Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/9aSGIa-WEC1bN7Ni4E8-efLmGGQ.roa
File: 9aSGIa-WEC1bN7Ni4E8-efLmGGQ.roa (raw, json)
Hash identifier: 9siiR4LDQpp3LbxItU8xD6C1s0IOvLTqKZo+clC6imU=
Subject key identifier: F5:A4:86:21:AF:96:10:2D:5B:37:B3:62:E0:4F:3E:79:F2:E6:18:64
Certificate issuer: /CN=749d8a4328930b938fa86018b1e447ee4d8da8f9
Certificate serial: 0199529DDE09498CAB943B2023A3F3F55C8D
Authority key identifier: 74:9D:8A:43:28:93:0B:93:8F:A8:60:18:B1:E4:47:EE:4D:8D:A8:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dJ2KQyiTC5OPqGAYseRH7k2NqPk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/9aSGIa-WEC1bN7Ni4E8-efLmGGQ.roa
Signing time: Tue 16 Sep 2025 13:01:41 +0000
ROA not before: Tue 16 Sep 2025 13:01:41 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50837
IP address blocks: 87.120.132.0/24 maxlen: 24
94.156.66.0/24 maxlen: 24
94.156.227.0/24 maxlen: 24
212.87.206.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/dJ2KQyiTC5OPqGAYseRH7k2NqPk.crl
rsync://rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/dJ2KQyiTC5OPqGAYseRH7k2NqPk.mft
rsync://rpki.ripe.net/repository/DEFAULT/dJ2KQyiTC5OPqGAYseRH7k2NqPk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:52:9d:de:09:49:8c:ab:94:3b:20:23:a3:f3:f5:5c:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=749d8a4328930b938fa86018b1e447ee4d8da8f9
Validity
Not Before: Sep 16 13:01:41 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f5a48621af96102d5b37b362e04f3e79f2e61864
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:04:59:ff:c1:97:cc:35:85:fc:83:ef:1a:5a:
6c:93:ab:8a:3f:6b:58:c0:e5:5d:51:e7:f8:75:a5:
28:a2:a7:58:ce:ce:86:cd:53:17:02:7b:dd:ea:08:
68:1a:db:95:75:d8:b4:01:95:9c:d5:b9:e2:4d:34:
ad:a8:ba:bd:a2:15:1d:e3:5b:a7:8f:57:f3:e7:ed:
8f:d4:23:66:78:a4:e8:98:f9:a3:f7:e9:e9:8c:1b:
df:bd:1a:27:68:65:64:db:6e:fd:39:bc:a2:29:b6:
5b:40:b3:3a:ac:9a:a3:ec:67:a9:a2:60:8a:76:b2:
78:5f:29:26:f0:c5:7c:ea:4c:f6:55:10:69:36:23:
3f:d1:b4:f5:03:97:64:4c:1d:c3:65:4e:71:b3:0e:
9d:af:e1:94:2a:8f:ec:7c:ef:82:c7:4b:3c:fe:4e:
9d:de:e2:5f:25:f0:67:af:c8:78:b5:3f:46:58:00:
d6:27:76:58:97:55:c8:53:ea:e7:68:ba:24:7e:17:
7e:e9:e9:c0:c5:5f:d1:78:e6:60:df:88:c6:24:3b:
50:f5:a7:c3:6b:3d:20:ab:86:1f:4f:a7:f3:0f:e7:
8d:af:3f:6b:b3:a5:de:65:1a:06:4d:bf:0c:ed:81:
34:38:99:8b:71:35:01:79:71:a5:d0:bf:49:9e:5a:
b1:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:A4:86:21:AF:96:10:2D:5B:37:B3:62:E0:4F:3E:79:F2:E6:18:64
X509v3 Authority Key Identifier:
keyid:74:9D:8A:43:28:93:0B:93:8F:A8:60:18:B1:E4:47:EE:4D:8D:A8:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJ2KQyiTC5OPqGAYseRH7k2NqPk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/9aSGIa-WEC1bN7Ni4E8-efLmGGQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/dJ2KQyiTC5OPqGAYseRH7k2NqPk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.132.0/24
