Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/KpdjyDNFWz3xF34alZfaZ7kXPps.roa
File: KpdjyDNFWz3xF34alZfaZ7kXPps.roa (raw, json)
Hash identifier: esX9PQgUe5/lICxLP0x3doHLhF8XKXX5g+pfJtsxi+M=
Subject key identifier: 2A:97:63:C8:33:45:5B:3D:F1:17:7E:1A:95:97:DA:67:B9:17:3E:9B
Certificate issuer: /CN=6810aa89239242dacc9d03e3af22d4e87a783414
Certificate serial: 019995E7D5CD59D6F28C2A21D7FD38C6FD2A
Authority key identifier: 68:10:AA:89:23:92:42:DA:CC:9D:03:E3:AF:22:D4:E8:7A:78:34:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/KpdjyDNFWz3xF34alZfaZ7kXPps.roa
Signing time: Mon 29 Sep 2025 14:37:02 +0000
ROA not before: Mon 29 Sep 2025 14:37:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51093
IP address blocks: 185.108.16.0/24 maxlen: 24
212.48.224.0/21 maxlen: 24
212.48.224.0/22 maxlen: 24
212.48.228.0/22 maxlen: 24
212.48.232.0/24 maxlen: 24
2a06:300::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:95:e7:d5:cd:59:d6:f2:8c:2a:21:d7:fd:38:c6:fd:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6810aa89239242dacc9d03e3af22d4e87a783414
Validity
Not Before: Sep 29 14:37:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a9763c833455b3df1177e1a9597da67b9173e9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:84:b6:f3:0b:ce:f2:92:b1:11:c0:ad:c9:4b:
8b:d7:3c:55:9c:ac:58:5d:15:f1:19:c7:57:2a:e1:
74:a3:b3:ef:fc:54:08:51:27:f1:06:f0:70:bf:69:
df:5b:94:0a:92:23:73:ba:16:c4:54:18:c8:e1:fc:
1b:93:77:ee:1e:25:ab:66:9b:e8:e3:18:ba:b1:20:
b7:40:26:97:7c:e2:a9:a5:3b:33:d4:55:5f:92:34:
c7:36:0b:cf:7d:bf:28:ee:87:83:0c:5c:e9:5b:22:
12:0f:83:0e:7b:03:04:f0:22:95:c5:1b:16:dd:92:
2f:d5:c8:e4:d6:7c:ec:5b:8a:45:48:41:74:84:19:
ac:b7:0b:06:2b:2e:c5:0e:cc:a4:d3:1b:f8:7a:f1:
e1:54:11:6e:ea:68:9d:68:4f:f4:99:9a:d2:37:5e:
53:ce:bb:49:8e:93:38:2d:23:d7:fe:b4:83:e4:8e:
f7:55:20:f1:be:7d:6b:5d:10:d2:06:6d:c0:25:af:
5b:41:db:95:e4:5b:1a:2e:38:92:3c:8c:73:9c:9e:
68:88:cc:bf:45:73:31:1f:d1:83:94:29:27:7a:61:
5d:28:8f:e9:d8:a7:3d:95:1b:af:1c:64:aa:ad:3e:
65:44:8a:63:bb:91:1f:0b:28:1c:11:23:8f:85:6d:
48:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:97:63:C8:33:45:5B:3D:F1:17:7E:1A:95:97:DA:67:B9:17:3E:9B
X509v3 Authority Key Identifier:
keyid:68:10:AA:89:23:92:42:DA:CC:9D:03:E3:AF:22:D4:E8:7A:78:34:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/KpdjyDNFWz3xF34alZfaZ7kXPps.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.108.16.0/24
212.48.224.0-212.48.232.255
IPv6:
2a06:300::/29
Signature Algorithm: sha256WithRSAEncryption
