Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/VSiSzfFCqbgQybmdp43n4Yo0EaQ.roa
File: VSiSzfFCqbgQybmdp43n4Yo0EaQ.roa (raw, json)
Hash identifier: feaAiFEv7ZYxHoVwJtHe1s7HF1DbESc2FwftM2Bh4+E=
Subject key identifier: 55:28:92:CD:F1:42:A9:B8:10:C9:B9:9D:A7:8D:E7:E1:8A:34:11:A4
Certificate issuer: /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial: 0199CE1DB85282567D65C299310555AB09DB
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/VSiSzfFCqbgQybmdp43n4Yo0EaQ.roa
Signing time: Fri 10 Oct 2025 12:34:38 +0000
ROA not before: Fri 10 Oct 2025 12:34:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44559
IP address blocks: 80.242.53.0/24 maxlen: 24
84.252.71.0/24 maxlen: 24
130.193.26.0/24 maxlen: 24
146.19.87.0/24 maxlen: 24
146.19.129.0/24 maxlen: 24
193.176.20.0/24 maxlen: 24
193.176.22.0/24 maxlen: 24
193.201.9.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 16:01:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ce:1d:b8:52:82:56:7d:65:c2:99:31:05:55:ab:09:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Validity
Not Before: Oct 10 12:34:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=552892cdf142a9b810c9b99da78de7e18a3411a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:e3:37:c9:c8:33:4b:07:83:b2:96:fa:9f:f1:
8e:01:c8:32:03:fc:6a:58:00:06:33:7e:dd:56:f4:
38:e4:ee:4a:67:6b:f6:64:6f:7a:fd:13:e5:ba:df:
65:6c:0b:6f:fc:75:d9:9b:e1:9a:cb:84:c1:ab:52:
55:23:b5:f5:f9:7d:20:bb:b1:07:8e:1c:76:e1:d7:
39:94:2f:06:47:d0:90:ec:4a:90:23:7f:d7:08:8d:
b2:39:8b:25:fa:e0:16:6c:76:71:18:c1:57:ef:91:
61:c5:e7:40:d5:43:34:9a:bc:48:21:64:34:2a:a5:
50:c7:3e:60:47:07:4d:d2:ce:39:62:c1:0d:37:f1:
40:cc:5b:e2:a0:98:ff:52:91:50:aa:d1:48:63:d4:
df:71:df:f5:5f:11:97:ee:24:82:f9:d3:34:62:37:
61:8b:8c:18:99:e2:9b:c2:0c:53:e0:66:6c:25:5f:
8e:b2:9e:91:24:f9:8b:03:03:cf:3b:90:fc:0c:65:
c5:5d:bc:42:3c:a0:7c:1c:e9:36:b1:b7:40:62:50:
54:ff:aa:0b:31:b8:13:5a:e8:b6:fc:22:f8:75:f2:
f8:80:69:4d:a2:a2:3e:49:88:c0:d5:93:f6:fe:ec:
3b:1c:dd:2b:fb:d7:16:e2:39:a7:03:00:d3:5c:4e:
8f:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:28:92:CD:F1:42:A9:B8:10:C9:B9:9D:A7:8D:E7:E1:8A:34:11:A4
X509v3 Authority Key Identifier:
keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/VSiSzfFCqbgQybmdp43n4Yo0EaQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.242.53.0/24
84.252.71.0/24
130.193.26.0/24
146.19.87.0/24
146.19.129.0/24
193.176.20.0/24
193.176.22.0/24
193.201.9.0/24
Signature Algorithm: sha256WithRSAEncryption
2e:8f:7a:de:d1:6e:e6:f4:1d:04:a4:0e:39:c3:81:01:68:b9:
04:5e:bf:17:d7:30:84:98:8f:a0:3a:c6:ac:a9:b6:05:ed:73:
27:06:f0:ba:34:7f:96:3a:9a:4f:6a:66:68:e5:8b:d5:bd:c4:
70:c8:70:c6:df:60:ae:25:dc:93:27:aa:ec:5d:20:fb:68:6a:
db:9e:a7:6d:dd:25:c4:21:3c:62:fa:98:89:26:57:cd:df:46:
c3:08:68:c4:f1:cb:03:7c:0d:06:f8:5a:a6:7e:e7:08:a1:3c:
a5:dc:34:c4:f7:7e:10:82:6f:69:d2:94:c8:40:d2:bd:b8:07:
bb:00:c0:2b:ce:b1:33:fc:46:18:99:2b:00:0d:1b:e5:9f:80:
22:81:28:ac:0e:7b:6f:ef:74:86:67:8a:d3:14:46:e8:0f:5b:
2a:c2:26:42:a8:c1:66:aa:59:60:4e:b0:69:f9:a0:3d:51:2f:
9a:1a:3d:19:c1:4d:6d:f6:42:3d:27:59:d2:5b:3a:6f:04:e0:
21:c8:8a:ae:3e:1f:43:95:75:f1:58:8d:a5:d7:53:64:39:e9:
6f:60:48:d6:0c:c9:a6:45:8d:ba:05:8f:95:89:2c:db:3a:52:
c2:79:60:df:db:4a:4b:de:e0:8e:a7:b7:44:e2:38:06:59:07:
b1:f4:6b:aa
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZnOHbhSglZ9ZcKZMQVVqwnbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUxMDEwMTIzNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTI4OTJjZGYxNDJhOWI4MTBjOWI5OWRhNzhkZTdlMThhMzQxMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eM3ycgzSweDspb6n/GOAcgyA/xq
WAAGM37dVvQ45O5KZ2v2ZG96/RPlut9lbAtv/HXZm+Gay4TBq1JVI7X1+X0gu7EH
jhx24dc5lC8GR9CQ7EqQI3/XCI2yOYsl+uAWbHZxGMFX75FhxedA1UM0mrxIIWQ0
KqVQxz5gRwdN0s45YsENN/FAzFvioJj/UpFQqtFIY9Tfcd/1XxGX7iSC+dM0Yjdh
i4wYmeKbwgxT4GZsJV+Osp6RJPmLAwPPO5D8DGXFXbxCPKB8HOk2sbdAYlBU/6oL
MbgTWui2/CL4dfL4gGlNoqI+SYjA1ZP2/uw7HN0r+9cW4jmnAwDTXE6PDwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFUoks3xQqm4EMm5naeN5+GKNBGkMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvVlNpU3pmRkNxYmdReWJtZHA0M240WW8wRWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUPI1AwQA
VPxHAwQAgsEaAwQAkhNXAwQAkhOBAwQAwbAUAwQAwbAWAwQAwckJMA0GCSqGSIb3
DQEBCwUAA4IBAQAuj3re0W7m9B0EpA45w4EBaLkEXr8X1zCEmI+gOsasqbYF7XMn
BvC6NH+WOppPamZo5YvVvcRwyHDG32CuJdyTJ6rsXSD7aGrbnqdt3SXEITxi+piJ
JlfN30bDCGjE8csDfA0G+FqmfucIoTyl3DTE934Qgm9p0pTIQNK9uAe7AMArzrEz
/EYYmSsADRvln4AigSisDntv73SGZ4rTFEboD1sqwiZCqMFmqllgTrBp+aA9US+a
Gj0ZwU1t9kI9J1nSWzpvBOAhyIquPh9DlXXxWI2l11NkOelvYEjWDMmmRY26BY+V
iSzbOlLCeWDf20pL3uCOp7dE4jgGWQex9Guq
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:55:23 2025 by rpki-client