Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/1-MFDZPvcg14szUoUt8YozmzQyaw.roa
File: 1-MFDZPvcg14szUoUt8YozmzQyaw.roa (raw, json)
Hash identifier: JKNKnFMpymJtOyd+HlPvXCooJARtJVCHVGSPrxTOOc4=
Subject key identifier: F8:C1:43:64:FB:DC:83:5E:2C:CD:4A:14:B7:C6:28:CE:6C:D0:C9:AC
Certificate issuer: /CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Certificate serial: 0199E6D6C1C8C632624B083D997FEA379BD2
Authority key identifier: 57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/1-MFDZPvcg14szUoUt8YozmzQyaw.roa
Signing time: Wed 15 Oct 2025 07:47:38 +0000
ROA not before: Wed 15 Oct 2025 07:47:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211261
IP address blocks: 5.253.156.0/24 maxlen: 24
5.253.157.0/24 maxlen: 24
5.253.159.0/24 maxlen: 24
91.210.126.0/24 maxlen: 24
185.146.67.0/24 maxlen: 24
185.210.193.0/24 maxlen: 24
185.210.195.0/24 maxlen: 24
185.218.160.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.mft
rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 19:01:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e6:d6:c1:c8:c6:32:62:4b:08:3d:99:7f:ea:37:9b:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Validity
Not Before: Oct 15 07:47:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f8c14364fbdc835e2ccd4a14b7c628ce6cd0c9ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:63:45:33:90:7b:a5:89:f5:02:dc:df:d2:d6:
fa:02:73:3b:64:78:92:24:d9:c5:01:30:50:72:87:
de:2a:50:a7:9a:4f:30:49:c0:b7:3e:22:08:93:10:
e5:70:dc:96:57:91:d5:a7:86:1c:9f:bf:16:41:48:
b2:6d:01:ec:28:ec:83:ff:f7:ac:3b:37:3a:af:db:
8d:b1:24:7e:3f:f2:80:22:cf:a2:70:79:89:4b:bd:
58:f8:45:35:5f:66:36:ef:e3:7b:01:7b:37:fa:dd:
58:be:37:cc:b0:50:a4:ef:79:c6:f8:11:2a:d1:b3:
29:82:8d:fe:5b:a9:e1:7c:84:ed:4f:45:c2:c5:7d:
b1:61:fd:f3:33:eb:91:43:d3:1c:08:7e:63:1b:52:
19:fd:f8:3b:83:56:00:c1:60:35:d2:75:ad:c5:ae:
75:55:9d:03:98:7d:b3:f3:ff:7f:a8:05:53:db:24:
70:39:f9:90:36:84:71:12:af:41:cc:88:29:50:7b:
10:68:8c:67:6b:53:a8:ec:2f:70:0d:d0:de:af:57:
c0:dd:e2:82:e5:85:fa:ce:c3:7d:6a:ba:d7:c3:01:
4b:25:ba:da:2b:f2:31:e4:da:07:47:06:1b:b7:37:
31:34:0e:dc:3b:08:6c:f0:b0:36:0c:93:f9:78:ae:
17:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:C1:43:64:FB:DC:83:5E:2C:CD:4A:14:B7:C6:28:CE:6C:D0:C9:AC
X509v3 Authority Key Identifier:
keyid:57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/1-MFDZPvcg14szUoUt8YozmzQyaw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.156.0/23
5.253.159.0/24
91.210.126.0/24
185.146.67.0/24
185.210.193.0/24
185.210.195.0/24
