27:b5:49:3e:93:e7:43:a6:58:09:c9:83:a6:cc:
1f:fe:3d:9f:ef:5d:ba:93:c7:b5:ac:08:d4:66:3b:4d:b0:6f:
f5:c7:be:42:28:cf:b8:4a:6d:c2:05:d4:61:95:be:07:69:99:
3c:03:14:e2:7e:02:de:d6:45:a0:0a:76:53:40:fa:99:9a:ce:
be:b3:72:50
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZoM0goz0agu6nA99ayTnq5eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NWFhMzVkZGI1MGM5MDQzNWVjY2Y5NTFmNGRiODQwN2I2
YzljOTEwHhcNMjUxMDIyMTY0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2Y5ZGM4YjFjMTg5ODhiYjNmNjdlOGQ5NDUwYjJlNGYwNWNiNTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+3fFptNfyWdJPdbt6+e8iPoN2Y8
RGuwMo12enXGDuQRvuONb1P4sKNlFwKavlFqY4ol6LxL9z0hFK+3CUSAsfwKt3L0
xmZ5ABm3UEa3+2MT55j8nUHPuiQhC29n6dsHwRtIH8M+Cjfou1bRaY/MNpu0k7Pa
HoHKtWv0InRngL/Ic2FxRMPR5DK4ujaQeN/ENPrO5yopw+4p/LshjvfQX0qIxjGD
bU3lqwYLHgS5uvUSpB+f/3GUTIfLsRbp22dSK35KxhTx98ryENgnvAyH98P+Sqon
UA3JAnlT1/V3vqXpY2/EcehJjqo6yawDGc82CJpn57FjuqzFeOfpS3F8fQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEz53IscGJiLs/Z+jZRQsuTwXLWCMB8GA1UdIwQY
MBaAFMVao13bUMkENezPlR9NuEB7bJyRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFZxalhkdFF5UVExN00tVkgwMjRRSHRzbkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9iNTY3MGYtZTQ0Yi00M2M1LWFiODct
NDVkZDkzNjlmOWIzLzEvVFBuY2l4d1ltSXV6OW42TmxGQ3k1UEJjdFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9iNTY3MGYtZTQ0Yi00M2M1LWFiODctNDVkZDkzNjlmOWIz
LzEveFZxalhkdFF5UVExN00tVkgwMjRRSHRzbkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8ZcMA8E
AgACMAkDBwAgAQZ8A8wwDQYJKoZIhvcNAQELBQADggEBAJh6DEBwQ49ECf5FS+re
wPPieMvXy51fs7tph9ilKWbMQmvSV+TsQ41//1Pc05Fhd4YXD8v6S4/LbCnOOBE8
fP3B0sNXgzvGMxJKeL/L0LCTinV30eSExmfKjFaCVADRxqbJTxAEdfs/4Xl2yJ5u
tOi/c1F0I2o/vtvJTEGFIprwUVHMka7CmzrzYlXL8hn3znqli6p37NH73Dux+fGb
yLuK8wpt9kKtVxcOPkJlLRSWtS+mJPKIueQntUk+k+dDplgJyYOmzB/+PZ/vXbqT
x7WsCNRmO02wb/XHvkIoz7hKbcIF1GGVvgdpmTwDFOJ+At7WRaAKdlNA+pmazr6z
clA=
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:48 2025 by rpki-client