Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/18e48f-5972-4d3f-bb6a-b78dac37eac8/1/u5lPRSy8TTjSrS9sU6cP6pvHWTY.roa
File: u5lPRSy8TTjSrS9sU6cP6pvHWTY.roa (raw, json)
Hash identifier: nHXVS6U6ny2U+TZRyYNc9upvg7oq5CrJlEbjCC7RIaQ=
Subject key identifier: BB:99:4F:45:2C:BC:4D:38:D2:AD:2F:6C:53:A7:0F:EA:9B:C7:59:36
Certificate issuer: /CN=da8a978b9ce5d26ebcaad0ccb67918a9df318f86
Certificate serial: 0199E6F60BE846B2F8DE1BF445EA5DADE128
Authority key identifier: DA:8A:97:8B:9C:E5:D2:6E:BC:AA:D0:CC:B6:79:18:A9:DF:31:8F:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2oqXi5zl0m68qtDMtnkYqd8xj4Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/18e48f-5972-4d3f-bb6a-b78dac37eac8/1/u5lPRSy8TTjSrS9sU6cP6pvHWTY.roa
Signing time: Wed 15 Oct 2025 08:21:48 +0000
ROA not before: Wed 15 Oct 2025 08:21:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 46.21.88.0/22 maxlen: 22
46.21.92.0/22 maxlen: 22
91.107.72.0/21 maxlen: 21
91.107.88.0/21 maxlen: 21
159.253.124.0/22 maxlen: 22
185.91.132.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/18e48f-5972-4d3f-bb6a-b78dac37eac8/1/2oqXi5zl0m68qtDMtnkYqd8xj4Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/18e48f-5972-4d3f-bb6a-b78dac37eac8/1/2oqXi5zl0m68qtDMtnkYqd8xj4Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/2oqXi5zl0m68qtDMtnkYqd8xj4Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e6:f6:0b:e8:46:b2:f8:de:1b:f4:45:ea:5d:ad:e1:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8a978b9ce5d26ebcaad0ccb67918a9df318f86
Validity
Not Before: Oct 15 08:21:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bb994f452cbc4d38d2ad2f6c53a70fea9bc75936
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:f8:81:ad:ce:f8:35:7d:76:12:66:1f:f5:80:
05:da:f5:9f:6f:bd:30:02:13:3e:5a:37:bb:33:30:
93:95:27:82:9a:ce:07:26:24:c8:11:d1:7f:42:c1:
51:d8:dc:43:fe:11:d9:f4:a1:2a:6d:d6:e7:c9:3d:
40:a5:13:17:9a:8c:61:8d:a6:85:55:88:1f:06:b8:
26:37:56:5f:5a:9b:1a:d0:ea:81:45:bf:3c:8c:b3:
22:c4:e5:57:1f:8c:37:54:fe:78:bb:49:54:10:05:
8a:60:62:97:65:2b:a2:d5:dd:5e:72:ff:87:9f:6b:
18:b4:35:76:ab:e0:b6:8f:99:85:b1:e3:57:fd:be:
66:2d:fe:1e:3b:2d:90:21:a8:89:d3:9e:99:ea:73:
64:89:ee:eb:1b:d5:03:2b:c4:dd:d1:5d:9f:0a:47:
52:10:20:48:f4:8f:08:48:3f:9a:4d:38:88:f7:b1:
38:04:8b:e8:ff:ad:ec:0d:36:d6:b3:7d:23:a7:64:
41:f7:95:a0:6b:c3:47:df:eb:0a:27:0b:22:76:19:
9b:5a:47:81:c8:7f:6a:ea:d9:d7:c1:64:17:d8:df:
43:47:24:eb:81:1f:1f:73:1e:71:ab:b1:da:c8:43:
9f:85:6a:cd:93:27:84:62:8c:7f:28:c1:18:ab:6d:
c0:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:99:4F:45:2C:BC:4D:38:D2:AD:2F:6C:53:A7:0F:EA:9B:C7:59:36
X509v3 Authority Key Identifier:
keyid:DA:8A:97:8B:9C:E5:D2:6E:BC:AA:D0:CC:B6:79:18:A9:DF:31:8F:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2oqXi5zl0m68qtDMtnkYqd8xj4Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/18e48f-5972-4d3f-bb6a-b78dac37eac8/1/u5lPRSy8TTjSrS9sU6cP6pvHWTY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/18e48f-5972-4d3f-bb6a-b78dac37eac8/1/2oqXi5zl0m68qtDMtnkYqd8xj4Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.88.0/21
