Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/f5gkUuOv8CmtQpEO3xPPjhP9Wx4.roa
File: f5gkUuOv8CmtQpEO3xPPjhP9Wx4.roa (raw, json)
Hash identifier: XrKyMUfqix9Q7fDqjUpFFepbhKG4XNUKO4C0R0W/49E=
Subject key identifier: 7F:98:24:52:E3:AF:F0:29:AD:42:91:0E:DF:13:CF:8E:13:FD:5B:1E
Certificate issuer: /CN=617252ebbb33484adcec7405adea4de08a0afb04
Certificate serial: 0199E764FC08548BB1CD0464C5280EDB864F
Authority key identifier: 61:72:52:EB:BB:33:48:4A:DC:EC:74:05:AD:EA:4D:E0:8A:0A:FB:04
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YXJS67szSErc7HQFrepN4IoK-wQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/f5gkUuOv8CmtQpEO3xPPjhP9Wx4.roa
Signing time: Wed 15 Oct 2025 10:22:58 +0000
ROA not before: Wed 15 Oct 2025 10:22:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41608
IP address blocks: 88.151.32.0/22 maxlen: 24
185.213.172.0/23 maxlen: 23
185.213.172.0/24 maxlen: 24
185.213.174.0/24 maxlen: 24
185.213.175.0/24 maxlen: 24
195.170.165.0/24 maxlen: 24
195.170.167.0/24 maxlen: 24
195.170.172.0/24 maxlen: 24
2a0b:8bc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXJS67szSErc7HQFrepN4IoK-wQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXJS67szSErc7HQFrepN4IoK-wQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/YXJS67szSErc7HQFrepN4IoK-wQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e7:64:fc:08:54:8b:b1:cd:04:64:c5:28:0e:db:86:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=617252ebbb33484adcec7405adea4de08a0afb04
Validity
Not Before: Oct 15 10:22:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7f982452e3aff029ad42910edf13cf8e13fd5b1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:9d:58:23:b6:fe:2f:b0:b1:14:49:80:9d:48:
06:7c:4e:b6:59:4d:35:fb:56:96:0b:eb:07:b6:db:
7e:02:18:59:ad:84:56:32:a8:c9:d8:94:92:20:68:
b7:7a:44:9c:6d:c9:7a:d0:7a:7d:06:ab:92:fa:8a:
12:0e:09:de:4c:66:4d:0e:13:dd:0f:67:7a:ca:a2:
2d:fc:57:ad:e2:18:35:6b:10:1a:a7:f3:d1:0d:73:
37:80:25:af:5e:7a:f3:6a:ea:d7:49:29:ec:0e:b4:
b6:da:07:ee:95:76:d1:8d:d0:e2:c3:1a:64:bf:d5:
f5:5b:ed:f6:5e:62:e7:c5:44:d3:63:3a:ad:9c:ce:
9f:87:75:36:55:e4:2b:36:39:0c:4b:fe:85:08:38:
9c:e7:0e:32:98:f1:41:7a:d7:83:f2:03:fb:44:1c:
bf:47:d0:93:ec:0c:f7:54:ca:0a:00:15:0d:38:69:
b2:bc:04:8f:a7:6a:ec:bc:a0:e0:18:06:d8:1c:91:
b5:64:dd:13:5a:3f:8c:e3:aa:f8:e4:14:5d:4f:6a:
c5:1b:9c:fd:68:b6:71:fc:6d:88:b5:5f:02:17:0f:
72:a8:cf:2e:16:4d:fd:47:03:6e:ab:81:25:d9:7e:
bf:c9:d1:bd:e7:4a:87:38:2c:f3:80:57:70:bd:67:
fb:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:98:24:52:E3:AF:F0:29:AD:42:91:0E:DF:13:CF:8E:13:FD:5B:1E
X509v3 Authority Key Identifier:
keyid:61:72:52:EB:BB:33:48:4A:DC:EC:74:05:AD:EA:4D:E0:8A:0A:FB:04
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YXJS67szSErc7HQFrepN4IoK-wQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/f5gkUuOv8CmtQpEO3xPPjhP9Wx4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/37a93b-87b5-4995-9e8c-6635debc395c/1/YXJS67szSErc7HQFrepN4IoK-wQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.32.0/22
