Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/tD8knzvgeJUAwEq8UTcYNg70QpA.roa
File: tD8knzvgeJUAwEq8UTcYNg70QpA.roa (raw, json)
Hash identifier: Jw6GXsFP6kcp5jxx08bh4HhEAvV20JYm8uADnggpwXI=
Subject key identifier: B4:3F:24:9F:3B:E0:78:95:00:C0:4A:BC:51:37:18:36:0E:F4:42:90
Certificate issuer: /CN=f62eeb879085c94194297dd9e4cd249cd2516515
Certificate serial: 0199C7D5230190C6D98AF8CABE1BEDDD9673
Authority key identifier: F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/tD8knzvgeJUAwEq8UTcYNg70QpA.roa
Signing time: Thu 09 Oct 2025 07:17:38 +0000
ROA not before: Thu 09 Oct 2025 07:17:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214996
IP address blocks: 159.195.12.0/22 maxlen: 22
159.195.16.0/22 maxlen: 22
2a0a:4cc0:101::/48 maxlen: 48
2a0a:4cc0:101::/52 maxlen: 52
2a0a:4cc0:2000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.mft
rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c7:d5:23:01:90:c6:d9:8a:f8:ca:be:1b:ed:dd:96:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f62eeb879085c94194297dd9e4cd249cd2516515
Validity
Not Before: Oct 9 07:17:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b43f249f3be0789500c04abc513718360ef44290
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:d4:cb:3f:cb:db:6b:13:fe:e7:f0:7a:d2:5b:
52:ab:71:19:11:26:b5:bd:3a:95:07:7c:59:b7:7e:
b0:3c:ca:e8:ca:aa:62:c7:51:40:08:b3:03:d2:22:
f5:6f:43:80:60:5b:f7:3f:6a:e7:2d:9c:45:33:58:
6e:e8:df:74:47:aa:37:06:48:8c:14:01:5e:c4:f3:
2f:82:5b:45:69:80:fa:d2:79:a5:fa:5a:37:c2:ab:
2c:e7:63:fd:7a:f0:5a:9e:92:d2:ca:98:06:6f:d4:
bd:2a:ea:e3:1a:d0:42:ee:f1:cf:e4:e1:b3:02:75:
c8:69:27:98:8c:be:f5:b6:18:9c:0a:4d:9d:79:fb:
bb:4d:4c:ad:f5:48:53:92:27:eb:bd:05:2b:87:25:
4e:07:e0:6c:81:45:90:ee:28:05:e0:3d:82:5c:c2:
75:2c:7f:a2:26:90:6f:43:aa:35:34:9e:fb:d7:6e:
7e:62:6e:e0:1b:b8:0f:46:32:ca:1a:f4:07:2a:1d:
4f:e3:91:36:c3:18:c0:77:4f:8f:18:61:d2:8f:c4:
93:a1:14:cd:96:b1:21:a5:1b:63:73:b3:6f:b3:0c:
9a:3b:3c:38:c9:24:fb:04:68:3f:8c:1b:36:b9:8a:
5d:c3:73:cd:2a:b4:10:76:18:b3:80:dc:84:0f:14:
c5:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:3F:24:9F:3B:E0:78:95:00:C0:4A:BC:51:37:18:36:0E:F4:42:90
X509v3 Authority Key Identifier:
keyid:F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/tD8knzvgeJUAwEq8UTcYNg70QpA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.195.12.0-159.195.19.255
IPv6:
2a0a:4cc0:101::/48
2a0a:4cc0:2000::/48
