Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/7f3d29-418e-4136-8b52-fe502599369e/1/NN7HcWfwho6Wg205AV2VgvpmbLU.roa
File: NN7HcWfwho6Wg205AV2VgvpmbLU.roa (raw, json)
Hash identifier: +KCs1tl2HUeqWBjr2lOeJY8VcQb8CSyBUASdC9OhN/o=
Subject key identifier: 34:DE:C7:71:67:F0:86:8E:96:83:6D:39:01:5D:95:82:FA:66:6C:B5
Certificate issuer: /CN=1eacc610a7383f19248672030bd9a447cd0941c9
Certificate serial: 0199F1076A3A41EF1317AAE2166BA194A58B
Authority key identifier: 1E:AC:C6:10:A7:38:3F:19:24:86:72:03:0B:D9:A4:47:CD:09:41:C9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HqzGEKc4PxkkhnIDC9mkR80JQck.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/7f3d29-418e-4136-8b52-fe502599369e/1/NN7HcWfwho6Wg205AV2VgvpmbLU.roa
Signing time: Fri 17 Oct 2025 07:16:59 +0000
ROA not before: Fri 17 Oct 2025 07:16:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198859
IP address blocks: 149.154.120.0/21 maxlen: 21
149.154.120.0/23 maxlen: 23
149.154.122.0/23 maxlen: 23
149.154.124.0/24 maxlen: 24
149.154.125.0/24 maxlen: 24
149.154.126.0/24 maxlen: 24
149.154.127.0/24 maxlen: 24
185.131.216.0/22 maxlen: 22
185.131.216.0/23 maxlen: 23
2a03:b80::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/7f3d29-418e-4136-8b52-fe502599369e/1/HqzGEKc4PxkkhnIDC9mkR80JQck.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/7f3d29-418e-4136-8b52-fe502599369e/1/HqzGEKc4PxkkhnIDC9mkR80JQck.mft
rsync://rpki.ripe.net/repository/DEFAULT/HqzGEKc4PxkkhnIDC9mkR80JQck.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f1:07:6a:3a:41:ef:13:17:aa:e2:16:6b:a1:94:a5:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1eacc610a7383f19248672030bd9a447cd0941c9
Validity
Not Before: Oct 17 07:16:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=34dec77167f0868e96836d39015d9582fa666cb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:f4:a6:72:97:1f:61:be:1c:ba:fb:6f:a9:1b:
66:fa:93:9f:85:28:a1:09:8e:a6:af:55:26:3a:f2:
25:cc:eb:21:47:43:e7:4b:10:d5:81:47:f8:23:e9:
a8:5d:4a:a5:4e:e3:8f:ac:79:1a:1e:87:c6:d2:9b:
35:d0:86:62:1f:44:39:1f:1d:bb:8b:43:9d:08:65:
e2:99:21:3c:87:c8:0c:7f:26:e9:16:84:40:32:78:
2d:a8:f6:51:ca:28:49:ce:11:92:35:73:13:2d:7c:
cd:0c:6a:c5:5e:c1:d6:bc:fb:8e:63:88:7b:4b:09:
ab:29:f0:25:d2:19:d4:e0:f0:72:5d:a3:79:1f:aa:
98:4e:2b:b9:7b:0c:26:ad:a0:22:a8:fc:a4:49:5d:
af:c6:8c:1a:7e:1f:6d:a2:08:61:92:49:10:36:3d:
52:14:77:91:60:8a:17:c2:38:70:b6:9e:79:e0:47:
3d:fb:b7:a1:6c:98:3f:7a:8e:c3:05:92:1d:f0:ba:
34:11:85:97:93:1e:e2:b5:92:45:33:bd:98:d5:0a:
a4:89:64:a1:03:b9:ab:0d:70:9d:2c:4a:86:40:bb:
20:5e:4a:69:b3:6e:3a:ab:b2:da:5c:bc:92:60:9d:
30:24:32:8f:18:93:dd:ec:f4:12:21:83:6d:92:45:
0f:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:DE:C7:71:67:F0:86:8E:96:83:6D:39:01:5D:95:82:FA:66:6C:B5
X509v3 Authority Key Identifier:
