Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/IMNd7wqp85tNa0ggUABHDpeZF0k.roa
File: IMNd7wqp85tNa0ggUABHDpeZF0k.roa (raw, json)
Hash identifier: EeJALc0I+4VSDXZ8LegWXo1iKiGY/apM2fENHKrEK6w=
Subject key identifier: 20:C3:5D:EF:0A:A9:F3:9B:4D:6B:48:20:50:00:47:0E:97:99:17:49
Certificate issuer: /CN=567ac9bf0be91e0a48664ec8b6a6770957a21020
Certificate serial: 019914FB65E8DDFB23A000E6C9C9429905B3
Authority key identifier: 56:7A:C9:BF:0B:E9:1E:0A:48:66:4E:C8:B6:A6:77:09:57:A2:10:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/IMNd7wqp85tNa0ggUABHDpeZF0k.roa
Signing time: Thu 04 Sep 2025 13:47:23 +0000
ROA not before: Thu 04 Sep 2025 13:47:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58208
IP address blocks: 5.42.152.0/22 maxlen: 24
5.42.153.0/24 maxlen: 24
5.42.156.0/23 maxlen: 24
5.42.159.0/24 maxlen: 24
185.118.68.0/24 maxlen: 24
2a01:45c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.crl
rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.mft
rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:14:fb:65:e8:dd:fb:23:a0:00:e6:c9:c9:42:99:05:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=567ac9bf0be91e0a48664ec8b6a6770957a21020
Validity
Not Before: Sep 4 13:47:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=20c35def0aa9f39b4d6b48205000470e97991749
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:68:16:57:e9:49:c4:0b:04:05:3f:5a:56:c0:
6e:c3:84:c8:0f:72:d1:21:e7:cd:08:5b:ff:88:b8:
ce:1a:89:b8:a7:74:aa:0f:0b:93:73:08:0a:8b:86:
1c:d5:7a:69:a9:23:53:80:18:24:b7:e5:c9:41:1b:
c6:b4:7c:f3:fd:15:fc:a9:cb:a3:8e:37:26:52:03:
84:98:0a:32:98:f2:06:4a:30:0e:75:bd:eb:65:c5:
81:b2:12:df:1f:13:a9:55:84:78:8e:52:c8:59:4f:
f4:f5:0d:93:44:cb:f3:d2:b1:b9:13:ba:71:ce:eb:
74:87:a9:86:d5:c1:d9:4a:3f:05:d3:a9:0f:1e:e1:
b5:8d:42:95:17:e9:6e:19:f3:78:f4:0b:dc:84:2c:
95:8a:ca:1a:40:64:bd:81:ea:77:ad:d5:37:3c:01:
f4:a4:dc:e4:d2:d6:a5:46:4d:76:74:9f:b7:2d:8a:
0e:1e:3f:55:ab:8e:50:f0:37:18:ec:69:7a:68:f1:
59:b9:15:a4:cf:49:b6:87:c9:92:32:d3:dc:a1:9f:
e4:be:0f:8c:3d:fe:ea:66:7f:a4:58:a9:8b:10:dc:
18:d3:d9:93:c4:d1:e5:cb:74:84:24:f9:d3:a7:73:
2c:c7:2f:1c:b6:a5:9a:6c:51:ce:a6:bc:45:d7:73:
66:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:C3:5D:EF:0A:A9:F3:9B:4D:6B:48:20:50:00:47:0E:97:99:17:49
X509v3 Authority Key Identifier:
keyid:56:7A:C9:BF:0B:E9:1E:0A:48:66:4E:C8:B6:A6:77:09:57:A2:10:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/IMNd7wqp85tNa0ggUABHDpeZF0k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.152.0-5.42.157.255
5.42.159.0/24
185.118.68.0/24
IPv6:
2a01:45c0::/32
