Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/pczhsUKGHELIQkg7tKT9igyRi-A.roa
File: pczhsUKGHELIQkg7tKT9igyRi-A.roa (raw, json)
Hash identifier: Y7SOjOUl6Opwe6kgzkQEfHKGoUu9pf1pYRSzuMhv1S4=
Subject key identifier: A5:CC:E1:B1:42:86:1C:42:C8:42:48:3B:B4:A4:FD:8A:0C:91:8B:E0
Certificate issuer: /CN=954a2aee086174b01272fae779ad431eb092aeb7
Certificate serial: 01993E9599DA30A534FF19573195A4FD2E4F
Authority key identifier: 95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/pczhsUKGHELIQkg7tKT9igyRi-A.roa
Signing time: Fri 12 Sep 2025 15:40:15 +0000
ROA not before: Fri 12 Sep 2025 15:40:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58212
IP address blocks: 37.247.119.0/24 maxlen: 24
185.7.82.0/24 maxlen: 24
185.7.83.0/24 maxlen: 24
2a03:403::/32 maxlen: 32
2a03:403:4000::/34 maxlen: 34
2a03:403:8000::/34 maxlen: 34
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.mft
rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 09:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:3e:95:99:da:30:a5:34:ff:19:57:31:95:a4:fd:2e:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=954a2aee086174b01272fae779ad431eb092aeb7
Validity
Not Before: Sep 12 15:40:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a5cce1b142861c42c842483bb4a4fd8a0c918be0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:4c:d2:ee:72:16:14:a9:6b:ab:d0:81:7d:d5:
10:99:87:fb:00:a9:04:94:a4:36:30:21:1e:b2:ae:
14:97:e7:8f:a3:88:e8:b9:eb:67:28:c4:e9:b1:45:
d2:fc:49:a7:07:c5:43:d8:0f:ff:c9:0a:ac:b0:82:
0d:40:f2:83:3e:85:98:5b:fb:12:d2:7a:59:bc:52:
46:52:9e:ce:39:f2:ef:f2:ff:13:68:d3:ac:51:40:
61:bf:1f:56:7c:9e:cd:35:43:9b:36:f6:8e:88:d7:
17:6a:d1:63:59:a1:72:6a:0e:5f:8e:78:f9:3c:34:
ca:9a:fd:e0:66:4c:9e:73:6f:2f:f8:16:09:c8:71:
01:59:3a:cb:64:e9:f1:30:02:e8:54:bb:f3:3e:93:
b7:90:b3:84:c5:13:92:f3:08:32:8e:54:87:61:df:
e7:70:04:25:8e:76:7c:00:1f:01:ad:a3:6c:86:36:
1d:b0:f2:71:8d:33:c7:71:c0:d7:ee:4b:53:f9:3c:
20:bd:be:aa:6c:0c:7f:10:c3:2c:9f:87:97:bd:f7:
6f:0e:b8:e9:1f:f2:7c:99:a4:d0:a4:d5:02:37:50:
82:b3:d6:2b:bd:6e:f3:04:49:05:71:ee:08:14:2a:
a4:1e:c3:3d:02:6f:73:c3:8e:a6:0e:a3:33:88:2b:
60:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:CC:E1:B1:42:86:1C:42:C8:42:48:3B:B4:A4:FD:8A:0C:91:8B:E0
X509v3 Authority Key Identifier:
keyid:95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/pczhsUKGHELIQkg7tKT9igyRi-A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.247.119.0/24
