Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/AEr7526r87jMmzyFU6AhzO2yzJs.roa
File: AEr7526r87jMmzyFU6AhzO2yzJs.roa (raw, json)
Hash identifier: FaU9GigNrTflXT80XzjmUalvFoH7j0+xf5GqgvZ8viI=
Subject key identifier: 00:4A:FB:E7:6E:AB:F3:B8:CC:9B:3C:85:53:A0:21:CC:ED:B2:CC:9B
Certificate issuer: /CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
Certificate serial: 01995A73130AFC99CBBA2122A017EE3BED28
Authority key identifier: 30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/AEr7526r87jMmzyFU6AhzO2yzJs.roa
Signing time: Thu 18 Sep 2025 01:31:54 +0000
ROA not before: Thu 18 Sep 2025 01:31:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202348
IP address blocks: 91.240.89.0/24 maxlen: 24
2a13:141:2::/48 maxlen: 48
2a13:141:4::/48 maxlen: 48
2a13:141:11::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl
rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.mft
rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:5a:73:13:0a:fc:99:cb:ba:21:22:a0:17:ee:3b:ed:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
Validity
Not Before: Sep 18 01:31:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=004afbe76eabf3b8cc9b3c8553a021ccedb2cc9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:77:42:37:3b:7e:87:a3:d4:8b:a6:9f:1e:c1:
58:fc:fc:01:21:59:27:95:d8:80:c9:a9:35:40:ad:
ec:7f:3e:ca:a9:e4:f9:26:0b:3a:56:2b:f9:f8:50:
59:36:13:f8:ef:60:54:a9:da:a9:7b:a4:e0:6a:95:
ca:b2:35:ae:86:17:bc:28:32:75:3b:e8:62:31:8a:
7b:3d:6d:ad:46:83:59:e8:85:6d:8d:f9:fc:45:bb:
96:55:38:a6:cb:78:47:16:28:bf:35:6e:ce:02:e3:
99:aa:a5:47:d6:c2:43:84:1c:71:db:2a:87:50:d9:
96:96:0f:e8:4c:b6:bf:64:bf:64:d9:bd:ed:df:fe:
87:a4:7e:fc:71:45:9c:0e:cd:f2:45:a5:5e:e0:c8:
f4:77:58:94:7e:51:96:47:46:29:c5:c9:33:26:62:
d0:11:13:14:d9:1f:db:68:5e:29:b4:c5:5e:64:ef:
6b:ad:af:ab:3d:b2:12:76:a2:b1:a6:af:42:60:0d:
34:1e:a9:7e:48:70:d6:52:d0:99:5d:21:8f:47:0d:
93:22:fb:f0:1f:56:b9:7a:35:3d:6e:26:cb:0a:fa:
15:47:7c:05:ae:7c:93:2f:cd:6e:02:9d:63:96:83:
63:f3:a2:73:6d:14:6c:33:b8:bd:14:ce:ac:d4:e4:
4b:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:4A:FB:E7:6E:AB:F3:B8:CC:9B:3C:85:53:A0:21:CC:ED:B2:CC:9B
X509v3 Authority Key Identifier:
keyid:30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/AEr7526r87jMmzyFU6AhzO2yzJs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.240.89.0/24
IPv6:
2a13:141:2::/48
2a13:141:4::/48
2a13:141:11::/48
Signature Algorithm: sha256WithRSAEncryption
