
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/kXO0x99_6nP1a371Eg7pttPfJHY.roa
File: kXO0x99_6nP1a371Eg7pttPfJHY.roa (raw, json)
Hash identifier: NxoRiK3ObPaLHM4VYoYRvbDHfURaJYcA3ytSpI8zmP4=
Subject key identifier: 91:73:B4:C7:DF:7F:EA:73:F5:6B:7E:F5:12:0E:E9:B6:D3:DF:24:76
Certificate issuer: /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial: 0199D55C937AA8AF735046B9154A4F8C61A4
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/kXO0x99_6nP1a371Eg7pttPfJHY.roa
Signing time: Sat 11 Oct 2025 22:20:38 +0000
ROA not before: Sat 11 Oct 2025 22:20:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 194.231.132.0/22 maxlen: 22
194.231.136.0/22 maxlen: 22
194.231.152.0/22 maxlen: 22
194.231.156.0/22 maxlen: 24
194.231.192.0/22 maxlen: 22
194.231.196.0/22 maxlen: 22
194.231.200.0/22 maxlen: 22
194.231.204.0/22 maxlen: 22
194.231.208.0/22 maxlen: 22
194.231.212.0/22 maxlen: 22
194.231.220.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:d5:5c:93:7a:a8:af:73:50:46:b9:15:4a:4f:8c:61:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Validity
Not Before: Oct 11 22:20:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9173b4c7df7fea73f56b7ef5120ee9b6d3df2476
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:53:73:ee:51:64:ee:e4:70:2f:07:65:9d:86:
c9:67:9c:95:bb:28:23:7f:c3:b1:6a:f4:a5:bf:b4:
65:df:c0:ee:cd:a9:36:55:97:6b:a4:71:cb:76:84:
a5:12:a1:1f:0b:c1:15:1d:cd:ea:9f:43:ac:64:ff:
f6:83:48:f9:f9:82:dd:63:69:6e:cc:8b:22:35:7e:
a9:f9:62:de:b0:83:30:00:51:2a:1f:0c:f7:43:62:
21:0c:f8:60:bb:11:7a:ce:f5:aa:8d:6c:8a:24:2f:
7b:fc:da:6e:b2:6c:91:c1:ce:88:6d:d9:ca:29:c5:
71:e7:92:2a:81:62:59:e9:5d:26:b4:43:a2:62:39:
34:e0:f9:e4:e9:56:f8:6d:bc:52:33:57:bc:28:59:
6e:f4:ee:0d:8c:d9:51:6b:74:1f:78:42:f7:54:92:
d7:cd:5a:c6:f4:da:5e:14:a2:f9:46:61:9e:e1:0c:
c6:9c:18:9c:10:af:08:44:4a:49:ba:fd:34:d5:a6:
df:2a:00:38:94:76:5e:7e:d4:11:75:ec:8f:ea:90:
35:cd:c0:7a:1f:e6:13:b5:ae:85:33:d6:11:ab:2b:
72:1e:10:fd:f0:87:31:eb:3d:d7:54:83:25:cc:f1:
a5:51:fd:7f:a8:17:0b:c5:65:e1:6e:07:03:df:df:
e8:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:73:B4:C7:DF:7F:EA:73:F5:6B:7E:F5:12:0E:E9:B6:D3:DF:24:76
X509v3 Authority Key Identifier:
keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/kXO0x99_6nP1a371Eg7pttPfJHY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.231.132.0-194.231.139.255
194.231.152.0/21
194.231.192.0-194.231.215.255
194.231.220.0/22
Signature Algorithm: sha256WithRSAEncryption
22:0c:bc:63:c5:96:9b:f8:6b:cf:b3:8d:1c:01:3d:ca:09:e9:
a6:54:35:d2:ca:c6:e9:c7:dc:ed:40:10:5d:9b:74:0f:2d:30:
8a:62:2f:37:af:50:b7:11:74:ee:09:a1:8c:bc:46:d9:c5:d3:
c1:06:33:5f:a6:a9:78:6b:fa:fb:bf:19:25:5a:a5:c8:71:90:
c5:8a:00:5c:8a:28:82:fe:9a:09:29:ed:11:84:ea:c6:2d:23:
ca:4a:a7:59:46:63:a7:41:bb:60:73:21:ca:70:0f:e2:b8:0c:
27:16:fd:29:aa:9a:39:7b:df:d0:ef:4f:78:af:5d:12:2f:91:
32:a7:c1:aa:20:d3:e0:27:76:70:a9:42:f3:ca:47:71:11:a0:
11:a5:a6:ee:8c:b3:51:1e:c2:17:de:1e:0a:81:6a:47:17:92:
57:37:c0:f0:dd:86:ad:d2:d6:78:fe:f4:f4:9f:64:08:6d:05:
aa:b9:58:ca:aa:ef:e7:e3:e1:c0:04:b9:25:17:bb:2b:d3:05:
1d:b3:95:84:ae:94:2f:a3:4f:5c:ab:cc:a7:21:92:b6:4e:13:
ab:e7:99:88:f6:4c:5a:c9:3f:59:db:b8:b8:8a:7d:76:a8:0c:
99:c6:63:5e:dd:b7:34:45:ee:a3:ed:64:95:78:c5:c5:7b:33:
4d:11:6d:ee
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZnVXJN6qK9zUEa5FUpPjGGkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDExMjIyMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTczYjRjN2RmN2ZlYTczZjU2YjdlZjUxMjBlZTliNmQzZGYyNDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFNz7lFk7uRwLwdlnYbJZ5yVuygj
f8OxavSlv7Rl38Duzak2VZdrpHHLdoSlEqEfC8EVHc3qn0OsZP/2g0j5+YLdY2lu
zIsiNX6p+WLesIMwAFEqHwz3Q2IhDPhguxF6zvWqjWyKJC97/NpusmyRwc6IbdnK
KcVx55IqgWJZ6V0mtEOiYjk04Pnk6Vb4bbxSM1e8KFlu9O4NjNlRa3QfeEL3VJLX
zVrG9NpeFKL5RmGe4QzGnBicEK8IREpJuv001abfKgA4lHZeftQRdeyP6pA1zcB6
H+YTta6FM9YRqytyHhD98Icx6z3XVIMlzPGlUf1/qBcLxWXhbgcD39/o9QIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFJFztMfff+pz9Wt+9RIO6bbT3yR2MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEva1hPMHg5OV82blAxYTM3MUVnN3B0dFBmSkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBALC54QD
BALC54gDBAPC55gwDAMEBsLnwAMEA8Ln0AMEAsLn3DANBgkqhkiG9w0BAQsFAAOC
AQEAIgy8Y8WWm/hrz7ONHAE9ygnpplQ10srG6cfc7UAQXZt0Dy0wimIvN69QtxF0
7gmhjLxG2cXTwQYzX6apeGv6+78ZJVqlyHGQxYoAXIoogv6aCSntEYTqxi0jykqn
WUZjp0G7YHMhynAP4rgMJxb9KaqaOXvf0O9PeK9dEi+RMqfBqiDT4Cd2cKlC88pH
cRGgEaWm7oyzUR7CF94eCoFqRxeSVzfA8N2GrdLWeP709J9kCG0FqrlYyqrv5+Ph
wAS5JRe7K9MFHbOVhK6UL6NPXKvMpyGStk4Tq+eZiPZMWsk/Wdu4uIp9dqgMmcZj
Xt23NEXuo+1klXjFxXszTRFt7g==
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:43:27 2025 by rpki-client