Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/iRJZJUB_Q9Rbk-ME4jiTLf6hNxc.roa
File: iRJZJUB_Q9Rbk-ME4jiTLf6hNxc.roa (raw, json)
Hash identifier: 2zYAYShfq2Mzmg6+T8GTDXLJqmkANEq8kuuaXLmCpzU=
Subject key identifier: 89:12:59:25:40:7F:43:D4:5B:93:E3:04:E2:38:93:2D:FE:A1:37:17
Certificate issuer: /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial: 0199FEF90F8EDF607617C88962D0FE56DF5E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/iRJZJUB_Q9Rbk-ME4jiTLf6hNxc.roa
Signing time: Mon 20 Oct 2025 00:15:59 +0000
ROA not before: Mon 20 Oct 2025 00:15:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47263
IP address blocks: 5.175.238.0/24 maxlen: 24
5.231.20.0/23 maxlen: 23
5.231.20.0/24 maxlen: 24
5.231.21.0/24 maxlen: 24
5.231.47.0/24 maxlen: 24
77.90.37.0/24 maxlen: 24
89.144.31.0/24 maxlen: 24
94.103.164.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:fe:f9:0f:8e:df:60:76:17:c8:89:62:d0:fe:56:df:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
Validity
Not Before: Oct 20 00:15:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=89125925407f43d45b93e304e238932dfea13717
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:1d:ad:14:e4:70:23:d1:c4:37:e1:2c:30:63:
65:7d:b0:8e:2d:e0:e3:dc:6e:b3:8f:be:1e:39:64:
3f:51:e7:fe:c1:20:fd:ca:0f:ca:f8:c1:0a:c8:58:
5a:40:61:e7:a9:89:f7:68:07:2e:73:64:2d:72:64:
14:e5:1a:e2:63:da:fe:51:af:c5:57:70:9d:6e:e4:
12:8d:91:3e:12:85:aa:cd:34:69:34:f4:13:fa:be:
a2:82:a5:00:2e:39:b9:8e:17:83:0e:41:60:5b:a4:
ac:bf:a3:45:a3:15:c7:04:3c:d1:a0:94:da:82:53:
a6:d3:c4:41:cc:23:a5:56:fc:95:06:b4:74:27:0d:
93:2c:69:ca:aa:6a:80:6d:e5:59:39:66:3d:86:be:
d1:a0:24:f8:dd:cf:9d:9c:0f:5f:75:12:56:8c:c4:
3f:cb:16:87:7d:09:2b:3b:68:5a:97:f8:b6:73:46:
80:30:35:49:e8:81:a1:51:9b:9f:16:ec:08:cc:3a:
ab:47:10:f8:2b:20:62:6b:36:50:c6:d3:df:eb:7c:
95:b1:ce:e0:13:93:ea:69:0c:b6:bb:4d:c7:db:89:
1d:01:b5:d4:a3:f9:d9:14:03:6f:b7:f8:8f:b5:4a:
cc:2a:01:e7:2d:fe:21:10:65:a4:79:24:29:a6:c7:
a6:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:12:59:25:40:7F:43:D4:5B:93:E3:04:E2:38:93:2D:FE:A1:37:17
X509v3 Authority Key Identifier:
keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/iRJZJUB_Q9Rbk-ME4jiTLf6hNxc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.175.238.0/24
5.231.20.0/23
5.231.47.0/24
77.90.37.0/24
89.144.31.0/24
94.103.164.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:fc:0b:8e:44:d0:c2:28:ca:29:ac:03:57:98:88:79:42:0e:
e6:be:06:58:9c:78:9b:ec:89:3e:d7:5c:af:3d:5f:e0:1e:5a:
fe:95:b4:4c:5d:d8:b5:23:e5:50:9f:8c:fd:58:0b:b8:9b:3c:
ff:fd:fa:5b:bf:ed:78:a5:ce:1b:db:09:1d:b5:97:21:ef:9a:
64:a4:1e:57:94:15:f3:45:7d:07:56:fc:49:88:9a:97:01:46:
51:ac:dd:ce:17:b5:3a:23:23:64:6c:8f:05:1d:a1:4f:62:e0:
54:f3:37:7f:dd:af:94:7a:10:a4:97:d0:5c:f7:a0:8b:3f:80:
17:28:c0:ec:34:6e:f1:6d:ea:05:36:8e:e4:52:aa:5a:94:d0:
8b:d3:db:79:38:6d:9d:ad:58:e8:5c:93:d9:94:4a:a0:f5:ae:
e1:34:f5:a5:6c:29:1c:70:e4:3b:92:4b:ad:86:ed:e1:24:a7:
a6:f4:ad:7b:52:50:62:ec:a7:01:3e:2f:d5:2f:71:2e:2e:cd:
3d:83:70:e7:c7:c7:b3:30:43:34:33:d2:79:95:70:e0:b6:a1:
da:93:e3:ca:d6:7d:b8:08:a0:66:99:d4:7f:52:2b:6e:7a:54:
ec:9b:2f:ec:54:d8:5a:14:fb:eb:bb:7f:2e:e6:db:88:b5:81:
2b:5e:a3:d6
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZn++Q+O32B2F8iJYtD+Vt9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMDIwMDAxNTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTEyNTkyNTQwN2Y0M2Q0NWI5M2UzMDRlMjM4OTMyZGZlYTEzNzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtB2tFORwI9HEN+EsMGNlfbCOLeDj
3G6zj74eOWQ/Uef+wSD9yg/K+MEKyFhaQGHnqYn3aAcuc2QtcmQU5RriY9r+Ua/F
V3CdbuQSjZE+EoWqzTRpNPQT+r6igqUALjm5jheDDkFgW6Ssv6NFoxXHBDzRoJTa
glOm08RBzCOlVvyVBrR0Jw2TLGnKqmqAbeVZOWY9hr7RoCT43c+dnA9fdRJWjMQ/
yxaHfQkrO2hal/i2c0aAMDVJ6IGhUZufFuwIzDqrRxD4KyBiazZQxtPf63yVsc7g
E5PqaQy2u03H24kdAbXUo/nZFANvt/iPtUrMKgHnLf4hEGWkeSQppsemswIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIkSWSVAf0PUW5PjBOI4ky3+oTcXMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvaVJKWkpVQl9ROVJiay1NRTRqaVRMZjZoTnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQABa/uAwQB
BecUAwQABecvAwQATVolAwQAWZAfAwQAXmekMA0GCSqGSIb3DQEBCwUAA4IBAQCO
/AuORNDCKMoprANXmIh5Qg7mvgZYnHib7Ik+11yvPV/gHlr+lbRMXdi1I+VQn4z9
WAu4mzz//fpbv+14pc4b2wkdtZch75pkpB5XlBXzRX0HVvxJiJqXAUZRrN3OF7U6
IyNkbI8FHaFPYuBU8zd/3a+UehCkl9Bc96CLP4AXKMDsNG7xbeoFNo7kUqpalNCL
09t5OG2drVjoXJPZlEqg9a7hNPWlbCkccOQ7kkuthu3hJKem9K17UlBi7KcBPi/V
L3EuLs09g3Dnx8ezMEM0M9J5lXDgtqHak+PK1n24CKBmmdR/UituelTsmy/sVNha
FPvru38u5tuItYErXqPW
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:26:56 2025 by rpki-client