Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/LsR5OcLI6gweexv7IGg_v67BF8g.roa
File: LsR5OcLI6gweexv7IGg_v67BF8g.roa (raw, json)
Hash identifier: wQT4g6ONPKKCv+h71REBPVqXb0/wIS8oFMXQ2jJwDUM=
Subject key identifier: 2E:C4:79:39:C2:C8:EA:0C:1E:7B:1B:FB:20:68:3F:BF:AE:C1:17:C8
Certificate issuer: /CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Certificate serial: 0199534D4011EC9F2636820C2D41D1BEBA29
Authority key identifier: AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/LsR5OcLI6gweexv7IGg_v67BF8g.roa
Signing time: Tue 16 Sep 2025 16:13:15 +0000
ROA not before: Tue 16 Sep 2025 16:13:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202870
IP address blocks: 5.152.128.0/22 maxlen: 24
45.3.56.0/22 maxlen: 24
45.133.154.0/23 maxlen: 24
103.129.61.0/24 maxlen: 24
104.167.28.0/22 maxlen: 24
185.55.208.0/22 maxlen: 24
185.152.44.0/22 maxlen: 24
2a07:7e80::/29 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.mft
rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:53:4d:40:11:ec:9f:26:36:82:0c:2d:41:d1:be:ba:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Validity
Not Before: Sep 16 16:13:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2ec47939c2c8ea0c1e7b1bfb20683fbfaec117c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:a2:16:2d:f9:73:7a:2a:5d:61:ee:65:c9:6e:
60:db:53:c3:02:9b:03:8f:51:83:8b:8a:13:8c:16:
9d:d2:9d:a8:f1:db:46:01:e7:19:fd:2a:c5:f6:d1:
88:0a:82:65:95:e1:0a:7d:a8:27:b0:45:f6:a6:b2:
fd:46:1e:39:40:a3:de:ce:59:9b:b3:e4:0e:77:63:
21:71:b1:e8:d9:01:ff:9d:a9:f1:67:25:3a:98:49:
43:16:be:eb:31:22:99:92:28:2a:7d:f6:7a:76:77:
cf:4a:82:bc:20:5a:41:7f:38:d1:43:71:42:20:00:
07:9e:87:1a:a6:e4:3e:c1:fe:59:ed:5e:32:1a:76:
d7:61:d1:4d:4d:42:22:09:91:ac:bf:11:6b:fb:df:
66:d8:bd:44:4b:42:fa:c0:95:70:27:d2:b3:fd:b2:
72:74:e7:15:47:38:ff:f8:74:d5:e4:3a:f6:54:50:
1a:f2:dd:4d:c1:19:a4:23:d3:dc:f0:cd:7f:fd:f2:
06:d5:71:d7:d6:b6:be:26:d9:ea:aa:62:c7:e2:fa:
e0:4a:cf:94:d9:57:2c:5f:68:db:22:18:14:fd:c6:
4c:e9:6d:23:e6:a4:dc:33:a9:e0:0d:ee:58:ae:7a:
40:c5:7a:4f:bb:a6:37:35:7b:da:4b:a5:c8:5d:a6:
53:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:C4:79:39:C2:C8:EA:0C:1E:7B:1B:FB:20:68:3F:BF:AE:C1:17:C8
X509v3 Authority Key Identifier:
keyid:AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/LsR5OcLI6gweexv7IGg_v67BF8g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.152.128.0/22
45.3.56.0/22
45.133.154.0/23
103.129.61.0/24
104.167.28.0/22
185.55.208.0/22
185.152.44.0/22
