Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/m7QQoFX-u7UYoA41yiP24F7uP9s.roa
File: m7QQoFX-u7UYoA41yiP24F7uP9s.roa (raw, json)
Hash identifier: +WD8froPo/LUjMw2nwzZtOdRqdsnPQ5Rv0Au1qYv4lg=
Subject key identifier: 9B:B4:10:A0:55:FE:BB:B5:18:A0:0E:35:CA:23:F6:E0:5E:EE:3F:DB
Certificate issuer: /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial: 0199B31597E7AE5B533A336896AEB2BCB801
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/m7QQoFX-u7UYoA41yiP24F7uP9s.roa
Signing time: Sun 05 Oct 2025 06:36:00 +0000
ROA not before: Sun 05 Oct 2025 06:36:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203963
IP address blocks: 94.74.137.0/24 maxlen: 24
94.74.156.0/24 maxlen: 24
94.74.159.0/24 maxlen: 24
94.74.171.0/24 maxlen: 24
109.203.163.0/24 maxlen: 24
176.46.136.0/24 maxlen: 24
176.46.142.0/24 maxlen: 24
176.46.150.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:b3:15:97:e7:ae:5b:53:3a:33:68:96:ae:b2:bc:b8:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Validity
Not Before: Oct 5 06:36:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9bb410a055febbb518a00e35ca23f6e05eee3fdb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:97:11:75:17:bb:7c:50:f7:e3:f7:28:8d:a3:
c6:d8:e1:f0:09:81:d8:67:7d:7f:5a:1c:52:83:37:
ec:de:1d:58:67:80:66:39:54:5e:68:7a:f3:4a:9a:
a1:01:a1:55:2b:58:e2:79:05:b3:78:1f:5d:dd:c3:
c2:e2:a3:2f:af:69:ed:66:55:1c:82:45:34:1b:47:
8e:35:ba:79:e5:59:9e:5f:c2:1e:a2:31:f0:48:7e:
d8:a8:80:b2:a8:2a:0d:09:51:cf:f1:aa:35:3d:fd:
13:96:57:ac:e9:a5:58:4f:be:89:2f:34:ef:39:fc:
98:a9:86:0a:55:d8:15:c2:be:1f:ce:de:1d:63:a0:
67:85:35:51:0c:5b:b9:15:f1:c6:ad:c2:1d:1b:53:
02:91:cd:a8:bb:a9:fe:9c:22:80:c8:af:a0:85:e3:
25:f1:cb:30:6c:0e:0f:60:9c:0e:25:70:14:f1:46:
bf:33:19:2b:2d:f1:2e:fb:32:94:dd:92:0f:f7:9a:
7d:77:a7:c5:57:35:97:fd:81:81:f2:d0:15:a3:b2:
d2:da:39:56:bb:1c:1c:e1:8b:44:ec:5d:ea:95:8e:
ed:e6:7a:cc:10:57:7f:0e:98:a5:d5:05:24:3c:78:
82:ef:87:dd:4b:04:21:3c:fb:78:2c:2c:ef:17:d4:
d9:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:B4:10:A0:55:FE:BB:B5:18:A0:0E:35:CA:23:F6:E0:5E:EE:3F:DB
X509v3 Authority Key Identifier:
keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/m7QQoFX-u7UYoA41yiP24F7uP9s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.74.137.0/24
94.74.156.0/24
94.74.159.0/24
94.74.171.0/24
109.203.163.0/24
176.46.136.0/24
176.46.142.0/24
176.46.150.0/24
Signature Algorithm: sha256WithRSAEncryption
98:7a:35:89:10:a7:80:75:c1:2c:b2:e5:19:f6:1e:3b:1f:14:
c5:8c:0f:40:f8:0e:3f:66:ac:07:96:bf:18:ce:92:6f:4b:1f:
d5:b2:8c:ad:4e:3d:8b:81:3c:7e:1a:1f:52:4b:0b:63:e6:45:
58:77:11:1b:e7:27:01:00:9a:28:e1:25:95:c3:6f:64:11:e1:
09:f9:ea:70:b3:a9:29:95:03:18:0f:15:f4:97:9c:a7:11:63:
cd:30:82:d4:dc:3d:2c:d8:b1:78:3d:96:98:35:4a:12:58:8d:
82:30:f5:97:bf:4b:2a:bb:2c:59:e5:e1:71:75:aa:d9:88:19:
65:46:b6:96:d0:39:de:42:30:a1:66:bd:62:92:10:e1:de:16:
c2:64:fe:9c:b0:6a:79:cb:aa:70:d9:7a:39:f8:df:38:6a:a2:
25:0a:cc:8e:32:cd:05:fe:95:91:67:d3:a6:f9:b1:7b:24:40:
04:5f:02:b4:f7:7f:f2:12:fe:18:9e:d2:e4:d2:0f:47:c6:04:
4b:55:50:29:8b:3d:e4:9c:2e:46:d9:7a:7f:0b:bc:16:c4:fb:
0d:28:cc:51:15:4b:66:65:7e:e4:d8:a1:c4:ec:db:c3:6a:8e:
7b:51:12:35:8b:e6:95:28:fb:c6:1f:6b:d6:e2:72:54:67:0b:
04:d9:24:e3
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZmzFZfnrltTOjNolq6yvLgBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUxMDA1MDYzNjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmI0MTBhMDU1ZmViYmI1MThhMDBlMzVjYTIzZjZlMDVlZWUzZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5cRdRe7fFD34/cojaPG2OHwCYHY
Z31/WhxSgzfs3h1YZ4BmOVReaHrzSpqhAaFVK1jieQWzeB9d3cPC4qMvr2ntZlUc
gkU0G0eONbp55VmeX8IeojHwSH7YqICyqCoNCVHP8ao1Pf0Tlles6aVYT76JLzTv
OfyYqYYKVdgVwr4fzt4dY6BnhTVRDFu5FfHGrcIdG1MCkc2ou6n+nCKAyK+gheMl
8cswbA4PYJwOJXAU8Ua/MxkrLfEu+zKU3ZIP95p9d6fFVzWX/YGB8tAVo7LS2jlW
uxwc4YtE7F3qlY7t5nrMEFd/Dpil1QUkPHiC74fdSwQhPPt4LCzvF9TZ5QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJu0EKBV/ru1GKAONcoj9uBe7j/bMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvbTdRUW9GWC11N1VZb0E0MXlpUDI0Rjd1UDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAXkqJAwQA
XkqcAwQAXkqfAwQAXkqrAwQAbcujAwQAsC6IAwQAsC6OAwQAsC6WMA0GCSqGSIb3
DQEBCwUAA4IBAQCYejWJEKeAdcEssuUZ9h47HxTFjA9A+A4/ZqwHlr8YzpJvSx/V
soytTj2LgTx+Gh9SSwtj5kVYdxEb5ycBAJoo4SWVw29kEeEJ+epws6kplQMYDxX0
l5ynEWPNMILU3D0s2LF4PZaYNUoSWI2CMPWXv0squyxZ5eFxdarZiBllRraW0Dne
QjChZr1ikhDh3hbCZP6csGp5y6pw2Xo5+N84aqIlCsyOMs0F/pWRZ9Om+bF7JEAE
XwK093/yEv4YntLk0g9HxgRLVVApiz3knC5G2Xp/C7wWxPsNKMxRFUtmZX7k2KHE
7NvDao57URI1i+aVKPvGH2vW4nJUZwsE2STj
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:00:18 2025 by rpki-client