Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/FXli7IVxfRti4qt1ad27nRecqaM.roa
File: FXli7IVxfRti4qt1ad27nRecqaM.roa (raw, json)
Hash identifier: u1NhxzgiSWTpvPzqFkEG54wTsIn/+oZByZ4cbRuTRXA=
Subject key identifier: 15:79:62:EC:85:71:7D:1B:62:E2:AB:75:69:DD:BB:9D:17:9C:A9:A3
Certificate issuer: /CN=6b92cf3390caa5879e759729cd9008c6eca55a27
Certificate serial: 0199AA6E0BF8C9ABE855CD51A576487EE750
Authority key identifier: 6B:92:CF:33:90:CA:A5:87:9E:75:97:29:CD:90:08:C6:EC:A5:5A:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/FXli7IVxfRti4qt1ad27nRecqaM.roa
Signing time: Fri 03 Oct 2025 14:16:02 +0000
ROA not before: Fri 03 Oct 2025 14:16:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19905
IP address blocks: 2.58.180.0/22 maxlen: 22
168.168.0.0/21 maxlen: 21
168.168.8.0/22 maxlen: 22
168.168.12.0/23 maxlen: 23
168.168.14.0/24 maxlen: 24
168.168.15.0/24 maxlen: 24
168.168.24.0/24 maxlen: 24
168.168.32.0/22 maxlen: 22
168.168.40.0/22 maxlen: 22
168.168.44.0/22 maxlen: 22
168.168.48.0/21 maxlen: 21
168.168.56.0/23 maxlen: 23
168.168.60.0/22 maxlen: 22
168.168.64.0/24 maxlen: 24
168.168.80.0/20 maxlen: 20
168.168.96.0/19 maxlen: 19
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/a5LPM5DKpYeedZcpzZAIxuylWic.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/a5LPM5DKpYeedZcpzZAIxuylWic.mft
rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:aa:6e:0b:f8:c9:ab:e8:55:cd:51:a5:76:48:7e:e7:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b92cf3390caa5879e759729cd9008c6eca55a27
Validity
Not Before: Oct 3 14:16:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=157962ec85717d1b62e2ab7569ddbb9d179ca9a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:ff:cb:66:5d:e8:f9:8a:82:f4:24:05:06:f4:
d3:56:71:0d:d5:96:2f:e9:ab:8c:40:17:08:36:54:
42:0e:9a:f9:e3:a3:c6:4d:f5:e0:58:bb:54:6f:af:
ab:45:b4:95:46:3d:08:7c:c6:f8:95:02:39:e0:22:
7a:e5:fe:90:77:60:d7:72:b3:76:57:ff:c7:0a:bf:
00:73:ca:2b:b1:09:0c:1a:8f:88:83:0f:a3:73:4b:
63:95:da:df:99:b1:84:ba:ce:35:8c:80:23:b1:1c:
70:a0:25:68:e1:83:e0:ff:06:d0:6e:8b:b6:b2:80:
c7:8d:cb:b9:b5:d4:cd:4f:1a:c7:09:fe:19:df:b9:
48:87:27:7a:4b:c2:e9:ad:f7:6b:4f:1f:05:9f:92:
f2:b5:cd:0e:7b:ca:17:77:87:ae:e8:39:19:c0:6e:
97:c6:0a:ae:58:b6:47:f1:1b:fc:5d:31:4b:86:ae:
b8:e3:27:70:10:44:07:5c:a0:3b:4e:5f:e4:bb:b1:
46:4a:ae:4d:ba:2b:69:e0:de:cd:ac:0a:ab:c6:fd:
98:e4:59:15:98:9a:b3:24:e3:78:d9:4e:59:ec:a2:
6c:af:6d:a2:e1:12:fd:d5:cf:9c:5f:41:b7:81:91:
34:05:3c:1b:73:5b:e5:d2:6d:a5:99:15:38:1a:63:
13:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:79:62:EC:85:71:7D:1B:62:E2:AB:75:69:DD:BB:9D:17:9C:A9:A3
X509v3 Authority Key Identifier:
keyid:6B:92:CF:33:90:CA:A5:87:9E:75:97:29:CD:90:08:C6:EC:A5:5A:27
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5LPM5DKpYeedZcpzZAIxuylWic.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/FXli7IVxfRti4qt1ad27nRecqaM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/12349e-5282-472a-ae52-2a06223623e0/1/a5LPM5DKpYeedZcpzZAIxuylWic.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.180.0/22
