Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/P01UMeI1OYpYWIct7YfzJL7eRiU.roa
File: P01UMeI1OYpYWIct7YfzJL7eRiU.roa (raw, json)
Hash identifier: E9cD7ue5JMjn6dTHm1Cpyu1NPfKie3JX1JWUQbB9m1A=
Subject key identifier: 3F:4D:54:31:E2:35:39:8A:58:58:87:2D:ED:87:F3:24:BE:DE:46:25
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0199B8ED90A949776AA357E21C75C451B3A0
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/P01UMeI1OYpYWIct7YfzJL7eRiU.roa
Signing time: Mon 06 Oct 2025 09:50:00 +0000
ROA not before: Mon 06 Oct 2025 09:50:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58061
IP address blocks: 192.124.191.0/24 maxlen: 24
193.124.5.0/24 maxlen: 24
194.87.12.0/24 maxlen: 24
194.87.22.0/24 maxlen: 24
194.87.40.0/24 maxlen: 24
194.87.124.0/24 maxlen: 24
194.87.136.0/24 maxlen: 24
194.87.142.0/24 maxlen: 24
194.87.150.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.185.0/24 maxlen: 24
195.133.6.0/24 maxlen: 24
195.133.42.0/24 maxlen: 24
195.133.43.0/24 maxlen: 24
195.133.72.0/24 maxlen: 24
195.133.85.0/24 maxlen: 24
212.193.14.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:b8:ed:90:a9:49:77:6a:a3:57:e2:1c:75:c4:51:b3:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Oct 6 09:50:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f4d5431e235398a5858872ded87f324bede4625
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:4f:17:7e:5c:f6:68:42:3a:f9:0a:13:9f:54:
87:64:67:45:54:6d:ad:24:b3:40:b0:31:d7:f9:ae:
d7:aa:cc:8b:c1:53:da:db:b0:08:33:61:e9:92:33:
e2:82:52:22:89:57:e6:61:02:20:ef:d6:2b:a8:7c:
3e:ee:00:09:e5:f6:41:b1:14:cf:14:17:6f:11:57:
8d:6d:fc:0e:00:eb:ad:af:c4:4f:a9:f7:ed:85:95:
d1:08:e8:57:99:14:09:a9:03:0a:b5:84:67:cd:8a:
44:14:e5:65:58:07:0f:04:e3:90:6c:77:b4:16:73:
69:a0:ae:8c:53:b7:c2:73:bc:8d:77:ae:e3:7c:ba:
61:fe:92:35:da:e1:32:f2:75:92:06:26:12:80:fc:
97:6e:67:80:ef:58:e8:34:e5:b3:d1:4d:85:2b:43:
6c:f2:d6:fb:ed:6e:0f:22:4c:70:cd:a6:6e:10:94:
2d:ad:df:51:9d:90:c8:66:71:88:d7:40:0b:2d:47:
e6:71:20:78:3b:b6:e3:41:72:47:c0:8b:17:d0:f8:
82:09:eb:9d:c3:df:d6:10:eb:ae:b1:84:ee:57:de:
31:8d:0b:e9:66:5f:5a:09:96:8d:f0:68:79:1f:8a:
bf:a7:7f:65:2f:ba:2a:01:d6:3b:83:2b:04:cd:9b:
da:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:4D:54:31:E2:35:39:8A:58:58:87:2D:ED:87:F3:24:BE:DE:46:25
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/P01UMeI1OYpYWIct7YfzJL7eRiU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.191.0/24
193.124.5.0/24
194.87.12.0/24
194.87.22.0/24
