Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/nzo65GM7pIP8gyYTz_lLmHBppbo.roa
File: nzo65GM7pIP8gyYTz_lLmHBppbo.roa (raw, json)
Hash identifier: R1cCkDDxl+pgkQe3VNfJR/kwu6fnyhDQdd6GCs7JLwk=
Subject key identifier: 9F:3A:3A:E4:63:3B:A4:83:FC:83:26:13:CF:F9:4B:98:70:69:A5:BA
Certificate issuer: /CN=0babd682c1a8fc5037adbf68143ae77fd00f38ab
Certificate serial: 0199DDE48FF16F05A30BF4C41B5ED08B9CCB
Authority key identifier: 0B:AB:D6:82:C1:A8:FC:50:37:AD:BF:68:14:3A:E7:7F:D0:0F:38:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C6vWgsGo_FA3rb9oFDrnf9APOKs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/nzo65GM7pIP8gyYTz_lLmHBppbo.roa
Signing time: Mon 13 Oct 2025 14:06:07 +0000
ROA not before: Mon 13 Oct 2025 14:06:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39896
IP address blocks: 45.159.109.0/24 maxlen: 24
45.159.110.0/24 maxlen: 24
45.159.111.0/24 maxlen: 24
146.255.24.0/21 maxlen: 21
193.150.128.0/20 maxlen: 20
193.150.144.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/C6vWgsGo_FA3rb9oFDrnf9APOKs.crl
rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/C6vWgsGo_FA3rb9oFDrnf9APOKs.mft
rsync://rpki.ripe.net/repository/DEFAULT/C6vWgsGo_FA3rb9oFDrnf9APOKs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:dd:e4:8f:f1:6f:05:a3:0b:f4:c4:1b:5e:d0:8b:9c:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0babd682c1a8fc5037adbf68143ae77fd00f38ab
Validity
Not Before: Oct 13 14:06:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9f3a3ae4633ba483fc832613cff94b987069a5ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:63:2a:d0:82:cd:f7:48:d7:0e:f5:cd:4e:5e:
1b:7d:df:28:3d:e1:4d:85:04:82:aa:04:54:80:c5:
53:3e:ed:f2:56:7b:d9:93:c5:f4:8b:e0:c5:4b:38:
2a:27:61:de:11:ac:69:4c:b8:72:3a:bf:e0:9b:c2:
c0:73:17:e9:9c:84:68:a6:bc:57:45:f6:9c:6b:63:
0b:74:52:6c:91:52:74:97:b3:47:2e:fa:08:9f:89:
f6:a6:84:7b:b6:c9:58:0e:0b:de:a1:fc:2b:7c:dd:
08:84:a0:42:1b:93:ba:8d:8b:f7:c2:02:46:02:a2:
d9:40:8c:72:1f:0f:e7:08:7a:dd:03:dc:dd:7a:d0:
6e:0c:f9:96:3f:6c:8d:56:18:b6:71:39:71:39:c9:
e3:d5:58:b5:fc:02:dc:67:7b:e5:43:81:97:fc:e4:
ba:93:e5:9f:e6:a7:22:1b:92:35:43:63:63:d0:52:
31:b7:a9:7a:2a:82:79:f5:0d:f3:33:f7:05:1e:3e:
96:d9:2e:23:7f:58:84:1b:d9:4b:43:b6:8c:53:0e:
27:55:75:34:0c:7d:ad:27:3f:26:79:6a:57:3c:38:
83:13:6e:b9:95:02:bb:d1:4a:e7:9e:ec:db:b9:d7:
84:7e:66:c8:4f:c8:9e:7f:0c:a7:9b:d5:48:9f:40:
b5:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:3A:3A:E4:63:3B:A4:83:FC:83:26:13:CF:F9:4B:98:70:69:A5:BA
X509v3 Authority Key Identifier:
keyid:0B:AB:D6:82:C1:A8:FC:50:37:AD:BF:68:14:3A:E7:7F:D0:0F:38:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6vWgsGo_FA3rb9oFDrnf9APOKs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/nzo65GM7pIP8gyYTz_lLmHBppbo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/C6vWgsGo_FA3rb9oFDrnf9APOKs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.109.0-45.159.111.255
