Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/lKv9VTuUbeVALHwX5LLffZXiWZQ.roa
File: lKv9VTuUbeVALHwX5LLffZXiWZQ.roa (raw, json)
Hash identifier: QkXK3pqR7k1SpqQggKubiMioM4Ib+lqjz+VVQyAz0lc=
Subject key identifier: 94:AB:FD:55:3B:94:6D:E5:40:2C:7C:17:E4:B2:DF:7D:95:E2:59:94
Certificate issuer: /CN=480b4e6530f58db338e41d434e5c248eb8b49eb5
Certificate serial: 0199AA6D2151BC93C66FF064AF2CD477E6C6
Authority key identifier: 48:0B:4E:65:30:F5:8D:B3:38:E4:1D:43:4E:5C:24:8E:B8:B4:9E:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SAtOZTD1jbM45B1DTlwkjri0nrU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/lKv9VTuUbeVALHwX5LLffZXiWZQ.roa
Signing time: Fri 03 Oct 2025 14:15:02 +0000
ROA not before: Fri 03 Oct 2025 14:15:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44628
IP address blocks: 91.211.176.0/24 maxlen: 24
91.211.177.0/24 maxlen: 24
91.211.178.0/24 maxlen: 24
91.211.179.0/24 maxlen: 24
91.237.232.0/24 maxlen: 24
91.237.233.0/24 maxlen: 24
91.237.234.0/24 maxlen: 24
91.237.235.0/24 maxlen: 24
195.42.136.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/SAtOZTD1jbM45B1DTlwkjri0nrU.crl
rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/SAtOZTD1jbM45B1DTlwkjri0nrU.mft
rsync://rpki.ripe.net/repository/DEFAULT/SAtOZTD1jbM45B1DTlwkjri0nrU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 17:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:aa:6d:21:51:bc:93:c6:6f:f0:64:af:2c:d4:77:e6:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=480b4e6530f58db338e41d434e5c248eb8b49eb5
Validity
Not Before: Oct 3 14:15:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=94abfd553b946de5402c7c17e4b2df7d95e25994
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:15:fc:ba:3a:bc:29:a7:37:9d:3f:a3:6c:ac:
33:0f:8b:e3:45:65:34:2e:cf:85:7a:5d:50:d8:06:
18:b1:51:35:a4:d2:f8:e2:c6:a4:14:d0:0d:de:1b:
1d:a4:6c:20:57:ed:48:ba:ad:2f:8a:ba:b6:ec:1e:
c5:bf:2e:df:85:4a:12:c4:e5:ea:c0:29:c8:06:69:
88:6b:9a:0c:16:1e:b7:84:67:15:6e:6a:ee:34:88:
8c:7e:4c:b0:88:02:b9:5a:d1:62:c0:44:a8:b3:cf:
28:0a:37:41:c0:4d:1b:0f:87:84:90:8b:58:e2:d0:
10:b5:95:f3:dd:b6:1c:83:80:11:bc:f3:cf:1f:51:
af:94:bf:05:fd:55:e8:29:1a:db:28:b7:88:1b:a6:
97:30:d0:20:38:ac:e6:4e:ab:93:94:9e:55:7b:16:
13:09:c4:64:00:1d:b7:5b:ec:18:62:45:82:ae:9e:
bb:1c:a6:01:f8:96:01:98:11:e4:a5:64:80:e3:0c:
2a:6b:8c:9b:92:8d:83:2e:7c:ba:2e:e0:ec:2f:bc:
b2:57:f3:ea:27:ec:59:5a:aa:50:fc:c1:f7:e2:e0:
1a:49:04:e4:6f:39:7c:7d:10:3d:e5:0b:74:bf:7c:
94:a0:cd:42:b5:72:d2:c9:3a:65:82:20:6b:9b:92:
82:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:AB:FD:55:3B:94:6D:E5:40:2C:7C:17:E4:B2:DF:7D:95:E2:59:94
X509v3 Authority Key Identifier:
