Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/mPzH1GA4mIzy3_pZzvXV4kQe-Yc.roa
File: mPzH1GA4mIzy3_pZzvXV4kQe-Yc.roa (raw, json)
Hash identifier: yzXoljoSrOILZSxkJrlaugQIVos/dTr3tT0FKrN5vnM=
Subject key identifier: 98:FC:C7:D4:60:38:98:8C:F2:DF:FA:59:CE:F5:D5:E2:44:1E:F9:87
Certificate issuer: /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial: 0199F1B0CA15F20FEE12690D6C8F55E0BEC8
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/mPzH1GA4mIzy3_pZzvXV4kQe-Yc.roa
Signing time: Fri 17 Oct 2025 10:21:58 +0000
ROA not before: Fri 17 Oct 2025 10:21:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13335
IP address blocks: 138.226.234.0/24 maxlen: 24
216.163.179.0/24 maxlen: 24
2a14:a087::/48 maxlen: 48
2a14:a087:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f1:b0:ca:15:f2:0f:ee:12:69:0d:6c:8f:55:e0:be:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Validity
Not Before: Oct 17 10:21:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=98fcc7d46038988cf2dffa59cef5d5e2441ef987
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:77:6f:14:05:eb:94:77:6e:e9:a3:0d:a5:dd:
9e:95:0c:cf:54:c6:76:5b:e5:61:47:92:1d:b1:40:
98:55:a3:18:25:a9:7a:ec:f2:e1:03:64:70:90:eb:
b5:62:2f:c8:65:34:08:ae:11:34:15:f8:57:3f:e9:
14:ad:a2:5c:28:5a:57:ca:3b:09:a8:1c:0e:29:08:
2f:10:78:e2:37:1c:b9:e6:fc:ee:c1:7d:8e:e2:87:
c5:ad:8a:e1:4f:d4:41:e6:18:88:5b:04:7c:94:10:
df:3d:06:cf:e4:06:d3:9c:c2:be:e9:9e:89:e8:4c:
fb:15:82:9d:7e:92:9b:4b:07:37:94:f2:e3:2a:d7:
4e:93:23:3e:7a:b4:30:b7:92:f4:16:b7:68:9c:b7:
6d:ea:36:00:d2:f5:45:ad:1e:2c:04:2c:f3:ac:93:
c5:67:b7:63:b4:57:8d:e1:1c:dc:4d:30:69:72:aa:
79:26:cd:0d:a5:81:00:cc:d6:9e:cd:ff:68:3a:0f:
9d:a4:f2:e7:e1:e6:79:41:78:5f:c7:35:2c:fc:c3:
05:50:76:16:24:b2:c8:cb:31:56:fa:cf:48:1e:cc:
f4:76:31:d5:94:4d:7e:5e:13:f1:95:e5:3a:c8:ee:
c8:c1:ac:f9:11:8e:37:e4:b9:af:b0:2a:b0:bd:1b:
e9:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:FC:C7:D4:60:38:98:8C:F2:DF:FA:59:CE:F5:D5:E2:44:1E:F9:87
X509v3 Authority Key Identifier:
keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/mPzH1GA4mIzy3_pZzvXV4kQe-Yc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.226.234.0/24
216.163.179.0/24
IPv6:
2a14:a087::/47
Signature Algorithm: sha256WithRSAEncryption
a0:6d:81:e4:a2:a7:3c:49:2f:07:bd:d4:0c:55:f4:57:1d:5e:
82:07:7b:fe:2a:86:53:f1:8e:00:5d:41:1f:02:d9:0d:72:c0:
80:07:fd:00:81:ee:96:08:b2:f9:94:ea:a7:6b:99:71:05:be:
1a:ea:ad:0b:70:32:12:ae:9c:6c:f1:fb:f1:f2:fd:52:61:fa:
5f:80:44:f6:3a:f4:80:e1:64:3e:b0:2e:e9:22:2c:c2:57:52:
13:f9:e7:a3:6b:95:32:70:62:cc:49:c1:a5:bd:88:97:9b:29:
9c:86:c2:d9:4a:75:98:7f:83:2a:bc:8c:72:54:61:24:eb:5d:
92:c0:b3:e7:d4:ec:8e:8e:6b:bc:59:97:ad:5c:86:08:a2:2e:
2d:24:23:01:58:5c:07:55:63:77:3a:f6:5b:63:15:05:84:84:
41:9b:32:2f:4d:41:7e:c0:1c:3d:21:47:13:87:29:f1:ca:d7:
a7:1e:48:bc:7e:85:d8:fe:c9:d3:40:53:b9:53:54:1f:d2:84:
af:8b:93:ca:34:1f:eb:8e:87:6f:46:d7:a1:c5:9c:2f:23:57:
2f:8c:99:63:b1:b4:3a:4e:51:ec:74:09:14:3a:bd:18:fc:4a:
62:60:fe:bd:27:1d:e7:e9:6d:b1:af:66:42:e0:c2:80:af:c9:
e7:fe:9a:c0
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZnxsMoV8g/uEmkNbI9V4L7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjUxMDE3MTAyMTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGZjYzdkNDYwMzg5ODhjZjJkZmZhNTljZWY1ZDVlMjQ0MWVmOTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXdvFAXrlHdu6aMNpd2elQzPVMZ2
W+VhR5IdsUCYVaMYJal67PLhA2RwkOu1Yi/IZTQIrhE0FfhXP+kUraJcKFpXyjsJ
qBwOKQgvEHjiNxy55vzuwX2O4ofFrYrhT9RB5hiIWwR8lBDfPQbP5AbTnMK+6Z6J
6Ez7FYKdfpKbSwc3lPLjKtdOkyM+erQwt5L0FrdonLdt6jYA0vVFrR4sBCzzrJPF
Z7djtFeN4RzcTTBpcqp5Js0NpYEAzNaezf9oOg+dpPLn4eZ5QXhfxzUs/MMFUHYW
JLLIyzFW+s9IHsz0djHVlE1+XhPxleU6yO7Iwaz5EY435LmvsCqwvRvpIQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJj8x9RgOJiM8t/6Wc711eJEHvmHMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvbVB6SDFHQTRtSXp5M19wWnp2WFY0a1FlLVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAiuLqAwQA
2KOzMA8EAgACMAkDBwEqFKCHAAAwDQYJKoZIhvcNAQELBQADggEBAKBtgeSipzxJ
Lwe91AxV9FcdXoIHe/4qhlPxjgBdQR8C2Q1ywIAH/QCB7pYIsvmU6qdrmXEFvhrq
rQtwMhKunGzx+/Hy/VJh+l+ARPY69IDhZD6wLukiLMJXUhP556NrlTJwYsxJwaW9
iJebKZyGwtlKdZh/gyq8jHJUYSTrXZLAs+fU7I6Oa7xZl61chgiiLi0kIwFYXAdV
Y3c69ltjFQWEhEGbMi9NQX7AHD0hRxOHKfHK16ceSLx+hdj+ydNAU7lTVB/ShK+L
k8o0H+uOh29G16HFnC8jVy+MmWOxtDpOUex0CRQ6vRj8SmJg/r0nHefpbbGvZkLg
woCvyef+msA=
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:09:11 2025 by rpki-client