Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/orU4EbmlFeqLBWCBQ_VGHpY6cYs.roa
File: orU4EbmlFeqLBWCBQ_VGHpY6cYs.roa (raw, json)
Hash identifier: TAeP8ncHqHpmG4cmrL2aNQakXI/xX50W/LkzF00pVS4=
Subject key identifier: A2:B5:38:11:B9:A5:15:EA:8B:05:60:81:43:F5:46:1E:96:3A:71:8B
Certificate issuer: /CN=4a0973c1f443ec4a8387aad7aca75d07b6faa9da
Certificate serial: 01998F3D4B8EA2E52603D9BA6D28638BA67F
Authority key identifier: 4A:09:73:C1:F4:43:EC:4A:83:87:AA:D7:AC:A7:5D:07:B6:FA:A9:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SglzwfRD7EqDh6rXrKddB7b6qdo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/orU4EbmlFeqLBWCBQ_VGHpY6cYs.roa
Signing time: Sun 28 Sep 2025 07:33:02 +0000
ROA not before: Sun 28 Sep 2025 07:33:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204457
IP address blocks: 87.121.22.0/24 maxlen: 24
185.248.12.0/22 maxlen: 22
194.4.153.0/24 maxlen: 24
2a0a:a580::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/SglzwfRD7EqDh6rXrKddB7b6qdo.crl
rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/SglzwfRD7EqDh6rXrKddB7b6qdo.mft
rsync://rpki.ripe.net/repository/DEFAULT/SglzwfRD7EqDh6rXrKddB7b6qdo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 16:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:8f:3d:4b:8e:a2:e5:26:03:d9:ba:6d:28:63:8b:a6:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4a0973c1f443ec4a8387aad7aca75d07b6faa9da
Validity
Not Before: Sep 28 07:33:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a2b53811b9a515ea8b05608143f5461e963a718b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:59:4d:77:85:16:56:a2:c3:7b:e6:df:16:25:
9c:ab:ae:d7:07:5c:5c:dc:e3:47:ef:32:5b:99:7c:
dc:4d:8e:c6:0c:fe:35:f8:76:49:bb:ff:f6:96:66:
30:b5:94:5e:a8:3b:20:67:10:bd:47:d2:7a:90:c6:
b7:a3:d7:ed:db:39:44:f7:68:7e:93:cd:8e:94:ff:
c7:1f:b5:b4:99:9d:cd:89:8d:89:e1:68:d6:12:42:
b3:9f:69:8b:2d:07:a1:61:61:27:36:03:2d:24:6b:
a1:96:03:69:ea:ed:40:37:aa:17:0c:df:43:65:46:
55:1b:be:77:a6:81:98:14:b9:6f:c3:55:03:5b:6e:
61:4a:56:10:9b:d3:99:af:16:11:cc:5c:96:ed:fa:
63:f1:59:1f:51:13:20:88:50:4b:f9:cc:61:a6:98:
1c:35:5f:18:40:64:0a:f3:03:dc:75:ff:0e:ee:56:
74:f4:54:0d:15:f1:6d:c7:53:e9:28:70:ca:18:05:
1d:77:0b:b7:79:2a:8c:a8:f1:bc:80:99:d1:b0:06:
b7:c3:f6:08:b0:30:e8:72:e4:d1:21:dc:6b:f9:b9:
60:97:02:39:cf:e4:9d:8a:30:b5:9e:8e:f0:48:8f:
3c:63:eb:20:2b:57:70:78:08:96:bc:87:11:4e:1b:
1f:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:B5:38:11:B9:A5:15:EA:8B:05:60:81:43:F5:46:1E:96:3A:71:8B
X509v3 Authority Key Identifier:
keyid:4A:09:73:C1:F4:43:EC:4A:83:87:AA:D7:AC:A7:5D:07:B6:FA:A9:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SglzwfRD7EqDh6rXrKddB7b6qdo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/orU4EbmlFeqLBWCBQ_VGHpY6cYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/SglzwfRD7EqDh6rXrKddB7b6qdo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.22.0/24