keyid:48:0B:4E:65:30:F5:8D:B3:38:E4:1D:43:4E:5C:24:8E:B8:B4:9E:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAtOZTD1jbM45B1DTlwkjri0nrU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/lKv9VTuUbeVALHwX5LLffZXiWZQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/SAtOZTD1jbM45B1DTlwkjri0nrU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.211.176.0/22
91.237.232.0/22
195.42.136.0/23
Signature Algorithm: sha256WithRSAEncryption
78:09:97:2c:11:f9:f1:0a:00:1d:2f:8f:e3:cb:c5:79:ce:6e:
02:19:0f:24:24:34:8d:40:b0:52:22:a6:50:a1:81:28:4e:d5:
57:27:aa:a4:c3:ed:3a:d9:f7:af:83:82:83:74:32:d7:d8:bf:
80:e8:2f:d9:3b:dc:5a:9c:fb:c0:1a:ad:81:29:a8:03:04:cf:
c4:ec:4a:19:c6:44:94:30:47:4f:cd:ee:01:13:bc:0b:c9:d9:
39:a8:21:7b:27:f8:64:92:55:5c:03:43:9a:db:f9:d8:b8:be:
72:a7:79:1e:81:00:61:5e:a6:b0:99:91:ab:6e:f8:ce:14:05:
be:98:75:c5:6c:f0:d8:81:0c:a3:65:0b:b6:19:ba:d3:63:40:
1f:b3:64:3a:04:fb:59:6c:96:bd:0e:a4:95:3b:ce:a4:87:d5:
62:86:15:d7:ec:48:78:1c:e4:a7:f0:77:c4:a5:b2:8c:1e:88:
30:3c:67:51:33:1c:4f:92:ea:12:2e:89:1c:e3:60:62:a4:44:
06:b1:4c:c9:64:6f:76:2c:be:f1:ed:ad:10:0b:4a:b7:b9:6f:
29:47:dd:5c:e6:50:91:fa:09:c8:dc:0c:2e:1d:58:0b:9f:a3:
dc:0d:06:7d:90:68:13:ab:69:33:67:3b:43:cf:a6:b7:4a:15:
39:5b:d2:31
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmqbSFRvJPGb/BkryzUd+bGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MGI0ZTY1MzBmNThkYjMzOGU0MWQ0MzRlNWMyNDhlYjhi
NDllYjUwHhcNMjUxMDAzMTQxNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGFiZmQ1NTNiOTQ2ZGU1NDAyYzdjMTdlNGIyZGY3ZDk1ZTI1OTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBX8ujq8Kac3nT+jbKwzD4vjRWU0
Ls+Fel1Q2AYYsVE1pNL44sakFNAN3hsdpGwgV+1Iuq0virq27B7Fvy7fhUoSxOXq
wCnIBmmIa5oMFh63hGcVbmruNIiMfkywiAK5WtFiwESos88oCjdBwE0bD4eEkItY
4tAQtZXz3bYcg4ARvPPPH1GvlL8F/VXoKRrbKLeIG6aXMNAgOKzmTquTlJ5VexYT
CcRkAB23W+wYYkWCrp67HKYB+JYBmBHkpWSA4wwqa4ybko2DLny6LuDsL7yyV/Pq
J+xZWqpQ/MH34uAaSQTkbzl8fRA95Qt0v3yUoM1CtXLSyTplgiBrm5KC/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJSr/VU7lG3lQCx8F+Sy332V4lmUMB8GA1UdIwQY
MBaAFEgLTmUw9Y2zOOQdQ05cJI64tJ61MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0F0T1pURDFqYk00NUIxRFRsd2tqcmkwbnJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8yYTcyZWUtZWMxZi00MGM2LWFkOWQt
NWE0ZGY4OTZmYzNlLzEvbEt2OVZUdVViZVZBTEh3WDVMTGZmWlhpV1pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8yYTcyZWUtZWMxZi00MGM2LWFkOWQtNWE0ZGY4OTZmYzNl
LzEvU0F0T1pURDFqYk00NUIxRFRsd2tqcmkwbnJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW9OwAwQC
W+3oAwQBwyqIMA0GCSqGSIb3DQEBCwUAA4IBAQB4CZcsEfnxCgAdL4/jy8V5zm4C
GQ8kJDSNQLBSIqZQoYEoTtVXJ6qkw+062fevg4KDdDLX2L+A6C/ZO9xanPvAGq2B
KagDBM/E7EoZxkSUMEdPze4BE7wLydk5qCF7J/hkklVcA0Oa2/nYuL5yp3kegQBh
XqawmZGrbvjOFAW+mHXFbPDYgQyjZQu2GbrTY0Afs2Q6BPtZbJa9DqSVO86kh9Vi
hhXX7Eh4HOSn8HfEpbKMHogwPGdRMxxPkuoSLokc42BipEQGsUzJZG92LL7x7a0Q
C0q3uW8pR91c5lCR+gnI3AwuHVgLn6PcDQZ9kGgTq2kzZztDz6a3ShU5W9Ix
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:43:02 2025 by rpki-client