Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/MgiKwN-5ay_SX7gBV14IpwObPpc.roa
File: MgiKwN-5ay_SX7gBV14IpwObPpc.roa (raw, json)
Hash identifier: ZZYOOJcwsP5G4b73NL4Ryq/ZDk5dWzEXKQetkfj+MUE=
Subject key identifier: 32:08:8A:C0:DF:B9:6B:2F:D2:5F:B8:01:57:5E:08:A7:03:9B:3E:97
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 0199DFFAC8A105E0176446B97040210FB3B9
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/MgiKwN-5ay_SX7gBV14IpwObPpc.roa
Signing time: Mon 13 Oct 2025 23:49:38 +0000
ROA not before: Mon 13 Oct 2025 23:49:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33667
IP address blocks: 9.142.32.0/19 maxlen: 19
9.142.64.0/18 maxlen: 18
9.142.96.0/19 maxlen: 19
9.142.192.0/19 maxlen: 19
138.226.48.0/21 maxlen: 21
138.226.64.0/20 maxlen: 20
138.226.112.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:df:fa:c8:a1:05:e0:17:64:46:b9:70:40:21:0f:b3:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Oct 13 23:49:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=32088ac0dfb96b2fd25fb801575e08a7039b3e97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:79:dc:2e:c9:f7:54:85:a7:6d:66:6b:91:10:
e5:c8:ab:23:f7:1d:1b:4a:cf:fa:79:1d:d9:70:e7:
93:f8:2d:95:3f:fb:2e:df:21:f7:45:21:82:58:6e:
5b:7c:7c:85:98:e5:f4:0c:b7:a8:6d:27:76:70:a0:
c7:df:1d:bc:29:4e:82:dc:bf:72:7d:e2:ed:2b:a5:
ba:3d:88:14:15:4f:e5:8f:17:d7:6b:c8:a2:3a:4d:
60:c1:d1:9a:60:c1:f5:f6:20:cd:29:c7:d9:60:67:
29:28:ea:d9:37:73:b5:06:bc:f3:63:ad:f0:ec:00:
6b:54:54:b4:3e:3d:c6:7e:a1:66:ba:3f:0d:5b:73:
6a:b1:ce:33:79:cb:f5:23:d1:2c:81:43:26:11:60:
21:43:2b:16:5a:12:bc:de:4d:61:ac:37:c9:e1:de:
a1:ff:32:65:7f:cf:b8:62:54:b5:66:57:24:99:36:
74:cb:82:55:a8:88:43:45:f3:9c:41:51:0c:73:b0:
b5:7f:60:28:92:93:18:5a:53:b3:66:2a:1c:6b:74:
43:45:fc:40:53:34:b1:87:2a:70:09:6d:2f:c8:49:
71:bc:11:a1:0a:16:1c:61:2f:2d:12:cc:d0:6e:06:
5e:03:84:36:e1:ce:da:75:a7:32:14:cb:12:f2:31:
8f:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:08:8A:C0:DF:B9:6B:2F:D2:5F:B8:01:57:5E:08:A7:03:9B:3E:97
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/MgiKwN-5ay_SX7gBV14IpwObPpc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
9.142.32.0-9.142.127.255
9.142.192.0/19
138.226.48.0/21
138.226.64.0/20
138.226.112.0/21
Signature Algorithm: sha256WithRSAEncryption
62:12:19:74:9b:23:85:e5:8e:fa:26:7d:1c:c8:4e:d5:b9:2a:
d8:4d:8d:35:02:1c:4d:ea:99:81:6e:01:2e:10:43:e2:eb:38:
ca:1c:85:d0:0e:bb:0c:9e:e8:3f:c5:e5:78:44:87:67:ed:d0:
83:02:37:c8:b1:c8:27:f1:b9:99:5d:b5:7e:66:3b:fd:ad:2a:
db:8b:d0:0b:9e:a9:56:f3:cd:3d:a5:19:4b:8c:8e:da:d2:62:
3c:68:dc:78:1f:97:a5:d0:09:de:33:f7:07:92:01:a7:7d:bc:
57:96:f4:05:ee:8d:2e:e7:43:01:7b:6d:9c:76:8e:16:db:c8:
4d:4f:d8:88:fb:56:02:3a:dd:b1:6e:fb:21:c7:33:d0:da:00:
ef:74:8c:5b:2b:e3:6b:db:78:c4:1f:2a:ef:48:e9:2a:81:14:
6a:ad:89:1f:a9:4a:b9:74:bb:10:cd:4d:be:b5:5b:c3:ca:26:
8e:1a:4f:e8:74:ba:2b:3d:c1:88:18:b5:ea:60:c7:2a:60:3d:
c3:18:99:8b:9e:e9:15:ad:5c:83:b3:e6:43:79:54:a2:a6:23:
e0:97:77:8c:f6:2b:ba:d9:36:b5:27:ca:7e:14:99:99:cf:ac:
50:9e:2b:2a:24:42:56:30:b3:32:6c:99:29:f4:c6:f0:b4:5f:
f0:a9:7d:0c
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZnf+sihBeAXZEa5cEAhD7O5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjUxMDEzMjM0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjA4OGFjMGRmYjk2YjJmZDI1ZmI4MDE1NzVlMDhhNzAzOWIzZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHncLsn3VIWnbWZrkRDlyKsj9x0b
Ss/6eR3ZcOeT+C2VP/su3yH3RSGCWG5bfHyFmOX0DLeobSd2cKDH3x28KU6C3L9y
feLtK6W6PYgUFU/ljxfXa8iiOk1gwdGaYMH19iDNKcfZYGcpKOrZN3O1BrzzY63w
7ABrVFS0Pj3GfqFmuj8NW3Nqsc4zecv1I9EsgUMmEWAhQysWWhK83k1hrDfJ4d6h
/zJlf8+4YlS1ZlckmTZ0y4JVqIhDRfOcQVEMc7C1f2AokpMYWlOzZioca3RDRfxA
UzSxhypwCW0vyElxvBGhChYcYS8tEszQbgZeA4Q24c7adacyFMsS8jGPDQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDIIisDfuWsv0l+4AVdeCKcDmz6XMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvTWdpS3dOLTVheV9TWDdnQlYxNElwd09iUHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBAUJjiAD
BAcJjgADBAUJjsADBAOK4jADBASK4kADBAOK4nAwDQYJKoZIhvcNAQELBQADggEB
AGISGXSbI4XljvomfRzITtW5KthNjTUCHE3qmYFuAS4QQ+LrOMochdAOuwye6D/F
5XhEh2ft0IMCN8ixyCfxuZldtX5mO/2tKtuL0AueqVbzzT2lGUuMjtrSYjxo3Hgf
l6XQCd4z9weSAad9vFeW9AXujS7nQwF7bZx2jhbbyE1P2Ij7VgI63bFu+yHHM9Da
AO90jFsr42vbeMQfKu9I6SqBFGqtiR+pSrl0uxDNTb61W8PKJo4aT+h0uis9wYgY
tepgxypgPcMYmYue6RWtXIOz5kN5VKKmI+CXd4z2K7rZNrUnyn4UmZnPrFCeKyok
QlYwszJsmSn0xvC0X/CpfQw=
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:50:01 2025 by rpki-client