Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/al8koS69bS-s8w2qJPy0DIH-LdM.roa
File: al8koS69bS-s8w2qJPy0DIH-LdM.roa (raw, json)
Hash identifier: 8dyaX5bVUEeKp0uMU4rnBV4TQ+sOGF79J4YeMsznYDw=
Subject key identifier: 6A:5F:24:A1:2E:BD:6D:2F:AC:F3:0D:AA:24:FC:B4:0C:81:FE:2D:D3
Certificate issuer: /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial: 0199531BD00CBC65BAABA31599D01F8D361C
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/al8koS69bS-s8w2qJPy0DIH-LdM.roa
Signing time: Tue 16 Sep 2025 15:19:15 +0000
ROA not before: Tue 16 Sep 2025 15:19:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62206
IP address blocks: 94.154.40.0/22 maxlen: 24
94.154.40.0/24 maxlen: 24
94.154.41.0/24 maxlen: 24
94.154.42.0/24 maxlen: 24
94.154.43.0/24 maxlen: 24
94.154.44.0/24 maxlen: 24
94.154.45.0/24 maxlen: 24
94.154.46.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:53:1b:d0:0c:bc:65:ba:ab:a3:15:99:d0:1f:8d:36:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Validity
Not Before: Sep 16 15:19:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6a5f24a12ebd6d2facf30daa24fcb40c81fe2dd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:52:3a:70:7b:5c:19:ba:44:a4:c7:fd:ab:2e:
e8:00:a3:91:d1:65:da:ca:3c:1f:36:74:bb:d6:91:
54:57:43:75:d8:2d:a4:f5:b0:17:68:81:ed:e4:70:
54:d6:63:e9:a1:f3:14:49:81:0a:c0:56:21:b8:21:
d8:27:4b:52:f5:90:5f:6c:66:05:be:12:f5:83:ba:
c3:dd:31:4c:cf:e4:5d:42:ca:2a:d0:14:50:57:7d:
bd:8a:13:d5:a1:ee:91:70:f0:68:9f:b6:95:fc:e5:
ac:96:34:ea:6a:e8:3e:34:e3:43:48:e1:14:62:17:
93:02:4e:a1:25:eb:b0:53:b1:bb:55:59:be:6e:dd:
6a:16:4b:24:9f:70:33:82:51:8d:84:4f:6f:c6:c8:
cd:7c:d4:f6:ec:96:ea:36:d4:a6:93:f0:fb:bd:2a:
38:e6:7e:a2:1a:1f:00:f5:df:46:ac:a7:55:35:d9:
22:e3:fe:2a:15:65:fd:7c:45:9a:ff:42:90:5e:f8:
83:14:b7:26:0c:be:e5:14:89:38:f1:13:6d:9f:b5:
91:12:5e:b9:d2:05:16:f2:fe:2b:74:2c:bb:12:a1:
fa:91:0e:40:f0:36:a9:6c:c6:06:d8:b3:f1:58:40:
c4:29:ec:90:0a:79:13:f6:b6:e2:26:e4:3a:51:6e:
ff:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:5F:24:A1:2E:BD:6D:2F:AC:F3:0D:AA:24:FC:B4:0C:81:FE:2D:D3
X509v3 Authority Key Identifier:
keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/al8koS69bS-s8w2qJPy0DIH-LdM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.154.40.0-94.154.46.255
Signature Algorithm: sha256WithRSAEncryption
92:8b:c8:0b:76:89:9f:d1:35:c5:fd:5e:f4:14:d0:4c:b5:67:
52:a2:a7:21:c3:d2:7e:f2:a4:55:7b:d6:56:bf:a2:f3:26:46:
78:3a:15:e3:a2:25:67:4d:6c:95:a2:38:be:b0:90:67:14:0f:
9b:b5:8b:78:f6:af:b2:33:15:8c:2c:ec:74:05:7f:5b:12:07:
48:bd:4f:7b:f5:7c:c2:48:4f:33:ee:ca:eb:95:ee:02:0b:b9:
be:32:64:d2:d5:1c:8e:6f:39:0b:28:92:5d:cd:21:1a:f7:6a:
fd:1c:7e:57:7d:57:99:35:08:93:e7:30:f3:2f:ae:36:1d:ba:
c5:89:66:bc:d9:5b:43:a9:38:dd:39:ed:cc:9d:a9:66:01:10:
d4:44:ac:75:df:d5:2e:ae:58:df:c9:b2:dc:07:dc:b2:f2:ba:
59:23:57:70:8d:e2:83:84:fe:58:3e:a1:5a:66:3b:99:c6:99:
fb:9b:f9:a5:f7:f2:41:e1:be:f7:11:5a:11:c7:1b:72:fc:1e:
13:a0:b1:e4:94:41:55:0a:ca:19:21:b3:53:67:ba:3b:b9:bd:
83:3a:2a:bd:b6:28:de:4a:52:55:35:77:2f:ca:8c:94:d3:46:
24:91:93:78:8d:88:24:b0:ad:f2:bc:3a:65:f1:59:8c:3d:57:
d8:22:0e:ab
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZlTG9AMvGW6q6MVmdAfjTYcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjUwOTE2MTUxOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTVmMjRhMTJlYmQ2ZDJmYWNmMzBkYWEyNGZjYjQwYzgxZmUyZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5lI6cHtcGbpEpMf9qy7oAKOR0WXa
yjwfNnS71pFUV0N12C2k9bAXaIHt5HBU1mPpofMUSYEKwFYhuCHYJ0tS9ZBfbGYF
vhL1g7rD3TFMz+RdQsoq0BRQV329ihPVoe6RcPBon7aV/OWsljTqaug+NONDSOEU
YheTAk6hJeuwU7G7VVm+bt1qFkskn3AzglGNhE9vxsjNfNT27JbqNtSmk/D7vSo4
5n6iGh8A9d9GrKdVNdki4/4qFWX9fEWa/0KQXviDFLcmDL7lFIk48RNtn7WREl65
0gUW8v4rdCy7EqH6kQ5A8DapbMYG2LPxWEDEKeyQCnkT9rbiJuQ6UW7/EQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGpfJKEuvW0vrPMNqiT8tAyB/i3TMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvYWw4a29TNjliUy1zOHcycUpQeTBESUgtTGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANemigD
BABemi4wDQYJKoZIhvcNAQELBQADggEBAJKLyAt2iZ/RNcX9XvQU0Ey1Z1KipyHD
0n7ypFV71la/ovMmRng6FeOiJWdNbJWiOL6wkGcUD5u1i3j2r7IzFYws7HQFf1sS
B0i9T3v1fMJITzPuyuuV7gILub4yZNLVHI5vOQsokl3NIRr3av0cfld9V5k1CJPn
MPMvrjYdusWJZrzZW0OpON057cydqWYBENRErHXf1S6uWN/JstwH3LLyulkjV3CN
4oOE/lg+oVpmO5nGmfub+aX38kHhvvcRWhHHG3L8HhOgseSUQVUKyhkhs1Nnuju5
vYM6Kr22KN5KUlU1dy/KjJTTRiSRk3iNiCSwrfK8OmXxWYw9V9giDqs=
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:06 2025 by rpki-client