Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/tNh8YNIJ-t7wlK_o6eKwKtq426I.roa
File: tNh8YNIJ-t7wlK_o6eKwKtq426I.roa (raw, json)
Hash identifier: Bmf1Jl1G+qWmzgmuLyWRiOcoL0N7ljcIkRUAYdz1q4c=
Subject key identifier: B4:D8:7C:60:D2:09:FA:DE:F0:94:AF:E8:E9:E2:B0:2A:DA:B8:DB:A2
Certificate issuer: /CN=2fba003756d1013b943eb4f507fb4e7c74778269
Certificate serial: 0199F2B146A4B489E2FA6B469579F8AE6595
Authority key identifier: 2F:BA:00:37:56:D1:01:3B:94:3E:B4:F5:07:FB:4E:7C:74:77:82:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L7oAN1bRATuUPrT1B_tOfHR3gmk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/tNh8YNIJ-t7wlK_o6eKwKtq426I.roa
Signing time: Fri 17 Oct 2025 15:02:08 +0000
ROA not before: Fri 17 Oct 2025 15:02:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56380
IP address blocks: 45.83.178.0/24 maxlen: 24
45.83.179.0/24 maxlen: 24
193.36.38.0/24 maxlen: 24
2a0b:bcc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/L7oAN1bRATuUPrT1B_tOfHR3gmk.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/L7oAN1bRATuUPrT1B_tOfHR3gmk.mft
rsync://rpki.ripe.net/repository/DEFAULT/L7oAN1bRATuUPrT1B_tOfHR3gmk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f2:b1:46:a4:b4:89:e2:fa:6b:46:95:79:f8:ae:65:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2fba003756d1013b943eb4f507fb4e7c74778269
Validity
Not Before: Oct 17 15:02:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b4d87c60d209fadef094afe8e9e2b02adab8dba2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:f1:07:34:5b:22:bb:5c:d0:5f:e5:79:58:67:
cf:7b:fd:cd:e3:2e:1a:2a:70:94:16:a9:e6:4b:7c:
5b:e8:2f:af:89:d2:22:84:53:d7:21:96:43:24:41:
59:bc:bc:69:89:41:27:40:3d:85:48:46:16:91:55:
7a:21:08:e1:f4:ad:9a:0b:4e:66:b7:9a:20:ca:cc:
c9:70:fc:7e:8b:ec:1b:77:34:25:c5:8f:e0:5f:77:
67:50:ae:0a:83:18:c9:79:2d:89:fd:b4:d5:e4:35:
b9:81:54:8d:90:0a:fc:4d:53:83:68:79:2c:b8:c2:
37:fe:dd:69:21:f6:31:0b:2f:6f:a1:4c:3f:0c:ce:
2d:82:87:f8:47:b1:02:a1:90:45:dc:de:ba:40:fa:
a6:f3:d3:47:ac:8c:3e:b8:a8:7e:ba:41:ba:af:9e:
c4:44:7a:ec:b9:56:5b:38:2d:71:22:67:e4:de:41:
2b:39:aa:e2:ba:4e:29:70:2d:86:83:dc:c3:be:ff:
9d:8a:ad:34:de:78:f0:ca:f5:cd:27:52:9b:d4:a2:
0d:df:25:5e:15:e0:c8:74:88:a0:cd:0c:78:dd:02:
34:ea:01:19:29:52:bc:1d:0d:97:14:72:fd:10:8c:
b9:c5:e2:25:d8:cd:54:99:88:6e:66:a2:08:00:ff:
98:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:D8:7C:60:D2:09:FA:DE:F0:94:AF:E8:E9:E2:B0:2A:DA:B8:DB:A2
X509v3 Authority Key Identifier:
keyid:2F:BA:00:37:56:D1:01:3B:94:3E:B4:F5:07:FB:4E:7C:74:77:82:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L7oAN1bRATuUPrT1B_tOfHR3gmk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/tNh8YNIJ-t7wlK_o6eKwKtq426I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/622fdb-0e56-4c87-866b-b31f252f1969/1/L7oAN1bRATuUPrT1B_tOfHR3gmk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.83.178.0/23
