Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BXN9CdkUzqHFQDAc0msJGIUAq5U.roa
File: BXN9CdkUzqHFQDAc0msJGIUAq5U.roa (raw, json)
Hash identifier: 5y74k+FBU+gLlfe2ToFhnWG7xffYbMv9M80cuIfXaSs=
Subject key identifier: 05:73:7D:09:D9:14:CE:A1:C5:40:30:1C:D2:6B:09:18:85:00:AB:95
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0199E2EF025A8E7F0EDF1442797A609BF8AF
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BXN9CdkUzqHFQDAc0msJGIUAq5U.roa
Signing time: Tue 14 Oct 2025 13:35:38 +0000
ROA not before: Tue 14 Oct 2025 13:35:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.4.0/24 maxlen: 24
193.124.7.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.87.54.0/24 maxlen: 24
194.87.55.0/24 maxlen: 24
194.87.59.0/24 maxlen: 24
194.87.75.0/24 maxlen: 24
194.87.119.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.179.0/24 maxlen: 24
194.87.192.0/22 maxlen: 22
194.87.192.0/24 maxlen: 24
194.87.193.0/24 maxlen: 24
194.87.194.0/24 maxlen: 24
194.87.195.0/24 maxlen: 24
194.87.228.0/24 maxlen: 24
194.135.24.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.29.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.241.0/24 maxlen: 24
212.193.0.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e2:ef:02:5a:8e:7f:0e:df:14:42:79:7a:60:9b:f8:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Oct 14 13:35:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=05737d09d914cea1c540301cd26b09188500ab95
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:ba:db:4e:77:82:4f:5e:0a:16:8a:8c:9c:5f:
c5:73:c1:44:64:43:4a:5e:23:eb:e6:46:13:a1:13:
89:b9:9c:5b:e5:1d:77:d4:ea:60:c9:0c:9c:bf:4b:
28:7b:5d:ef:07:f1:c0:53:93:d2:1e:51:d4:7c:ec:
a5:ac:f5:0f:62:05:5c:13:bf:a0:24:9e:a8:c8:42:
46:2f:ad:51:88:81:92:25:6d:57:11:36:b1:2e:47:
bd:0f:62:e6:44:fe:4c:93:ac:8a:c4:9d:8c:39:75:
86:2d:8e:d5:0f:91:a5:a5:b5:76:ea:40:9b:ef:cd:
a4:bb:3b:d6:63:67:cf:3a:3a:de:75:be:91:fe:7b:
c4:8d:58:25:6e:a3:b3:e5:b3:f4:36:f2:2f:df:a0:
23:2e:5e:b3:f7:6b:1e:3e:3c:0b:b9:73:6a:4d:3e:
22:ea:24:18:41:e9:6e:37:c2:b8:45:85:f3:af:d4:
2a:30:29:b6:21:eb:0b:c4:d2:55:6f:0e:3c:f9:62:
3f:cb:7b:5d:0b:4d:92:8d:18:45:66:55:1d:b8:fb:
f7:a4:17:a6:5d:09:8c:2f:d1:b4:a8:0d:57:5e:c3:
81:77:4f:87:65:db:2c:dd:d9:59:36:86:37:7e:cd:
df:54:e8:bb:28:66:9e:53:8e:04:59:d2:e7:aa:fc:
86:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:73:7D:09:D9:14:CE:A1:C5:40:30:1C:D2:6B:09:18:85:00:AB:95
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BXN9CdkUzqHFQDAc0msJGIUAq5U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.4.0/24
193.124.7.0/24
194.58.155.0/24
194.87.53.0-194.87.55.255
194.87.59.0/24
