Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/GnA_U6yrJNcD4I305e9_wWN89yk.roa
File: GnA_U6yrJNcD4I305e9_wWN89yk.roa (raw, json)
Hash identifier: 2luzlca7nkI+/OgJSfsF0VSesUNyR6ggunt3bmajK+c=
Subject key identifier: 1A:70:3F:53:AC:AB:24:D7:03:E0:8D:F4:E5:EF:7F:C1:63:7C:F7:29
Certificate issuer: /CN=0d2087b0f6716d23c8d23eb3d0392b6bf642ad4b
Certificate serial: 019987EA4A81D141FDB435C7ACC0417C709D
Authority key identifier: 0D:20:87:B0:F6:71:6D:23:C8:D2:3E:B3:D0:39:2B:6B:F6:42:AD:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/GnA_U6yrJNcD4I305e9_wWN89yk.roa
Signing time: Fri 26 Sep 2025 21:25:02 +0000
ROA not before: Fri 26 Sep 2025 21:25:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51582
IP address blocks: 46.55.128.0/18 maxlen: 24
46.55.192.0/20 maxlen: 24
46.55.216.0/21 maxlen: 24
46.55.224.0/20 maxlen: 24
46.55.240.0/21 maxlen: 24
46.55.248.0/22 maxlen: 24
185.89.124.0/22 maxlen: 24
185.240.144.0/22 maxlen: 24
2a03:8340::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.crl
rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.mft
rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:87:ea:4a:81:d1:41:fd:b4:35:c7:ac:c0:41:7c:70:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2087b0f6716d23c8d23eb3d0392b6bf642ad4b
Validity
Not Before: Sep 26 21:25:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1a703f53acab24d703e08df4e5ef7fc1637cf729
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:07:a3:b3:17:86:6a:05:7b:d4:0b:b2:f4:a3:
ab:55:37:d4:14:32:5b:a4:90:9d:9d:90:4d:d7:2e:
c2:7f:38:c9:79:b0:32:a2:2f:9d:ce:07:e2:fb:8d:
86:f7:f9:5c:5c:e2:e6:92:b1:6d:83:8a:b8:ce:5b:
de:0a:60:b7:32:83:dc:a4:a0:68:ed:1e:07:8e:0c:
b6:3c:d2:7d:e7:d8:fc:fd:75:e2:d7:0a:8e:38:cc:
40:0d:1f:bc:6b:7a:8b:21:9b:5b:27:63:c2:53:57:
cf:4f:21:23:e6:2a:bf:9b:81:ba:73:29:92:6b:fb:
d8:a3:1f:7d:ce:f2:be:b3:cb:05:01:3d:8b:40:f1:
aa:9f:54:b6:92:b7:f5:51:10:c4:5b:51:00:61:ec:
ff:e4:6b:a9:e0:76:7b:9a:8d:49:d5:81:89:c5:f7:
ed:cb:cd:71:81:07:2c:4f:9d:28:16:33:26:27:54:
2c:3d:b0:8a:7c:bc:ae:0c:e7:9c:6f:d8:dc:63:24:
6f:16:a1:80:87:57:71:67:6e:f4:3e:f2:8b:e0:e2:
26:83:a8:90:5b:6e:c2:cb:e0:47:23:d0:2e:a4:6e:
8a:6d:c7:9d:ea:8e:a5:08:bb:bb:69:2b:ab:3b:45:
81:26:f5:93:65:8b:92:9d:65:2c:c7:a1:85:44:a8:
f4:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:70:3F:53:AC:AB:24:D7:03:E0:8D:F4:E5:EF:7F:C1:63:7C:F7:29
X509v3 Authority Key Identifier:
keyid:0D:20:87:B0:F6:71:6D:23:C8:D2:3E:B3:D0:39:2B:6B:F6:42:AD:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/GnA_U6yrJNcD4I305e9_wWN89yk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.55.128.0-46.55.207.255
46.55.216.0-46.55.251.255
185.89.124.0/22