185.213.172.0/22
195.170.165.0/24
195.170.167.0/24
195.170.172.0/24
IPv6:
2a0b:8bc0::/29
Signature Algorithm: sha256WithRSAEncryption
3d:46:fc:06:50:40:18:1a:40:1b:6f:ce:20:60:f1:35:09:f2:
e5:de:3b:96:cd:49:dc:50:a8:a9:cc:37:d8:8f:8c:81:02:21:
c4:af:64:43:a9:ec:a3:db:b9:8a:48:f8:0f:9e:c5:b0:0c:bd:
e2:f4:93:ec:c6:90:f0:17:5e:ad:83:8f:9f:29:eb:cc:ef:0e:
5b:9d:15:96:dc:7b:cf:ee:c9:49:d3:c6:15:ea:16:46:36:13:
96:fe:20:29:a5:2a:3e:c9:da:b4:7c:3c:51:57:dd:7f:d2:bc:
a0:21:e2:dc:1d:83:46:88:2d:15:11:e6:c0:8f:cc:1d:e2:55:
71:90:26:ac:b2:22:6b:f0:ac:e5:77:f9:4b:8d:e3:dc:3a:f7:
a5:05:68:ee:9c:39:9e:32:e6:6c:89:53:42:41:44:03:8d:41:
87:3b:a4:71:6a:6c:10:b7:43:2e:28:da:f7:de:60:8a:18:af:
6a:9f:33:0d:d2:aa:73:8a:cb:6a:78:bb:72:ba:a7:45:85:d8:
13:67:24:f6:bb:ea:e6:db:db:48:fe:9b:0c:1b:f6:3a:f6:c1:
93:3e:7c:60:48:1a:5b:7f:b7:41:19:db:cc:8d:2a:53:c7:9f:
34:e4:d9:90:d6:a4:b0:9b:f2:65:0c:1e:e0:c7:c0:8e:cd:a4:
28:ca:2c:b0
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZnnZPwIVIuxzQRkxSgO24ZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNzI1MmViYmIzMzQ4NGFkY2VjNzQwNWFkZWE0ZGUwOGEw
YWZiMDQwHhcNMjUxMDE1MTAyMjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjk4MjQ1MmUzYWZmMDI5YWQ0MjkxMGVkZjEzY2Y4ZTEzZmQ1YjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0J1YI7b+L7CxFEmAnUgGfE62WU01
+1aWC+sHttt+AhhZrYRWMqjJ2JSSIGi3ekScbcl60Hp9BquS+ooSDgneTGZNDhPd
D2d6yqIt/Fet4hg1axAap/PRDXM3gCWvXnrzaurXSSnsDrS22gfulXbRjdDiwxpk
v9X1W+32XmLnxUTTYzqtnM6fh3U2VeQrNjkMS/6FCDic5w4ymPFBeteD8gP7RBy/
R9CT7Az3VMoKABUNOGmyvASPp2rsvKDgGAbYHJG1ZN0TWj+M46r45BRdT2rFG5z9
aLZx/G2ItV8CFw9yqM8uFk39RwNuq4El2X6/ydG950qHOCzzgFdwvWf7NwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFH+YJFLjr/AprUKRDt8Tz44T/VseMB8GA1UdIwQY
MBaAFGFyUuu7M0hK3Ox0Ba3qTeCKCvsEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVhKUzY3c3pTRXJjN0hRRnJlcE40SW9LLXdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8zN2E5M2ItODdiNS00OTk1LTllOGMt
NjYzNWRlYmMzOTVjLzEvZjVna1V1T3Y4Q210UXBFTzN4UFBqaFA5V3g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8zN2E5M2ItODdiNS00OTk1LTllOGMtNjYzNWRlYmMzOTVj
LzEvWVhKUzY3c3pTRXJjN0hRRnJlcE40SW9LLXdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCWJcgAwQC
udWsAwQAw6qlAwQAw6qnAwQAw6qsMA0EAgACMAcDBQMqC4vAMA0GCSqGSIb3DQEB
CwUAA4IBAQA9RvwGUEAYGkAbb84gYPE1CfLl3juWzUncUKipzDfYj4yBAiHEr2RD
qeyj27mKSPgPnsWwDL3i9JPsxpDwF16tg4+fKevM7w5bnRWW3HvP7slJ08YV6hZG
NhOW/iAppSo+ydq0fDxRV91/0rygIeLcHYNGiC0VEebAj8wd4lVxkCassiJr8Kzl
d/lLjePcOvelBWjunDmeMuZsiVNCQUQDjUGHO6RxamwQt0MuKNr33mCKGK9qnzMN
0qpzistqeLtyuqdFhdgTZyT2u+rm29tI/psMG/Y69sGTPnxgSBpbf7dBGdvMjSpT
x5805NmQ1qSwm/JlDB7gx8COzaQoyiyw
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:46:47 2025 by rpki-client