Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/KFrQOrOGrx778yQcymTgUx9hD68.roa
File: KFrQOrOGrx778yQcymTgUx9hD68.roa (raw, json)
Hash identifier: cTtECuElVvdbMAGilPAdoZX/Qe3XcmxVm71uJTnN4+A=
Subject key identifier: 28:5A:D0:3A:B3:86:AF:1E:FB:F3:24:1C:CA:64:E0:53:1F:61:0F:AF
Certificate issuer: /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial: 0199767158A0A3B74F10EA1087622552A74B
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/KFrQOrOGrx778yQcymTgUx9hD68.roa
Signing time: Tue 23 Sep 2025 11:59:23 +0000
ROA not before: Tue 23 Sep 2025 11:59:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 395092
IP address blocks: 45.95.16.0/22 maxlen: 22
45.155.36.0/22 maxlen: 22
94.124.160.0/24 maxlen: 24
185.93.220.0/22 maxlen: 24
193.17.56.0/22 maxlen: 22
213.108.246.0/23 maxlen: 23
213.139.204.0/22 maxlen: 22
217.195.152.0/22 maxlen: 22
2a0d:9ec0::/48 maxlen: 48
2a0d:9ec1::/48 maxlen: 48
2a0d:9ec2::/48 maxlen: 48
2a0d:9ec3::/48 maxlen: 48
2a0d:d8c0::/48 maxlen: 48
2a0d:d8c0:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:76:71:58:a0:a3:b7:4f:10:ea:10:87:62:25:52:a7:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Validity
Not Before: Sep 23 11:59:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=285ad03ab386af1efbf3241cca64e0531f610faf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:ad:34:dd:59:ad:4c:5c:02:2e:28:11:ea:b3:
16:a7:7f:c5:db:f2:18:40:37:ba:cd:e7:25:37:cc:
cb:f1:60:72:50:9c:c0:58:a2:0a:99:d4:53:e6:3c:
50:55:f7:d9:f1:f9:cb:69:4e:f3:02:34:83:cb:97:
c7:08:c1:db:f0:fa:d7:b9:b5:51:83:82:85:21:ea:
63:2c:82:fb:75:15:a5:00:8b:93:fa:63:af:27:8f:
ab:4c:ca:cd:3e:73:62:a9:6f:40:9c:81:c0:1e:50:
9c:77:e8:da:7f:c4:84:3b:db:5f:22:38:f3:9a:b8:
9d:0c:48:2c:12:4a:18:71:e7:17:01:fb:6d:f7:72:
fb:f7:89:99:92:16:bd:02:86:a9:8e:4e:89:77:e5:
6e:c2:28:ea:09:46:ee:53:6b:2b:d9:1a:9f:19:4c:
bb:2b:b9:75:a3:67:71:09:74:90:b5:78:0b:6a:bd:
34:b3:75:f2:16:4a:cf:1f:01:b9:6e:d1:01:8f:b9:
c8:a7:70:13:be:2f:c3:aa:a0:d4:e7:ee:a9:6f:07:
b9:a2:2d:88:76:e7:09:4c:1c:22:db:06:f1:45:94:
6e:60:ba:d5:86:6f:92:6e:17:b4:9b:db:29:87:7d:
22:50:c4:a1:74:bc:9e:0d:2f:d9:23:cd:a4:5f:b4:
fe:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:5A:D0:3A:B3:86:AF:1E:FB:F3:24:1C:CA:64:E0:53:1F:61:0F:AF
X509v3 Authority Key Identifier:
keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/KFrQOrOGrx778yQcymTgUx9hD68.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.16.0/22
45.155.36.0/22
94.124.160.0/24
185.93.220.0/22
