Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/DnNAXyr4mJbh9D2dH8b-Eqlp6x0.roa
File: DnNAXyr4mJbh9D2dH8b-Eqlp6x0.roa (raw, json)
Hash identifier: cdWRTytNkhNuFkycWb/FtgfNdkALU3YMBn7zWtYw/bY=
Subject key identifier: 0E:73:40:5F:2A:F8:98:96:E1:F4:3D:9D:1F:C6:FE:12:A9:69:EB:1D
Certificate issuer: /CN=922a1a67e2da7112d4559cd8dbd8141f8f3277e8
Certificate serial: 01996EDA998DC1CAF82E7D6D68F1731BF119
Authority key identifier: 92:2A:1A:67:E2:DA:71:12:D4:55:9C:D8:DB:D8:14:1F:8F:32:77:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/DnNAXyr4mJbh9D2dH8b-Eqlp6x0.roa
Signing time: Mon 22 Sep 2025 00:37:23 +0000
ROA not before: Mon 22 Sep 2025 00:37:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56457
IP address blocks: 176.119.210.0/24 maxlen: 24
185.201.254.0/24 maxlen: 24
194.48.152.0/24 maxlen: 24
2a06:5780::/29 maxlen: 32
2a13:5a00::/30 maxlen: 30
2a13:5a04::/31 maxlen: 31
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.crl
rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.mft
rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:6e:da:99:8d:c1:ca:f8:2e:7d:6d:68:f1:73:1b:f1:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=922a1a67e2da7112d4559cd8dbd8141f8f3277e8
Validity
Not Before: Sep 22 00:37:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0e73405f2af89896e1f43d9d1fc6fe12a969eb1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:a5:c2:37:0e:da:24:8e:60:f3:09:31:ba:60:
18:1f:c4:fc:20:30:73:35:e0:79:83:3e:63:29:45:
a4:61:23:de:c9:a4:bc:a1:87:c2:e1:8e:ef:ba:1b:
0a:1b:8c:ee:6f:01:77:6b:34:3a:6b:03:25:3f:81:
41:9d:ef:98:ab:6d:47:9b:a9:13:d4:b9:6f:25:fb:
43:bf:33:d1:47:be:a3:47:6c:4b:34:f3:99:64:dd:
e1:fe:70:fd:a3:02:b8:8a:04:91:0f:44:4e:00:cc:
de:87:eb:98:a6:76:8a:94:2b:be:b2:73:36:9c:5e:
3f:49:e8:ad:3b:4b:a2:ff:7d:b8:3f:ec:80:28:1f:
91:20:b4:70:c7:ee:c1:bc:9c:77:ff:38:ce:89:e3:
60:7d:fe:be:16:7a:25:97:1d:a4:8e:90:30:bf:6f:
07:47:e5:32:28:e5:cb:fd:57:e7:56:4f:de:aa:e9:
39:14:59:2e:73:59:ff:c6:19:29:d6:72:d2:9a:d6:
d6:32:32:b2:66:d7:fd:ff:ed:c5:cf:84:87:54:40:
43:a6:e1:45:dd:38:10:21:76:5b:15:70:a9:14:62:
49:25:28:48:87:bb:7b:2d:ff:f3:af:31:11:c5:7c:
9a:18:8d:df:a9:74:83:2d:b8:cf:fc:ca:dd:f0:28:
bb:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:73:40:5F:2A:F8:98:96:E1:F4:3D:9D:1F:C6:FE:12:A9:69:EB:1D
X509v3 Authority Key Identifier:
keyid:92:2A:1A:67:E2:DA:71:12:D4:55:9C:D8:DB:D8:14:1F:8F:32:77:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/DnNAXyr4mJbh9D2dH8b-Eqlp6x0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.119.210.0/24
185.201.254.0/24
194.48.152.0/24
IPv6:
2a06:5780::/29