168.168.0.0/20
168.168.24.0/24
168.168.32.0/22
168.168.40.0-168.168.57.255
168.168.60.0-168.168.64.255
168.168.80.0-168.168.127.255
Signature Algorithm: sha256WithRSAEncryption
98:1e:32:97:6e:81:04:d7:12:02:35:9f:d9:bd:46:a9:ab:5a:
37:c7:99:af:ba:f6:bc:e4:d8:b4:ee:4a:4e:d6:39:d8:f7:3c:
af:a3:b4:10:41:dd:7e:27:22:c5:3c:6c:04:89:83:9e:57:0b:
ae:42:03:d3:84:31:5a:a6:7e:21:4e:45:f9:15:44:51:af:cc:
06:22:92:4b:03:1f:e4:6f:4f:c6:b8:d0:d4:6c:41:07:f0:4e:
37:d6:44:19:dd:4c:ff:76:2f:81:e1:8f:a5:2c:0a:cf:37:ab:
c4:53:e7:86:8f:de:75:2e:58:e3:50:d5:e4:d8:c1:ce:b4:4f:
32:89:75:0f:e2:96:7a:25:5c:b4:ee:f9:fe:4d:6e:17:60:c5:
ed:f0:3f:ff:21:47:ea:47:40:dc:61:d5:22:26:af:12:37:6d:
c1:75:c4:16:cd:64:22:c2:2b:60:06:e9:49:b4:7a:13:b7:40:
e8:ab:a0:c0:03:54:6e:04:a5:7c:4d:6b:9f:42:12:6f:67:c7:
92:8e:91:f3:3d:c6:8b:4f:7d:1b:91:ee:31:86:ad:96:dd:b9:
ae:de:56:23:bc:63:dd:58:93:d4:90:cc:12:c1:05:e8:36:78:
a0:18:18:f3:da:09:62:84:52:95:dd:66:da:44:d4:64:a2:f4:
df:13:17:81
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZmqbgv4yavoVc1RpXZIfudQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiOTJjZjMzOTBjYWE1ODc5ZTc1OTcyOWNkOTAwOGM2ZWNh
NTVhMjcwHhcNMjUxMDAzMTQxNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc5NjJlYzg1NzE3ZDFiNjJlMmFiNzU2OWRkYmI5ZDE3OWNhOWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuP/LZl3o+YqC9CQFBvTTVnEN1ZYv
6auMQBcINlRCDpr546PGTfXgWLtUb6+rRbSVRj0IfMb4lQI54CJ65f6Qd2DXcrN2
V//HCr8Ac8orsQkMGo+Igw+jc0tjldrfmbGEus41jIAjsRxwoCVo4YPg/wbQbou2
soDHjcu5tdTNTxrHCf4Z37lIhyd6S8LprfdrTx8Fn5Lytc0Oe8oXd4eu6DkZwG6X
xgquWLZH8Rv8XTFLhq644ydwEEQHXKA7Tl/ku7FGSq5Nuitp4N7NrAqrxv2Y5FkV
mJqzJON42U5Z7KJsr22i4RL91c+cX0G3gZE0BTwbc1vl0m2lmRU4GmMTFQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFBV5YuyFcX0bYuKrdWndu50XnKmjMB8GA1UdIwQY
MBaAFGuSzzOQyqWHnnWXKc2QCMbspVonMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTVMUE01REtwWWVlZFpjcHpaQUl4dXlsV2ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xMjM0OWUtNTI4Mi00NzJhLWFlNTIt
MmEwNjIyMzYyM2UwLzEvRlhsaTdJVnhmUnRpNHF0MWFkMjduUmVjcWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xMjM0OWUtNTI4Mi00NzJhLWFlNTItMmEwNjIyMzYyM2Uw
LzEvYTVMUE01REtwWWVlZFpjcHpaQUl4dXlsV2ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCAjq0AwQE
qKgAAwQAqKgYAwQCqKggMAwDBAOoqCgDBAGoqDgwDAMEAqioPAMEAKioQDAMAwQE
qKhQAwQHqKgAMA0GCSqGSIb3DQEBCwUAA4IBAQCYHjKXboEE1xICNZ/ZvUapq1o3
x5mvuva85Ni07kpO1jnY9zyvo7QQQd1+JyLFPGwEiYOeVwuuQgPThDFapn4hTkX5
FURRr8wGIpJLAx/kb0/GuNDUbEEH8E431kQZ3Uz/di+B4Y+lLArPN6vEU+eGj951
LljjUNXk2MHOtE8yiXUP4pZ6JVy07vn+TW4XYMXt8D//IUfqR0DcYdUiJq8SN23B
dcQWzWQiwitgBulJtHoTt0Doq6DAA1RuBKV8TWufQhJvZ8eSjpHzPcaLT30bke4x
hq2W3bmu3lYjvGPdWJPUkMwSwQXoNnigGBjz2glihFKV3WbaRNRkovTfExeB
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:09:42 2025 by rpki-client