Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/pkIeBUajXZ5S1YZVqFsipYPnvYY.roa
File: pkIeBUajXZ5S1YZVqFsipYPnvYY.roa (raw, json)
Hash identifier: wuHKfe7KGoVciBLRMcdEQvhSLdH+Z4ihPv48EoUAWBA=
Subject key identifier: A6:42:1E:05:46:A3:5D:9E:52:D5:86:55:A8:5B:22:A5:83:E7:BD:86
Certificate issuer: /CN=397245d0492eede59b045b5be1fd4eb9161bc417
Certificate serial: 0199ED7A4C678CEB10AB263906AFEEF7BDF9
Authority key identifier: 39:72:45:D0:49:2E:ED:E5:9B:04:5B:5B:E1:FD:4E:B9:16:1B:C4:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/pkIeBUajXZ5S1YZVqFsipYPnvYY.roa
Signing time: Thu 16 Oct 2025 14:43:59 +0000
ROA not before: Thu 16 Oct 2025 14:43:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 139659
IP address blocks: 193.134.208.0/22 maxlen: 22
193.134.208.0/24 maxlen: 24
193.134.209.0/24 maxlen: 24
193.134.210.0/24 maxlen: 24
193.134.211.0/24 maxlen: 24
2a0e:df80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.crl
rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.mft
rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ed:7a:4c:67:8c:eb:10:ab:26:39:06:af:ee:f7:bd:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=397245d0492eede59b045b5be1fd4eb9161bc417
Validity
Not Before: Oct 16 14:43:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a6421e0546a35d9e52d58655a85b22a583e7bd86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:42:ef:a0:8e:da:2c:d8:aa:b5:dd:f0:7a:01:
92:21:53:b1:6f:8b:82:35:9a:6c:39:36:95:f6:e0:
dd:f9:e2:0a:a8:5e:ef:79:90:6f:6a:7e:3c:74:13:
8b:bc:74:c9:2d:6c:21:73:ad:17:cc:dd:a0:fd:ae:
8c:52:4b:a9:4c:1e:8e:5f:09:9b:c3:2a:d7:54:fc:
62:0a:01:c7:1f:ab:89:57:05:6e:a5:19:2e:65:3f:
41:73:97:7c:0c:9c:8d:2f:6f:e3:7c:7c:fa:44:26:
d0:d4:1e:cd:d2:27:50:31:9d:8e:20:53:f7:80:05:
ca:ca:44:88:0d:02:0f:93:53:03:e1:63:fd:97:34:
81:26:2c:e8:95:d4:4a:49:f8:00:e9:e3:c6:7b:ee:
2b:ee:a2:d8:b4:e2:9b:1b:9d:50:c5:a8:a3:e1:19:
51:a5:6f:aa:65:97:cb:32:22:f2:ab:2c:57:5e:0a:
32:a6:53:34:bd:45:ab:ba:58:2e:ff:e8:8e:2d:df:
f1:71:fd:e4:55:ee:fe:e0:4a:c2:c8:1d:1b:14:62:
f5:53:e4:2b:3b:56:b7:85:c2:eb:6e:19:be:a9:9b:
e1:06:7f:1f:3d:ec:65:95:4c:35:aa:95:80:63:3b:
2a:55:22:4e:fe:54:03:e0:fe:aa:01:9c:72:7f:76:
0a:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:42:1E:05:46:A3:5D:9E:52:D5:86:55:A8:5B:22:A5:83:E7:BD:86
X509v3 Authority Key Identifier:
keyid:39:72:45:D0:49:2E:ED:E5:9B:04:5B:5B:E1:FD:4E:B9:16:1B:C4:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/pkIeBUajXZ5S1YZVqFsipYPnvYY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.134.208.0/22
IPv6:
2a0e:df80::/29
