Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/RiAjvvXs-bKn0uvcReZD6TgI_kE.roa
File: RiAjvvXs-bKn0uvcReZD6TgI_kE.roa (raw, json)
Hash identifier: v7x2MHjHDj3Do43R2jIjE1U3WWSCVGbO+STW7f8Hkic=
Subject key identifier: 46:20:23:BE:F5:EC:F9:B2:A7:D2:EB:DC:45:E6:43:E9:38:08:FE:41
Certificate issuer: /CN=9ff1503210fe06ed35490b0231dbdb5967e12987
Certificate serial: 0199A9B457A0C728F03FB2CD067AF3D15240
Authority key identifier: 9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/RiAjvvXs-bKn0uvcReZD6TgI_kE.roa
Signing time: Fri 03 Oct 2025 10:53:12 +0000
ROA not before: Fri 03 Oct 2025 10:53:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56465
IP address blocks: 31.128.172.0/24 maxlen: 24
31.128.174.0/23 maxlen: 24
31.128.182.0/24 maxlen: 24
94.124.162.0/24 maxlen: 24
94.124.163.0/24 maxlen: 24
94.124.165.0/24 maxlen: 24
94.124.167.0/24 maxlen: 24
195.140.224.0/24 maxlen: 24
195.140.225.0/24 maxlen: 24
195.140.226.0/24 maxlen: 24
195.140.227.0/24 maxlen: 24
2a0c:29c1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.mft
rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:a9:b4:57:a0:c7:28:f0:3f:b2:cd:06:7a:f3:d1:52:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9ff1503210fe06ed35490b0231dbdb5967e12987
Validity
Not Before: Oct 3 10:53:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=462023bef5ecf9b2a7d2ebdc45e643e93808fe41
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:22:40:e4:0a:cb:5e:a7:fa:f6:63:47:73:ad:
2e:e0:d6:22:a9:ce:9b:3d:d3:58:70:2b:d4:b1:27:
23:05:73:24:bd:a6:ad:ba:bf:f1:53:33:c8:24:6e:
5c:04:3c:de:04:a1:81:4c:72:12:86:e7:23:e0:d8:
b7:b0:ee:94:4a:9e:15:24:34:b3:7b:41:59:05:51:
9b:05:d0:84:12:f0:78:d3:a9:07:0b:5e:2c:aa:f4:
35:a5:2e:ec:24:db:c8:14:12:35:c3:45:eb:1b:f2:
6b:18:5d:d4:e6:6a:2c:db:33:20:58:46:89:46:38:
ba:64:20:75:ec:6a:22:16:9d:31:bd:99:c4:87:59:
f3:4d:66:d4:ac:fc:a6:ca:97:ff:62:59:4b:f3:7a:
0d:e8:12:12:46:87:90:7e:0e:eb:a6:98:7e:08:9a:
d7:da:a8:1a:7d:d4:24:80:dc:d4:30:dc:1e:64:a3:
4c:bd:56:7a:07:78:89:11:7f:33:6e:70:d3:03:a3:
5a:53:8e:bc:8d:53:12:55:ef:02:ae:b0:f3:12:b2:
3f:f5:b3:c5:f5:d7:95:1b:3e:d6:9f:c8:36:51:8a:
11:a0:e8:b4:88:bf:e2:4e:20:31:ac:0c:54:72:30:
22:b5:e3:fc:4e:46:e9:29:88:fa:dc:67:ea:d1:60:
1a:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:20:23:BE:F5:EC:F9:B2:A7:D2:EB:DC:45:E6:43:E9:38:08:FE:41
X509v3 Authority Key Identifier:
keyid:9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/RiAjvvXs-bKn0uvcReZD6TgI_kE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.128.172.0/24
31.128.174.0/23
