Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/mMuNhDHUSaN-3W7qaO6Hm8u40DA.roa
File: mMuNhDHUSaN-3W7qaO6Hm8u40DA.roa (raw, json)
Hash identifier: RFI70cIBANA/kk+2ZsSGD/UPxHmrw25D/iyiJJMSmG8=
Subject key identifier: 98:CB:8D:84:31:D4:49:A3:7E:DD:6E:EA:68:EE:87:9B:CB:B8:D0:30
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 0199D49CD4913330030B481EED97AA187261
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/mMuNhDHUSaN-3W7qaO6Hm8u40DA.roa
Signing time: Sat 11 Oct 2025 18:51:11 +0000
ROA not before: Sat 11 Oct 2025 18:51:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.86.6.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
193.35.155.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:22:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:d4:9c:d4:91:33:30:03:0b:48:1e:ed:97:aa:18:72:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Oct 11 18:51:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=98cb8d8431d449a37edd6eea68ee879bcbb8d030
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:67:67:86:ea:5a:d2:3e:66:f4:ee:03:dc:65:
8e:80:88:bb:e4:d2:cf:e1:75:ef:ab:a8:36:9b:1a:
48:79:6d:e2:fc:8d:51:dd:ba:35:b5:aa:ed:66:19:
f9:63:a7:ff:0a:a2:57:34:75:04:c2:82:fb:9e:a1:
db:9e:15:2c:01:b2:47:3a:ba:48:7e:3c:a2:27:f5:
ec:15:55:24:3c:ed:07:21:00:d5:5a:5c:6a:97:56:
9e:03:e2:cb:e1:46:de:ad:fe:af:4f:fe:43:9e:ff:
b1:36:d5:88:7a:51:7b:5b:87:8d:58:54:9f:33:5f:
00:63:15:29:96:ed:a7:22:9d:49:32:df:04:2a:fa:
8d:ce:91:16:4b:6e:4f:90:f4:4d:a6:5f:c7:29:fe:
ba:05:6e:1a:6c:54:6d:ff:13:bf:4a:fd:1c:1d:42:
56:0e:d9:df:0b:74:dd:c6:e5:7b:51:71:a6:e2:49:
18:a1:fa:e4:79:4d:d2:f5:8b:f3:ea:f3:5e:50:54:
e0:ef:e9:d5:b5:70:88:2d:cf:a8:cf:60:cd:bc:b8:
9d:0a:1a:cb:03:4f:33:80:d7:86:b9:84:a6:56:b2:
7a:3c:1e:8b:c1:f9:2b:13:5e:5a:7b:08:fd:91:73:
e9:09:2e:a5:c1:0a:57:00:3b:7f:a4:0c:eb:ae:1d:
03:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:CB:8D:84:31:D4:49:A3:7E:DD:6E:EA:68:EE:87:9B:CB:B8:D0:30
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/mMuNhDHUSaN-3W7qaO6Hm8u40DA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.86.6.0/24
185.254.28.0/24
193.35.155.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:c2:b5:49:62:7d:0f:55:b4:ca:21:95:4f:a6:51:01:d3:18:
83:0b:6b:c7:64:73:26:1d:44:11:34:2f:48:28:7e:f8:ab:03:
5f:8e:b1:6a:47:c2:7b:c1:fe:84:41:d6:d3:87:be:cb:56:70:
8f:29:ad:73:b1:a8:6b:59:c4:e6:9e:4c:57:a1:bd:ca:97:f4:
68:be:2d:1e:cc:ad:5b:75:aa:35:94:78:c6:10:47:40:0d:f7:
1e:16:c6:14:3b:9c:57:04:5a:c3:22:cd:fc:68:af:0c:5b:0c:
c6:28:83:55:fa:96:87:b9:1c:bd:be:1f:00:3f:54:3a:25:02:
5c:d1:2e:9a:98:d7:87:64:35:26:d1:1f:f9:71:0b:ff:73:3f:
ad:a9:db:b2:a6:5b:fb:84:a6:ce:61:c1:c3:d7:6c:75:86:76:
24:48:cf:60:74:66:12:ae:91:9d:30:bf:eb:a4:57:a3:97:e6:
8c:bd:68:2b:0c:8b:bc:7f:8d:49:fa:82:8a:fd:05:be:de:08:
bd:87:7b:e1:d5:92:80:55:39:78:1b:89:3b:cf:31:02:42:84:
eb:28:ed:e3:53:ee:e8:57:95:8c:b7:bf:04:27:43:3f:2a:f7:
21:c9:07:33:c6:34:8a:b6:9a:79:c4:e0:69:87:8d:d5:4a:94:
6d:ac:e5:5d
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZnUnNSRMzADC0ge7ZeqGHJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUxMDExMTg1MTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGNiOGQ4NDMxZDQ0OWEzN2VkZDZlZWE2OGVlODc5YmNiYjhkMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Gdnhupa0j5m9O4D3GWOgIi75NLP
4XXvq6g2mxpIeW3i/I1R3bo1tartZhn5Y6f/CqJXNHUEwoL7nqHbnhUsAbJHOrpI
fjyiJ/XsFVUkPO0HIQDVWlxql1aeA+LL4Uberf6vT/5Dnv+xNtWIelF7W4eNWFSf
M18AYxUplu2nIp1JMt8EKvqNzpEWS25PkPRNpl/HKf66BW4abFRt/xO/Sv0cHUJW
DtnfC3TdxuV7UXGm4kkYofrkeU3S9Yvz6vNeUFTg7+nVtXCILc+oz2DNvLidChrL
A08zgNeGuYSmVrJ6PB6LwfkrE15aewj9kXPpCS6lwQpXADt/pAzrrh0DywIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJjLjYQx1Emjft1u6mjuh5vLuNAwMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvbU11TmhESFVTYU4tM1c3cWFPNkhtOHU0MERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBABt7DED
BAJt7DADBAC5VgYDBAC5/hwDBADBI5swDQYJKoZIhvcNAQELBQADggEBAC3CtUli
fQ9VtMohlU+mUQHTGIMLa8dkcyYdRBE0L0gofvirA1+OsWpHwnvB/oRB1tOHvstW
cI8prXOxqGtZxOaeTFehvcqX9Gi+LR7MrVt1qjWUeMYQR0AN9x4WxhQ7nFcEWsMi
zfxorwxbDMYog1X6loe5HL2+HwA/VDolAlzRLpqY14dkNSbRH/lxC/9zP62p27Km
W/uEps5hwcPXbHWGdiRIz2B0ZhKukZ0wv+ukV6OX5oy9aCsMi7x/jUn6gor9Bb7e
CL2He+HVkoBVOXgbiTvPMQJChOso7eNT7uhXlYy3vwQnQz8q9yHJBzPGNIq2mnnE
4GmHjdVKlG2s5V0=
-----END CERTIFICATE-----
Generated at Sun Oct 19 09:42:12 2025 by rpki-client