Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/RkNSHPxeGyuQWaphLZeft9rG6t4.roa
File: RkNSHPxeGyuQWaphLZeft9rG6t4.roa (raw, json)
Hash identifier: c7vEvcPCr8KpDOxbqsIVXnfktutvPBP6mswtibwiwTc=
Subject key identifier: 46:43:52:1C:FC:5E:1B:2B:90:59:AA:61:2D:97:9F:B7:DA:C6:EA:DE
Certificate issuer: /CN=7e26b1ef7410072ce96e82d7581be436e639a7c4
Certificate serial: 019932921FAE7309AB31DA56CC43B8B74C3C
Authority key identifier: 7E:26:B1:EF:74:10:07:2C:E9:6E:82:D7:58:1B:E4:36:E6:39:A7:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiax73QQByzpboLXWBvkNuY5p8Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/RkNSHPxeGyuQWaphLZeft9rG6t4.roa
Signing time: Wed 10 Sep 2025 07:41:01 +0000
ROA not before: Wed 10 Sep 2025 07:41:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43298
IP address blocks: 185.121.243.0/24 maxlen: 24
2a06:a180:20::/48 maxlen: 48
2a06:a180:21::/48 maxlen: 48
2a06:a180:22::/48 maxlen: 48
2a06:a180:90::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/fiax73QQByzpboLXWBvkNuY5p8Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/fiax73QQByzpboLXWBvkNuY5p8Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiax73QQByzpboLXWBvkNuY5p8Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:32:92:1f:ae:73:09:ab:31:da:56:cc:43:b8:b7:4c:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e26b1ef7410072ce96e82d7581be436e639a7c4
Validity
Not Before: Sep 10 07:41:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4643521cfc5e1b2b9059aa612d979fb7dac6eade
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:6c:5c:e7:a7:ef:e9:2c:b2:cd:65:a7:7d:ad:
9f:3b:6c:b7:bf:b4:30:e7:e3:94:23:26:df:a0:b0:
1e:3a:19:ba:17:96:7a:36:81:4f:59:0f:87:07:c7:
6e:a3:0a:21:f0:08:cf:49:dd:e2:97:94:89:e0:0d:
00:97:44:42:8f:8c:00:6b:e0:94:f7:4f:68:4c:63:
d9:84:b5:9b:8a:d0:d1:b6:ea:a1:36:75:56:b1:74:
1e:88:bf:b8:19:7a:b7:f9:ad:59:b0:c3:cf:aa:d1:
ce:cb:1f:19:e3:13:8a:25:9d:b3:5d:63:af:3b:48:
52:55:a3:28:58:40:e1:13:ab:a3:52:f9:07:7f:5c:
e1:19:38:dd:06:14:28:14:3c:12:bc:22:1d:63:9c:
34:ec:d1:a3:8f:74:c9:ad:c6:51:b4:df:c7:c5:aa:
c0:52:08:25:14:71:cc:32:81:52:e0:7f:4c:d4:14:
a5:3e:c9:0d:b8:e8:de:3a:07:7e:04:34:b4:de:4a:
51:0b:7d:f8:8e:03:7d:51:9a:f3:ff:64:2b:71:47:
50:e2:cb:e7:a7:2b:89:cb:37:2c:57:ee:f9:4b:53:
0c:fd:74:d1:36:c6:04:c9:b7:11:78:ee:a2:47:10:
71:43:43:c5:ca:fa:db:dd:26:f2:83:dc:bb:5f:ad:
7d:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:43:52:1C:FC:5E:1B:2B:90:59:AA:61:2D:97:9F:B7:DA:C6:EA:DE
X509v3 Authority Key Identifier:
keyid:7E:26:B1:EF:74:10:07:2C:E9:6E:82:D7:58:1B:E4:36:E6:39:A7:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiax73QQByzpboLXWBvkNuY5p8Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/RkNSHPxeGyuQWaphLZeft9rG6t4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/cac63c-55e5-4154-8876-8c32c351ee70/1/fiax73QQByzpboLXWBvkNuY5p8Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.121.243.0/24