IPv6:
2a07:7e80::/29
Signature Algorithm: sha256WithRSAEncryption
71:c8:cb:ea:97:f3:46:9c:12:23:84:25:8c:f4:d7:28:dc:27:
e6:ba:cc:64:69:5e:14:9a:fd:b8:22:20:a4:17:24:88:ec:f0:
2b:38:c1:16:24:cf:04:db:7f:cd:4a:58:d9:c3:a3:d9:54:af:
f7:88:1f:e5:d6:b1:97:95:74:2b:de:ad:8d:29:53:ff:5a:10:
8f:9b:fa:bf:8f:c1:04:a9:6d:96:99:4a:59:44:98:b3:51:c6:
19:28:09:5f:b5:f4:fd:d2:58:ec:c1:14:25:3d:a6:f8:a5:7c:
5b:0f:c0:4d:36:c2:06:f2:9a:75:3e:40:97:f4:a6:16:c6:88:
f1:68:8d:c4:36:d8:ff:3e:7c:34:71:74:dd:8a:67:b4:b8:41:
5d:60:6b:c0:a9:55:52:bc:c2:94:55:f5:ca:5d:18:c3:ff:e1:
bc:ac:88:dd:dd:d6:34:4f:3e:74:92:9f:c3:d6:69:1b:4f:9c:
87:31:65:d0:64:10:18:ee:b6:0c:b1:61:e8:04:ca:ad:09:5d:
c6:bd:6f:21:b5:68:c5:21:d4:9b:f3:f5:6a:8b:ed:b6:b0:55:
ee:1b:4c:3d:5b:18:ac:f2:3d:43:65:0e:1e:a9:5b:c4:91:8f:
60:45:fd:3e:90:b2:24:56:ed:44:27:8d:5a:af:d6:73:5e:6f:
b8:b6:31:77
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZlTTUAR7J8mNoIMLUHRvropMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMjdlZDFjZWE0MzIxYzQ5YzNjYTEwZjNhZmZhZmRiZGFk
NTMyYzIwHhcNMjUwOTE2MTYxMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWM0NzkzOWMyYzhlYTBjMWU3YjFiZmIyMDY4M2ZiZmFlYzExN2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16IWLflzeipdYe5lyW5g21PDApsD
j1GDi4oTjBad0p2o8dtGAecZ/SrF9tGICoJlleEKfagnsEX2prL9Rh45QKPezlmb
s+QOd2MhcbHo2QH/nanxZyU6mElDFr7rMSKZkigqffZ6dnfPSoK8IFpBfzjRQ3FC
IAAHnocapuQ+wf5Z7V4yGnbXYdFNTUIiCZGsvxFr+99m2L1ES0L6wJVwJ9Kz/bJy
dOcVRzj/+HTV5Dr2VFAa8t1NwRmkI9Pc8M1//fIG1XHX1ra+JtnqqmLH4vrgSs+U
2VcsX2jbIhgU/cZM6W0j5qTcM6ngDe5YrnpAxXpPu6Y3NXvaS6XIXaZT/wIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFC7EeTnCyOoMHnsb+yBoP7+uwRfIMB8GA1UdIwQY
MBaAFKsn7RzqQyHEnDyhDzr/r9va1TLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQt
MWQwYmY1MjA4ZjkwLzEvTHNSNU9jTEk2Z3dlZXh2N0lHZ192NjdCRjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQtMWQwYmY1MjA4Zjkw
LzEvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCBZiAAwQC
LQM4AwQBLYWaAwQAZ4E9AwQCaKccAwQCuTfQAwQCuZgsMA0EAgACMAcDBQMqB36A
MA0GCSqGSIb3DQEBCwUAA4IBAQBxyMvql/NGnBIjhCWM9Nco3CfmusxkaV4Umv24
IiCkFySI7PArOMEWJM8E23/NSljZw6PZVK/3iB/l1rGXlXQr3q2NKVP/WhCPm/q/
j8EEqW2WmUpZRJizUcYZKAlftfT90ljswRQlPab4pXxbD8BNNsIG8pp1PkCX9KYW
xojxaI3ENtj/Pnw0cXTdime0uEFdYGvAqVVSvMKUVfXKXRjD/+G8rIjd3dY0Tz50
kp/D1mkbT5yHMWXQZBAY7rYMsWHoBMqtCV3GvW8htWjFIdSb8/Vqi+22sFXuG0w9
Wxis8j1DZQ4eqVvEkY9gRf0+kLIkVu1EJ41ar9ZzXm+4tjF3
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:44 2025 by rpki-client