185.240.144.0/22
IPv6:
2a03:8340::/32
Signature Algorithm: sha256WithRSAEncryption
bc:38:4f:79:2f:c9:43:85:d0:e8:2a:81:25:32:6e:93:53:9e:
34:3d:a8:95:dd:80:66:96:19:cd:d5:53:cf:85:d8:93:3f:69:
bc:82:7f:67:69:b6:91:fd:60:33:b7:c1:6b:e3:a3:7b:75:9d:
80:df:64:63:93:f6:97:e4:2a:c1:a4:d4:44:70:d0:4a:cc:86:
75:ed:2d:c0:6f:da:8b:1e:95:f9:ab:87:85:3f:65:c2:cc:a3:
24:fd:a1:4a:12:86:44:11:40:ac:de:63:cd:3a:f6:3e:7e:80:
1c:31:39:aa:5d:94:00:61:a3:04:26:40:39:4a:8c:91:a1:82:
83:21:80:6a:79:93:a5:3b:3d:de:b7:7d:0c:01:4d:87:5e:0c:
c6:0c:c6:0d:e7:74:d8:44:c2:47:4a:e6:e9:1f:60:ca:02:36:
97:21:5d:ad:5f:64:91:8c:1a:50:7e:68:57:aa:e2:74:9d:2c:
dd:9a:01:f5:9c:24:77:aa:5a:ca:13:74:a5:b3:23:98:3c:95:
59:3a:c0:b0:c1:ac:22:77:b6:89:dd:9e:d1:0f:bd:6f:c6:34:
69:14:c4:c1:65:7e:ad:5a:8d:ad:79:b2:b5:9e:f2:17:a6:06:
02:2d:33:67:cf:d2:f2:64:27:6d:11:be:fb:2e:16:73:fe:12:
20:72:ce:86
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZmH6kqB0UH9tDXHrMBBfHCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjA4N2IwZjY3MTZkMjNjOGQyM2ViM2QwMzkyYjZiZjY0
MmFkNGIwHhcNMjUwOTI2MjEyNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTcwM2Y1M2FjYWIyNGQ3MDNlMDhkZjRlNWVmN2ZjMTYzN2NmNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQejsxeGagV71Auy9KOrVTfUFDJb
pJCdnZBN1y7CfzjJebAyoi+dzgfi+42G9/lcXOLmkrFtg4q4zlveCmC3MoPcpKBo
7R4Hjgy2PNJ959j8/XXi1wqOOMxADR+8a3qLIZtbJ2PCU1fPTyEj5iq/m4G6cymS
a/vYox99zvK+s8sFAT2LQPGqn1S2krf1URDEW1EAYez/5Gup4HZ7mo1J1YGJxfft
y81xgQcsT50oFjMmJ1QsPbCKfLyuDOecb9jcYyRvFqGAh1dxZ270PvKL4OImg6iQ
W27Cy+BHI9AupG6Kbced6o6lCLu7aSurO0WBJvWTZYuSnWUsx6GFRKj0BwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFBpwP1OsqyTXA+CN9OXvf8FjfPcpMB8GA1UdIwQY
MBaAFA0gh7D2cW0jyNI+s9A5K2v2Qq1LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNDSHNQWnhiU1BJMGo2ejBEa3JhX1pDclVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9mY2I3MjktYzI4OC00ZTE1LTkzODQt
YTIwZDJkNzUxZWI1LzEvR25BX1U2eXJKTmNENEkzMDVlOV93V044OXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9mY2I3MjktYzI4OC00ZTE1LTkzODQtYTIwZDJkNzUxZWI1
LzEvRFNDSHNQWnhiU1BJMGo2ejBEa3JhX1pDclVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoMAwDBAcuN4AD
BAQuN8AwDAMEAy432AMEAi43+AMEArlZfAMEArnwkDANBAIAAjAHAwUAKgODQDAN
BgkqhkiG9w0BAQsFAAOCAQEAvDhPeS/JQ4XQ6CqBJTJuk1OeND2old2AZpYZzdVT
z4XYkz9pvIJ/Z2m2kf1gM7fBa+Oje3WdgN9kY5P2l+QqwaTURHDQSsyGde0twG/a
ix6V+auHhT9lwsyjJP2hShKGRBFArN5jzTr2Pn6AHDE5ql2UAGGjBCZAOUqMkaGC
gyGAanmTpTs93rd9DAFNh14MxgzGDed02ETCR0rm6R9gygI2lyFdrV9kkYwaUH5o
V6ridJ0s3ZoB9Zwkd6payhN0pbMjmDyVWTrAsMGsIne2id2e0Q+9b8Y0aRTEwWV+
rVqNrXmytZ7yF6YGAi0zZ8/S8mQnbRG++y4Wc/4SIHLOhg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:09:53 2025 by rpki-client