Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/gEXvMQFDNz1aGEXTxBfhGOGVeNo.roa
File: gEXvMQFDNz1aGEXTxBfhGOGVeNo.roa (raw, json)
Hash identifier: ajVAuxCTYl0Gl8xjRk/pbvxecOxPr7KE3CecnpOLH8Y=
Subject key identifier: 80:45:EF:31:01:43:37:3D:5A:18:45:D3:C4:17:E1:18:E1:95:78:DA
Certificate issuer: /CN=b05442c4ffe9c1d761e7c569360ead042438f903
Certificate serial: 019941FCEC76FEB578C40E0B08E0F9D5CBB5
Authority key identifier: B0:54:42:C4:FF:E9:C1:D7:61:E7:C5:69:36:0E:AD:04:24:38:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sFRCxP_pwddh58VpNg6tBCQ4-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/gEXvMQFDNz1aGEXTxBfhGOGVeNo.roa
Signing time: Sat 13 Sep 2025 07:31:58 +0000
ROA not before: Sat 13 Sep 2025 07:31:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50533
IP address blocks: 134.101.64.0/18 maxlen: 18
134.101.64.0/19 maxlen: 19
134.101.64.0/24 maxlen: 24
134.101.96.0/20 maxlen: 20
134.101.112.0/21 maxlen: 21
134.101.126.0/24 maxlen: 24
134.101.127.0/24 maxlen: 24
145.14.224.0/20 maxlen: 20
145.14.224.0/23 maxlen: 23
185.160.248.0/22 maxlen: 22
2a00:17f1::/32 maxlen: 32
2a00:17f4::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/sFRCxP_pwddh58VpNg6tBCQ4-QM.crl
rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/sFRCxP_pwddh58VpNg6tBCQ4-QM.mft
rsync://rpki.ripe.net/repository/DEFAULT/sFRCxP_pwddh58VpNg6tBCQ4-QM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 19:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:41:fc:ec:76:fe:b5:78:c4:0e:0b:08:e0:f9:d5:cb:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b05442c4ffe9c1d761e7c569360ead042438f903
Validity
Not Before: Sep 13 07:31:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8045ef310143373d5a1845d3c417e118e19578da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:91:17:13:c4:98:b1:e3:9d:33:5e:d6:81:ed:
e2:4c:3e:85:57:78:03:0d:d5:b1:e5:4a:7f:9e:8a:
9b:dc:0f:f2:21:17:da:ed:ab:16:df:57:d4:f6:d8:
db:30:14:3d:2a:ac:a9:a4:e9:a1:31:4e:cb:ec:ce:
57:56:1e:e9:c5:d7:96:c2:51:c7:bd:b1:af:96:7e:
ee:45:7e:e0:a2:18:f9:09:51:9a:33:1f:23:b8:70:
27:7a:74:18:88:4b:f6:5a:0a:bb:c6:af:a0:c4:8d:
c2:13:fb:ff:d2:3d:14:3a:75:35:fe:a2:f3:af:ad:
68:72:58:3a:4e:8d:79:f9:70:27:e7:11:77:30:8d:
20:30:d9:70:b0:94:ab:81:16:90:a7:f9:d7:c4:0e:
6e:cd:4c:12:92:4f:a0:d0:b5:10:d3:66:ad:20:ee:
33:fb:0a:03:c1:78:b8:c5:a5:b4:55:23:70:cd:12:
b4:9a:64:78:b4:30:6d:9b:92:44:3e:8a:3e:ae:c2:
a6:c2:d1:9e:c7:fe:b3:a9:67:32:f1:44:42:ee:e4:
6d:2b:7c:ce:86:1d:de:af:ab:ed:40:6a:f5:64:70:
e6:f2:bd:f5:56:56:90:80:a9:23:83:39:3e:5f:63:
bd:69:ff:ed:81:3e:0e:bd:f5:2b:bb:de:26:08:d4:
7f:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:45:EF:31:01:43:37:3D:5A:18:45:D3:C4:17:E1:18:E1:95:78:DA
X509v3 Authority Key Identifier:
