Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/5a9a99-43c2-4cc8-a37b-49501a7694c4/1/gFSAApK2GHEW9co-hPvID0_Xbj0.roa
File: gFSAApK2GHEW9co-hPvID0_Xbj0.roa (raw, json)
Hash identifier: 4lamTHM9SOHzvbwgysIOqInF+Jmi38B32pNkhrQEyFY=
Subject key identifier: 80:54:80:02:92:B6:18:71:16:F5:CA:3E:84:FB:C8:0F:4F:D7:6E:3D
Certificate issuer: /CN=89dbc7156a4ee7c67d9e684767a2f4baf8a35bab
Certificate serial: 0198A75381C9D0A154A3EA656F953A0163E4
Authority key identifier: 89:DB:C7:15:6A:4E:E7:C6:7D:9E:68:47:67:A2:F4:BA:F8:A3:5B:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/idvHFWpO58Z9nmhHZ6L0uvijW6s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/5a9a99-43c2-4cc8-a37b-49501a7694c4/1/gFSAApK2GHEW9co-hPvID0_Xbj0.roa
Signing time: Thu 14 Aug 2025 06:45:24 +0000
ROA not before: Thu 14 Aug 2025 06:45:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208059
IP address blocks: 46.149.109.0/24 maxlen: 24
2a10:200::/36 maxlen: 48
2a10:200:affe::/48 maxlen: 48
2a10:200:ffa1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3c/5a9a99-43c2-4cc8-a37b-49501a7694c4/1/idvHFWpO58Z9nmhHZ6L0uvijW6s.crl
rsync://rpki.ripe.net/repository/DEFAULT/3c/5a9a99-43c2-4cc8-a37b-49501a7694c4/1/idvHFWpO58Z9nmhHZ6L0uvijW6s.mft
rsync://rpki.ripe.net/repository/DEFAULT/idvHFWpO58Z9nmhHZ6L0uvijW6s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 06:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a7:53:81:c9:d0:a1:54:a3:ea:65:6f:95:3a:01:63:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89dbc7156a4ee7c67d9e684767a2f4baf8a35bab
Validity
Not Before: Aug 14 06:45:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8054800292b6187116f5ca3e84fbc80f4fd76e3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:85:6a:18:e2:ce:02:5d:33:b1:c8:2a:05:8e:
45:ad:85:0d:80:0c:5f:95:0f:3d:be:78:de:73:03:
23:f0:94:48:fa:f2:06:bc:b9:ab:ac:9b:95:c6:c1:
1b:fd:b4:00:a7:53:37:26:d4:1d:70:8e:08:ce:dc:
67:06:ab:af:c7:01:a7:26:e4:17:6b:f0:96:61:d3:
3c:9e:a6:36:9f:b8:1b:ef:e9:3e:e6:a0:9d:72:33:
91:5f:13:22:de:cf:5e:24:50:68:ca:c5:f4:ba:32:
ef:64:0e:4e:b0:3a:4a:48:af:9d:a5:a7:42:31:fa:
9e:3a:e6:53:f8:53:03:4a:d3:17:ec:c7:d8:90:9a:
3c:27:96:81:b6:89:df:35:f4:31:d1:c3:a5:64:c3:
18:d0:2f:3f:f8:5d:47:0a:77:d2:ff:00:95:2f:bb:
1f:a1:7a:e3:63:fd:0e:6a:90:f1:c6:09:c4:20:0d:
54:e1:6e:68:17:da:80:47:85:f5:a9:58:31:69:6e:
79:c1:7d:f9:2d:46:d2:51:16:75:b0:8f:57:03:7d:
0e:d0:7a:42:07:59:d4:e5:40:ad:67:f7:96:17:17:
8d:1a:6a:14:e6:88:1d:0e:fd:8b:6c:b3:b9:4e:55:
98:c0:23:59:e2:35:63:13:90:87:24:a5:63:f6:28:
c3:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:54:80:02:92:B6:18:71:16:F5:CA:3E:84:FB:C8:0F:4F:D7:6E:3D
X509v3 Authority Key Identifier:
keyid:89:DB:C7:15:6A:4E:E7:C6:7D:9E:68:47:67:A2:F4:BA:F8:A3:5B:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/idvHFWpO58Z9nmhHZ6L0uvijW6s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/5a9a99-43c2-4cc8-a37b-49501a7694c4/1/gFSAApK2GHEW9co-hPvID0_Xbj0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/5a9a99-43c2-4cc8-a37b-49501a7694c4/1/idvHFWpO58Z9nmhHZ6L0uvijW6s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.149.109.0/24
