Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/a50c7c-878a-47fd-8107-79f105aef8d6/1/feXIFkXjQ-D3K9RdNEN9AXi3txU.roa
File: feXIFkXjQ-D3K9RdNEN9AXi3txU.roa (raw, json)
Hash identifier: pbHb2pCafG3K6Mcopun8T/bJ0i5xcQ41Kx0DXDfoxEE=
Subject key identifier: 7D:E5:C8:16:45:E3:43:E0:F7:2B:D4:5D:34:43:7D:01:78:B7:B7:15
Certificate issuer: /CN=1f0f78a55a5be5c01db803f438ca611b7f150307
Certificate serial: 019995D6712375BCCF3E11928448960BD06B
Authority key identifier: 1F:0F:78:A5:5A:5B:E5:C0:1D:B8:03:F4:38:CA:61:1B:7F:15:03:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Hw94pVpb5cAduAP0OMphG38VAwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0a/a50c7c-878a-47fd-8107-79f105aef8d6/1/feXIFkXjQ-D3K9RdNEN9AXi3txU.roa
Signing time: Mon 29 Sep 2025 14:18:02 +0000
ROA not before: Mon 29 Sep 2025 14:18:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209653
IP address blocks: 87.120.160.0/23 maxlen: 24
87.121.16.0/23 maxlen: 24
91.220.30.0/24 maxlen: 24
2a00:b500::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0a/a50c7c-878a-47fd-8107-79f105aef8d6/1/Hw94pVpb5cAduAP0OMphG38VAwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/0a/a50c7c-878a-47fd-8107-79f105aef8d6/1/Hw94pVpb5cAduAP0OMphG38VAwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/Hw94pVpb5cAduAP0OMphG38VAwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:95:d6:71:23:75:bc:cf:3e:11:92:84:48:96:0b:d0:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f0f78a55a5be5c01db803f438ca611b7f150307
Validity
Not Before: Sep 29 14:18:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7de5c81645e343e0f72bd45d34437d0178b7b715
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:cc:c8:c8:4f:ea:f3:ae:46:e4:56:29:02:f7:
8e:38:f8:63:08:4b:25:f4:b6:25:41:c3:18:14:01:
e7:83:2d:86:14:60:e3:76:bf:b3:ef:e6:dd:79:1d:
9c:a5:4f:ea:45:68:8d:88:9d:64:45:6e:53:90:f5:
6b:30:29:27:76:b9:99:c5:46:67:48:3b:47:ba:51:
75:42:3f:5b:32:da:79:3b:bc:97:5b:e6:2b:dd:63:
b3:25:0a:bf:b2:6e:41:06:ac:94:9f:b6:55:e8:58:
ae:5c:15:cd:ff:63:47:f9:c9:8a:c8:91:b7:c9:a0:
ec:c4:48:47:b9:d5:14:9d:c2:6f:60:cb:ca:e8:0c:
c4:53:dc:bc:58:4b:07:71:f6:7b:be:b2:3c:04:4f:
1e:0d:be:c7:63:2b:13:0a:5d:da:6c:d8:05:d7:c1:
14:05:f2:cd:e7:07:07:cf:10:4a:ac:af:d9:5e:1f:
59:5b:a8:34:f1:75:69:54:27:36:cb:c3:ee:6d:90:
af:ef:21:a0:9e:88:cb:0f:b9:e1:20:cc:e3:92:83:
d0:40:3a:1d:db:f2:86:c4:d1:b1:92:63:74:b7:ff:
90:02:67:a3:af:c9:d3:29:00:db:dd:0d:b0:74:ac:
ff:d4:90:da:e3:2d:2a:21:6c:58:10:21:66:e0:05:
6c:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:E5:C8:16:45:E3:43:E0:F7:2B:D4:5D:34:43:7D:01:78:B7:B7:15
X509v3 Authority Key Identifier:
keyid:1F:0F:78:A5:5A:5B:E5:C0:1D:B8:03:F4:38:CA:61:1B:7F:15:03:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hw94pVpb5cAduAP0OMphG38VAwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/a50c7c-878a-47fd-8107-79f105aef8d6/1/feXIFkXjQ-D3K9RdNEN9AXi3txU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/a50c7c-878a-47fd-8107-79f105aef8d6/1/Hw94pVpb5cAduAP0OMphG38VAwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.160.0/23
