Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/1aXSgr_gUgovXfJiITFePiXzxSk.roa
File: 1aXSgr_gUgovXfJiITFePiXzxSk.roa (raw, json)
Hash identifier: jkxbT1LZqZ8DIR9TrEhNrVWEu3vyrY3VEx/71A/Vpxo=
Subject key identifier: D5:A5:D2:82:BF:E0:52:0A:2F:5D:F2:62:21:31:5E:3E:25:F3:C5:29
Certificate issuer: /CN=21cb2ac377fc603f95faecc54ac7d590f2cc319d
Certificate serial: 0199DDF0ECD1526DD20867F3EB59BA41EB93
Authority key identifier: 21:CB:2A:C3:77:FC:60:3F:95:FA:EC:C5:4A:C7:D5:90:F2:CC:31:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/1aXSgr_gUgovXfJiITFePiXzxSk.roa
Signing time: Mon 13 Oct 2025 14:19:38 +0000
ROA not before: Mon 13 Oct 2025 14:19:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16347
IP address blocks: 91.212.26.0/24 maxlen: 24
185.177.44.0/24 maxlen: 24
2a0a:2f80::/32 maxlen: 32
2a0a:2f81::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.crl
rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:dd:f0:ec:d1:52:6d:d2:08:67:f3:eb:59:ba:41:eb:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21cb2ac377fc603f95faecc54ac7d590f2cc319d
Validity
Not Before: Oct 13 14:19:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d5a5d282bfe0520a2f5df26221315e3e25f3c529
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:34:77:5d:f4:fe:57:ae:93:7c:3d:26:8d:6c:
b0:33:7d:f9:df:9a:68:58:82:ef:98:26:61:dd:ba:
51:7e:aa:d6:32:43:6a:f8:3b:37:2f:5e:34:1e:56:
06:b9:c6:92:6d:87:69:93:08:6e:88:0f:46:51:b0:
31:05:c8:ff:ae:6c:55:98:ec:07:53:cc:0d:12:ed:
76:b8:15:b5:46:5a:ad:18:95:b4:40:49:a1:30:67:
26:a5:9f:c5:e1:fa:a5:36:30:f3:36:84:19:76:45:
22:de:a2:38:e7:6b:00:4d:01:bb:d9:0b:3e:ac:34:
5b:73:99:2c:a1:b8:2f:a2:a2:10:43:b5:51:cc:d8:
85:c3:6e:6a:ac:61:cf:c7:1e:d7:56:32:dc:7f:4b:
60:20:29:17:7f:5e:37:8f:81:b6:75:dd:b5:78:76:
d9:6f:83:b2:b4:12:6c:85:8a:93:4c:9b:3f:2d:c4:
c2:14:a3:c4:94:f7:0e:28:f5:10:71:8d:87:cd:98:
60:18:dd:25:02:8f:69:7f:2c:20:d5:c2:25:1e:11:
6a:e7:2e:42:92:30:40:c1:c9:0b:d8:08:c4:89:31:
26:f1:61:81:c3:3b:fc:ea:ac:82:69:dc:1e:3b:40:
9f:77:a0:b8:5c:2f:ad:28:49:00:b1:3b:80:5d:8c:
cc:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:A5:D2:82:BF:E0:52:0A:2F:5D:F2:62:21:31:5E:3E:25:F3:C5:29
X509v3 Authority Key Identifier:
keyid:21:CB:2A:C3:77:FC:60:3F:95:FA:EC:C5:4A:C7:D5:90:F2:CC:31:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/1aXSgr_gUgovXfJiITFePiXzxSk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.212.26.0/24
185.177.44.0/24
IPv6:
2a0a:2f80::/31
Signature Algorithm: sha256WithRSAEncryption