86:97:a2:15:34:4b:34:00:69:e1:98:15:1e:7b:55:46:63:26:
2b:16:e5:54:ac:14:38:3d:6a:0e:c3:10:2c:b3:d6:75:ec:b5:
8d:d7:c8:d6:af:6c:a6:df:a7:dd:0e:e3:a0:a5:97:a5:73:0a:
cf:76:4f:35:e5:b0:e1:99:0c:e4:2a:ea:92:5e:96:f3:5f:38:
ed:83:12:95:53:cc:2a:bd:8a:59:1d:55:e0:6c:8e:ad:73:a7:
7f:84:3b:3a:0e:f9:e8:1f:3e:b4:f2:2e:ba:f2:c5:c7:ee:3f:
9e:a0:22:f7:c9:ca:5d:9e:93:4b:d4:ab:bb:8d:41:cd:31:a3:
95:73:1c:cc:bd:fe:12:76:65:20:26:7d:b8:47:a2:bc:31:6b:
1a:c3:66:1d:ee:96:5a:a2:75:0e:25:aa:ec:d6:3f:8d:66:80:
b2:be:57:19:35:66:3b:a9:36:d6:75:d6:bd:36:8b:43:0a:92:
e8:3e:c5:2a:e2:a1:d5:eb:d4:82:8a:1b:e8:3a:20:56:38:e0:
2a:42:fe:2a:47:4b:58:a0:ca:3c:7d:d5:02:4e:9b:bc:73:48:
1f:cd:76:69:bb:fd:a0:4f:d6:1b:a6:bc:46:94:80:ef:e0:3f:
34:04:56:4d:a8:50:2e:26:56:30:16:88:eb:94:52:c7:87:15:
60:6b:f9:b9
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZlacxMK/JnLuiEioBfuO+0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDU4ZTQwYzZkOTFmMzcyOWU1N2UzMzQ0ZDMwOGI1OTky
ZmU0NmUwHhcNMjUwOTE4MDEzMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDRhZmJlNzZlYWJmM2I4Y2M5YjNjODU1M2EwMjFjY2VkYjJjYzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3dCNzt+h6PUi6afHsFY/PwBIVkn
ldiAyak1QK3sfz7KqeT5Jgs6Viv5+FBZNhP472BUqdqpe6TgapXKsjWuhhe8KDJ1
O+hiMYp7PW2tRoNZ6IVtjfn8RbuWVTimy3hHFii/NW7OAuOZqqVH1sJDhBxx2yqH
UNmWlg/oTLa/ZL9k2b3t3/6HpH78cUWcDs3yRaVe4Mj0d1iUflGWR0YpxckzJmLQ
ERMU2R/baF4ptMVeZO9rra+rPbISdqKxpq9CYA00Hql+SHDWUtCZXSGPRw2TIvvw
H1a5ejU9bibLCvoVR3wFrnyTL81uAp1jloNj86JzbRRsM7i9FM6s1ORLSwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFABK++duq/O4zJs8hVOgIcztssybMB8GA1UdIwQY
MBaAFDDVjkDG2R83KeV+M0TTCLWZL+RuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEt
ZjgyYjcwZDhhMGE3LzEvQUVyNzUyNnI4N2pNbXp5RlU2QWh6TzJ5ekpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEtZjgyYjcwZDhhMGE3
LzEvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAMBAIAATAGAwQAW/BZMCEE
AgACMBsDBwAqEwFBAAIDBwAqEwFBAAQDBwAqEwFBABEwDQYJKoZIhvcNAQELBQAD
ggEBAIaXohU0SzQAaeGYFR57VUZjJisW5VSsFDg9ag7DECyz1nXstY3XyNavbKbf
p90O46Cll6VzCs92TzXlsOGZDOQq6pJelvNfOO2DEpVTzCq9ilkdVeBsjq1zp3+E
OzoO+egfPrTyLrryxcfuP56gIvfJyl2ek0vUq7uNQc0xo5VzHMy9/hJ2ZSAmfbhH
orwxaxrDZh3ullqidQ4lquzWP41mgLK+Vxk1ZjupNtZ11r02i0MKkug+xSriodXr
1IKKG+g6IFY44CpC/ipHS1igyjx91QJOm7xzSB/Ndmm7/aBP1humvEaUgO/gPzQE
Vk2oUC4mVjAWiOuUUseHFWBr+bk=
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:16:00 2025 by rpki-client