b4:ad:53:73:5f:ee:14:49:ef:b5:16:dc:af:56:4d:d7:17:e6:
84:ff:77:a0:e9:37:3b:ef:4c:49:fb:23:41:50:02:5f:7f:b2:
bd:f3:b7:94:05:24:cd:9e:80:88:81:eb:af:a6:02:55:bf:bb:
c9:cf:81:d0:fb:fb:1b:07:e7:83:53:6b:e1:b9:82:63:52:90:
41:75:6d:18:01:1f:ed:55:4c:e1:53:43:db:ec:4e:dd:7b:8d:
69:d5:ff:67:d4:db:f3:26:11:a2:a6:80:fe:b8:8e:a7:d7:56:
e5:5a:15:17:19:08:12:59:c2:9d:80:8e:dd:88:c4:39:6b:2d:
02:91:c5:42:3d:a7:e9:97:2a:aa:e7:d8:c5:8c:24:09:4a:86:
3b:b3:7a:6f:f8:4b:67:15:ee:43:a9:ff:0f:c3:4a:16:d7:43:
63:a5:50:1e:16:8b:b5:38:9e:5b:67:e4:ea:89:f7:cb:dd:26:
c8:2e:bb:79:ff:51:35:7b:99:25:1e:7f:35:89:83:69:97:49:
37:6b:02:28:2c:8b:c0:5a:81:b5:91:80:fc:50:37:0e:46:90:
17:bf:a8:b3:3d:fd:ca:f6:b7:35:23:f8:87:de:2a:ff:2c:d0:
1e:9c:b7:b8:75:49:d1:f7:2d:bd:8f:f3:28:07:6e:f4:19:3c:
eb:60:28:c8
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZmV59XNWdbyjCoh1/04xv0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MTBhYTg5MjM5MjQyZGFjYzlkMDNlM2FmMjJkNGU4N2E3
ODM0MTQwHhcNMjUwOTI5MTQzNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTk3NjNjODMzNDU1YjNkZjExNzdlMWE5NTk3ZGE2N2I5MTczZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIS28wvO8pKxEcCtyUuL1zxVnKxY
XRXxGcdXKuF0o7Pv/FQIUSfxBvBwv2nfW5QKkiNzuhbEVBjI4fwbk3fuHiWrZpvo
4xi6sSC3QCaXfOKppTsz1FVfkjTHNgvPfb8o7oeDDFzpWyISD4MOewME8CKVxRsW
3ZIv1cjk1nzsW4pFSEF0hBmstwsGKy7FDsyk0xv4evHhVBFu6midaE/0mZrSN15T
zrtJjpM4LSPX/rSD5I73VSDxvn1rXRDSBm3AJa9bQduV5FsaLjiSPIxznJ5oiMy/
RXMxH9GDlCknemFdKI/p2Kc9lRuvHGSqrT5lRIpju5EfCygcESOPhW1IOwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFCqXY8gzRVs98Rd+GpWX2me5Fz6bMB8GA1UdIwQY
MBaAFGgQqokjkkLazJ0D468i1Oh6eDQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUJDcWlTT1NRdHJNblFQanJ5TFU2SHA0TkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wMjQ0ZTQtNzNlMy00NDlkLWEwNmEt
MWY2ODk5MzViOTBmLzEvS3BkanlETkZXejN4RjM0YWxaZmFaN2tYUHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wMjQ0ZTQtNzNlMy00NDlkLWEwNmEtMWY2ODk5MzViOTBm
LzEvYUJDcWlTT1NRdHJNblFQanJ5TFU2SHA0TkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQAuWwQMAwD
BAXUMOADBADUMOgwDQQCAAIwBwMFAyoGAwAwDQYJKoZIhvcNAQELBQADggEBALSt
U3Nf7hRJ77UW3K9WTdcX5oT/d6DpNzvvTEn7I0FQAl9/sr3zt5QFJM2egIiB66+m
AlW/u8nPgdD7+xsH54NTa+G5gmNSkEF1bRgBH+1VTOFTQ9vsTt17jWnV/2fU2/Mm
EaKmgP64jqfXVuVaFRcZCBJZwp2Ajt2IxDlrLQKRxUI9p+mXKqrn2MWMJAlKhjuz
em/4S2cV7kOp/w/DShbXQ2OlUB4Wi7U4nltn5OqJ98vdJsguu3n/UTV7mSUefzWJ
g2mXSTdrAigsi8BagbWRgPxQNw5GkBe/qLM9/cr2tzUj+IfeKv8s0B6ct7h1SdH3
Lb2P8ygHbvQZPOtgKMg=
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:43:10 2025 by rpki-client