2a13:5a00::-2a13:5a05:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
5f:49:62:6c:cc:1c:ec:ee:17:59:63:37:c7:3c:ec:00:52:b2:
79:18:18:94:e0:2d:ed:b4:7d:ab:e1:38:93:3e:b6:db:c3:12:
ac:3b:06:21:8e:81:c2:b5:b5:95:dd:da:c6:46:b8:c8:ce:17:
3a:a1:e6:b3:3c:96:8a:4c:1c:9e:87:ee:bd:b0:d0:cc:f3:ad:
7c:d8:ad:ff:22:93:c3:d6:2b:68:1a:cc:7b:c4:c9:40:b5:0d:
e0:5e:fa:cd:4a:81:75:64:3b:9d:1d:ba:72:a5:99:92:49:5a:
09:b1:48:be:a4:92:02:dd:ce:c1:f7:e1:17:e8:6e:ad:73:b0:
7d:9a:d1:86:b6:9f:4b:2b:f4:23:94:f8:80:01:61:45:1c:1b:
77:26:cf:1d:65:f5:b8:51:1c:f4:8d:a1:e2:e7:70:0d:fc:53:
80:9a:84:e8:24:b5:82:b0:a3:38:f3:a5:45:d7:86:93:0e:91:
4b:99:da:85:c6:bc:4f:9e:44:b3:3d:b1:eb:84:97:2b:03:cf:
ba:aa:2a:e1:13:3c:06:de:d2:cd:d2:90:09:c5:af:89:79:ba:
bc:a9:0c:e1:9c:ba:2b:15:90:fa:24:fb:27:76:4e:41:2a:56:
02:f4:3d:6e:bf:2f:f8:27:4c:69:16:23:8b:80:2a:96:07:2b:
3e:ba:c2:4f
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZlu2pmNwcr4Ln1taPFzG/EZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMmExYTY3ZTJkYTcxMTJkNDU1OWNkOGRiZDgxNDFmOGYz
Mjc3ZTgwHhcNMjUwOTIyMDAzNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTczNDA1ZjJhZjg5ODk2ZTFmNDNkOWQxZmM2ZmUxMmE5NjllYjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qXCNw7aJI5g8wkxumAYH8T8IDBz
NeB5gz5jKUWkYSPeyaS8oYfC4Y7vuhsKG4zubwF3azQ6awMlP4FBne+Yq21Hm6kT
1LlvJftDvzPRR76jR2xLNPOZZN3h/nD9owK4igSRD0ROAMzeh+uYpnaKlCu+snM2
nF4/SeitO0ui/324P+yAKB+RILRwx+7BvJx3/zjOieNgff6+Fnollx2kjpAwv28H
R+UyKOXL/VfnVk/equk5FFkuc1n/xhkp1nLSmtbWMjKyZtf9/+3Fz4SHVEBDpuFF
3TgQIXZbFXCpFGJJJShIh7t7Lf/zrzERxXyaGI3fqXSDLbjP/Mrd8Ci7gwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFA5zQF8q+JiW4fQ9nR/G/hKpaesdMB8GA1UdIwQY
MBaAFJIqGmfi2nES1FWc2NvYFB+PMnfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lvYVotTGFjUkxVVlp6WTI5Z1VINDh5ZC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZGFjMzAtODU3MC00N2IyLWIyNmEt
N2YzYTQyODE3MWM3LzEvRG5OQVh5cjRtSmJoOUQyZEg4Yi1FcWxwNngwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZGFjMzAtODU3MC00N2IyLWIyNmEtN2YzYTQyODE3MWM3
LzEva2lvYVotTGFjUkxVVlp6WTI5Z1VINDh5ZC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAYBAIAATASAwQAsHfSAwQA
ucn+AwQAwjCYMBwEAgACMBYDBQMqBleAMA0DBAEqE1oDBQEqE1oEMA0GCSqGSIb3
DQEBCwUAA4IBAQBfSWJszBzs7hdZYzfHPOwAUrJ5GBiU4C3ttH2r4TiTPrbbwxKs
OwYhjoHCtbWV3drGRrjIzhc6oeazPJaKTByeh+69sNDM86182K3/IpPD1itoGsx7
xMlAtQ3gXvrNSoF1ZDudHbpypZmSSVoJsUi+pJIC3c7B9+EX6G6tc7B9mtGGtp9L
K/QjlPiAAWFFHBt3Js8dZfW4URz0jaHi53AN/FOAmoToJLWCsKM486VF14aTDpFL
mdqFxrxPnkSzPbHrhJcrA8+6qirhEzwG3tLN0pAJxa+Jebq8qQzhnLorFZD6JPsn
dk5BKlYC9D1uvy/4J0xpFiOLgCqWBys+usJP
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:57:33 2025 by rpki-client