91.107.72.0/21
91.107.88.0/21
159.253.124.0/22
185.91.132.0/22
Signature Algorithm: sha256WithRSAEncryption
78:94:60:f3:11:b6:74:cd:12:9b:aa:ad:d9:d9:1c:be:7e:3f:
f0:b9:f2:64:d8:37:ba:76:8c:33:cb:7c:3f:a6:54:2b:91:ef:
66:3d:37:80:a2:2e:ad:bc:a7:d5:7b:d2:a0:2f:c3:cf:63:22:
88:be:b6:6e:48:65:b3:ff:f7:d7:76:61:2f:54:df:67:a4:b8:
cb:3b:d7:b2:5a:1e:8f:26:21:7a:53:45:3b:0b:2a:0b:bb:43:
ce:e2:32:8a:e5:6e:d8:a8:d7:95:1d:0c:f6:21:f2:a0:30:35:
2a:0a:10:e1:6b:a9:0d:45:fc:e2:ec:84:0f:d7:24:c9:c7:b0:
13:6f:0e:f3:81:11:52:e7:43:10:70:42:a3:f1:cb:07:6f:76:
f1:15:04:72:bb:a1:35:94:7a:de:ea:74:c4:38:df:3c:2e:47:
35:03:3a:75:e9:b5:85:94:9f:49:20:d0:cc:6e:2b:e2:e7:6f:
f5:e7:0a:f7:d1:e3:18:c1:a4:63:f7:19:33:1e:ea:90:95:c8:
57:9b:3a:7b:a4:3b:0a:cc:bc:52:49:39:da:e8:9d:26:b3:c5:
43:63:0b:60:2b:3f:50:a4:ef:ec:38:55:ed:f7:12:4b:78:08:
02:66:12:45:aa:05:77:77:44:0a:f1:e3:43:b5:13:a7:dc:02:
a5:4d:66:45
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZnm9gvoRrL43hv0RepdreEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGE5NzhiOWNlNWQyNmViY2FhZDBjY2I2NzkxOGE5ZGYz
MThmODYwHhcNMjUxMDE1MDgyMTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjk5NGY0NTJjYmM0ZDM4ZDJhZDJmNmM1M2E3MGZlYTliYzc1OTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPiBrc74NX12EmYf9YAF2vWfb70w
AhM+Wje7MzCTlSeCms4HJiTIEdF/QsFR2NxD/hHZ9KEqbdbnyT1ApRMXmoxhjaaF
VYgfBrgmN1ZfWpsa0OqBRb88jLMixOVXH4w3VP54u0lUEAWKYGKXZSui1d1ecv+H
n2sYtDV2q+C2j5mFseNX/b5mLf4eOy2QIaiJ056Z6nNkie7rG9UDK8Td0V2fCkdS
ECBI9I8ISD+aTTiI97E4BIvo/63sDTbWs30jp2RB95Wga8NH3+sKJwsidhmbWkeB
yH9q6tnXwWQX2N9DRyTrgR8fcx5xq7HayEOfhWrNkyeEYox/KMEYq23AkwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLuZT0UsvE040q0vbFOnD+qbx1k2MB8GA1UdIwQY
MBaAFNqKl4uc5dJuvKrQzLZ5GKnfMY+GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm9xWGk1emwwbTY4cXRETXRua1lxZDh4ajRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8xOGU0OGYtNTk3Mi00ZDNmLWJiNmEt
Yjc4ZGFjMzdlYWM4LzEvdTVsUFJTeThUVGpTclM5c1U2Y1A2cHZIV1RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8xOGU0OGYtNTk3Mi00ZDNmLWJiNmEtYjc4ZGFjMzdlYWM4
LzEvMm9xWGk1emwwbTY4cXRETXRua1lxZDh4ajRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDLhVYAwQD
W2tIAwQDW2tYAwQCn/18AwQCuVuEMA0GCSqGSIb3DQEBCwUAA4IBAQB4lGDzEbZ0
zRKbqq3Z2Ry+fj/wufJk2De6dowzy3w/plQrke9mPTeAoi6tvKfVe9KgL8PPYyKI
vrZuSGWz//fXdmEvVN9npLjLO9eyWh6PJiF6U0U7CyoLu0PO4jKK5W7YqNeVHQz2
IfKgMDUqChDha6kNRfzi7IQP1yTJx7ATbw7zgRFS50MQcEKj8csHb3bxFQRyu6E1
lHre6nTEON88Lkc1Azp16bWFlJ9JINDMbivi52/15wr30eMYwaRj9xkzHuqQlchX
mzp7pDsKzLxSSTna6J0ms8VDYwtgKz9QpO/sOFXt9xJLeAgCZhJFqgV3d0QK8eND
tROn3AKlTWZF
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:34:15 2025 by rpki-client