146.255.24.0/21
193.150.128.0-193.150.151.255
Signature Algorithm: sha256WithRSAEncryption
af:64:90:54:f0:9b:92:7e:04:61:b4:0f:de:d2:eb:88:62:fc:
11:cb:2f:ba:12:92:1a:a6:20:e4:86:56:0e:03:97:18:1a:b9:
4d:d6:6d:2a:cd:ce:cb:f7:22:84:cb:78:5e:70:d4:b0:4c:b5:
e4:a1:f2:55:0a:75:8f:58:0e:a1:b9:c1:05:ac:3f:f6:01:00:
e1:20:a7:4a:cc:2c:6d:49:8d:0b:7c:36:c6:23:bc:b6:38:cf:
ec:a4:ae:43:fa:52:dc:95:31:64:68:76:56:9e:16:a0:aa:c6:
ad:6f:6a:f7:a3:37:60:bc:60:c2:a9:de:02:d0:2d:21:1a:98:
cf:1a:ef:13:b1:47:52:61:57:de:ba:8a:23:7f:8f:72:06:ce:
e7:d0:e3:f6:2e:98:8e:0d:d7:8c:f6:d5:d0:31:a2:92:fa:bc:
fe:aa:6c:b6:6e:af:03:39:dd:7e:b6:8f:b1:7b:f0:18:c6:81:
36:de:00:9f:db:28:34:30:95:3c:35:cc:23:87:c2:97:da:87:
6f:e8:51:41:67:5b:19:cc:b0:f7:a8:40:74:0f:18:fd:d6:95:
6d:fc:6c:f6:95:17:d5:10:2a:16:cb:2b:ad:5b:cd:a4:f7:c3:
06:f8:4b:e6:32:f0:15:4e:e7:f8:50:26:b9:89:54:96:87:58:
47:d4:9a:01
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZnd5I/xbwWjC/TEG17Qi5zLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWJkNjgyYzFhOGZjNTAzN2FkYmY2ODE0M2FlNzdmZDAw
ZjM4YWIwHhcNMjUxMDEzMTQwNjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjNhM2FlNDYzM2JhNDgzZmM4MzI2MTNjZmY5NGI5ODcwNjlhNWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2Mq0ILN90jXDvXNTl4bfd8oPeFN
hQSCqgRUgMVTPu3yVnvZk8X0i+DFSzgqJ2HeEaxpTLhyOr/gm8LAcxfpnIRoprxX
Rfaca2MLdFJskVJ0l7NHLvoIn4n2poR7tslYDgveofwrfN0IhKBCG5O6jYv3wgJG
AqLZQIxyHw/nCHrdA9zdetBuDPmWP2yNVhi2cTlxOcnj1Vi1/ALcZ3vlQ4GX/OS6
k+Wf5qciG5I1Q2Nj0FIxt6l6KoJ59Q3zM/cFHj6W2S4jf1iEG9lLQ7aMUw4nVXU0
DH2tJz8meWpXPDiDE265lQK70UrnnuzbudeEfmbIT8iefwynm9VIn0C1NQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFJ86OuRjO6SD/IMmE8/5S5hwaaW6MB8GA1UdIwQY
MBaAFAur1oLBqPxQN62/aBQ653/QDzirMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ2V2dzR29fRkEzcmI5b0ZEcm5mOUFQT0tzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9iYzQwMWEtNjkzOC00ZmRjLTljNmUt
ZmFjM2Q1NTQzYTJjLzEvbnpvNjVHTTdwSVA4Z3lZVHpfbExtSEJwcGJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9iYzQwMWEtNjkzOC00ZmRjLTljNmUtZmFjM2Q1NTQzYTJj
LzEvQzZ2V2dzR29fRkEzcmI5b0ZEcm5mOUFQT0tzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAAtn20D
BAQtn2ADBAOS/xgwDAMEB8GWgAMEA8GWkDANBgkqhkiG9w0BAQsFAAOCAQEAr2SQ
VPCbkn4EYbQP3tLriGL8EcsvuhKSGqYg5IZWDgOXGBq5TdZtKs3Oy/cihMt4XnDU
sEy15KHyVQp1j1gOobnBBaw/9gEA4SCnSswsbUmNC3w2xiO8tjjP7KSuQ/pS3JUx
ZGh2Vp4WoKrGrW9q96M3YLxgwqneAtAtIRqYzxrvE7FHUmFX3rqKI3+PcgbO59Dj
9i6Yjg3XjPbV0DGikvq8/qpstm6vAzndfraPsXvwGMaBNt4An9soNDCVPDXMI4fC
l9qHb+hRQWdbGcyw96hAdA8Y/daVbfxs9pUX1RAqFssrrVvNpPfDBvhL5jLwFU7n
+FAmuYlUlodYR9SaAQ==
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:36:46 2025 by rpki-client