185.248.12.0/22
194.4.153.0/24
IPv6:
2a0a:a580::/29
Signature Algorithm: sha256WithRSAEncryption
ba:e5:a9:27:e7:75:bb:80:62:bd:55:64:96:9a:16:db:00:22:
c8:3b:79:bc:e8:44:b5:99:82:3c:c8:41:b1:20:1c:96:e1:99:
db:4f:56:6f:c2:30:64:e0:aa:27:dc:e8:ad:6f:e4:bf:e5:b4:
b2:ce:42:a9:34:27:2b:3e:48:0e:95:7b:28:ed:05:c2:47:bb:
47:1f:0d:84:91:79:b0:59:6b:fa:46:6c:6f:1f:8e:ff:3d:87:
1e:0b:9a:4c:3e:0a:90:e2:81:de:59:b0:16:cc:39:97:a2:31:
9c:f7:b0:ae:23:62:38:48:41:54:64:b5:18:3b:aa:0b:c8:53:
88:c5:2a:94:3c:01:17:69:e0:46:fc:a7:f5:b5:0e:42:e5:21:
18:ba:5d:c2:44:29:7b:f9:b6:a2:5d:61:65:dc:be:59:cb:e6:
2f:87:27:de:54:cf:bf:6f:87:b0:0d:ab:ca:b3:50:1b:62:05:
8d:a4:9f:33:b0:aa:5a:85:55:4e:5b:9f:0e:c3:75:6a:70:1e:
f2:9e:a3:ec:eb:db:da:cf:21:c7:aa:64:d9:c8:34:30:f1:2d:
80:58:a6:47:09:ed:ed:57:10:70:82:41:27:bb:ba:db:70:97:
f3:47:4f:ac:98:3d:01:38:23:04:38:ca:20:61:1a:b0:6c:47:
7b:a4:c8:b4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZmPPUuOouUmA9m6bShji6Z/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhMDk3M2MxZjQ0M2VjNGE4Mzg3YWFkN2FjYTc1ZDA3YjZm
YWE5ZGEwHhcNMjUwOTI4MDczMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmI1MzgxMWI5YTUxNWVhOGIwNTYwODE0M2Y1NDYxZTk2M2E3MThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFlNd4UWVqLDe+bfFiWcq67XB1xc
3ONH7zJbmXzcTY7GDP41+HZJu//2lmYwtZReqDsgZxC9R9J6kMa3o9ft2zlE92h+
k82OlP/HH7W0mZ3NiY2J4WjWEkKzn2mLLQehYWEnNgMtJGuhlgNp6u1AN6oXDN9D
ZUZVG753poGYFLlvw1UDW25hSlYQm9OZrxYRzFyW7fpj8VkfURMgiFBL+cxhppgc
NV8YQGQK8wPcdf8O7lZ09FQNFfFtx1PpKHDKGAUddwu3eSqMqPG8gJnRsAa3w/YI
sDDocuTRIdxr+blglwI5z+SdijC1no7wSI88Y+sgK1dweAiWvIcRThsfewIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKK1OBG5pRXqiwVggUP1Rh6WOnGLMB8GA1UdIwQY
MBaAFEoJc8H0Q+xKg4eq16ynXQe2+qnaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2dsendmUkQ3RXFEaDZyWHJLZGRCN2I2cWRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xOGUwZjUtNGUxNC00MzFhLWI3OTMt
MTIxNzcyOWFmMWM4LzEvb3JVNEVibWxGZXFMQldDQlFfVkdIcFk2Y1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xOGUwZjUtNGUxNC00MzFhLWI3OTMtMTIxNzcyOWFmMWM4
LzEvU2dsendmUkQ3RXFEaDZyWHJLZGRCN2I2cWRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAV3kWAwQC
ufgMAwQAwgSZMA0EAgACMAcDBQMqCqWAMA0GCSqGSIb3DQEBCwUAA4IBAQC65akn
53W7gGK9VWSWmhbbACLIO3m86ES1mYI8yEGxIByW4ZnbT1ZvwjBk4Kon3Oitb+S/
5bSyzkKpNCcrPkgOlXso7QXCR7tHHw2EkXmwWWv6RmxvH47/PYceC5pMPgqQ4oHe
WbAWzDmXojGc97CuI2I4SEFUZLUYO6oLyFOIxSqUPAEXaeBG/Kf1tQ5C5SEYul3C
RCl7+baiXWFl3L5Zy+YvhyfeVM+/b4ewDavKs1AbYgWNpJ8zsKpahVVOW58Ow3Vq
cB7ynqPs69vazyHHqmTZyDQw8S2AWKZHCe3tVxBwgkEnu7rbcJfzR0+smD0BOCME
OMogYRqwbEd7pMi0
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:40:19 2025 by rpki-client