Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/q9-vuUKVR4izeN3aoSM_0PGlTLE.roa
File: q9-vuUKVR4izeN3aoSM_0PGlTLE.roa (raw, json)
Hash identifier: 7uTxuawjanQAcGsc+vt8tq396KLmeaMaL6YYUmFethI=
Subject key identifier: AB:DF:AF:B9:42:95:47:88:B3:78:DD:DA:A1:23:3F:D0:F1:A5:4C:B1
Certificate issuer: /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial: 019957BF3FAEC1942F3CE910100DD6E6675A
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/q9-vuUKVR4izeN3aoSM_0PGlTLE.roa
Signing time: Wed 17 Sep 2025 12:56:15 +0000
ROA not before: Wed 17 Sep 2025 12:56:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47645
IP address blocks: 94.137.64.0/21 maxlen: 21
94.137.72.0/24 maxlen: 24
94.137.73.0/24 maxlen: 24
94.137.80.0/22 maxlen: 22
94.137.84.0/22 maxlen: 22
94.137.88.0/24 maxlen: 24
2a05:c440::/48 maxlen: 48
2a05:c441::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:57:bf:3f:ae:c1:94:2f:3c:e9:10:10:0d:d6:e6:67:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Validity
Not Before: Sep 17 12:56:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=abdfafb942954788b378dddaa1233fd0f1a54cb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:bf:97:50:59:16:68:7a:75:2f:f5:d6:ef:28:
d7:ea:76:82:c6:45:a2:91:51:f2:e6:de:b7:8b:7d:
8f:34:68:ef:3a:33:ff:77:42:8e:67:8d:c2:8b:4d:
bc:13:5a:38:9a:5c:6c:ab:94:11:c3:16:ce:22:50:
7a:34:f3:da:c9:7b:6e:5b:7a:75:30:8a:46:23:8a:
ca:08:b9:1f:15:5a:33:d6:ef:39:38:72:43:bc:85:
6d:0e:c7:e1:f0:ed:d2:0c:50:25:eb:33:9f:37:73:
48:bd:e9:e9:7e:12:75:0a:a5:09:10:c1:ca:3c:49:
9f:51:cd:61:8d:f0:bd:39:f1:98:8b:64:0c:0a:61:
0e:1c:c6:ad:db:c3:35:28:4c:96:64:d0:43:e6:69:
3e:94:d9:7b:bd:7b:04:bd:76:8c:ff:5c:4a:9f:49:
a9:4c:f6:e2:43:b7:35:bd:f2:94:22:5f:9d:08:8e:
6a:e8:26:58:48:ed:f3:d0:1a:4b:e6:d2:5a:13:1a:
b8:f1:66:35:42:88:16:b2:8e:d4:f1:76:20:c7:7b:
a0:ef:08:ca:b0:f3:e3:02:e2:a4:a4:be:7d:48:eb:
39:91:3a:d6:cc:7d:ca:6b:84:f8:7e:45:30:1f:d8:
f0:1e:d7:c0:ce:b3:e4:ac:47:7e:2b:83:21:b3:94:
84:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:DF:AF:B9:42:95:47:88:B3:78:DD:DA:A1:23:3F:D0:F1:A5:4C:B1
X509v3 Authority Key Identifier:
keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/q9-vuUKVR4izeN3aoSM_0PGlTLE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.137.64.0-94.137.73.255
94.137.80.0-94.137.88.255
IPv6:
2a05:c440::/48
2a05:c441::/32
Signature Algorithm: sha256WithRSAEncryption
6d:af:79:a3:b1:34:2c:ea:8b:27:21:4c:c6:d5:84:f4:91:dd:
a3:50:fc:92:ff:19:e6:41:6f:d2:cb:66:eb:b5:43:33:5b:a7:
15:68:ec:cb:c3:3b:55:50:0c:3f:78:c2:be:11:7e:8a:2a:09:
3d:0f:91:e6:50:37:17:5b:3b:aa:6a:cd:32:e2:5d:fe:87:17:
d7:f0:99:50:9c:77:8f:e0:eb:ac:51:72:4f:78:3e:27:56:9c:
5b:22:5a:74:18:dc:f9:41:a2:d0:94:fb:fb:93:c8:6f:ee:d3:
cd:62:4b:a4:40:ef:35:fb:44:fc:27:4a:1f:8d:14:4c:14:cb:
2f:41:8d:a1:50:88:aa:af:00:ae:1a:6f:f1:bf:88:3e:b9:55:
10:57:58:55:33:ae:c6:74:37:d0:6f:37:b6:78:c8:98:13:60:
bb:4c:33:7d:5f:e4:ee:ee:6c:33:82:98:2c:36:f5:2f:9e:51:
92:09:68:89:8f:39:1d:99:fa:00:6d:41:cf:f1:2d:93:4e:e3:
9a:0c:cc:e9:ce:0e:66:b9:f0:44:1d:29:fb:85:48:6d:db:3a:
be:c7:23:70:4a:22:fd:50:52:7c:73:3c:d6:7b:33:c5:01:8f:
9d:f1:b8:7a:5b:0c:28:89:d6:9a:11:61:6b:24:52:90:40:77:
88:b9:df:5a
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZlXvz+uwZQvPOkQEA3W5mdaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjUwOTE3MTI1NjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmRmYWZiOTQyOTU0Nzg4YjM3OGRkZGFhMTIzM2ZkMGYxYTU0Y2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxr+XUFkWaHp1L/XW7yjX6naCxkWi
kVHy5t63i32PNGjvOjP/d0KOZ43Ci028E1o4mlxsq5QRwxbOIlB6NPPayXtuW3p1
MIpGI4rKCLkfFVoz1u85OHJDvIVtDsfh8O3SDFAl6zOfN3NIvenpfhJ1CqUJEMHK
PEmfUc1hjfC9OfGYi2QMCmEOHMat28M1KEyWZNBD5mk+lNl7vXsEvXaM/1xKn0mp
TPbiQ7c1vfKUIl+dCI5q6CZYSO3z0BpL5tJaExq48WY1QogWso7U8XYgx3ug7wjK
sPPjAuKkpL59SOs5kTrWzH3Ka4T4fkUwH9jwHtfAzrPkrEd+K4Mhs5SEawIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFKvfr7lClUeIs3jd2qEjP9DxpUyxMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvcTktdnVVS1ZSNGl6ZU4zYW9TTV8wUEdsVExFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAiBAIAATAcMAwDBAZeiUAD
BAFeiUgwDAMEBF6JUAMEAF6JWDAWBAIAAjAQAwcAKgXEQAAAAwUAKgXEQTANBgkq
hkiG9w0BAQsFAAOCAQEAba95o7E0LOqLJyFMxtWE9JHdo1D8kv8Z5kFv0stm67VD
M1unFWjsy8M7VVAMP3jCvhF+iioJPQ+R5lA3F1s7qmrNMuJd/ocX1/CZUJx3j+Dr
rFFyT3g+J1acWyJadBjc+UGi0JT7+5PIb+7TzWJLpEDvNftE/CdKH40UTBTLL0GN
oVCIqq8Arhpv8b+IPrlVEFdYVTOuxnQ30G83tnjImBNgu0wzfV/k7u5sM4KYLDb1
L55RkgloiY85HZn6AG1Bz/Etk07jmgzM6c4OZrnwRB0p+4VIbds6vscjcEoi/VBS
fHM81nszxQGPnfG4elsMKInWmhFhayRSkEB3iLnfWg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:09:09 2025 by rpki-client