193.17.56.0/22
213.108.246.0/23
213.139.204.0/22
217.195.152.0/22
IPv6:
2a0d:9ec0::/48
2a0d:9ec1::/48
2a0d:9ec2::/48
2a0d:9ec3::/48
2a0d:d8c0::/47
Signature Algorithm: sha256WithRSAEncryption
82:6e:53:54:ea:0e:cc:2c:df:dd:57:07:90:0d:5f:45:84:3c:
c9:3f:9c:f1:c5:0b:18:c3:92:35:7f:85:ac:97:64:06:be:38:
e5:b2:76:7d:11:de:c8:c3:4e:c1:80:6d:c3:b1:b7:89:d0:c6:
a1:f9:2d:43:e9:1e:20:bb:e8:8e:f6:75:6e:f4:f4:f3:52:0f:
22:f1:72:89:4b:8f:cf:af:da:0a:fc:75:7d:e6:cc:73:16:0a:
e2:6e:84:0a:4a:cb:f1:a2:6b:15:a0:d1:65:59:20:6c:17:b9:
c6:54:12:92:8a:da:23:fb:0b:ff:77:8b:87:d5:a2:42:d4:85:
1f:fd:d6:72:4e:c1:fd:39:39:72:d5:43:a3:c4:03:49:f2:02:
01:cb:cd:b7:1c:56:95:f1:36:08:de:6a:5c:d7:de:46:6f:8a:
6d:a1:9e:9a:53:ac:55:f6:8d:f1:0f:90:b7:10:e2:16:c6:b8:
ab:32:c2:46:d6:0d:70:ec:ce:35:53:e4:b0:26:00:ac:81:4f:
38:54:f5:2a:0a:18:ac:b9:bc:91:58:fc:60:a9:15:46:24:18:
fc:bc:fe:13:b5:1c:df:20:18:2a:4b:53:90:12:fb:02:23:8b:
a9:0f:a9:72:b7:5d:00:ea:14:ab:54:6d:4f:d3:69:9f:6b:a9:
0f:cb:97:f7
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAZl2cVigo7dPEOoQh2IlUqdLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjUwOTIzMTE1OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODVhZDAzYWIzODZhZjFlZmJmMzI0MWNjYTY0ZTA1MzFmNjEwZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuK003VmtTFwCLigR6rMWp3/F2/IY
QDe6zeclN8zL8WByUJzAWKIKmdRT5jxQVffZ8fnLaU7zAjSDy5fHCMHb8PrXubVR
g4KFIepjLIL7dRWlAIuT+mOvJ4+rTMrNPnNiqW9AnIHAHlCcd+jaf8SEO9tfIjjz
mridDEgsEkoYcecXAftt93L794mZkha9Aoapjk6Jd+VuwijqCUbuU2sr2RqfGUy7
K7l1o2dxCXSQtXgLar00s3XyFkrPHwG5btEBj7nIp3ATvi/DqqDU5+6pbwe5oi2I
ducJTBwi2wbxRZRuYLrVhm+Sbhe0m9sph30iUMShdLyeDS/ZI82kX7T+0wIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFCha0Dqzhq8e+/MkHMpk4FMfYQ+vMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvS0ZyUU9yT0dyeDc3OHlRY3ltVGdVeDloRDY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTA2BAIAATAwAwQCLV8QAwQC
LZskAwQAXnygAwQCuV3cAwQCwRE4AwQB1Wz2AwQC1YvMAwQC2cOYMDMEAgACMC0D
BwAqDZ7AAAADBwAqDZ7BAAADBwAqDZ7CAAADBwAqDZ7DAAADBwEqDdjAAAAwDQYJ
KoZIhvcNAQELBQADggEBAIJuU1TqDsws391XB5ANX0WEPMk/nPHFCxjDkjV/hayX
ZAa+OOWydn0R3sjDTsGAbcOxt4nQxqH5LUPpHiC76I72dW709PNSDyLxcolLj8+v
2gr8dX3mzHMWCuJuhApKy/GiaxWg0WVZIGwXucZUEpKK2iP7C/93i4fVokLUhR/9
1nJOwf05OXLVQ6PEA0nyAgHLzbccVpXxNgjealzX3kZvim2hnppTrFX2jfEPkLcQ
4hbGuKsywkbWDXDszjVT5LAmAKyBTzhU9SoKGKy5vJFY/GCpFUYkGPy8/hO1HN8g
GCpLU5AS+wIji6kPqXK3XQDqFKtUbU/TaZ9rqQ/Ll/c=
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:22:26 2025 by rpki-client