194.87.40.0/24
194.87.124.0/24
194.87.136.0/24
194.87.142.0/24
194.87.150.0/24
194.87.169.0/24
194.87.185.0/24
195.133.6.0/24
195.133.42.0/23
195.133.72.0/24
195.133.85.0/24
212.193.14.0/24
Signature Algorithm: sha256WithRSAEncryption
6a:8b:6f:40:cf:8e:ae:0b:99:a4:d0:45:cb:08:92:35:fa:2e:
14:a9:33:93:48:45:a8:76:e5:8e:8c:37:24:ce:01:38:7c:3b:
83:ed:5b:ec:c5:10:40:19:6a:20:fc:49:7d:dc:af:83:07:55:
d1:da:ac:11:b6:b3:ef:b6:3b:1d:d1:0b:e7:45:c5:cd:a1:b8:
6a:ec:cd:71:d0:5e:b9:c4:b3:d4:50:aa:15:23:e2:75:20:06:
6f:8e:ff:3b:4a:02:37:08:9b:d3:3b:0a:55:97:f0:d6:87:91:
9c:7f:5b:33:de:67:eb:e5:af:ad:e0:d1:25:02:80:1e:20:66:
a1:ce:ff:45:d1:85:dd:5b:bc:6a:3a:d9:60:94:63:d5:88:23:
72:08:cc:71:71:b6:7f:df:99:e9:d8:12:6f:be:e8:ea:4a:51:
ec:b7:b4:3f:c1:0a:ef:30:ce:ac:e5:9c:47:31:b1:2e:56:0e:
c0:7d:14:4b:25:02:18:98:3e:6d:48:37:96:2a:e3:09:ca:cf:
0d:21:f8:e4:84:66:22:c8:a9:98:f1:8f:1d:bf:4c:ef:23:f0:
7b:46:41:77:eb:3d:41:09:b9:0b:f2:37:dc:7b:6d:6b:f2:dd:
d4:24:c7:3b:c5:ff:16:50:f5:6f:5b:16:21:8c:57:41:03:54:
19:39:5a:fb
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZm47ZCpSXdqo1fiHHXEUbOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUxMDA2MDk1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjRkNTQzMWUyMzUzOThhNTg1ODg3MmRlZDg3ZjMyNGJlZGU0NjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5U8Xflz2aEI6+QoTn1SHZGdFVG2t
JLNAsDHX+a7XqsyLwVPa27AIM2HpkjPiglIiiVfmYQIg79YrqHw+7gAJ5fZBsRTP
FBdvEVeNbfwOAOutr8RPqffthZXRCOhXmRQJqQMKtYRnzYpEFOVlWAcPBOOQbHe0
FnNpoK6MU7fCc7yNd67jfLph/pI12uEy8nWSBiYSgPyXbmeA71joNOWz0U2FK0Ns
8tb77W4PIkxwzaZuEJQtrd9RnZDIZnGI10ALLUfmcSB4O7bjQXJHwIsX0PiCCeud
w9/WEOuusYTuV94xjQvpZl9aCZaN8Gh5H4q/p39lL7oqAdY7gysEzZvaBQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFD9NVDHiNTmKWFiHLe2H8yS+3kYlMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUDAxVU1lSTFPWXBZV0ljdDdZZnpKTDdlUmlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAwHy/AwQA
wXwFAwQAwlcMAwQAwlcWAwQAwlcoAwQAwld8AwQAwleIAwQAwleOAwQAwleWAwQA
wlepAwQAwle5AwQAw4UGAwQBw4UqAwQAw4VIAwQAw4VVAwQA1MEOMA0GCSqGSIb3
DQEBCwUAA4IBAQBqi29Az46uC5mk0EXLCJI1+i4UqTOTSEWoduWOjDckzgE4fDuD
7VvsxRBAGWog/El93K+DB1XR2qwRtrPvtjsd0QvnRcXNobhq7M1x0F65xLPUUKoV
I+J1IAZvjv87SgI3CJvTOwpVl/DWh5Gcf1sz3mfr5a+t4NElAoAeIGahzv9F0YXd
W7xqOtlglGPViCNyCMxxcbZ/35np2BJvvujqSlHst7Q/wQrvMM6s5ZxHMbEuVg7A
fRRLJQIYmD5tSDeWKuMJys8NIfjkhGYiyKmY8Y8dv0zvI/B7RkF36z1BCbkL8jfc
e21r8t3UJMc7xf8WUPVvWxYhjFdBA1QZOVr7
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:14:55 2025 by rpki-client