Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/703902-7061-4ecb-9df1-c45620326491/1/G68GMPXMUX3Qhn5n2oFwnwjBDXg.roa
File: G68GMPXMUX3Qhn5n2oFwnwjBDXg.roa (raw, json)
Hash identifier: 6TErr3RLE+4ObuY83LCNvVHOw/1OAYj91Y93qk/e+tA=
Subject key identifier: 1B:AF:06:30:F5:CC:51:7D:D0:86:7E:67:DA:81:70:9F:08:C1:0D:78
Certificate issuer: /CN=c592a06090f016940d31eb1b09bae12d94b195b0
Certificate serial: 01997C6209B5C8F4B4884D70F96257021AA4
Authority key identifier: C5:92:A0:60:90:F0:16:94:0D:31:EB:1B:09:BA:E1:2D:94:B1:95:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xZKgYJDwFpQNMesbCbrhLZSxlbA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/703902-7061-4ecb-9df1-c45620326491/1/G68GMPXMUX3Qhn5n2oFwnwjBDXg.roa
Signing time: Wed 24 Sep 2025 15:40:23 +0000
ROA not before: Wed 24 Sep 2025 15:40:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215234
IP address blocks: 46.102.118.0/23 maxlen: 23
46.102.118.0/24 maxlen: 24
194.0.59.0/24 maxlen: 24
2a14:2e40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a5/703902-7061-4ecb-9df1-c45620326491/1/xZKgYJDwFpQNMesbCbrhLZSxlbA.crl
rsync://rpki.ripe.net/repository/DEFAULT/a5/703902-7061-4ecb-9df1-c45620326491/1/xZKgYJDwFpQNMesbCbrhLZSxlbA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xZKgYJDwFpQNMesbCbrhLZSxlbA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 12:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7c:62:09:b5:c8:f4:b4:88:4d:70:f9:62:57:02:1a:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c592a06090f016940d31eb1b09bae12d94b195b0
Validity
Not Before: Sep 24 15:40:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1baf0630f5cc517dd0867e67da81709f08c10d78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:68:ed:54:b6:25:82:c2:82:a4:0b:b9:5b:b9:
ec:49:4b:68:bb:38:c7:7f:86:33:b8:8f:cf:4f:54:
85:0e:c6:66:54:8a:c8:67:3f:eb:f6:0d:46:9c:39:
6a:87:46:13:62:2a:f7:3e:28:a7:fa:e0:50:84:33:
93:a7:c0:be:69:80:08:2f:3b:19:f5:ac:78:fa:20:
66:f8:45:35:79:bd:5d:ab:f5:76:fb:97:37:aa:1b:
3d:da:10:f3:e5:b6:b2:a4:47:f0:a4:f5:a2:c9:19:
36:8a:b8:32:85:54:05:b4:a4:fa:09:df:4b:96:00:
cf:70:81:66:aa:c1:40:fb:5c:28:f3:b1:53:bf:ad:
f6:03:0f:ea:68:9f:5b:10:bb:56:94:2a:4c:1d:23:
88:96:74:ea:3e:4e:f0:31:45:ce:57:1c:7a:30:bc:
54:5d:33:24:ce:7d:51:27:2f:66:a6:d0:80:db:b2:
92:4e:30:59:75:76:8c:0e:07:45:39:42:3a:21:48:
30:66:19:84:95:55:d6:75:73:ff:0e:f4:41:18:a8:
9c:fe:9f:b3:7c:f1:f0:da:5f:d7:e8:37:45:ca:4d:
e8:64:e3:e3:2e:ee:51:a4:25:1c:8c:fe:eb:ea:9d:
78:04:58:ae:f5:d4:db:24:cd:79:d6:8f:eb:c5:b7:
c5:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:AF:06:30:F5:CC:51:7D:D0:86:7E:67:DA:81:70:9F:08:C1:0D:78
X509v3 Authority Key Identifier:
