Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/GUuXsw6txnCm9W8sDUIP_a6aFwM.roa
File: GUuXsw6txnCm9W8sDUIP_a6aFwM.roa (raw, json)
Hash identifier: mLyS2fJ3tXy0aEM0+FIcWymoTZU1igPMELiifRZehM0=
Subject key identifier: 19:4B:97:B3:0E:AD:C6:70:A6:F5:6F:2C:0D:42:0F:FD:AE:9A:17:03
Certificate issuer: /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial: 01997642A6D61CB6B333B5255B58076E4EB3
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/GUuXsw6txnCm9W8sDUIP_a6aFwM.roa
Signing time: Tue 23 Sep 2025 11:08:23 +0000
ROA not before: Tue 23 Sep 2025 11:08:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211415
IP address blocks: 5.252.186.0/24 maxlen: 24
31.40.232.0/22 maxlen: 24
45.11.152.0/24 maxlen: 24
45.11.153.0/24 maxlen: 24
45.147.153.0/24 maxlen: 24
45.147.154.0/24 maxlen: 24
45.147.155.0/24 maxlen: 24
194.121.59.0/24 maxlen: 24
194.124.144.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:76:42:a6:d6:1c:b6:b3:33:b5:25:5b:58:07:6e:4e:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
Validity
Not Before: Sep 23 11:08:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=194b97b30eadc670a6f56f2c0d420ffdae9a1703
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:f9:6a:69:32:2b:16:dc:ec:f3:5d:0d:55:78:
bd:fe:a7:c4:a1:f3:06:ff:f9:bc:b4:d7:65:db:0d:
f3:80:c6:fb:1e:84:2a:a6:f3:82:32:ab:65:3e:aa:
29:6f:c6:04:59:c9:26:1d:ff:0a:38:b1:e9:b7:c9:
f9:c3:43:5f:bf:37:aa:00:12:31:fe:03:d9:04:7e:
f0:d7:27:23:e4:8b:08:08:4f:9a:e4:81:cd:98:3f:
d4:3a:8f:05:d2:ff:1d:c3:54:03:d8:72:3e:68:34:
0c:94:f5:f5:a6:f4:2e:49:02:4c:36:21:f8:e8:c2:
dd:9c:9d:3b:0b:03:9f:db:df:b8:51:57:43:25:94:
62:fd:97:7a:c9:b3:f2:9a:b0:16:8f:ad:2e:07:8d:
fd:0f:58:22:32:17:e3:6e:7f:87:33:6b:98:04:6a:
66:61:05:e8:cb:08:a8:82:ca:17:e7:39:b5:3b:f6:
bf:77:f0:34:b0:ec:05:0e:53:4d:e6:f8:83:e1:b0:
1f:91:d8:e9:17:2d:c3:cd:9e:bf:0b:ba:93:90:de:
54:92:4a:f1:d1:19:66:28:1c:c7:0c:63:d4:96:2a:
32:35:63:3b:d4:69:29:22:2a:87:d0:e7:05:48:b9:
2a:bb:1d:82:54:8a:f2:a5:c8:87:c9:63:f1:56:c2:
f3:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:4B:97:B3:0E:AD:C6:70:A6:F5:6F:2C:0D:42:0F:FD:AE:9A:17:03
X509v3 Authority Key Identifier:
keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/GUuXsw6txnCm9W8sDUIP_a6aFwM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.186.0/24
31.40.232.0/22
45.11.152.0/23
45.147.153.0-45.147.155.255
194.121.59.0/24
194.124.144.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:12:67:67:80:50:28:98:11:ca:51:e3:20:2e:b7:6c:ea:64:
a1:bb:09:24:fa:f3:ae:25:5a:30:36:08:df:17:2a:e2:bc:65:
56:05:5d:e7:ba:bb:f2:ea:d1:e7:bd:15:d6:42:77:57:5c:30:
73:25:59:37:cd:81:53:03:01:a2:91:87:68:4c:1d:2a:d4:ab:
92:11:c6:3b:8d:45:3c:6c:74:8a:04:56:e3:05:d4:9a:d5:3f:
8d:d4:c6:45:c7:f2:e0:88:d3:df:8a:56:59:a6:5e:8a:f1:7b:
01:59:79:36:86:78:10:53:b3:af:d0:db:16:c9:9c:3f:6f:5b:
cf:2c:59:01:56:d1:4e:8b:be:67:61:96:ab:9a:1c:d5:c8:37:
60:94:25:39:2f:70:28:3c:86:7c:93:09:b0:3a:1b:0c:65:85:
a7:bd:34:8f:ea:94:bf:d7:e8:0d:59:6c:16:e4:ad:f5:2b:c5:
26:b8:e4:bb:52:b8:87:08:56:83:62:89:97:05:9a:80:59:ed:
5d:5e:35:7f:de:6d:28:14:84:61:9a:22:5c:ae:47:b8:f0:1e:
a7:12:60:5a:dd:77:83:c2:6a:7a:58:19:1b:ff:88:a1:c1:fc:
3f:1f:fa:8d:cf:72:27:80:b0:7a:a4:c5:d2:bb:e4:1c:09:17:
92:b2:6d:a6
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZl2QqbWHLazM7UlW1gHbk6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjUwOTIzMTEwODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTRiOTdiMzBlYWRjNjcwYTZmNTZmMmMwZDQyMGZmZGFlOWExNzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPlqaTIrFtzs810NVXi9/qfEofMG
//m8tNdl2w3zgMb7HoQqpvOCMqtlPqopb8YEWckmHf8KOLHpt8n5w0NfvzeqABIx
/gPZBH7w1ycj5IsICE+a5IHNmD/UOo8F0v8dw1QD2HI+aDQMlPX1pvQuSQJMNiH4
6MLdnJ07CwOf29+4UVdDJZRi/Zd6ybPymrAWj60uB439D1giMhfjbn+HM2uYBGpm
YQXoywiogsoX5zm1O/a/d/A0sOwFDlNN5viD4bAfkdjpFy3DzZ6/C7qTkN5Ukkrx
0RlmKBzHDGPUlioyNWM71GkpIiqH0OcFSLkqux2CVIrypciHyWPxVsLzQQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFBlLl7MOrcZwpvVvLA1CD/2umhcDMB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvR1V1WHN3NnR4bkNtOVc4c0RVSVBfYTZhRndNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQABfy6AwQC
HyjoAwQBLQuYMAwDBAAtk5kDBAItk5gDBADCeTsDBADCfJAwDQYJKoZIhvcNAQEL
BQADggEBAB0SZ2eAUCiYEcpR4yAut2zqZKG7CST6864lWjA2CN8XKuK8ZVYFXee6
u/Lq0ee9FdZCd1dcMHMlWTfNgVMDAaKRh2hMHSrUq5IRxjuNRTxsdIoEVuMF1JrV
P43UxkXH8uCI09+KVlmmXorxewFZeTaGeBBTs6/Q2xbJnD9vW88sWQFW0U6Lvmdh
lquaHNXIN2CUJTkvcCg8hnyTCbA6Gwxlhae9NI/qlL/X6A1ZbBbkrfUrxSa45LtS
uIcIVoNiiZcFmoBZ7V1eNX/ebSgUhGGaIlyuR7jwHqcSYFrdd4PCanpYGRv/iKHB
/D8f+o3PcieAsHqkxdK75BwJF5KybaY=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:04:43 2025 by rpki-client