Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/CB8eQK5dvFg_5trPRYP6D-lZ4C8.roa
File: CB8eQK5dvFg_5trPRYP6D-lZ4C8.roa (raw, json)
Hash identifier: oDBRZ17Xn2IgxwpcmrbPa7CycpvtEalBVdW/dY6q/rg=
Subject key identifier: 08:1F:1E:40:AE:5D:BC:58:3F:E6:DA:CF:45:83:FA:0F:E9:59:E0:2F
Certificate issuer: /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial: 01999B099EB0AC2280ADCF3E315A00508041
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/CB8eQK5dvFg_5trPRYP6D-lZ4C8.roa
Signing time: Tue 30 Sep 2025 14:32:02 +0000
ROA not before: Tue 30 Sep 2025 14:32:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215070
IP address blocks: 90.156.244.0/22 maxlen: 24
90.156.244.0/24 maxlen: 24
90.156.247.0/24 maxlen: 24
2a03:720:60::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9b:09:9e:b0:ac:22:80:ad:cf:3e:31:5a:00:50:80:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Validity
Not Before: Sep 30 14:32:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=081f1e40ae5dbc583fe6dacf4583fa0fe959e02f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:5f:6b:5a:c3:06:ff:3c:cb:51:06:39:f2:6d:
ed:59:af:3c:fd:df:0e:50:81:a7:28:a5:8e:7a:5a:
3b:a6:04:9f:93:4c:3d:ea:cb:d4:ec:9f:be:b6:16:
89:f7:f4:e2:73:5e:83:b6:03:4d:e3:b6:02:9f:5c:
87:e3:48:a8:ea:3b:af:5e:3e:b1:10:f5:36:91:b8:
ca:0e:88:34:85:4e:b7:39:db:92:50:91:6d:78:e8:
b1:cb:a3:5e:25:3d:a5:cb:bc:b4:ce:cb:c6:f1:b6:
8d:c8:43:5d:37:1f:e5:4c:af:73:30:b3:fe:f1:2e:
8e:62:2e:fd:1b:a9:1e:e0:1d:6d:e7:a3:52:b7:92:
61:d8:d3:bc:ed:59:60:f2:c6:10:ff:ae:7f:0c:51:
14:c6:7a:be:47:f0:98:e2:cb:60:28:37:e2:6b:29:
0d:69:22:4c:b3:78:2b:a1:dc:63:86:d8:b1:31:b3:
e0:eb:1c:14:af:33:3d:43:44:db:71:d4:47:b5:f6:
c8:a7:3f:2d:b0:6a:54:9d:de:a7:14:be:4d:1c:ad:
69:f9:9c:1d:26:fa:15:19:ff:fc:32:89:e9:1a:0d:
33:a5:48:d8:b3:60:4a:69:fb:b9:25:b4:5e:6f:03:
64:6b:a7:0a:7a:36:b8:e1:68:81:b5:d6:e1:03:29:
f1:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:1F:1E:40:AE:5D:BC:58:3F:E6:DA:CF:45:83:FA:0F:E9:59:E0:2F
X509v3 Authority Key Identifier:
keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/CB8eQK5dvFg_5trPRYP6D-lZ4C8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
90.156.244.0/22
IPv6:
2a03:720:60::/48
Signature Algorithm: sha256WithRSAEncryption
82:27:ac:b8:6b:3b:11:75:1d:72:d8:4c:35:69:88:8f:2c:7e:
ff:ee:b4:16:16:6b:d0:70:6a:61:1d:2e:84:31:25:f0:63:f9:
1f:0d:30:12:1c:61:d0:4f:72:4d:5b:cf:c8:a7:3f:c7:e0:20:
ee:18:95:9b:da:f7:d8:b9:b9:2b:79:10:61:0f:dc:0b:f2:f2:
2d:ce:10:4c:49:cf:de:85:bc:db:76:6e:a3:d8:33:21:ee:11:
85:ce:87:cb:d8:50:32:fc:40:b0:49:8d:d7:96:65:10:04:cc:
84:6d:f3:30:b4:8d:8d:ca:4c:bc:37:87:48:b7:82:2e:e4:ad:
4c:fd:19:3a:79:89:44:fb:8a:09:12:f4:17:74:33:81:72:95:
9b:db:63:c2:c2:30:ac:bb:32:11:08:16:b4:8a:19:d6:82:59:
92:98:12:71:dd:59:e2:4a:d2:95:ba:f5:6b:3f:d0:fa:ac:1b:
ee:98:77:65:cc:aa:ef:b5:da:ad:e8:4b:6a:ec:55:67:83:ad:
f6:39:28:8b:40:9e:d8:0c:78:03:20:bc:56:e8:ce:5e:1f:a4:
8a:ba:77:60:fd:1d:ec:b9:6d:0c:cf:7a:42:e5:c5:df:06:b8:
e7:b7:4e:3c:8a:1c:5e:0a:1a:51:76:a0:80:10:b9:ee:9f:5e:
bd:88:8f:37
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZmbCZ6wrCKArc8+MVoAUIBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjUwOTMwMTQzMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODFmMWU0MGFlNWRiYzU4M2ZlNmRhY2Y0NTgzZmEwZmU5NTllMDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxV9rWsMG/zzLUQY58m3tWa88/d8O
UIGnKKWOelo7pgSfk0w96svU7J++thaJ9/Tic16DtgNN47YCn1yH40io6juvXj6x
EPU2kbjKDog0hU63OduSUJFteOixy6NeJT2ly7y0zsvG8baNyENdNx/lTK9zMLP+
8S6OYi79G6ke4B1t56NSt5Jh2NO87Vlg8sYQ/65/DFEUxnq+R/CY4stgKDfiaykN
aSJMs3grodxjhtixMbPg6xwUrzM9Q0TbcdRHtfbIpz8tsGpUnd6nFL5NHK1p+Zwd
JvoVGf/8MonpGg0zpUjYs2BKafu5JbRebwNka6cKeja44WiBtdbhAynxFQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAgfHkCuXbxYP+baz0WD+g/pWeAvMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvQ0I4ZVFLNWR2RmdfNXRyUFJZUDZELWxaNEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCWpz0MA8E
AgACMAkDBwAqAwcgAGAwDQYJKoZIhvcNAQELBQADggEBAIInrLhrOxF1HXLYTDVp
iI8sfv/utBYWa9BwamEdLoQxJfBj+R8NMBIcYdBPck1bz8inP8fgIO4YlZva99i5
uSt5EGEP3Avy8i3OEExJz96FvNt2bqPYMyHuEYXOh8vYUDL8QLBJjdeWZRAEzIRt
8zC0jY3KTLw3h0i3gi7krUz9GTp5iUT7igkS9Bd0M4FylZvbY8LCMKy7MhEIFrSK
GdaCWZKYEnHdWeJK0pW69Ws/0PqsG+6Yd2XMqu+12q3oS2rsVWeDrfY5KItAntgM
eAMgvFbozl4fpIq6d2D9Hey5bQzPekLlxd8GuOe3TjyKHF4KGlF2oIAQue6fXr2I
jzc=
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:35:59 2025 by rpki-client