bc:05:58:78:77:b7:d2:1e:05:ad:5a:b8:b0:08:28:c3:88:c7:
15:c6:c4:38:ee:00:1a:3b:73:ce:43:00:62:bd:3c:3d:6e:41:
80:30:ab:b3:a2:a0:84:aa:bd:54:06:28:19:89:da:03:e5:f2:
ca:30:46:d5:d1:b3:26:42:1f:ff:0c:97:c7:dc:56:95:81:a9:
24:d7:6a:90:10:2a:30:86:a6:23:dd:a6:ee:07:6a:12:ec:50:
f7:94:83:8b:58:a2:54:2a:e2:b4:97:ed:e4:d1:be:4c:53:4d:
2c:53:18:a9:b1:2f:6f:ce:73:37:a4:5e:71:80:98:2f:18:fb:
31:fe:92:7a:dc:15:af:1c:58:93:76:9b:da:9b:a8:2c:9d:d3:
93:d2:b1:66:67:70:7a:e8:f0:b0:57:44:25:64:7f:53:50:49:
18:da:6c:7a:81:d9:2f:54:9b:cd:da:f5:91:4f:12:bb:08:d6:
c3:ae:b8:da:d1:39:12:f2:df:ad:18:74:83:a3:72:d5:d0:e5:
f0:db:2b:55:92:5a:0a:b8:6b:76:6c:ed:c4:49:94:c6:58:46:
aa:bd:f4:69:c5:35:6e:74:51:93:04:f4:18:54:5f:71:3b:51:
d8:3b:6c:93:af:be:17:9d:47:41:f6:3d:c2:39:fe:f7:45:3b:
9b:88:c9:41
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZnd8OzRUm3SCGfz61m6QeuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxY2IyYWMzNzdmYzYwM2Y5NWZhZWNjNTRhYzdkNTkwZjJj
YzMxOWQwHhcNMjUxMDEzMTQxOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWE1ZDI4MmJmZTA1MjBhMmY1ZGYyNjIyMTMxNWUzZTI1ZjNjNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTR3XfT+V66TfD0mjWywM33535po
WILvmCZh3bpRfqrWMkNq+Ds3L140HlYGucaSbYdpkwhuiA9GUbAxBcj/rmxVmOwH
U8wNEu12uBW1RlqtGJW0QEmhMGcmpZ/F4fqlNjDzNoQZdkUi3qI452sATQG72Qs+
rDRbc5ksobgvoqIQQ7VRzNiFw25qrGHPxx7XVjLcf0tgICkXf143j4G2dd21eHbZ
b4OytBJshYqTTJs/LcTCFKPElPcOKPUQcY2HzZhgGN0lAo9pfywg1cIlHhFq5y5C
kjBAwckL2AjEiTEm8WGBwzv86qyCadweO0Cfd6C4XC+tKEkAsTuAXYzMcwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNWl0oK/4FIKL13yYiExXj4l88UpMB8GA1UdIwQY
MBaAFCHLKsN3/GA/lfrsxUrH1ZDyzDGdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNzcXczZjhZRC1WLXV6RlNzZlZrUExNTVowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy82N2MyMWQtMGU5Mi00MjQyLTk5NGUt
ZmI0MGQ2ZGEyNDY4LzEvMWFYU2dyX2dVZ292WGZKaUlURmVQaVh6eFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy82N2MyMWQtMGU5Mi00MjQyLTk5NGUtZmI0MGQ2ZGEyNDY4
LzEvSWNzcXczZjhZRC1WLXV6RlNzZlZrUExNTVowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9QaAwQA
ubEsMA0EAgACMAcDBQEqCi+AMA0GCSqGSIb3DQEBCwUAA4IBAQC8BVh4d7fSHgWt
WriwCCjDiMcVxsQ47gAaO3POQwBivTw9bkGAMKuzoqCEqr1UBigZidoD5fLKMEbV
0bMmQh//DJfH3FaVgakk12qQECowhqYj3abuB2oS7FD3lIOLWKJUKuK0l+3k0b5M
U00sUxipsS9vznM3pF5xgJgvGPsx/pJ63BWvHFiTdpvam6gsndOT0rFmZ3B66PCw
V0QlZH9TUEkY2mx6gdkvVJvN2vWRTxK7CNbDrrja0TkS8t+tGHSDo3LV0OXw2ytV
kloKuGt2bO3ESZTGWEaqvfRpxTVudFGTBPQYVF9xO1HYO2yTr74XnUdB9j3COf73
RTubiMlB
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:58:44 2025 by rpki-client