Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/aICCzElnzJknym2DSGk7d2QgTsw.roa
File: aICCzElnzJknym2DSGk7d2QgTsw.roa (raw, json)
Hash identifier: yaKmTcO06l/sp1/gt2jOhWZ8bbVOixF2S4MAOqEgIOQ=
Subject key identifier: 68:80:82:CC:49:67:CC:99:27:CA:6D:83:48:69:3B:77:64:20:4E:CC
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 0199D49CD2F5C8908EF767C111FC975AAE35
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/aICCzElnzJknym2DSGk7d2QgTsw.roa
Signing time: Sat 11 Oct 2025 18:51:11 +0000
ROA not before: Sat 11 Oct 2025 18:51:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48678
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.155.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:22:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:d4:9c:d2:f5:c8:90:8e:f7:67:c1:11:fc:97:5a:ae:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Oct 11 18:51:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=688082cc4967cc9927ca6d8348693b7764204ecc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:50:1d:11:54:ae:ba:9e:d1:be:6a:16:7f:9d:
8f:43:88:99:be:26:07:0e:54:c1:cb:24:e2:50:18:
e1:8c:91:db:2f:84:ba:9a:9f:62:61:c7:cd:a1:31:
11:d2:c6:21:8b:39:fd:bf:d7:f7:95:c1:0b:ce:2f:
eb:ea:1f:cc:34:e6:46:90:33:91:8b:42:98:c8:c8:
f8:b8:ef:55:aa:c1:59:c7:ff:ac:f8:0e:72:32:34:
34:20:dc:cd:e4:7e:7e:61:37:f1:19:cb:85:44:40:
a8:49:38:6b:e4:39:d4:94:c8:0a:0d:a8:8f:7d:9c:
cb:68:48:1a:51:c3:df:8d:4c:cb:0d:7c:c4:3e:0a:
70:09:f6:8b:2b:b8:8b:a1:c5:82:a1:5b:da:02:2b:
a4:20:e4:2e:10:ea:6e:1b:f2:28:e6:e1:78:32:c7:
7e:eb:b3:f8:96:6d:9c:63:5d:4e:4e:1d:4e:01:50:
c3:e6:ae:d4:13:63:5d:7b:d2:5e:ca:dd:b1:b3:89:
04:c1:4d:bc:e2:b4:95:11:02:be:54:62:cf:50:59:
3c:30:a9:d3:99:92:6a:2d:23:af:86:a3:91:a5:71:
00:03:c6:93:0e:da:91:db:f2:fe:5f:46:aa:d9:8d:
57:51:08:34:d2:e8:54:b4:60:96:9e:00:8b:72:b2:
cc:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:80:82:CC:49:67:CC:99:27:CA:6D:83:48:69:3B:77:64:20:4E:CC
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/aICCzElnzJknym2DSGk7d2QgTsw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.254.28.0/23
193.35.152.0/24
193.35.155.0/24
Signature Algorithm: sha256WithRSAEncryption
41:3f:97:0a:96:76:fe:ad:ed:3e:62:fb:6d:32:5a:1e:70:55:
d0:c7:04:81:7f:73:7c:13:1f:13:c0:2f:7d:60:2c:7b:88:a3:
18:79:d2:53:31:85:a2:f2:2a:9f:be:51:f0:6b:75:12:ba:53:
b5:0a:84:09:d7:3e:60:64:82:64:2c:65:a6:8e:7f:d1:3b:c0:
71:66:4f:fc:51:42:3a:66:81:cf:38:58:48:d4:48:7a:e7:3b:
6a:8c:c0:7e:12:ef:a9:62:04:fb:4b:ee:c6:1c:d7:87:68:cd:
bb:e0:72:82:35:0b:11:34:a8:bd:aa:fb:d4:db:ad:d6:ca:99:
b0:da:8a:37:70:d4:75:4f:fa:0d:d7:7a:3b:c0:12:e8:f8:af:
b7:46:0b:8c:e1:90:d7:e8:e1:d9:f4:e6:bb:93:21:9f:20:99:
8b:f7:85:aa:a3:d9:fb:e3:cb:4c:27:f4:6e:b7:23:fd:80:4b:
3a:f1:16:2c:a1:8b:54:f1:08:fe:0a:3f:9d:e0:9b:20:7b:ce:
4e:84:9f:12:62:bf:5f:76:e3:19:88:d9:b9:63:a3:d6:d0:f0:
25:87:b8:75:8f:16:83:3e:9c:64:dc:6b:01:5c:94:d2:c2:b0:
77:41:4d:d7:ea:8a:7f:c6:62:f3:fe:af:67:94:c1:a2:d2:b6:
a0:7c:02:6b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZnUnNL1yJCO92fBEfyXWq41MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUxMDExMTg1MTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODgwODJjYzQ5NjdjYzk5MjdjYTZkODM0ODY5M2I3NzY0MjA0ZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVAdEVSuup7RvmoWf52PQ4iZviYH
DlTByyTiUBjhjJHbL4S6mp9iYcfNoTER0sYhizn9v9f3lcELzi/r6h/MNOZGkDOR
i0KYyMj4uO9VqsFZx/+s+A5yMjQ0INzN5H5+YTfxGcuFRECoSThr5DnUlMgKDaiP
fZzLaEgaUcPfjUzLDXzEPgpwCfaLK7iLocWCoVvaAiukIOQuEOpuG/Io5uF4Msd+
67P4lm2cY11OTh1OAVDD5q7UE2Nde9Jeyt2xs4kEwU284rSVEQK+VGLPUFk8MKnT
mZJqLSOvhqORpXEAA8aTDtqR2/L+X0aq2Y1XUQg00uhUtGCWngCLcrLMAwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFGiAgsxJZ8yZJ8ptg0hpO3dkIE7MMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvYUlDQ3pFbG56SmtueW0yRFNHazdkMlFnVHN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBABt7DED
BAJt7DADBAG5/hwDBADBI5gDBADBI5swDQYJKoZIhvcNAQELBQADggEBAEE/lwqW
dv6t7T5i+20yWh5wVdDHBIF/c3wTHxPAL31gLHuIoxh50lMxhaLyKp++UfBrdRK6
U7UKhAnXPmBkgmQsZaaOf9E7wHFmT/xRQjpmgc84WEjUSHrnO2qMwH4S76liBPtL
7sYc14dozbvgcoI1CxE0qL2q+9TbrdbKmbDaijdw1HVP+g3XejvAEuj4r7dGC4zh
kNfo4dn05ruTIZ8gmYv3haqj2fvjy0wn9G63I/2ASzrxFiyhi1TxCP4KP53gmyB7
zk6EnxJiv1924xmI2bljo9bQ8CWHuHWPFoM+nGTcawFclNLCsHdBTdfqin/GYvP+
r2eUwaLStqB8Ams=
-----END CERTIFICATE-----
Generated at Sun Oct 19 09:46:05 2025 by rpki-client