keyid:B0:54:42:C4:FF:E9:C1:D7:61:E7:C5:69:36:0E:AD:04:24:38:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFRCxP_pwddh58VpNg6tBCQ4-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/gEXvMQFDNz1aGEXTxBfhGOGVeNo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/sFRCxP_pwddh58VpNg6tBCQ4-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
134.101.64.0/18
145.14.224.0/20
185.160.248.0/22
IPv6:
2a00:17f1::/32
2a00:17f4::/32
Signature Algorithm: sha256WithRSAEncryption
91:41:09:46:a2:da:c6:ad:b0:c0:d5:ee:25:68:75:b4:3d:08:
d7:67:54:1c:5a:0a:b8:9c:b8:ec:e0:d8:a2:35:88:13:1a:94:
5f:b5:43:81:11:90:63:dc:dd:7d:2c:92:0a:a0:8d:16:38:af:
6c:28:ad:b9:e8:2b:01:a7:52:b2:5e:dd:51:64:dd:80:fe:4c:
c9:30:fd:35:c9:c0:40:50:4d:f8:da:c9:93:0d:bd:19:6f:e7:
74:54:a1:bf:2c:9b:21:bb:dc:be:23:2c:97:36:16:ba:0d:d4:
a7:3c:1c:7a:f4:23:e0:c6:f7:b8:32:86:f2:19:69:93:7c:03:
5a:b8:84:92:ea:9b:3c:cb:4e:33:0e:1f:63:8e:b6:28:d7:ca:
ce:98:39:5f:8a:17:ba:41:d7:06:1e:8a:59:65:1e:a1:ed:a2:
73:c1:bf:3a:a3:7f:52:ad:bf:78:1f:78:ab:2e:04:f3:59:7c:
1e:fd:8b:1d:cc:54:08:fa:30:a3:b2:1a:bf:65:93:9b:fa:24:
55:f1:5f:d5:31:88:6e:d2:71:71:dd:ff:ab:c0:2b:06:56:a9:
05:6c:c8:0c:28:dc:80:2c:b2:44:07:1c:47:af:31:41:14:31:
e4:2d:6d:e4:e2:5d:f4:2e:78:13:f5:dc:8e:c2:8e:5d:05:12:
65:dd:37:b6
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZlB/Ox2/rV4xA4LCOD51cu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNTQ0MmM0ZmZlOWMxZDc2MWU3YzU2OTM2MGVhZDA0MjQz
OGY5MDMwHhcNMjUwOTEzMDczMTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDQ1ZWYzMTAxNDMzNzNkNWExODQ1ZDNjNDE3ZTExOGUxOTU3OGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJEXE8SYseOdM17Wge3iTD6FV3gD
DdWx5Up/noqb3A/yIRfa7asW31fU9tjbMBQ9KqyppOmhMU7L7M5XVh7pxdeWwlHH
vbGvln7uRX7gohj5CVGaMx8juHAnenQYiEv2Wgq7xq+gxI3CE/v/0j0UOnU1/qLz
r61oclg6To15+XAn5xF3MI0gMNlwsJSrgRaQp/nXxA5uzUwSkk+g0LUQ02atIO4z
+woDwXi4xaW0VSNwzRK0mmR4tDBtm5JEPoo+rsKmwtGex/6zqWcy8URC7uRtK3zO
hh3er6vtQGr1ZHDm8r31VlaQgKkjgzk+X2O9af/tgT4OvfUru94mCNR/OQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFIBF7zEBQzc9WhhF08QX4RjhlXjaMB8GA1UdIwQY
MBaAFLBUQsT/6cHXYefFaTYOrQQkOPkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZSQ3hQX3B3ZGRoNThWcE5nNnRCQ1E0LVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS80Yjc3ZTctMzQ3Yy00OWZhLTgwOGIt
NmVkMzMxZjMxZTA5LzEvZ0VYdk1RRkROejFhR0VYVHhCZmhHT0dWZU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS80Yjc3ZTctMzQ3Yy00OWZhLTgwOGItNmVkMzMxZjMxZTA5
LzEvc0ZSQ3hQX3B3ZGRoNThWcE5nNnRCQ1E0LVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQGhmVAAwQE
kQ7gAwQCuaD4MBQEAgACMA4DBQAqABfxAwUAKgAX9DANBgkqhkiG9w0BAQsFAAOC
AQEAkUEJRqLaxq2wwNXuJWh1tD0I12dUHFoKuJy47ODYojWIExqUX7VDgRGQY9zd
fSySCqCNFjivbCituegrAadSsl7dUWTdgP5MyTD9NcnAQFBN+NrJkw29GW/ndFSh
vyybIbvcviMslzYWug3UpzwcevQj4Mb3uDKG8hlpk3wDWriEkuqbPMtOMw4fY462
KNfKzpg5X4oXukHXBh6KWWUeoe2ic8G/OqN/Uq2/eB94qy4E81l8Hv2LHcxUCPow
o7Iav2WTm/okVfFf1TGIbtJxcd3/q8ArBlapBWzIDCjcgCyyRAccR68xQRQx5C1t
5OJd9C54E/XcjsKOXQUSZd03tg==
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:26:22 2025 by rpki-client