Signature Algorithm: sha256WithRSAEncryption
01:7d:19:f6:c2:c1:22:3e:b3:4a:b5:33:77:8c:2d:1e:0f:d1:
92:63:8b:bd:eb:75:e2:43:98:96:05:f2:19:c2:d9:29:7e:5c:
e9:78:ff:2f:d3:c0:96:f8:80:11:95:6f:a3:55:83:0a:c0:b9:
b4:fe:d0:00:84:bb:b5:22:9d:83:10:b7:a9:ef:77:26:09:83:
81:70:85:91:c3:f1:06:48:e1:26:30:21:f6:93:e7:10:02:07:
05:99:6f:44:34:3d:93:bb:82:3a:7d:3a:b8:6a:b1:57:c7:be:
8b:8a:ba:2d:b8:10:47:c5:2b:e5:66:c6:7d:d1:b7:f8:8a:cc:
94:8f:96:12:f1:d8:dc:d6:a3:2c:94:be:ec:90:38:ab:8a:ac:
5e:7b:03:57:1f:37:43:c5:ca:3f:7c:36:11:b5:28:01:87:e2:
71:73:27:1e:f0:74:a2:6b:57:7a:02:fa:0c:5c:ef:48:64:a1:
a9:1c:b6:1d:a8:15:ab:c7:84:61:a2:a5:d6:b1:f0:ce:99:d6:
d9:e4:c2:a9:bc:bb:f5:c0:95:75:91:84:90:a6:44:3d:83:1c:
bf:f6:89:ad:31:bc:dd:a9:9e:3c:67:6d:eb:d3:10:c6:07:7a:
4d:f7:b3:16:29:ab:1a:a4:64:1e:73:b0:09:da:dc:04:2a:64:
40:96:fc:b0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZntekxnjOsQqyY5Bq/u9735MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NzI0NWQwNDkyZWVkZTU5YjA0NWI1YmUxZmQ0ZWI5MTYx
YmM0MTcwHhcNMjUxMDE2MTQ0MzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjQyMWUwNTQ2YTM1ZDllNTJkNTg2NTVhODViMjJhNTgzZTdiZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0LvoI7aLNiqtd3wegGSIVOxb4uC
NZpsOTaV9uDd+eIKqF7veZBvan48dBOLvHTJLWwhc60XzN2g/a6MUkupTB6OXwmb
wyrXVPxiCgHHH6uJVwVupRkuZT9Bc5d8DJyNL2/jfHz6RCbQ1B7N0idQMZ2OIFP3
gAXKykSIDQIPk1MD4WP9lzSBJizoldRKSfgA6ePGe+4r7qLYtOKbG51Qxaij4RlR
pW+qZZfLMiLyqyxXXgoyplM0vUWrulgu/+iOLd/xcf3kVe7+4ErCyB0bFGL1U+Qr
O1a3hcLrbhm+qZvhBn8fPexllUw1qpWAYzsqVSJO/lQD4P6qAZxyf3YKuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKZCHgVGo12eUtWGVahbIqWD572GMB8GA1UdIwQY
MBaAFDlyRdBJLu3lmwRbW+H9TrkWG8QXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1hKRjBFa3U3ZVdiQkZ0YjRmMU91UllieEJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9lZWQ5Y2UtYWVmOS00ZmM5LThhNGEt
YzQ0MmExOGYxZWZjLzEvcGtJZUJVYWpYWjVTMVlaVnFGc2lwWVBudllZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9lZWQ5Y2UtYWVmOS00ZmM5LThhNGEtYzQ0MmExOGYxZWZj
LzEvT1hKRjBFa3U3ZVdiQkZ0YjRmMU91UllieEJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwYbQMA0E
AgACMAcDBQMqDt+AMA0GCSqGSIb3DQEBCwUAA4IBAQABfRn2wsEiPrNKtTN3jC0e
D9GSY4u963XiQ5iWBfIZwtkpflzpeP8v08CW+IARlW+jVYMKwLm0/tAAhLu1Ip2D
ELep73cmCYOBcIWRw/EGSOEmMCH2k+cQAgcFmW9END2Tu4I6fTq4arFXx76Lirot
uBBHxSvlZsZ90bf4isyUj5YS8djc1qMslL7skDiriqxeewNXHzdDxco/fDYRtSgB
h+Jxcyce8HSia1d6AvoMXO9IZKGpHLYdqBWrx4RhoqXWsfDOmdbZ5MKpvLv1wJV1
kYSQpkQ9gxy/9omtMbzdqZ48Z23r0xDGB3pN97MWKasapGQec7AJ2twEKmRAlvyw
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:25:13 2025 by rpki-client