Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/N9sLVi248lesLzET0AxeXDO2qEw.roa
File: N9sLVi248lesLzET0AxeXDO2qEw.roa (raw, json)
Hash identifier: AEr+TUUHMbYIfWmLvsGEWWEQerCx07MIn7B17aAyzMg=
Subject key identifier: 37:DB:0B:56:2D:B8:F2:57:AC:2F:31:13:D0:0C:5E:5C:33:B6:A8:4C
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 0198CCF39D3073C316F53C4F465EA0D01C32
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/N9sLVi248lesLzET0AxeXDO2qEw.roa
Signing time: Thu 21 Aug 2025 14:06:14 +0000
ROA not before: Thu 21 Aug 2025 14:06:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48678
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.153.0/24 maxlen: 24
194.62.52.0/24 maxlen: 24
194.62.54.0/24 maxlen: 24
194.62.55.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 11:02:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:cc:f3:9d:30:73:c3:16:f5:3c:4f:46:5e:a0:d0:1c:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Aug 21 14:06:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=37db0b562db8f257ac2f3113d00c5e5c33b6a84c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:20:95:10:36:26:5e:e0:7c:6a:15:0f:9f:07:
5e:89:58:17:d9:c5:2a:7c:13:43:21:16:f4:1c:00:
74:fc:08:e3:a3:a5:eb:79:5c:40:77:a1:f1:cb:bb:
38:d3:17:77:a4:e7:a0:88:bf:52:13:72:66:5e:19:
d0:1e:69:d7:d7:5e:72:76:e7:2b:36:be:40:2a:e0:
f7:ed:1e:8e:40:f0:d2:08:c5:a7:53:ed:31:29:1e:
8d:97:8a:d9:73:ba:4c:8d:90:ee:a8:b2:c8:fe:eb:
85:90:a8:e9:21:5a:57:16:d8:0a:74:cc:51:f7:dc:
22:16:99:bf:fd:6d:a7:80:03:1b:8b:ec:c5:63:1d:
07:33:23:fd:3f:45:86:5f:04:ba:67:b4:2a:71:bf:
6e:95:bd:07:cf:a9:40:82:9f:c2:bd:20:c5:a3:03:
2b:17:33:f7:b1:6f:da:73:37:8e:0f:50:56:15:d5:
40:ec:d1:cc:e2:7e:d8:fa:8b:16:f8:26:70:b4:1a:
b1:67:15:48:91:0c:4a:8b:00:50:0d:39:57:a3:26:
6f:3a:e8:59:eb:f6:1f:40:a8:07:07:4a:da:0e:65:
a4:e2:82:0b:7c:72:3c:ac:90:33:56:3c:49:47:54:
48:68:ce:02:a6:43:df:5a:7e:9f:72:30:29:69:08:
1b:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:DB:0B:56:2D:B8:F2:57:AC:2F:31:13:D0:0C:5E:5C:33:B6:A8:4C
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/N9sLVi248lesLzET0AxeXDO2qEw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.254.28.0/23
193.35.152.0/23
194.62.52.0/24
194.62.54.0/23
Signature Algorithm: sha256WithRSAEncryption
a7:e1:85:fd:55:de:a3:b4:85:35:ee:81:63:d7:da:c0:1f:35:
cf:b9:d8:55:40:04:07:07:83:44:01:89:8c:14:42:e4:4c:41:
71:e7:a3:cd:ed:cf:20:ff:09:18:c9:23:b7:3b:5e:36:ee:d5:
21:6e:fa:00:e7:e8:6a:77:30:5a:84:4b:c3:c2:8f:9a:0d:3f:
a1:c5:69:b4:ce:ef:b7:46:d0:8c:4b:7a:19:65:73:ed:0f:c9:
60:29:2a:0a:60:e5:54:a4:d3:32:c8:e3:8e:45:bf:d4:a2:07:
cc:c3:12:e4:fe:eb:37:37:c5:b3:5b:4d:e7:e5:31:e2:95:41:
92:1b:f5:c7:91:9a:9f:90:b8:4c:27:1c:05:a1:32:2d:f3:ea:
39:21:d8:e9:b9:cd:a6:f0:57:57:9d:67:9a:c9:eb:f6:d6:e9:
e3:3b:3b:ac:88:a3:60:a2:2d:52:77:bd:ab:16:45:89:c2:bf:
30:da:15:80:ba:c8:99:99:2b:5d:14:ec:8a:cd:29:0d:3f:6e:
07:19:be:7e:9e:86:2c:27:db:7b:0e:f1:76:36:e0:71:82:3a:
7d:b1:6f:18:fe:bb:79:84:80:e9:05:e5:4f:d9:b8:17:28:20:
bd:18:ae:71:ac:eb:2b:15:c0:3f:e6:43:c8:67:60:83:13:9d:
77:3c:e7:1a
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZjM850wc8MW9TxPRl6g0BwyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwODIxMTQwNjE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RiMGI1NjJkYjhmMjU3YWMyZjMxMTNkMDBjNWU1YzMzYjZhODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CCVEDYmXuB8ahUPnwdeiVgX2cUq
fBNDIRb0HAB0/Ajjo6XreVxAd6Hxy7s40xd3pOegiL9SE3JmXhnQHmnX115yducr
Nr5AKuD37R6OQPDSCMWnU+0xKR6Nl4rZc7pMjZDuqLLI/uuFkKjpIVpXFtgKdMxR
99wiFpm//W2ngAMbi+zFYx0HMyP9P0WGXwS6Z7Qqcb9ulb0Hz6lAgp/CvSDFowMr
FzP3sW/aczeOD1BWFdVA7NHM4n7Y+osW+CZwtBqxZxVIkQxKiwBQDTlXoyZvOuhZ
6/YfQKgHB0raDmWk4oILfHI8rJAzVjxJR1RIaM4CpkPfWn6fcjApaQgbgQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDfbC1YtuPJXrC8xE9AMXlwztqhMMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvTjlzTFZpMjQ4bGVzTHpFVDBBeGVYRE8ycUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBABt7DED
BAJt7DADBAG5/hwDBAHBI5gDBADCPjQDBAHCPjYwDQYJKoZIhvcNAQELBQADggEB
AKfhhf1V3qO0hTXugWPX2sAfNc+52FVABAcHg0QBiYwUQuRMQXHno83tzyD/CRjJ
I7c7Xjbu1SFu+gDn6Gp3MFqES8PCj5oNP6HFabTO77dG0IxLehllc+0PyWApKgpg
5VSk0zLI445Fv9SiB8zDEuT+6zc3xbNbTeflMeKVQZIb9ceRmp+QuEwnHAWhMi3z
6jkh2Om5zabwV1edZ5rJ6/bW6eM7O6yIo2CiLVJ3vasWRYnCvzDaFYC6yJmZK10U
7IrNKQ0/bgcZvn6ehiwn23sO8XY24HGCOn2xbxj+u3mEgOkF5U/ZuBcoIL0YrnGs
6ysVwD/mQ8hnYIMTnXc85xo=
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:46:04 2025 by rpki-client