31.128.182.0/24
94.124.162.0/23
94.124.165.0/24
94.124.167.0/24
195.140.224.0/22
IPv6:
2a0c:29c1::/32
Signature Algorithm: sha256WithRSAEncryption
75:05:b8:7c:71:94:93:c7:a9:94:ab:de:d9:a2:f0:a9:fd:54:
cd:ea:49:22:77:7e:e5:ec:0c:72:50:e4:78:cd:2f:e4:64:1a:
97:2f:a2:d7:18:ee:3c:7d:5a:11:5c:65:b5:8b:c7:6d:3b:bc:
35:7a:ca:7c:8d:76:be:31:de:a0:cd:92:af:63:d1:ec:f6:bd:
72:aa:30:1f:27:a3:be:15:4e:a7:e0:d1:bd:f6:5c:e8:64:eb:
8e:0d:ed:80:9e:71:fc:84:c5:59:3a:47:74:c9:62:bc:2f:b8:
d6:d4:d2:45:7c:23:04:6a:d6:cf:46:f9:6c:15:37:73:c3:c8:
ee:8d:f7:29:f1:1d:4a:2a:1c:1e:5c:d4:4d:98:7a:49:ea:55:
9d:d3:f7:ca:96:c7:6f:f6:87:ff:b8:d1:d8:d3:d1:96:76:b6:
20:7d:57:fe:9b:51:fe:43:46:be:63:d2:2e:0c:90:29:c4:37:
30:39:71:bc:62:27:c1:cf:e8:8c:73:ab:a1:56:96:81:fb:19:
6c:8c:cf:d7:a5:30:0b:95:1c:1f:74:ec:27:da:ea:f4:0f:99:
8f:68:4d:12:8f:cb:ba:c7:c4:39:2e:8f:61:f9:7f:8b:5c:d6:
77:86:cb:36:37:19:2e:e8:91:48:44:20:ec:76:50:2c:f4:45:
19:70:4a:11
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZmptFegxyjwP7LNBnrz0VJAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZjE1MDMyMTBmZTA2ZWQzNTQ5MGIwMjMxZGJkYjU5Njdl
MTI5ODcwHhcNMjUxMDAzMTA1MzEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjIwMjNiZWY1ZWNmOWIyYTdkMmViZGM0NWU2NDNlOTM4MDhmZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyJA5ArLXqf69mNHc60u4NYiqc6b
PdNYcCvUsScjBXMkvaatur/xUzPIJG5cBDzeBKGBTHIShucj4Ni3sO6USp4VJDSz
e0FZBVGbBdCEEvB406kHC14sqvQ1pS7sJNvIFBI1w0XrG/JrGF3U5mos2zMgWEaJ
Rji6ZCB17GoiFp0xvZnEh1nzTWbUrPymypf/YllL83oN6BISRoeQfg7rpph+CJrX
2qgafdQkgNzUMNweZKNMvVZ6B3iJEX8zbnDTA6NaU468jVMSVe8CrrDzErI/9bPF
9deVGz7Wn8g2UYoRoOi0iL/iTiAxrAxUcjAiteP8TkbpKYj63Gfq0WAaIwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFEYgI7717Pmyp9Lr3EXmQ+k4CP5BMB8GA1UdIwQY
MBaAFJ/xUDIQ/gbtNUkLAjHb21ln4SmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAt
NDYzMjJlMDJmMDhkLzEvUmlBanZ2WHMtYktuMHV2Y1JlWkQ2VGdJX2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAtNDYzMjJlMDJmMDhk
LzEvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAH4CsAwQB
H4CuAwQAH4C2AwQBXnyiAwQAXnylAwQAXnynAwQCw4zgMA0EAgACMAcDBQAqDCnB
MA0GCSqGSIb3DQEBCwUAA4IBAQB1Bbh8cZSTx6mUq97ZovCp/VTN6kkid37l7Axy
UOR4zS/kZBqXL6LXGO48fVoRXGW1i8dtO7w1esp8jXa+Md6gzZKvY9Hs9r1yqjAf
J6O+FU6n4NG99lzoZOuODe2AnnH8hMVZOkd0yWK8L7jW1NJFfCMEatbPRvlsFTdz
w8jujfcp8R1KKhweXNRNmHpJ6lWd0/fKlsdv9of/uNHY09GWdrYgfVf+m1H+Q0a+
Y9IuDJApxDcwOXG8YifBz+iMc6uhVpaB+xlsjM/XpTALlRwfdOwn2ur0D5mPaE0S
j8u6x8Q5Lo9h+X+LXNZ3hss2Nxku6JFIRCDsdlAs9EUZcEoR
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:59:19 2025 by rpki-client