194.87.75.0/24
194.87.119.0/24
194.87.169.0/24
194.87.179.0/24
194.87.192.0/22
194.87.228.0/24
194.135.24.0/24
195.133.24.0/23
195.133.29.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.241.0/24
212.193.0.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
5a:e0:89:ee:d2:65:50:d3:d8:6c:a7:b2:77:73:0e:11:5c:0b:
3d:4b:94:e0:c4:12:f8:63:a0:4e:4a:4c:09:34:cc:dd:a4:3d:
be:28:d4:b9:fe:4a:c3:96:72:83:0c:e6:32:43:83:d3:52:95:
f1:67:1b:19:12:fb:aa:30:57:e6:bd:bc:b0:4c:88:0a:8c:c9:
6c:44:6f:b9:d4:6d:96:b2:0a:4a:ac:a7:71:b4:b9:cf:41:fb:
0a:c4:26:f7:ce:0f:e6:7e:ff:f5:e0:5e:23:7c:8c:ab:db:59:
06:b7:23:52:8c:7b:34:c2:51:db:90:7c:16:97:e4:79:35:96:
ff:aa:63:ba:a9:39:78:ab:d5:3f:9a:1d:34:98:c3:95:b1:15:
87:3b:e7:15:b6:81:41:ac:d1:ff:f9:e6:d6:f2:28:2b:9e:3e:
2c:6b:d1:63:9d:3c:82:94:ee:db:17:34:bf:c1:bc:c8:de:f5:
96:67:88:5b:d6:2a:54:0b:f2:a8:7c:b7:ce:91:57:c9:10:e3:
14:b2:b0:0f:1b:f4:12:d7:b3:30:02:2c:13:1c:4e:49:28:46:
52:fc:e0:2e:4b:c2:bf:d7:ca:03:72:62:75:c8:cc:8b:b1:30:
43:7a:b9:9a:b4:18:fe:84:20:77:75:f3:dd:1c:99:24:77:3e:
16:15:aa:b1
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAZni7wJajn8O3xRCeXpgm/ivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUxMDE0MTMzNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTczN2QwOWQ5MTRjZWExYzU0MDMwMWNkMjZiMDkxODg1MDBhYjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LrbTneCT14KFoqMnF/Fc8FEZENK
XiPr5kYToROJuZxb5R131OpgyQycv0soe13vB/HAU5PSHlHUfOylrPUPYgVcE7+g
JJ6oyEJGL61RiIGSJW1XETaxLke9D2LmRP5Mk6yKxJ2MOXWGLY7VD5GlpbV26kCb
782kuzvWY2fPOjredb6R/nvEjVglbqOz5bP0NvIv36AjLl6z92sePjwLuXNqTT4i
6iQYQeluN8K4RYXzr9QqMCm2IesLxNJVbw48+WI/y3tdC02SjRhFZlUduPv3pBem
XQmML9G0qA1XXsOBd0+HZdss3dlZNoY3fs3fVOi7KGaeU44EWdLnqvyGhwIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFAVzfQnZFM6hxUAwHNJrCRiFAKuVMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQlhOOUNka1V6cUhGUURBYzBtc0pHSVVBcTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDCBhwQCAAEwgYADBADB
fAQDBADBfAcDBADCOpswDAMEAMJXNQMEA8JXMAMEAMJXOwMEAMJXSwMEAMJXdwME
AMJXqQMEAMJXswMEAsJXwAMEAMJX5AMEAMKHGAMEAcOFGAMEAMOFHQMEAcOFKAME
AcOFMgMEAcOFXAMEANTA8QMEANTBAAMEAdTBGjAUBAIAAjAOAwUDKgFXwAMFAyoM
/0AwDQYJKoZIhvcNAQELBQADggEBAFrgie7SZVDT2GynsndzDhFcCz1LlODEEvhj
oE5KTAk0zN2kPb4o1Ln+SsOWcoMM5jJDg9NSlfFnGxkS+6owV+a9vLBMiAqMyWxE
b7nUbZayCkqsp3G0uc9B+wrEJvfOD+Z+//XgXiN8jKvbWQa3I1KMezTCUduQfBaX
5Hk1lv+qY7qpOXir1T+aHTSYw5WxFYc75xW2gUGs0f/55tbyKCuePixr0WOdPIKU
7tsXNL/BvMje9ZZniFvWKlQL8qh8t86RV8kQ4xSysA8b9BLXszACLBMcTkkoRlL8
4C5Lwr/XygNyYnXIzIuxMEN6uZq0GP6EIHd1890cmSR3PhYVqrE=
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:09:50 2025 by rpki-client