Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/NBFkOVFjhr5cFEclo5MbI_qhtaE.roa
File: NBFkOVFjhr5cFEclo5MbI_qhtaE.roa (raw, json)
Hash identifier: aEnSyjmzjCXkq9QNcUbxZtFecm4VYBNFEkBBtcfxmSI=
Subject key identifier: 34:11:64:39:51:63:86:BE:5C:14:47:25:A3:93:1B:23:FA:A1:B5:A1
Certificate issuer: /CN=bab453d97ba2f4a045843e6b4a953b3e5106eaf2
Certificate serial: 01994DADFE4F87F546931F9DFE97F59920BE
Authority key identifier: BA:B4:53:D9:7B:A2:F4:A0:45:84:3E:6B:4A:95:3B:3E:51:06:EA:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/urRT2Xui9KBFhD5rSpU7PlEG6vI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/NBFkOVFjhr5cFEclo5MbI_qhtaE.roa
Signing time: Mon 15 Sep 2025 14:01:12 +0000
ROA not before: Mon 15 Sep 2025 14:01:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29385
IP address blocks: 94.230.224.0/24 maxlen: 24
94.230.227.0/24 maxlen: 24
213.206.32.0/24 maxlen: 24
213.206.33.0/24 maxlen: 24
213.206.34.0/24 maxlen: 24
213.206.35.0/24 maxlen: 24
213.206.36.0/24 maxlen: 24
213.206.37.0/24 maxlen: 24
213.206.38.0/24 maxlen: 24
213.206.43.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/urRT2Xui9KBFhD5rSpU7PlEG6vI.crl
rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/urRT2Xui9KBFhD5rSpU7PlEG6vI.mft
rsync://rpki.ripe.net/repository/DEFAULT/urRT2Xui9KBFhD5rSpU7PlEG6vI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:4d:ad:fe:4f:87:f5:46:93:1f:9d:fe:97:f5:99:20:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bab453d97ba2f4a045843e6b4a953b3e5106eaf2
Validity
Not Before: Sep 15 14:01:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=34116439516386be5c144725a3931b23faa1b5a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:76:39:4d:db:18:c1:02:d2:24:2b:08:9d:d4:
38:b6:bf:51:35:e6:3f:15:90:0c:78:93:1b:18:a8:
fd:72:dd:6a:9f:a9:ac:ba:af:db:08:7b:4a:00:a3:
fe:bb:9f:4f:48:01:7e:5e:ff:aa:9a:58:67:1d:bb:
fb:24:6d:0e:a4:82:0c:6f:1b:e8:58:de:b8:44:ea:
83:93:d7:4b:59:7f:f6:1a:1a:0d:f3:a6:66:4b:47:
70:9f:d9:81:e0:e6:19:af:98:b9:fb:cd:aa:5a:63:
33:57:6c:e2:0e:75:8c:75:02:d0:46:95:c4:0b:1b:
f0:4f:29:04:37:dd:3d:40:ad:53:4a:32:cf:58:2d:
0a:0e:0a:fc:08:5e:e0:6b:68:cd:3c:ab:64:6c:17:
b6:44:f1:6f:e3:a1:1d:e2:f8:b8:8f:09:2d:ff:0b:
15:28:1c:25:b8:f0:df:ea:30:7a:1f:db:34:7f:e1:
32:92:c3:79:ac:27:56:e5:0c:7d:53:c8:06:58:6e:
ad:dc:43:bf:bb:07:0e:9f:ef:13:69:ff:5b:3e:e8:
03:9a:46:19:2e:ca:8c:5c:44:a3:0e:b0:2f:74:23:
d6:5a:46:b8:00:b9:04:3d:c8:47:3c:63:e0:2c:6d:
ed:65:f6:41:64:f4:8b:bb:fd:59:23:b4:ba:b1:8b:
10:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:11:64:39:51:63:86:BE:5C:14:47:25:A3:93:1B:23:FA:A1:B5:A1
X509v3 Authority Key Identifier:
keyid:BA:B4:53:D9:7B:A2:F4:A0:45:84:3E:6B:4A:95:3B:3E:51:06:EA:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/urRT2Xui9KBFhD5rSpU7PlEG6vI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/NBFkOVFjhr5cFEclo5MbI_qhtaE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/urRT2Xui9KBFhD5rSpU7PlEG6vI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.230.224.0/24