Signature Algorithm: sha256WithRSAEncryption
75:89:ea:ad:31:26:49:5b:ea:07:84:71:2f:f5:de:4c:81:fe:
98:d2:ab:eb:be:d1:8c:e1:a7:06:c0:9b:7c:90:1b:7e:c5:ad:
d9:5d:4e:69:f3:4a:0f:ad:8a:4b:cb:97:89:6a:f3:28:03:b9:
93:a6:cd:8c:c1:53:22:54:02:95:e0:3e:36:5d:69:23:cc:99:
5f:49:26:0e:be:84:b4:18:2d:66:bc:95:79:9f:5c:d9:6c:73:
15:ef:d8:bb:e6:db:4c:4a:f5:fa:10:03:41:0f:b4:aa:dd:dc:
46:44:c6:fd:3d:12:8f:65:4a:a4:11:2a:a6:e3:97:96:1a:b9:
f5:c7:ef:8d:ac:f7:7d:65:9b:72:98:fc:03:4a:04:43:94:c3:
ee:07:9d:2e:96:6e:b2:24:c3:7b:03:9b:27:ee:d2:9b:c6:3f:
f2:81:d6:9e:b3:30:2d:19:c7:8f:c6:59:ae:c7:d7:76:4b:fb:
e9:41:6e:17:6a:8d:d2:53:b9:c3:e2:d7:4a:1d:99:de:49:a5:
83:d8:87:c2:dc:a2:b9:d6:6a:e1:0a:48:b1:ea:dd:07:52:eb:
f3:2f:86:80:f7:da:13:49:43:e2:fa:55:91:ac:cc:c7:98:de:
07:45:63:ac:96:87:cf:53:f1:c7:9b:ea:f8:b1:ba:01:b7:e1:
75:b1:b5:fa
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZnH1SMBkMbZivjKvhvt3ZZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmVlYjg3OTA4NWM5NDE5NDI5N2RkOWU0Y2QyNDljZDI1
MTY1MTUwHhcNMjUxMDA5MDcxNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDNmMjQ5ZjNiZTA3ODk1MDBjMDRhYmM1MTM3MTgzNjBlZjQ0MjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydTLP8vbaxP+5/B60ltSq3EZESa1
vTqVB3xZt36wPMroyqpix1FACLMD0iL1b0OAYFv3P2rnLZxFM1hu6N90R6o3BkiM
FAFexPMvgltFaYD60nml+lo3wqss52P9evBanpLSypgGb9S9KurjGtBC7vHP5OGz
AnXIaSeYjL71thicCk2defu7TUyt9UhTkifrvQUrhyVOB+BsgUWQ7igF4D2CXMJ1
LH+iJpBvQ6o1NJ77125+Ym7gG7gPRjLKGvQHKh1P45E2wxjAd0+PGGHSj8SToRTN
lrEhpRtjc7NvswyaOzw4yST7BGg/jBs2uYpdw3PNKrQQdhizgNyEDxTFEQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFLQ/JJ874HiVAMBKvFE3GDYO9EKQMB8GA1UdIwQY
MBaAFPYu64eQhclBlCl92eTNJJzSUWUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzIt
NWZiZjlhMjliNmUxLzEvdEQ4a256dmdlSlVBd0VxOFVUY1lOZzcwUXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzItNWZiZjlhMjliNmUx
LzEvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAUBAIAATAOMAwDBAKfwwwD
BAKfwxAwGAQCAAIwEgMHACoKTMABAQMHACoKTMAgADANBgkqhkiG9w0BAQsFAAOC
AQEAdYnqrTEmSVvqB4RxL/XeTIH+mNKr677RjOGnBsCbfJAbfsWt2V1OafNKD62K
S8uXiWrzKAO5k6bNjMFTIlQCleA+Nl1pI8yZX0kmDr6EtBgtZryVeZ9c2WxzFe/Y
u+bbTEr1+hADQQ+0qt3cRkTG/T0Sj2VKpBEqpuOXlhq59cfvjaz3fWWbcpj8A0oE
Q5TD7gedLpZusiTDewObJ+7Sm8Y/8oHWnrMwLRnHj8ZZrsfXdkv76UFuF2qN0lO5
w+LXSh2Z3kmlg9iHwtyiudZq4QpIserdB1Lr8y+GgPfaE0lD4vpVkazMx5jeB0Vj
rJaHz1Pxx5vq+LG6AbfhdbG1+g==
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:48:07 2025 by rpki-client