Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/pI7XDjTTax8lwNnKoyATZH6iINk.roa
File: pI7XDjTTax8lwNnKoyATZH6iINk.roa (raw, json)
Hash identifier: KiV42z1Tt5AFA+Qqb4Fmz7NSYrfFKo/28iS+QhxS8xc=
Subject key identifier: A4:8E:D7:0E:34:D3:6B:1F:25:C0:D9:CA:A3:20:13:64:7E:A2:20:D9
Certificate issuer: /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial: 0199F18DFFB6A059F032EED2D9E122F260BE
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/pI7XDjTTax8lwNnKoyATZH6iINk.roa
Signing time: Fri 17 Oct 2025 09:43:58 +0000
ROA not before: Fri 17 Oct 2025 09:43:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207713
IP address blocks: 89.221.203.0/24 maxlen: 24
94.103.2.0/24 maxlen: 24
94.103.3.0/24 maxlen: 24
95.215.108.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f1:8d:ff:b6:a0:59:f0:32:ee:d2:d9:e1:22:f2:60:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Validity
Not Before: Oct 17 09:43:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a48ed70e34d36b1f25c0d9caa32013647ea220d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:d4:43:a7:7e:3c:1e:0f:2c:a6:fc:94:15:c2:
f0:86:88:a2:0c:30:3a:ae:66:aa:c7:82:f5:fd:a7:
21:77:39:29:fc:2f:69:7b:4e:8f:02:b2:06:10:44:
57:a0:fa:cb:aa:0f:3b:12:a9:5e:20:f5:6b:ee:9a:
5d:29:28:0a:17:6a:2b:81:f6:f2:68:ae:d2:c7:00:
1c:23:ea:f8:c0:5d:c6:2c:a5:3a:26:9a:c2:37:a3:
69:97:ad:05:79:76:34:1d:3b:aa:f2:2b:0d:be:97:
65:90:2e:6e:92:73:36:1f:b4:7d:1f:98:d6:88:28:
f9:18:ae:ac:73:a6:f8:cd:87:e6:6e:3e:a7:38:13:
d0:59:10:3f:90:28:d4:9f:d9:a3:60:05:94:90:6c:
25:89:73:a4:8e:80:91:ce:79:90:cf:3e:3b:f7:46:
d4:6b:ac:89:ae:2a:d3:e2:12:4a:c4:5e:31:6f:1e:
26:3e:3b:af:cb:33:35:84:c2:1f:6d:19:a1:0b:43:
5f:9c:fc:8e:6a:7a:69:14:aa:1a:81:4f:4a:84:fd:
62:27:a3:8b:06:0e:7d:f0:e7:23:75:70:77:73:f1:
02:2e:10:58:80:fd:3e:81:8a:7d:5d:4f:21:47:86:
11:08:31:89:7b:4b:1b:ef:b5:9f:08:c9:92:c3:28:
67:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:8E:D7:0E:34:D3:6B:1F:25:C0:D9:CA:A3:20:13:64:7E:A2:20:D9
X509v3 Authority Key Identifier:
keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/pI7XDjTTax8lwNnKoyATZH6iINk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.221.203.0/24
94.103.2.0/23
95.215.108.0/24
Signature Algorithm: sha256WithRSAEncryption
68:78:e8:d6:a6:cc:c0:dd:62:03:19:16:3d:f5:ac:5e:82:e1:
89:50:28:dd:61:90:0d:27:f1:b7:0e:84:32:d3:18:e6:c5:d0:
9f:49:57:89:d2:44:19:89:25:38:16:c0:44:b7:76:48:08:40:
64:39:bd:9b:79:ef:71:18:c6:8c:b2:5f:db:da:70:9e:45:29:
37:70:60:c5:74:67:ec:91:c7:2c:bb:b8:51:4d:06:bb:8e:85:
cb:f6:da:ce:36:b9:98:bd:51:91:ab:79:32:cf:c8:61:a1:00:
3a:ad:84:8f:78:07:9d:37:43:28:cf:c0:04:a6:19:75:e5:d1:
52:19:3e:64:be:ea:d4:58:ff:b1:08:3e:70:0d:66:94:9f:84:
6c:a5:08:7f:0d:bc:68:4d:3c:09:5d:ab:3d:92:4b:ea:3a:5f:
b7:44:39:71:c3:a9:bb:a3:f4:09:64:0c:40:f1:2f:ec:4c:9b:
76:03:f7:1b:dd:6d:4a:6c:5e:49:8c:cc:33:9d:47:ca:ef:1a:
a2:6a:d1:58:d3:d7:7a:ef:d3:1f:3b:c6:93:6a:ac:b9:6c:42:
d8:6a:fb:69:33:0d:a2:37:27:28:df:4f:41:1f:c2:50:16:8c:
ef:df:f0:4e:e2:83:03:74:d3:3a:e7:bf:61:7a:3c:e2:a1:68:
fc:82:a3:88
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnxjf+2oFnwMu7S2eEi8mC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUxMDE3MDk0MzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDhlZDcwZTM0ZDM2YjFmMjVjMGQ5Y2FhMzIwMTM2NDdlYTIyMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdRDp348Hg8spvyUFcLwhoiiDDA6
rmaqx4L1/achdzkp/C9pe06PArIGEERXoPrLqg87EqleIPVr7ppdKSgKF2orgfby
aK7SxwAcI+r4wF3GLKU6JprCN6Npl60FeXY0HTuq8isNvpdlkC5uknM2H7R9H5jW
iCj5GK6sc6b4zYfmbj6nOBPQWRA/kCjUn9mjYAWUkGwliXOkjoCRznmQzz4790bU
a6yJrirT4hJKxF4xbx4mPjuvyzM1hMIfbRmhC0NfnPyOanppFKoagU9KhP1iJ6OL
Bg598OcjdXB3c/ECLhBYgP0+gYp9XU8hR4YRCDGJe0sb77WfCMmSwyhnGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKSO1w4002sfJcDZyqMgE2R+oiDZMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvcEk3WERqVFRheDhsd05uS295QVRaSDZpSU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWd3LAwQB
XmcCAwQAX9dsMA0GCSqGSIb3DQEBCwUAA4IBAQBoeOjWpszA3WIDGRY99axeguGJ
UCjdYZANJ/G3DoQy0xjmxdCfSVeJ0kQZiSU4FsBEt3ZICEBkOb2bee9xGMaMsl/b
2nCeRSk3cGDFdGfskccsu7hRTQa7joXL9trONrmYvVGRq3kyz8hhoQA6rYSPeAed
N0Moz8AEphl15dFSGT5kvurUWP+xCD5wDWaUn4RspQh/DbxoTTwJXas9kkvqOl+3
RDlxw6m7o/QJZAxA8S/sTJt2A/cb3W1KbF5JjMwznUfK7xqiatFY09d679MfO8aT
aqy5bELYavtpMw2iNyco309BH8JQFozv3/BO4oMDdNM6579hejzioWj8gqOI
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:58:03 2025 by rpki-client