keyid:C5:92:A0:60:90:F0:16:94:0D:31:EB:1B:09:BA:E1:2D:94:B1:95:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZKgYJDwFpQNMesbCbrhLZSxlbA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/703902-7061-4ecb-9df1-c45620326491/1/G68GMPXMUX3Qhn5n2oFwnwjBDXg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/703902-7061-4ecb-9df1-c45620326491/1/xZKgYJDwFpQNMesbCbrhLZSxlbA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.102.118.0/23
194.0.59.0/24
IPv6:
2a14:2e40::/29
Signature Algorithm: sha256WithRSAEncryption
32:cd:2d:fe:af:d0:c4:8b:0a:9a:04:32:7f:dc:83:52:8d:04:
65:52:39:eb:6c:66:6b:c0:f9:05:b2:0e:a7:b3:36:e6:58:31:
51:ea:72:41:e6:a5:04:2c:89:f1:e9:e2:1f:c5:54:b5:ae:8f:
eb:10:e4:8e:01:17:e8:90:6a:b8:df:08:41:2e:4d:d5:fc:ce:
a0:a2:0a:cd:16:bd:a9:60:a5:bd:b6:40:84:cf:0f:35:a8:95:
2d:b0:c4:ad:87:c3:16:be:6a:20:ad:d5:ec:b3:6e:77:e5:42:
0a:e1:4a:c3:65:4a:2f:d9:93:6f:f7:20:46:13:9c:b0:17:c3:
0f:88:3e:2a:c3:84:42:35:ec:bc:86:17:0a:09:68:db:d5:11:
08:08:bb:58:27:b1:30:37:b4:6f:68:01:4d:0f:d3:1a:4c:5d:
9f:da:ab:8a:dd:b9:4f:d1:63:9d:f1:3b:7c:39:12:c1:87:66:
8c:2f:6b:f4:d1:9b:0d:2c:4d:83:94:c3:e9:91:5e:b8:65:f4:
86:bc:dd:7c:b6:97:35:4d:6f:e9:ca:c6:ea:15:a2:45:d4:fc:
3b:db:f2:46:db:48:76:89:bf:b4:a8:d8:72:1d:1f:3c:42:b8:
0e:31:25:07:a3:06:43:52:78:08:b6:a0:a9:1a:1a:2c:29:f7:
41:c4:f9:8a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZl8Ygm1yPS0iE1w+WJXAhqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTJhMDYwOTBmMDE2OTQwZDMxZWIxYjA5YmFlMTJkOTRi
MTk1YjAwHhcNMjUwOTI0MTU0MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmFmMDYzMGY1Y2M1MTdkZDA4NjdlNjdkYTgxNzA5ZjA4YzEwZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGjtVLYlgsKCpAu5W7nsSUtouzjH
f4YzuI/PT1SFDsZmVIrIZz/r9g1GnDlqh0YTYir3Piin+uBQhDOTp8C+aYAILzsZ
9ax4+iBm+EU1eb1dq/V2+5c3qhs92hDz5baypEfwpPWiyRk2irgyhVQFtKT6Cd9L
lgDPcIFmqsFA+1wo87FTv632Aw/qaJ9bELtWlCpMHSOIlnTqPk7wMUXOVxx6MLxU
XTMkzn1RJy9mptCA27KSTjBZdXaMDgdFOUI6IUgwZhmElVXWdXP/DvRBGKic/p+z
fPHw2l/X6DdFyk3oZOPjLu5RpCUcjP7r6p14BFiu9dTbJM151o/rxbfFbwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBuvBjD1zFF90IZ+Z9qBcJ8IwQ14MB8GA1UdIwQY
MBaAFMWSoGCQ8BaUDTHrGwm64S2UsZWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpLZ1lKRHdGcFFOTWVzYkNicmhMWlN4bGJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83MDM5MDItNzA2MS00ZWNiLTlkZjEt
YzQ1NjIwMzI2NDkxLzEvRzY4R01QWE1VWDNRaG41bjJvRndud2pCRFhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83MDM5MDItNzA2MS00ZWNiLTlkZjEtYzQ1NjIwMzI2NDkx
LzEveFpLZ1lKRHdGcFFOTWVzYkNicmhMWlN4bGJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBLmZ2AwQA
wgA7MA0EAgACMAcDBQMqFC5AMA0GCSqGSIb3DQEBCwUAA4IBAQAyzS3+r9DEiwqa
BDJ/3INSjQRlUjnrbGZrwPkFsg6nszbmWDFR6nJB5qUELInx6eIfxVS1ro/rEOSO
ARfokGq43whBLk3V/M6gogrNFr2pYKW9tkCEzw81qJUtsMSth8MWvmogrdXss253
5UIK4UrDZUov2ZNv9yBGE5ywF8MPiD4qw4RCNey8hhcKCWjb1REICLtYJ7EwN7Rv
aAFND9MaTF2f2quK3blP0WOd8Tt8ORLBh2aML2v00ZsNLE2DlMPpkV64ZfSGvN18
tpc1TW/pysbqFaJF1Pw72/JG20h2ib+0qNhyHR88QrgOMSUHowZDUngItqCpGhos
KfdBxPmK
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:29:46 2025 by rpki-client