Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/BNeQ1Y-6ghm6Jz331HbcDRKwboQ.roa
File: BNeQ1Y-6ghm6Jz331HbcDRKwboQ.roa (raw, json)
Hash identifier: +0l7YztwQDQArPnJt6igFHNv2i/ZBpGklADdo/eE9MM=
Subject key identifier: 04:D7:90:D5:8F:BA:82:19:BA:27:3D:F7:D4:76:DC:0D:12:B0:6E:84
Certificate issuer: /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial: 0199654E23030DEE4A5C18BDF1F05A22DAE8
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/BNeQ1Y-6ghm6Jz331HbcDRKwboQ.roa
Signing time: Sat 20 Sep 2025 04:07:23 +0000
ROA not before: Sat 20 Sep 2025 04:07:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41745
IP address blocks: 5.39.249.0/24 maxlen: 24
5.39.250.0/24 maxlen: 24
5.144.176.0/24 maxlen: 24
5.144.181.0/24 maxlen: 24
5.178.109.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 10:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:65:4e:23:03:0d:ee:4a:5c:18:bd:f1:f0:5a:22:da:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
Validity
Not Before: Sep 20 04:07:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04d790d58fba8219ba273df7d476dc0d12b06e84
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:c4:8e:5e:ba:5e:5b:9b:29:60:d3:cd:e0:fd:
ae:94:36:72:89:27:d6:6d:1d:67:5d:ae:fc:48:f2:
62:b1:40:96:61:91:88:23:a1:35:01:09:29:a3:2b:
3f:74:f6:70:ea:34:75:ac:0f:b5:84:c8:1f:f1:4a:
7b:a0:0d:73:18:1c:1f:8f:49:d4:5c:9f:ea:02:6f:
5e:fa:b5:f1:68:ea:1d:4d:dc:bb:26:9c:27:81:c4:
aa:c2:22:e7:41:b0:04:4c:7b:e6:8a:e6:dc:b9:94:
1f:e2:00:23:87:ee:29:dd:90:64:0e:f0:19:62:d2:
2f:64:66:35:e5:ba:7b:69:20:84:82:65:9c:c4:cd:
0c:87:e4:f1:14:21:a4:17:ef:4e:5a:74:a1:c0:6f:
ef:64:75:f3:c8:ef:a6:18:aa:5e:2a:63:b8:e2:e0:
cd:2d:91:75:d8:d3:b9:06:d3:4d:f4:6d:e8:5b:1b:
72:f8:7c:c2:ef:07:e9:33:2d:75:da:e7:91:62:3a:
e3:d0:e2:b7:8a:f4:5e:f6:f1:c6:39:28:aa:62:cf:
fe:21:f1:33:2b:b5:ad:18:06:55:15:40:67:ac:ae:
ad:80:42:60:b0:58:05:47:a5:79:a9:0e:69:69:8c:
11:2d:81:1c:e8:1c:ab:70:2d:6f:63:4b:8e:60:63:
72:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:D7:90:D5:8F:BA:82:19:BA:27:3D:F7:D4:76:DC:0D:12:B0:6E:84
X509v3 Authority Key Identifier:
keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/BNeQ1Y-6ghm6Jz331HbcDRKwboQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.249.0-5.39.250.255
5.144.176.0/24
5.144.181.0/24
5.178.109.0/24
Signature Algorithm: sha256WithRSAEncryption
6a:76:fc:07:4c:dd:70:d2:d5:67:d6:33:35:d7:34:c3:c9:89:
7a:b5:2a:b2:d7:7a:5f:1f:3e:a4:97:85:90:a1:d1:8d:9d:8c:
f8:e4:02:9a:c0:34:cd:d7:da:32:bf:e6:a4:43:8c:99:aa:1b:
6e:0b:2a:7b:f4:57:90:5e:66:a5:99:e5:fd:98:51:50:41:c8:
cf:b4:56:98:f5:a1:ea:7f:05:1f:5c:5a:47:69:aa:bc:44:f5:
b5:f8:cc:41:19:05:14:7f:7c:71:84:4e:cc:e1:5e:6f:3d:5b:
e2:65:78:ae:76:02:f4:e3:84:3f:bc:90:c2:12:02:b8:c9:a0:
d6:1c:ee:ac:f3:93:b8:34:82:f9:35:16:b7:84:1a:1c:da:19:
e2:2a:32:dc:88:bc:3b:f7:e9:66:9f:1e:20:f1:a0:7f:5e:29:
99:36:97:cb:df:f9:e4:77:7e:a6:f7:65:b1:31:b6:ba:3f:d1:
6a:fe:b1:2b:e2:8e:f5:57:d3:60:df:0b:89:2f:8c:2d:79:a6:
a5:e9:d5:cc:0d:96:37:51:66:d8:c5:e1:45:fc:40:ab:e0:7c:
4e:61:b7:d0:d0:b2:bc:1c:34:07:76:76:a5:be:72:c0:9c:de:
69:cd:9c:3c:ea:18:2e:80:cd:45:a7:d6:b3:0e:b3:8b:ed:e8:
35:9e:bd:03
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZllTiMDDe5KXBi98fBaItroMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwOTIwMDQwNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGQ3OTBkNThmYmE4MjE5YmEyNzNkZjdkNDc2ZGMwZDEyYjA2ZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MSOXrpeW5spYNPN4P2ulDZyiSfW
bR1nXa78SPJisUCWYZGII6E1AQkpoys/dPZw6jR1rA+1hMgf8Up7oA1zGBwfj0nU
XJ/qAm9e+rXxaOodTdy7JpwngcSqwiLnQbAETHvmiubcuZQf4gAjh+4p3ZBkDvAZ
YtIvZGY15bp7aSCEgmWcxM0Mh+TxFCGkF+9OWnShwG/vZHXzyO+mGKpeKmO44uDN
LZF12NO5BtNN9G3oWxty+HzC7wfpMy112ueRYjrj0OK3ivRe9vHGOSiqYs/+IfEz
K7WtGAZVFUBnrK6tgEJgsFgFR6V5qQ5paYwRLYEc6ByrcC1vY0uOYGNyswIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFATXkNWPuoIZuic999R23A0SsG6EMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvQk5lUTFZLTZnaG02SnozMzFIYmNEUkt3Ym9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBAAFJ/kD
BAAFJ/oDBAAFkLADBAAFkLUDBAAFsm0wDQYJKoZIhvcNAQELBQADggEBAGp2/AdM
3XDS1WfWMzXXNMPJiXq1KrLXel8fPqSXhZCh0Y2djPjkAprANM3X2jK/5qRDjJmq
G24LKnv0V5BeZqWZ5f2YUVBByM+0Vpj1oep/BR9cWkdpqrxE9bX4zEEZBRR/fHGE
TszhXm89W+JleK52AvTjhD+8kMISArjJoNYc7qzzk7g0gvk1FreEGhzaGeIqMtyI
vDv36WafHiDxoH9eKZk2l8vf+eR3fqb3ZbExtro/0Wr+sSvijvVX02DfC4kvjC15
pqXp1cwNljdRZtjF4UX8QKvgfE5ht9DQsrwcNAd2dqW+csCc3mnNnDzqGC6AzUWn
1rMOs4vt6DWevQM=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:40:36 2025 by rpki-client