185.218.160.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:44:79:f0:63:f1:8a:d5:0b:f2:6e:da:e8:46:ac:e0:d1:a7:
bc:fb:cc:a2:e4:ef:63:eb:bc:52:16:55:b8:b0:99:5c:14:ee:
1f:1a:d5:2c:73:49:89:bb:25:ae:ba:85:5c:ef:66:29:c5:ef:
32:80:ed:b7:0e:b4:f8:05:89:d2:3c:30:74:2c:27:bc:d0:98:
1d:96:75:1d:74:dc:cf:de:1a:14:c6:4f:eb:4a:53:34:3b:7d:
4c:86:38:d5:f7:63:35:26:32:53:58:af:1e:dc:46:5a:a9:72:
55:c6:1a:e6:a8:7f:ed:f8:25:37:97:a4:f0:ad:f1:8b:eb:38:
0e:60:c0:c2:29:38:f9:02:ca:88:df:b9:be:43:c2:a2:84:fb:
d6:4d:09:aa:fa:57:42:ac:d6:9a:ae:04:36:db:2d:e3:06:3e:
4a:f1:27:1c:60:cd:39:6a:36:3f:ba:4c:d4:d2:d3:0e:d6:a1:
5c:3c:49:79:de:39:31:e7:07:1e:28:46:1a:2f:c0:92:bf:e9:
59:a9:ce:19:bf:6b:63:fe:dd:3f:8c:97:44:45:58:e4:9f:01:
d4:c9:d3:2a:da:e2:2a:2c:74:2c:32:57:1a:c4:21:1b:ed:99:
ff:a3:31:90:b2:54:17:0d:03:62:d8:a1:d5:ed:d1:84:af:0b:
4a:d2:45:e1
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZnm1sHIxjJiSwg9mX/qN5vSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzAyMWRjZGY0NGI2YWZkZDM4MTA1NDdjNTVhNzliZDFh
OWZhM2IwHhcNMjUxMDE1MDc0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGMxNDM2NGZiZGM4MzVlMmNjZDRhMTRiN2M2MjhjZTZjZDBjOWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6WNFM5B7pYn1Atzf0tb6AnM7ZHiS
JNnFATBQcofeKlCnmk8wScC3PiIIkxDlcNyWV5HVp4Ycn78WQUiybQHsKOyD//es
Ozc6r9uNsSR+P/KAIs+icHmJS71Y+EU1X2Y27+N7AXs3+t1YvjfMsFCk73nG+BEq
0bMpgo3+W6nhfITtT0XCxX2xYf3zM+uRQ9McCH5jG1IZ/fg7g1YAwWA10nWtxa51
VZ0DmH2z8/9/qAVT2yRwOfmQNoRxEq9BzIgpUHsQaIxna1Oo7C9wDdDer1fA3eKC
5YX6zsN9arrXwwFLJbraK/Ix5NoHRwYbtzcxNA7cOwhs8LA2DJP5eK4XZwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFPjBQ2T73INeLM1KFLfGKM5s0MmsMB8GA1UdIwQY
MBaAFFdwIdzfRLav3TgQVHxVp5vRqfo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQt
YzkwN2FlMWMyMTFlLzEvMS1NRkRaUHZjZzE0c3pVb1V0OFlvem16UXlhdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTkvMGFjMjdhLTIxNTktNDhkNy04YmZkLWM5MDdhZTFjMjEx
ZS8xL1YzQWgzTjlFdHFfZE9CQlVmRldubTlHcC1qcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBDBggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAQX9nAME
AAX9nwMEAFvSfgMEALmSQwMEALnSwQMEALnSwwMEALnaoDANBgkqhkiG9w0BAQsF
AAOCAQEAfUR58GPxitUL8m7a6Eas4NGnvPvMouTvY+u8UhZVuLCZXBTuHxrVLHNJ
ibslrrqFXO9mKcXvMoDttw60+AWJ0jwwdCwnvNCYHZZ1HXTcz94aFMZP60pTNDt9
TIY41fdjNSYyU1ivHtxGWqlyVcYa5qh/7fglN5ek8K3xi+s4DmDAwik4+QLKiN+5
vkPCooT71k0JqvpXQqzWmq4ENtst4wY+SvEnHGDNOWo2P7pM1NLTDtahXDxJed45
MecHHihGGi/Akr/pWanOGb9rY/7dP4yXREVY5J8B1MnTKtriKix0LDJXGsQhG+2Z
/6MxkLJUFw0DYtih1e3RhK8LStJF4Q==
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:05:37 2025 by rpki-client