87.121.16.0/23
91.220.30.0/24
IPv6:
2a00:b500::/32
Signature Algorithm: sha256WithRSAEncryption
52:f3:b5:a9:58:58:6d:d3:62:dc:8d:e4:35:fc:bd:8d:c9:29:
1e:76:e5:a1:ed:2f:2a:9d:09:59:d1:7a:82:85:92:50:01:64:
01:68:ce:5c:e3:53:e5:0e:32:bd:98:75:c9:02:41:17:20:02:
aa:6e:68:ad:30:dc:ed:90:7b:0b:83:cc:ca:63:bd:66:8e:9d:
d5:1d:5c:78:27:f2:71:00:c3:a2:5e:39:ce:4f:df:27:4f:27:
00:30:b2:18:82:f3:b2:6e:ba:11:c1:54:74:d1:c6:e1:94:54:
3c:15:64:3c:7a:35:ad:ec:38:4a:bc:67:70:53:2f:b3:04:6d:
bc:38:d9:f8:a9:c2:b6:ad:2f:77:04:a2:74:d4:18:63:f0:1f:
bd:e8:44:a6:21:cd:19:81:55:cf:7e:e5:aa:64:10:c0:0e:ef:
13:59:17:0c:08:a2:96:87:26:1b:8f:52:8a:ee:e9:7a:c4:b7:
62:51:8d:9f:b4:e2:c6:57:50:11:17:96:1c:05:b2:d8:78:19:
8c:6c:08:49:36:04:93:e9:70:d9:46:0e:16:7e:73:40:b3:24:
83:a2:58:1e:3f:c2:b5:93:20:34:a9:84:34:38:e9:45:02:bf:
5a:13:93:36:9c:8e:ec:6c:a7:25:c0:43:d5:a9:08:b4:2c:50:
0d:d5:0f:f4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZmV1nEjdbzPPhGShEiWC9BrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMGY3OGE1NWE1YmU1YzAxZGI4MDNmNDM4Y2E2MTFiN2Yx
NTAzMDcwHhcNMjUwOTI5MTQxODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGU1YzgxNjQ1ZTM0M2UwZjcyYmQ0NWQzNDQzN2QwMTc4YjdiNzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8zIyE/q865G5FYpAveOOPhjCEsl
9LYlQcMYFAHngy2GFGDjdr+z7+bdeR2cpU/qRWiNiJ1kRW5TkPVrMCkndrmZxUZn
SDtHulF1Qj9bMtp5O7yXW+Yr3WOzJQq/sm5BBqyUn7ZV6FiuXBXN/2NH+cmKyJG3
yaDsxEhHudUUncJvYMvK6AzEU9y8WEsHcfZ7vrI8BE8eDb7HYysTCl3abNgF18EU
BfLN5wcHzxBKrK/ZXh9ZW6g08XVpVCc2y8PubZCv7yGgnojLD7nhIMzjkoPQQDod
2/KGxNGxkmN0t/+QAmejr8nTKQDb3Q2wdKz/1JDa4y0qIWxYECFm4AVsOQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFH3lyBZF40Pg9yvUXTRDfQF4t7cVMB8GA1UdIwQY
MBaAFB8PeKVaW+XAHbgD9DjKYRt/FQMHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHc5NHBWcGI1Y0FkdUFQME9NcGhHMzhWQXdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9hNTBjN2MtODc4YS00N2ZkLTgxMDct
NzlmMTA1YWVmOGQ2LzEvZmVYSUZrWGpRLUQzSzlSZE5FTjlBWGkzdHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9hNTBjN2MtODc4YS00N2ZkLTgxMDctNzlmMTA1YWVmOGQ2
LzEvSHc5NHBWcGI1Y0FkdUFQME9NcGhHMzhWQXdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBV3igAwQB
V3kQAwQAW9weMA0EAgACMAcDBQAqALUAMA0GCSqGSIb3DQEBCwUAA4IBAQBS87Wp
WFht02LcjeQ1/L2NySkeduWh7S8qnQlZ0XqChZJQAWQBaM5c41PlDjK9mHXJAkEX
IAKqbmitMNztkHsLg8zKY71mjp3VHVx4J/JxAMOiXjnOT98nTycAMLIYgvOybroR
wVR00cbhlFQ8FWQ8ejWt7DhKvGdwUy+zBG28ONn4qcK2rS93BKJ01Bhj8B+96ESm
Ic0ZgVXPfuWqZBDADu8TWRcMCKKWhyYbj1KK7ul6xLdiUY2ftOLGV1ARF5YcBbLY
eBmMbAhJNgST6XDZRg4WfnNAsySDolgeP8K1kyA0qYQ0OOlFAr9aE5M2nI7sbKcl
wEPVqQi0LFAN1Q/0
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:50:12 2025 by rpki-client