IPv6:
2a06:a180:20::-2a06:a180:22:ffff:ffff:ffff:ffff:ffff
2a06:a180:90::/48
Signature Algorithm: sha256WithRSAEncryption
64:58:c8:4e:a4:5f:4b:d6:9e:48:fc:97:8d:3e:9f:ba:dd:dd:
62:0a:29:22:9a:f2:4e:89:f5:89:8e:e1:10:7f:24:2a:89:0b:
f7:31:05:42:8c:cc:43:24:d0:56:09:7d:23:d2:68:6c:4d:06:
b6:1c:08:31:5d:ea:a9:b4:6a:2d:59:14:4a:46:45:16:27:f3:
4b:08:90:95:af:8f:40:2d:f7:40:df:ae:12:18:6c:e1:e7:3c:
5c:8e:dd:d7:af:f8:61:9e:82:07:07:ad:24:cb:39:60:49:be:
d5:70:b9:0e:f2:d2:1a:e2:ad:f9:14:b6:c1:65:03:75:61:f9:
8d:7d:81:43:d7:3e:cb:a7:9b:ca:4c:d1:52:53:d4:bb:44:ec:
d0:fe:72:66:ad:3f:1e:0e:41:b7:f7:91:ca:a0:df:d2:3b:7b:
2f:77:29:8d:ea:26:26:f5:01:2b:cb:57:3d:b4:40:08:83:82:
a2:ef:1d:ba:ca:6c:f3:22:80:bc:25:61:11:fe:04:fa:3f:8a:
59:75:43:fa:3d:ed:5a:c9:4d:b0:80:e6:d1:b3:c2:52:ee:68:
8f:7a:2e:e2:71:e3:86:b2:40:22:51:3a:dd:77:0e:46:b2:42:
92:fc:5c:d6:8b:89:dd:61:9e:1b:06:80:f2:6b:c0:bd:2d:89:
a1:7f:41:98
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZkykh+ucwmrMdpWzEO4t0w8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjZiMWVmNzQxMDA3MmNlOTZlODJkNzU4MWJlNDM2ZTYz
OWE3YzQwHhcNMjUwOTEwMDc0MTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjQzNTIxY2ZjNWUxYjJiOTA1OWFhNjEyZDk3OWZiN2RhYzZlYWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWxc56fv6SyyzWWnfa2fO2y3v7Qw
5+OUIybfoLAeOhm6F5Z6NoFPWQ+HB8duowoh8AjPSd3il5SJ4A0Al0RCj4wAa+CU
909oTGPZhLWbitDRtuqhNnVWsXQeiL+4GXq3+a1ZsMPPqtHOyx8Z4xOKJZ2zXWOv
O0hSVaMoWEDhE6ujUvkHf1zhGTjdBhQoFDwSvCIdY5w07NGjj3TJrcZRtN/HxarA
UgglFHHMMoFS4H9M1BSlPskNuOjeOgd+BDS03kpRC334jgN9UZrz/2QrcUdQ4svn
pyuJyzcsV+75S1MM/XTRNsYEybcReO6iRxBxQ0PFyvrb3Sbyg9y7X619PwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFEZDUhz8XhsrkFmqYS2Xn7faxureMB8GA1UdIwQY
MBaAFH4mse90EAcs6W6C11gb5DbmOafEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlheDczUVFCeXpwYm9MWFdCdmtOdVk1cDhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9jYWM2M2MtNTVlNS00MTU0LTg4NzYt
OGMzMmMzNTFlZTcwLzEvUmtOU0hQeGVHeXVRV2FwaExaZWZ0OXJHNnQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9jYWM2M2MtNTVlNS00MTU0LTg4NzYtOGMzMmMzNTFlZTcw
LzEvZmlheDczUVFCeXpwYm9MWFdCdmtOdVk1cDhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAMBAIAATAGAwQAuXnzMCME
AgACMB0wEgMHBSoGoYAAIAMHACoGoYAAIgMHACoGoYAAkDANBgkqhkiG9w0BAQsF
AAOCAQEAZFjITqRfS9aeSPyXjT6fut3dYgopIpryTon1iY7hEH8kKokL9zEFQozM
QyTQVgl9I9JobE0GthwIMV3qqbRqLVkUSkZFFifzSwiQla+PQC33QN+uEhhs4ec8
XI7d16/4YZ6CBwetJMs5YEm+1XC5DvLSGuKt+RS2wWUDdWH5jX2BQ9c+y6ebykzR
UlPUu0Ts0P5yZq0/Hg5Bt/eRyqDf0jt7L3cpjeomJvUBK8tXPbRACIOCou8dusps
8yKAvCVhEf4E+j+KWXVD+j3tWslNsIDm0bPCUu5oj3ou4nHjhrJAIlE63XcORrJC
kvxc1ouJ3WGeGwaA8mvAvS2JoX9BmA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:00:37 2025 by rpki-client