193.36.38.0/24
IPv6:
2a0b:bcc0::/29
Signature Algorithm: sha256WithRSAEncryption
27:e9:b8:b6:66:60:de:5d:c6:c8:67:8c:02:36:95:b9:aa:ce:
2c:da:dc:de:04:fa:1e:3e:2c:09:7c:db:65:f5:a9:03:77:6a:
a0:36:98:19:ea:a1:cd:1b:0b:52:44:7b:b7:d2:8c:0c:08:6a:
58:02:d7:79:f4:35:9e:8e:6a:0c:0c:71:b9:29:84:bb:9e:9d:
4d:7b:72:bf:17:c0:00:b6:75:66:0a:22:36:05:de:a1:96:82:
f0:13:ca:ff:98:a2:f5:8b:3b:8b:54:c8:54:73:55:5e:1f:03:
bf:a2:35:22:c9:d3:b8:72:81:d5:16:59:1d:4d:9e:1c:31:2f:
d3:53:06:c4:bb:83:05:c2:2b:1f:3e:f4:5c:a5:91:9c:fc:63:
26:34:b8:45:ae:7b:51:78:1e:89:8d:24:cb:bb:76:46:6e:e3:
da:40:9d:82:a1:6a:41:ee:55:3f:43:9f:f4:e6:75:dd:e8:7b:
90:a3:b7:2e:e0:58:2a:1f:e0:84:3d:3d:ad:9e:54:a7:f5:88:
e0:18:08:02:72:b9:d9:ef:58:09:4e:0f:89:52:aa:a0:cb:7b:
ba:56:4d:90:48:17:c8:05:08:ec:ad:08:68:47:42:fb:a3:38:
5a:1b:d8:e2:a7:c1:cb:ed:4b:fc:7b:3e:db:3d:89:1e:8a:da:
4b:76:93:f7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZnysUaktIni+mtGlXn4rmWVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYmEwMDM3NTZkMTAxM2I5NDNlYjRmNTA3ZmI0ZTdjNzQ3
NzgyNjkwHhcNMjUxMDE3MTUwMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQ4N2M2MGQyMDlmYWRlZjA5NGFmZThlOWUyYjAyYWRhYjhkYmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6PEHNFsiu1zQX+V5WGfPe/3N4y4a
KnCUFqnmS3xb6C+vidIihFPXIZZDJEFZvLxpiUEnQD2FSEYWkVV6IQjh9K2aC05m
t5ogyszJcPx+i+wbdzQlxY/gX3dnUK4KgxjJeS2J/bTV5DW5gVSNkAr8TVODaHks
uMI3/t1pIfYxCy9voUw/DM4tgof4R7ECoZBF3N66QPqm89NHrIw+uKh+ukG6r57E
RHrsuVZbOC1xImfk3kErOariuk4pcC2Gg9zDvv+diq003njwyvXNJ1Kb1KIN3yVe
FeDIdIigzQx43QI06gEZKVK8HQ2XFHL9EIy5xeIl2M1UmYhuZqIIAP+YrQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLTYfGDSCfre8JSv6OnisCrauNuiMB8GA1UdIwQY
MBaAFC+6ADdW0QE7lD609Qf7Tnx0d4JpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDdvQU4xYlJBVHVVUHJUMUJfdE9mSFIzZ21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy82MjJmZGItMGU1Ni00Yzg3LTg2NmIt
YjMxZjI1MmYxOTY5LzEvdE5oOFlOSUotdDd3bEtfbzZlS3dLdHE0MjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy82MjJmZGItMGU1Ni00Yzg3LTg2NmItYjMxZjI1MmYxOTY5
LzEvTDdvQU4xYlJBVHVVUHJUMUJfdE9mSFIzZ21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBLVOyAwQA
wSQmMA0EAgACMAcDBQMqC7zAMA0GCSqGSIb3DQEBCwUAA4IBAQAn6bi2ZmDeXcbI
Z4wCNpW5qs4s2tzeBPoePiwJfNtl9akDd2qgNpgZ6qHNGwtSRHu30owMCGpYAtd5
9DWejmoMDHG5KYS7np1Ne3K/F8AAtnVmCiI2Bd6hloLwE8r/mKL1izuLVMhUc1Ve
HwO/ojUiydO4coHVFlkdTZ4cMS/TUwbEu4MFwisfPvRcpZGc/GMmNLhFrntReB6J
jSTLu3ZGbuPaQJ2CoWpB7lU/Q5/05nXd6HuQo7cu4FgqH+CEPT2tnlSn9YjgGAgC
crnZ71gJTg+JUqqgy3u6Vk2QSBfIBQjsrQhoR0L7ozhaG9jip8HL7Uv8ez7bPYke
itpLdpP3
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:25:06 2025 by rpki-client