IPv6:
2a10:200::/36
2a10:200:affe::/48
2a10:200:ffa1::/48
Signature Algorithm: sha256WithRSAEncryption
50:fe:73:b2:df:d1:95:de:a1:ad:cb:a3:1a:4c:48:8e:84:b4:
fc:88:31:1d:15:c9:b4:fc:45:77:0c:79:80:17:7c:33:1c:76:
dd:d1:5e:c9:30:a8:2d:fa:21:b2:78:d5:6c:6f:3a:92:cd:75:
d0:d9:36:4a:85:32:05:1e:62:50:19:8b:6f:1d:e3:f5:f3:61:
1b:d7:98:56:b3:0f:6f:4f:27:eb:74:8f:d8:b9:c4:0f:e1:ae:
71:df:c6:87:00:0b:c2:96:2c:86:75:6e:8d:06:c3:5c:41:dd:
74:dd:46:d0:6c:f1:b9:3f:54:66:d6:a1:83:b4:6b:26:cf:47:
ec:cc:d3:c8:9e:a8:ab:ca:14:f3:a0:34:e7:6c:85:88:c7:e9:
f9:b8:7d:b3:1f:b8:6f:0b:09:9b:b7:2c:c6:ff:35:22:05:a6:
97:2f:ea:2f:45:02:cf:0b:5f:ed:87:f5:0c:d7:d2:be:f6:b8:
67:a4:08:8b:71:60:aa:e7:2e:97:b5:28:98:8b:d1:1e:45:1d:
2d:25:cc:f5:d2:b3:22:fe:4f:19:49:a3:da:1d:fa:b8:b4:ca:
bf:fb:67:cb:e6:38:98:5c:88:33:b4:fb:e1:60:99:90:61:3a:
d5:28:f1:bb:45:d7:e6:1e:f2:7e:48:30:a3:12:43:12:ee:cb:
5e:75:03:6c
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZinU4HJ0KFUo+plb5U6AWPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZGJjNzE1NmE0ZWU3YzY3ZDllNjg0NzY3YTJmNGJhZjhh
MzViYWIwHhcNMjUwODE0MDY0NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDU0ODAwMjkyYjYxODcxMTZmNWNhM2U4NGZiYzgwZjRmZDc2ZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oVqGOLOAl0zscgqBY5FrYUNgAxf
lQ89vnjecwMj8JRI+vIGvLmrrJuVxsEb/bQAp1M3JtQdcI4IztxnBquvxwGnJuQX
a/CWYdM8nqY2n7gb7+k+5qCdcjORXxMi3s9eJFBoysX0ujLvZA5OsDpKSK+dpadC
MfqeOuZT+FMDStMX7MfYkJo8J5aBtonfNfQx0cOlZMMY0C8/+F1HCnfS/wCVL7sf
oXrjY/0OapDxxgnEIA1U4W5oF9qAR4X1qVgxaW55wX35LUbSURZ1sI9XA30O0HpC
B1nU5UCtZ/eWFxeNGmoU5ogdDv2LbLO5TlWYwCNZ4jVjE5CHJKVj9ijDtQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFIBUgAKSthhxFvXKPoT7yA9P1249MB8GA1UdIwQY
MBaAFInbxxVqTufGfZ5oR2ei9Lr4o1urMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWR2SEZXcE81OFo5bm1oSFo2TDB1dmlqVzZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy81YTlhOTktNDNjMi00Y2M4LWEzN2It
NDk1MDFhNzY5NGM0LzEvZ0ZTQUFwSzJHSEVXOWNvLWhQdklEMF9YYmowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy81YTlhOTktNDNjMi00Y2M4LWEzN2ItNDk1MDFhNzY5NGM0
LzEvaWR2SEZXcE81OFo5bm1oSFo2TDB1dmlqVzZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAMBAIAATAGAwQALpVtMCAE
AgACMBoDBgQqEAIAAAMHACoQAgCv/gMHACoQAgD/oTANBgkqhkiG9w0BAQsFAAOC
AQEAUP5zst/Rld6hrcujGkxIjoS0/IgxHRXJtPxFdwx5gBd8Mxx23dFeyTCoLfoh
snjVbG86ks110Nk2SoUyBR5iUBmLbx3j9fNhG9eYVrMPb08n63SP2LnED+Gucd/G
hwALwpYshnVujQbDXEHddN1G0GzxuT9UZtahg7RrJs9H7MzTyJ6oq8oU86A052yF
iMfp+bh9sx+4bwsJm7csxv81IgWmly/qL0UCzwtf7Yf1DNfSvva4Z6QIi3Fgqucu
l7UomIvRHkUdLSXM9dKzIv5PGUmj2h36uLTKv/tny+Y4mFyIM7T74WCZkGE61Sjx
u0XX5h7yfkgwoxJDEu7LXnUDbA==
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:09:40 2025 by rpki-client