
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/pD9YdY0kZIyV4tT8Grm6rpRjhMg.roa
File: pD9YdY0kZIyV4tT8Grm6rpRjhMg.roa (raw, json)
Hash identifier: iWFl3KeSrkOlRwk9579ovrOA2IUp/1Q3ethXhdT5Cjw=
Subject key identifier: A4:3F:58:75:8D:24:64:8C:95:E2:D4:FC:1A:B9:BA:AE:94:63:84:C8
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 01999B20819F55B8A2C555A8A6D634B53C9A
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/pD9YdY0kZIyV4tT8Grm6rpRjhMg.roa
Signing time: Tue 30 Sep 2025 14:57:02 +0000
ROA not before: Tue 30 Sep 2025 14:57:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57152
IP address blocks: 185.249.200.0/24 maxlen: 24
185.249.201.0/24 maxlen: 24
185.249.202.0/24 maxlen: 24
185.249.203.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:22:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9b:20:81:9f:55:b8:a2:c5:55:a8:a6:d6:34:b5:3c:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Sep 30 14:57:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a43f58758d24648c95e2d4fc1ab9baae946384c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:f2:62:ed:28:c5:00:f0:af:e0:5a:af:1f:e4:
6b:bb:5f:71:ef:bb:00:1e:4d:99:28:d0:9e:34:fa:
59:88:31:6b:4d:27:64:60:61:c7:7b:58:1c:15:6a:
e6:4e:d4:f6:87:94:6e:e2:54:65:8d:6e:0e:32:00:
94:e2:84:02:38:93:f5:c0:3d:7b:3d:51:36:cf:03:
30:82:f5:b1:2d:5b:a4:cd:65:e3:4b:85:b1:19:67:
17:2d:a8:2b:a9:5f:ca:78:ed:cc:a1:6d:55:f0:3e:
17:b4:99:bd:bb:cc:e6:38:a4:ab:db:e5:ed:30:2a:
3c:0a:ff:67:b6:ea:73:3c:a2:41:ce:da:6d:ea:28:
ca:62:ba:40:0c:d6:f2:0a:49:aa:79:5f:0f:19:9a:
22:6b:b7:b3:2a:14:e1:fe:08:a7:36:20:23:63:4e:
b9:42:eb:48:ca:30:35:eb:16:20:bc:9e:0a:07:d8:
75:2c:de:06:4f:cd:28:7b:39:f2:08:9f:2b:1f:ec:
4f:3b:8c:bf:e7:94:99:94:00:03:b8:fb:46:dd:d6:
c2:d5:6a:05:fd:32:f9:d3:e6:d0:6a:1f:60:1e:05:
9f:03:73:0d:de:ba:91:ff:a4:97:35:96:c1:69:33:
65:34:3e:1a:be:3b:58:bc:c9:c7:5d:e7:e5:c0:51:
56:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:3F:58:75:8D:24:64:8C:95:E2:D4:FC:1A:B9:BA:AE:94:63:84:C8
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/pD9YdY0kZIyV4tT8Grm6rpRjhMg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.249.200.0/22
Signature Algorithm: sha256WithRSAEncryption
90:5d:d0:d4:58:d0:d0:c6:11:97:a7:43:71:6c:5a:39:19:ff:
1d:24:94:cc:a9:8b:7b:de:9c:6f:80:58:e8:5c:f2:5e:79:1b:
ba:83:e6:fa:bb:27:7b:f9:8d:48:b1:13:a5:06:ad:c7:78:87:
42:f6:fa:7b:15:57:1e:7b:ef:dd:4c:e7:de:2e:30:16:69:92:
a2:60:d7:7e:d0:1b:d6:8c:46:a5:0a:ed:6c:ba:fc:ff:1e:a1:
a4:c6:87:ab:cf:9d:f9:ed:db:6b:66:85:c4:86:59:bb:d3:4d:
76:19:c1:24:b0:21:ec:1c:a8:81:c8:3a:62:da:13:92:7c:0c:
68:92:90:51:30:58:db:64:ef:c0:c5:9f:f2:b5:46:55:a3:01:
bb:72:13:1a:8a:c6:b9:ce:60:ff:ca:04:b9:10:13:58:eb:e8:
e5:2d:fa:7a:20:aa:61:5f:82:25:bf:02:ea:f2:c7:11:e1:36:
c1:c1:e8:a3:fc:2c:38:dd:3a:fd:ce:90:76:3b:c8:d5:63:49:
db:48:fe:0c:18:a4:1e:48:85:83:f8:37:2d:a3:96:97:8b:00:
25:90:e2:4d:cc:ce:b2:b4:fc:cc:34:26:17:bf:d6:f6:eb:4e:
0e:7e:6f:90:0e:ac:4a:84:43:bc:20:46:a3:9a:c2:0c:73:cd:
00:de:48:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmbIIGfVbiixVWoptY0tTyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwOTMwMTQ1NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDNmNTg3NThkMjQ2NDhjOTVlMmQ0ZmMxYWI5YmFhZTk0NjM4NGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfJi7SjFAPCv4FqvH+Rru19x77sA
Hk2ZKNCeNPpZiDFrTSdkYGHHe1gcFWrmTtT2h5Ru4lRljW4OMgCU4oQCOJP1wD17
PVE2zwMwgvWxLVukzWXjS4WxGWcXLagrqV/KeO3MoW1V8D4XtJm9u8zmOKSr2+Xt
MCo8Cv9ntupzPKJBztpt6ijKYrpADNbyCkmqeV8PGZoia7ezKhTh/ginNiAjY065
QutIyjA16xYgvJ4KB9h1LN4GT80oeznyCJ8rH+xPO4y/55SZlAADuPtG3dbC1WoF
/TL50+bQah9gHgWfA3MN3rqR/6SXNZbBaTNlND4avjtYvMnHXeflwFFWcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQ/WHWNJGSMleLU/Bq5uq6UY4TIMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvcEQ5WWRZMGtaSXlWNHRUOEdybTZycFJqaE1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufnIMA0G
CSqGSIb3DQEBCwUAA4IBAQCQXdDUWNDQxhGXp0NxbFo5Gf8dJJTMqYt73pxvgFjo
XPJeeRu6g+b6uyd7+Y1IsROlBq3HeIdC9vp7FVcee+/dTOfeLjAWaZKiYNd+0BvW
jEalCu1suvz/HqGkxoerz5357dtrZoXEhlm70012GcEksCHsHKiByDpi2hOSfAxo
kpBRMFjbZO/AxZ/ytUZVowG7chMaisa5zmD/ygS5EBNY6+jlLfp6IKphX4IlvwLq
8scR4TbBweij/Cw43Tr9zpB2O8jVY0nbSP4MGKQeSIWD+Dcto5aXiwAlkOJNzM6y
tPzMNCYXv9b2604Ofm+QDqxKhEO8IEajmsIMc80A3kgs
-----END CERTIFICATE-----
Generated at Sun Oct 19 09:35:11 2025 by rpki-client