keyid:1E:AC:C6:10:A7:38:3F:19:24:86:72:03:0B:D9:A4:47:CD:09:41:C9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HqzGEKc4PxkkhnIDC9mkR80JQck.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/7f3d29-418e-4136-8b52-fe502599369e/1/NN7HcWfwho6Wg205AV2VgvpmbLU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/7f3d29-418e-4136-8b52-fe502599369e/1/HqzGEKc4PxkkhnIDC9mkR80JQck.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.154.120.0/21
185.131.216.0/22
IPv6:
2a03:b80::/32
Signature Algorithm: sha256WithRSAEncryption
d0:59:dd:c6:10:a2:47:e6:cf:a8:f7:a6:81:f5:cb:97:4a:89:
79:61:ba:37:24:06:20:c2:a9:82:b2:8d:0c:da:89:4b:e6:36:
f1:04:f4:61:7f:6a:c0:fc:d6:35:3a:47:3e:ad:86:8f:a5:5b:
90:21:8b:df:d1:db:5d:82:8d:31:fd:e4:4c:50:ee:a5:aa:2a:
9a:5a:89:f5:b7:2d:f4:51:cd:27:57:bc:41:f4:b7:be:52:84:
43:5b:58:d3:72:ae:b3:b9:14:6c:3f:95:13:5b:d4:8c:ee:a4:
a7:25:47:bd:a0:00:ec:44:1f:16:8d:db:37:39:41:eb:9e:57:
9c:0a:0c:1b:1e:6a:c9:bf:9c:da:1d:9b:34:5d:0d:07:88:fa:
c1:54:0e:56:ad:0f:79:ee:8c:93:63:3a:54:ca:da:22:58:1a:
5f:bd:d8:f0:f0:4c:79:f4:73:2b:07:7c:da:c0:08:b5:71:34:
9d:cd:dd:3b:b2:9b:24:9c:02:35:51:97:c8:82:40:c9:ee:9b:
89:19:63:68:05:bd:bf:bc:7d:b1:7c:2a:ff:b4:79:39:1c:b3:
42:63:99:99:27:c8:34:88:36:13:57:3c:bf:08:99:f8:ce:7c:
c6:a4:88:37:96:e0:17:15:91:95:29:b6:87:59:5e:7a:c6:0e:
5f:0b:aa:2e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZnxB2o6Qe8TF6riFmuhlKWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWNjNjEwYTczODNmMTkyNDg2NzIwMzBiZDlhNDQ3Y2Qw
OTQxYzkwHhcNMjUxMDE3MDcxNjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGRlYzc3MTY3ZjA4NjhlOTY4MzZkMzkwMTVkOTU4MmZhNjY2Y2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvSmcpcfYb4cuvtvqRtm+pOfhSih
CY6mr1UmOvIlzOshR0PnSxDVgUf4I+moXUqlTuOPrHkaHofG0ps10IZiH0Q5Hx27
i0OdCGXimSE8h8gMfybpFoRAMngtqPZRyihJzhGSNXMTLXzNDGrFXsHWvPuOY4h7
SwmrKfAl0hnU4PByXaN5H6qYTiu5ewwmraAiqPykSV2vxowafh9toghhkkkQNj1S
FHeRYIoXwjhwtp554Ec9+7ehbJg/eo7DBZId8Lo0EYWXkx7itZJFM72Y1QqkiWSh
A7mrDXCdLEqGQLsgXkpps246q7LaXLySYJ0wJDKPGJPd7PQSIYNtkkUP3wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDTex3Fn8IaOloNtOQFdlYL6Zmy1MB8GA1UdIwQY
MBaAFB6sxhCnOD8ZJIZyAwvZpEfNCUHJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHF6R0VLYzRQeGtraG5JREM5bWtSODBKUWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC83ZjNkMjktNDE4ZS00MTM2LThiNTIt
ZmU1MDI1OTkzNjllLzEvTk43SGNXZndobzZXZzIwNUFWMlZndnBtYkxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC83ZjNkMjktNDE4ZS00MTM2LThiNTItZmU1MDI1OTkzNjll
LzEvSHF6R0VLYzRQeGtraG5JREM5bWtSODBKUWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDlZp4AwQC
uYPYMA0EAgACMAcDBQAqAwuAMA0GCSqGSIb3DQEBCwUAA4IBAQDQWd3GEKJH5s+o
96aB9cuXSol5Ybo3JAYgwqmCso0M2olL5jbxBPRhf2rA/NY1Okc+rYaPpVuQIYvf
0dtdgo0x/eRMUO6lqiqaWon1ty30Uc0nV7xB9Le+UoRDW1jTcq6zuRRsP5UTW9SM
7qSnJUe9oADsRB8Wjds3OUHrnlecCgwbHmrJv5zaHZs0XQ0HiPrBVA5WrQ957oyT
YzpUytoiWBpfvdjw8Ex59HMrB3zawAi1cTSdzd07spsknAI1UZfIgkDJ7puJGWNo
Bb2/vH2xfCr/tHk5HLNCY5mZJ8g0iDYTVzy/CJn4znzGpIg3luAXFZGVKbaHWV56
xg5fC6ou
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:23:59 2025 by rpki-client