Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/eNwCCRRxYwedsynnp6vdifKfv1c.roa
File: eNwCCRRxYwedsynnp6vdifKfv1c.roa (raw, json)
Hash identifier: He7kVis/ImC9dCvWBNoGqFcunz/T3uLP9V6ES4Qh7wM=
Subject key identifier: 78:DC:02:09:14:71:63:07:9D:B3:29:E7:A7:AB:DD:89:F2:9F:BF:57
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 0198CDCE46107CE6C2A7D949B23F26FF884C
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/eNwCCRRxYwedsynnp6vdifKfv1c.roa
Signing time: Thu 21 Aug 2025 18:05:04 +0000
ROA not before: Thu 21 Aug 2025 18:05:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2856
IP address blocks: 5.35.192.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
89.39.172.0/23 maxlen: 24
94.26.64.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:cd:ce:46:10:7c:e6:c2:a7:d9:49:b2:3f:26:ff:88:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Aug 21 18:05:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=78dc0209147163079db329e7a7abdd89f29fbf57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:d1:86:df:c1:c0:c8:f3:e1:69:d6:e5:39:c3:
39:36:90:f1:e0:37:a1:30:b5:86:69:ee:4a:55:4c:
b3:d0:42:b1:1f:89:f7:84:dd:2b:e7:dd:9c:c4:bd:
db:97:0f:b5:5d:9d:96:a2:5e:a4:c4:b5:08:98:61:
94:24:92:d4:21:0a:c2:a4:d3:85:6d:58:5e:36:c3:
7c:f2:4f:71:96:87:c4:41:73:b4:1c:fd:f5:31:e3:
fa:eb:b4:d6:a9:1c:07:98:e8:86:80:ab:24:1d:a8:
ea:aa:b2:6d:e7:fc:d9:b9:43:4e:f4:76:87:2a:84:
2c:67:c5:7b:cd:ce:cf:93:70:45:69:95:c2:d4:67:
2f:6d:6d:d3:d5:55:a4:f9:99:af:37:51:b2:28:2b:
3b:c5:ae:63:6b:6e:4b:42:d3:3f:d3:ff:b5:4f:01:
12:89:6a:ef:c9:d5:a5:92:87:97:a5:d4:db:6a:8a:
67:70:a7:28:56:37:0e:20:fb:a9:7a:d6:d3:d4:60:
f8:3e:9b:14:04:c9:04:ca:74:9b:90:d7:05:22:38:
38:43:15:47:e0:93:50:32:93:24:58:40:6a:6a:9e:
37:18:28:7a:ef:94:2c:58:ab:8c:a9:43:8d:56:86:
96:b0:8c:6c:49:64:c4:73:07:d3:0a:f9:ff:0f:44:
ce:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:DC:02:09:14:71:63:07:9D:B3:29:E7:A7:AB:DD:89:F2:9F:BF:57
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/eNwCCRRxYwedsynnp6vdifKfv1c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
85.204.160.0/22
89.39.172.0/23
94.26.64.0/23
Signature Algorithm: sha256WithRSAEncryption
39:b2:24:69:cf:17:d4:ec:e7:03:3b:5b:7e:dc:89:a1:70:c9:
7e:41:9d:95:03:cc:2b:d4:c6:a1:89:88:cf:e5:7f:85:b4:d5:
b5:5c:d9:50:60:83:6a:fa:1c:eb:98:22:19:bb:e8:7a:b9:2a:
eb:bb:6a:17:e3:bb:26:fd:81:f5:db:b2:ea:9b:5c:cf:a5:ed:
f7:f4:44:18:98:b3:8a:55:b9:18:67:07:c3:7e:79:71:7e:ca:
2f:5a:de:88:03:c7:b6:28:6f:0f:04:85:ed:23:19:5d:a5:21:
c8:44:fd:54:c5:b0:e1:a5:1c:f2:14:12:a7:32:3a:54:6e:4c:
93:f1:43:e5:5d:3f:fc:18:d2:bb:2a:f0:32:53:1b:ed:d8:ae:
d8:99:85:0f:ac:ef:ee:60:47:79:9d:7f:e9:30:11:c9:cf:54:
1b:88:66:04:7a:70:60:97:da:c8:30:92:e0:f5:1f:c9:47:1f:
04:bc:68:bf:b7:b7:5d:36:58:8f:a8:d1:aa:39:06:f5:7f:45:
14:44:a5:02:00:73:ad:f0:ad:4a:cd:36:24:ad:1b:40:ca:36:
40:1e:09:21:08:30:8e:f2:7d:6d:df:64:b0:01:59:c5:44:5b:
9a:d6:04:cf:66:d3:15:17:29:c4:2a:8e:7e:a4:12:e6:f3:a0:
d5:27:aa:aa
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZjNzkYQfObCp9lJsj8m/4hMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwODIxMTgwNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGRjMDIwOTE0NzE2MzA3OWRiMzI5ZTdhN2FiZGQ4OWYyOWZiZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNGG38HAyPPhadblOcM5NpDx4Deh
MLWGae5KVUyz0EKxH4n3hN0r592cxL3blw+1XZ2Wol6kxLUImGGUJJLUIQrCpNOF
bVheNsN88k9xlofEQXO0HP31MeP667TWqRwHmOiGgKskHajqqrJt5/zZuUNO9HaH
KoQsZ8V7zc7Pk3BFaZXC1GcvbW3T1VWk+ZmvN1GyKCs7xa5ja25LQtM/0/+1TwES
iWrvydWlkoeXpdTbaopncKcoVjcOIPupetbT1GD4PpsUBMkEynSbkNcFIjg4QxVH
4JNQMpMkWEBqap43GCh675QsWKuMqUONVoaWsIxsSWTEcwfTCvn/D0TOewIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHjcAgkUcWMHnbMp56er3Ynyn79XMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvZU53Q0NSUnhZd2Vkc3lubnA2dmRpZktmdjFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDBSPAAwQC
VcygAwQBWSesAwQBXhpAMA0GCSqGSIb3DQEBCwUAA4IBAQA5siRpzxfU7OcDO1t+
3ImhcMl+QZ2VA8wr1MahiYjP5X+FtNW1XNlQYINq+hzrmCIZu+h6uSrru2oX47sm
/YH127Lqm1zPpe339EQYmLOKVbkYZwfDfnlxfsovWt6IA8e2KG8PBIXtIxldpSHI
RP1UxbDhpRzyFBKnMjpUbkyT8UPlXT/8GNK7KvAyUxvt2K7YmYUPrO/uYEd5nX/p
MBHJz1QbiGYEenBgl9rIMJLg9R/JRx8EvGi/t7ddNliPqNGqOQb1f0UURKUCAHOt
8K1KzTYkrRtAyjZAHgkhCDCO8n1t32SwAVnFRFua1gTPZtMVFynEKo5+pBLm86DV
J6qq
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:45:51 2025 by rpki-client