94.156.66.0/24
94.156.227.0/24
212.87.206.0/24
Signature Algorithm: sha256WithRSAEncryption
75:8e:37:7c:55:bf:6f:af:ff:b7:3b:ac:52:92:56:3f:ab:c3:
d0:51:1a:80:f0:07:2d:82:98:67:ab:58:6a:59:63:20:13:65:
87:8f:1a:0b:d6:9a:0f:19:37:f2:1e:7f:1f:ab:5e:24:46:90:
e4:1b:48:a6:e9:06:66:09:89:d0:97:f9:b4:7e:c3:9b:c3:ef:
31:92:ae:7c:de:a6:67:fe:cb:07:32:0d:6b:8b:94:fb:29:9b:
6e:f4:85:56:55:a9:c9:37:57:9d:8c:ad:46:ab:de:a5:7d:83:
b1:39:19:45:06:bf:91:d0:36:70:29:15:6c:e5:56:23:cf:54:
50:ee:c3:8f:ef:92:5f:20:20:e5:3a:c7:87:10:e8:2f:cc:8b:
ad:66:1b:51:b4:7b:fb:18:1f:6b:e5:09:36:e5:08:02:d2:b3:
a7:79:87:96:28:51:c0:74:12:5d:f5:9b:c7:07:0c:24:57:cf:
bc:5f:e1:46:63:59:aa:cd:9b:a7:dc:d8:11:69:73:93:76:b4:
46:7a:73:00:20:95:7e:bf:02:ce:bd:6c:68:8e:9f:6e:17:cb:
f4:5a:50:a0:e2:35:f5:31:ca:0e:f5:47:30:85:14:c9:46:30:
77:90:bc:96:52:ef:44:4b:cb:ba:b8:38:a7:f5:fa:34:4a:3b:
25:61:33:21
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZlSnd4JSYyrlDsgI6Pz9VyNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OWQ4YTQzMjg5MzBiOTM4ZmE4NjAxOGIxZTQ0N2VlNGQ4
ZGE4ZjkwHhcNMjUwOTE2MTMwMTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWE0ODYyMWFmOTYxMDJkNWIzN2IzNjJlMDRmM2U3OWYyZTYxODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwARZ/8GXzDWF/IPvGlpsk6uKP2tY
wOVdUef4daUooqdYzs6GzVMXAnvd6ghoGtuVddi0AZWc1bniTTStqLq9ohUd41un
j1fz5+2P1CNmeKTomPmj9+npjBvfvRonaGVk2279ObyiKbZbQLM6rJqj7GepomCK
drJ4Xykm8MV86kz2VRBpNiM/0bT1A5dkTB3DZU5xsw6dr+GUKo/sfO+Cx0s8/k6d
3uJfJfBnr8h4tT9GWADWJ3ZYl1XIU+rnaLokfhd+6enAxV/ReOZg34jGJDtQ9afD
az0gq4YfT6fzD+eNrz9rs6XeZRoGTb8M7YE0OJmLcTUBeXGl0L9JnlqxdQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPWkhiGvlhAtWzezYuBPPnny5hhkMB8GA1UdIwQY
MBaAFHSdikMokwuTj6hgGLHkR+5Njaj5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEoyS1F5aVRDNU9QcUdBWXNlUkg3azJOcVBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zZmEyMTctODVmNS00ZjE5LWI5MWUt
MDg4OWUzZWNkMWY2LzEvOWFTR0lhLVdFQzFiTjdOaTRFOC1lZkxtR0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zZmEyMTctODVmNS00ZjE5LWI5MWUtMDg4OWUzZWNkMWY2
LzEvZEoyS1F5aVRDNU9QcUdBWXNlUkg3azJOcVBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAV3iEAwQA
XpxCAwQAXpzjAwQA1FfOMA0GCSqGSIb3DQEBCwUAA4IBAQB1jjd8Vb9vr/+3O6xS
klY/q8PQURqA8Actgphnq1hqWWMgE2WHjxoL1poPGTfyHn8fq14kRpDkG0im6QZm
CYnQl/m0fsObw+8xkq583qZn/ssHMg1ri5T7KZtu9IVWVanJN1edjK1Gq96lfYOx
ORlFBr+R0DZwKRVs5VYjz1RQ7sOP75JfICDlOseHEOgvzIutZhtRtHv7GB9r5Qk2
5QgC0rOneYeWKFHAdBJd9ZvHBwwkV8+8X+FGY1mqzZun3NgRaXOTdrRGenMAIJV+
vwLOvWxojp9uF8v0WlCg4jX1McoO9UcwhRTJRjB3kLyWUu9ES8u6uDin9fo0Sjsl
YTMh
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:14 2025 by rpki-client