94.230.227.0/24
213.206.32.0-213.206.38.255
213.206.43.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:6d:5c:e9:c1:18:a7:4e:3d:50:48:a0:cd:a8:7f:e7:ce:e3:
cf:ff:b1:1c:07:3f:2e:4d:31:20:c1:72:ca:66:63:6d:a1:0d:
79:aa:f0:5b:aa:c6:53:49:5f:7a:0b:51:8d:b0:4a:3e:6d:87:
a6:5e:f1:1d:c0:06:79:08:f8:a2:23:51:c3:e5:dd:c5:68:cc:
7f:12:29:e9:43:fb:8c:c7:32:eb:cc:c7:bb:e5:fe:08:cd:10:
3e:97:dc:a3:4a:3a:26:cc:a0:e5:a2:00:32:54:a7:59:17:8b:
9e:2e:2a:11:d7:b7:c7:ca:10:a1:bb:a3:ae:bd:10:be:4e:46:
8b:a8:88:bf:f1:7e:4d:dd:7c:3b:e0:55:5d:7c:4a:09:56:b0:
8d:91:89:44:c9:21:ae:ab:98:8f:03:ac:46:58:0b:bc:77:c5:
6d:f4:60:52:67:36:30:66:99:84:f5:e3:ca:90:e0:c7:8e:40:
8f:b5:f1:cc:1f:1c:a1:f9:a5:4a:83:e5:d0:7e:20:4d:eb:ca:
80:2d:9f:96:9d:0f:bd:54:76:b1:f4:c6:94:41:15:08:31:fb:
45:30:cb:5b:06:d4:e5:f0:2a:80:36:8d:d8:02:a2:c6:12:43:
26:82:f8:a5:a3:b9:c5:10:14:8e:c9:fe:3e:61:f6:b5:89:43:
55:4f:57:81
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZlNrf5Ph/VGkx+d/pf1mSC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYjQ1M2Q5N2JhMmY0YTA0NTg0M2U2YjRhOTUzYjNlNTEw
NmVhZjIwHhcNMjUwOTE1MTQwMTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDExNjQzOTUxNjM4NmJlNWMxNDQ3MjVhMzkzMWIyM2ZhYTFiNWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3Y5TdsYwQLSJCsIndQ4tr9RNeY/
FZAMeJMbGKj9ct1qn6msuq/bCHtKAKP+u59PSAF+Xv+qmlhnHbv7JG0OpIIMbxvo
WN64ROqDk9dLWX/2GhoN86ZmS0dwn9mB4OYZr5i5+82qWmMzV2ziDnWMdQLQRpXE
CxvwTykEN909QK1TSjLPWC0KDgr8CF7ga2jNPKtkbBe2RPFv46Ed4vi4jwkt/wsV
KBwluPDf6jB6H9s0f+EyksN5rCdW5Qx9U8gGWG6t3EO/uwcOn+8Taf9bPugDmkYZ
LsqMXESjDrAvdCPWWka4ALkEPchHPGPgLG3tZfZBZPSLu/1ZI7S6sYsQQwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFDQRZDlRY4a+XBRHJaOTGyP6obWhMB8GA1UdIwQY
MBaAFLq0U9l7ovSgRYQ+a0qVOz5RBuryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXJSVDJYdWk5S0JGaEQ1clNwVTdQbEVHNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS82NzAzY2EtY2VkNC00MjA3LWFiMDUt
NGE2ZjU1NzcxYmQxLzEvTkJGa09WRmpocjVjRkVjbG81TWJJX3FodGFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS82NzAzY2EtY2VkNC00MjA3LWFiMDUtNGE2ZjU1NzcxYmQx
LzEvdXJSVDJYdWk5S0JGaEQ1clNwVTdQbEVHNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAXubgAwQA
XubjMAwDBAXVziADBADVziYDBADVziswDQYJKoZIhvcNAQELBQADggEBABttXOnB
GKdOPVBIoM2of+fO48//sRwHPy5NMSDBcspmY22hDXmq8FuqxlNJX3oLUY2wSj5t
h6Ze8R3ABnkI+KIjUcPl3cVozH8SKelD+4zHMuvMx7vl/gjNED6X3KNKOibMoOWi
ADJUp1kXi54uKhHXt8fKEKG7o669EL5ORouoiL/xfk3dfDvgVV18SglWsI2RiUTJ
Ia6rmI8DrEZYC7x3xW30YFJnNjBmmYT148qQ4MeOQI+18cwfHKH5pUqD5dB+IE3r
yoAtn5adD71UdrH0xpRBFQgx+0Uwy1sG1OXwKoA2jdgCosYSQyaC+KWjucUQFI7J
/j5h9rWJQ1VPV4E=
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:55:16 2025 by rpki-client