Signature Algorithm: sha256WithRSAEncryption
58:ca:84:24:75:5b:e2:99:e5:df:89:1d:03:a3:50:06:6b:46:
92:f7:11:d0:16:d4:cc:00:61:e6:1f:30:b7:be:5e:9a:d2:83:
18:da:cb:d4:1d:38:ab:60:62:a2:16:fa:ed:4e:7d:81:02:46:
77:af:ff:ba:69:d6:9e:7b:e1:a8:55:ad:64:88:e6:44:a7:21:
fd:93:88:38:78:b4:0d:2e:09:ca:26:5e:7b:03:0b:36:79:b9:
5b:d9:8f:ac:fb:20:01:33:45:b2:c7:50:07:10:d6:c3:f1:3b:
0e:43:af:12:a7:80:8f:88:94:04:00:f3:e8:e2:31:74:20:5e:
63:36:bc:cf:c6:30:e3:94:ac:29:dd:2d:b8:59:b5:f9:f7:ba:
8f:aa:76:d8:9d:6e:48:8e:b4:a6:42:ef:dd:da:9f:2b:3a:91:
c7:4c:fa:f5:f7:16:65:a6:60:ca:58:35:09:5f:53:01:35:fd:
03:6b:ad:ba:35:fa:35:7c:e4:8c:a5:02:80:8d:75:10:64:f7:
ad:2d:b2:13:59:84:ff:18:eb:33:98:3d:c0:9a:9e:d1:27:7f:
0e:bb:1b:bc:4c:23:1f:1d:1f:5f:0c:cc:23:72:3f:43:38:21:
fe:ab:c7:40:2e:ec:e9:81:dc:19:0f:6e:5a:63:cb:d4:c8:d7:
f1:d6:b9:e6
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZkU+2Xo3fsjoADmyclCmQWzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2N2FjOWJmMGJlOTFlMGE0ODY2NGVjOGI2YTY3NzA5NTdh
MjEwMjAwHhcNMjUwOTA0MTM0NzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGMzNWRlZjBhYTlmMzliNGQ2YjQ4MjA1MDAwNDcwZTk3OTkxNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2gWV+lJxAsEBT9aVsBuw4TID3LR
IefNCFv/iLjOGom4p3SqDwuTcwgKi4Yc1XppqSNTgBgkt+XJQRvGtHzz/RX8qcuj
jjcmUgOEmAoymPIGSjAOdb3rZcWBshLfHxOpVYR4jlLIWU/09Q2TRMvz0rG5E7px
zut0h6mG1cHZSj8F06kPHuG1jUKVF+luGfN49AvchCyVisoaQGS9gep3rdU3PAH0
pNzk0talRk12dJ+3LYoOHj9Vq45Q8DcY7Gl6aPFZuRWkz0m2h8mSMtPcoZ/kvg+M
Pf7qZn+kWKmLENwY09mTxNHly3SEJPnTp3Msxy8ctqWabFHOprxF13NmwQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFCDDXe8KqfObTWtIIFAARw6XmRdJMB8GA1UdIwQY
MBaAFFZ6yb8L6R4KSGZOyLamdwlXohAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5ySnZ3dnBIZ3BJWms3SXRxWjNDVmVpRUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNTFkMDgtODU3NS00YmZiLWFmNmUt
MDE4ODljYzAzZWJhLzEvSU1OZDd3cXA4NXROYTBnZ1VBQkhEcGVaRjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNTFkMDgtODU3NS00YmZiLWFmNmUtMDE4ODljYzAzZWJh
LzEvVm5ySnZ3dnBIZ3BJWms3SXRxWjNDVmVpRUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaMAwDBAMFKpgD
BAEFKpwDBAAFKp8DBAC5dkQwDQQCAAIwBwMFACoBRcAwDQYJKoZIhvcNAQELBQAD
ggEBAFjKhCR1W+KZ5d+JHQOjUAZrRpL3EdAW1MwAYeYfMLe+XprSgxjay9QdOKtg
YqIW+u1OfYECRnev/7pp1p574ahVrWSI5kSnIf2TiDh4tA0uCcomXnsDCzZ5uVvZ
j6z7IAEzRbLHUAcQ1sPxOw5DrxKngI+IlAQA8+jiMXQgXmM2vM/GMOOUrCndLbhZ
tfn3uo+qdtidbkiOtKZC793anys6kcdM+vX3FmWmYMpYNQlfUwE1/QNrrbo1+jV8
5IylAoCNdRBk960tshNZhP8Y6zOYPcCantEnfw67G7xMIx8dH18MzCNyP0M4If6r
x0Au7OmB3BkPblpjy9TI1/HWueY=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:05:01 2025 by rpki-client