185.7.82.0/23
IPv6:
2a03:403::/32
Signature Algorithm: sha256WithRSAEncryption
33:5f:17:51:c5:d6:b5:d9:c9:64:32:e0:9c:a8:eb:1d:20:da:
b7:0f:65:59:a7:9f:d2:24:31:4a:45:16:60:f2:bd:80:13:39:
3f:08:ae:99:bf:9d:e5:71:22:a0:ef:a8:0a:28:c5:fb:18:8c:
bc:e6:80:22:17:af:9b:73:9a:c6:3c:46:8e:34:0c:50:23:19:
4e:03:bb:d6:83:6e:67:93:02:ad:cb:8a:ed:05:19:de:42:e0:
38:72:ca:f3:61:cb:0c:8d:1f:f9:18:85:92:70:ea:07:90:fe:
07:a6:91:c1:ec:bb:dc:ad:fc:4f:61:b8:2b:e0:ab:5a:0e:7f:
a6:0a:01:8b:c9:da:46:2b:16:8f:e7:dc:69:9b:7d:bf:eb:b4:
48:bb:8a:c7:79:8f:ec:5f:73:4d:43:e9:be:8a:39:90:cd:1f:
58:e0:dc:91:5b:30:30:f9:c4:c3:27:ca:98:5e:1e:cb:96:69:
17:62:55:6b:c3:f8:40:6e:f7:35:af:fc:09:51:af:e6:fe:7e:
08:c4:d1:37:89:ce:b1:82:43:c2:4f:dd:cc:09:63:27:c4:25:
c2:ea:99:1f:9d:89:4c:2e:ef:ab:c2:76:14:34:65:e7:2e:ee:
f4:45:e2:c9:a8:32:9b:3b:ff:30:bc:e4:23:7c:82:bc:58:a7:
9f:ee:77:12
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZk+lZnaMKU0/xlXMZWk/S5PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGEyYWVlMDg2MTc0YjAxMjcyZmFlNzc5YWQ0MzFlYjA5
MmFlYjcwHhcNMjUwOTEyMTU0MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWNjZTFiMTQyODYxYzQyYzg0MjQ4M2JiNGE0ZmQ4YTBjOTE4YmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6kzS7nIWFKlrq9CBfdUQmYf7AKkE
lKQ2MCEesq4Ul+ePo4jouetnKMTpsUXS/EmnB8VD2A//yQqssIINQPKDPoWYW/sS
0npZvFJGUp7OOfLv8v8TaNOsUUBhvx9WfJ7NNUObNvaOiNcXatFjWaFyag5fjnj5
PDTKmv3gZkyec28v+BYJyHEBWTrLZOnxMALoVLvzPpO3kLOExROS8wgyjlSHYd/n
cAQljnZ8AB8BraNshjYdsPJxjTPHccDX7ktT+Twgvb6qbAx/EMMsn4eXvfdvDrjp
H/J8maTQpNUCN1CCs9YrvW7zBEkFce4IFCqkHsM9Am9zw46mDqMziCtgUwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKXM4bFChhxCyEJIO7Sk/YoMkYvgMB8GA1UdIwQY
MBaAFJVKKu4IYXSwEnL653mtQx6wkq63MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEt
NDU2NWYwNGY4ZDg1LzEvcGN6aHNVS0dIRUxJUWtnN3RLVDlpZ3lSaS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEtNDU2NWYwNGY4ZDg1
LzEvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAJfd3AwQB
uQdSMA0EAgACMAcDBQAqAwQDMA0GCSqGSIb3DQEBCwUAA4IBAQAzXxdRxda12clk
MuCcqOsdINq3D2VZp5/SJDFKRRZg8r2AEzk/CK6Zv53lcSKg76gKKMX7GIy85oAi
F6+bc5rGPEaONAxQIxlOA7vWg25nkwKty4rtBRneQuA4csrzYcsMjR/5GIWScOoH
kP4HppHB7LvcrfxPYbgr4KtaDn+mCgGLydpGKxaP59xpm32/67RIu4rHeY/sX3NN
Q+m+ijmQzR9Y4NyRWzAw+cTDJ8qYXh7LlmkXYlVrw/hAbvc1r/wJUa/m/n4IxNE3
ic6xgkPCT93MCWMnxCXC6pkfnYlMLu+rwnYUNGXnLu70ReLJqDKbO/8wvOQjfIK8
WKef7ncS
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:34:05 2025 by rpki-client