Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hzX4nqusc1OOc9tVCphBeowaudo.roa
File: hzX4nqusc1OOc9tVCphBeowaudo.roa (raw, json)
Hash identifier: ICWxnlrkyU3CKlIZdO2MMetqMgyZiLI3OoxDSFaMm/M=
Subject key identifier: 87:35:F8:9E:AB:AC:73:53:8E:73:DB:55:0A:98:41:7A:8C:1A:B9:DA
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 0199F2B147DB7AE08E56A9310ED265F56685
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hzX4nqusc1OOc9tVCphBeowaudo.roa
Signing time: Fri 17 Oct 2025 15:02:08 +0000
ROA not before: Fri 17 Oct 2025 15:02:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 45.87.243.0/24 maxlen: 24
45.146.128.0/24 maxlen: 24
2a09:17c0:1000::/48 maxlen: 48
2a0f:3d80:123::/48 maxlen: 48
2a12:ac43:baca::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f2:b1:47:db:7a:e0:8e:56:a9:31:0e:d2:65:f5:66:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Oct 17 15:02:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8735f89eabac73538e73db550a98417a8c1ab9da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:24:ae:f5:56:e8:b8:04:79:27:11:01:ef:25:
07:75:18:cb:17:23:a7:cc:5c:38:67:b4:c7:97:70:
89:35:fa:55:8c:f1:ce:ee:0a:b8:3f:a3:b2:02:3e:
f2:86:0d:64:d4:e3:70:f1:e6:c6:69:f0:ac:2f:fe:
14:21:12:fb:ba:8e:d7:d9:1f:49:fe:5f:14:27:3e:
08:c9:fa:d2:f1:d2:3b:54:5e:74:d1:57:36:5c:dd:
05:70:c0:84:d6:0e:37:21:5f:4e:2e:58:3d:47:12:
ad:29:b4:46:97:ad:cc:0c:45:30:8e:ff:66:21:c7:
8f:23:f0:1b:da:e7:1a:01:31:43:2a:c7:2d:e4:f8:
c6:12:0d:2e:34:c0:ed:ff:6a:e2:a4:1b:4b:b6:a8:
ac:f0:93:d0:b2:38:d0:9b:1b:87:a9:d1:5a:86:48:
2a:1f:a6:c5:f6:58:62:f9:ee:6c:59:af:84:4d:7c:
e5:12:ad:5d:ca:9e:70:63:13:01:67:3a:44:ff:64:
65:ee:b0:ac:dd:00:21:88:db:1b:a2:ec:50:75:d9:
d8:72:ee:3c:b5:04:4b:bf:c2:c4:d3:9a:40:ff:59:
3d:4a:d0:37:bb:fe:53:0e:b2:07:ea:4d:1b:2f:fa:
e8:c3:03:89:07:36:4f:45:9e:bf:d2:5d:eb:4b:ac:
58:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:35:F8:9E:AB:AC:73:53:8E:73:DB:55:0A:98:41:7A:8C:1A:B9:DA
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hzX4nqusc1OOc9tVCphBeowaudo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.243.0/24
45.146.128.0/24
IPv6:
2a09:17c0:1000::/48
2a0f:3d80:123::/48
2a12:ac43:baca::/48
Signature Algorithm: sha256WithRSAEncryption
81:32:01:7e:e9:f4:ca:0f:39:6f:94:65:b3:d0:f7:8b:32:6a:
b2:5b:94:95:01:80:9c:fa:2a:e1:2b:d8:e4:38:b6:8a:08:3c:
17:6e:63:71:06:36:d5:70:a7:79:d7:7d:c0:33:ee:79:74:c0:
46:32:dd:ba:a6:d6:91:38:17:3a:a0:29:91:e2:9d:dd:a4:96:
79:43:88:b0:32:1c:ee:b7:0f:b0:20:dd:f1:7d:77:e0:51:9d:
d5:76:8c:df:c6:9b:e7:72:4e:c4:91:cf:24:e1:a1:68:ed:23:
59:d8:ed:f0:63:61:27:9f:51:b3:4c:15:ab:b3:2d:da:74:25:
5b:b6:6e:02:96:a2:2f:32:51:64:38:27:89:63:5d:e8:66:4c:
a1:45:18:9d:ac:24:2c:ff:1c:38:93:b4:8d:8e:91:e9:d6:ac:
de:ad:3c:48:16:45:fb:96:69:36:b3:e1:98:d5:4c:6a:5e:5f:
18:9d:fc:7f:b3:5c:25:df:33:1f:3b:e1:55:a7:12:85:1c:be:
08:ea:ea:b6:9b:fb:d5:d5:5c:18:50:c0:96:ce:5e:15:61:e7:
03:e6:10:43:40:c4:5b:08:b7:71:e5:6b:1b:23:f4:14:f5:ff:
b4:1c:65:18:44:88:66:45:5b:86:f9:37:b8:e3:bb:79:e4:b5:
ca:fe:ee:52
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZnysUfbeuCOVqkxDtJl9WaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDE3MTUwMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzM1Zjg5ZWFiYWM3MzUzOGU3M2RiNTUwYTk4NDE3YThjMWFiOWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiSu9VbouAR5JxEB7yUHdRjLFyOn
zFw4Z7THl3CJNfpVjPHO7gq4P6OyAj7yhg1k1ONw8ebGafCsL/4UIRL7uo7X2R9J
/l8UJz4IyfrS8dI7VF500Vc2XN0FcMCE1g43IV9OLlg9RxKtKbRGl63MDEUwjv9m
IcePI/Ab2ucaATFDKsct5PjGEg0uNMDt/2ripBtLtqis8JPQsjjQmxuHqdFahkgq
H6bF9lhi+e5sWa+ETXzlEq1dyp5wYxMBZzpE/2Rl7rCs3QAhiNsbouxQddnYcu48
tQRLv8LE05pA/1k9StA3u/5TDrIH6k0bL/rowwOJBzZPRZ6/0l3rS6xYIQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFIc1+J6rrHNTjnPbVQqYQXqMGrnaMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvaHpYNG5xdXNjMU9PYzl0VkNwaEJlb3dhdWRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzASBAIAATAMAwQALVfzAwQA
LZKAMCEEAgACMBsDBwAqCRfAEAADBwAqDz2AASMDBwAqEqxDusowDQYJKoZIhvcN
AQELBQADggEBAIEyAX7p9MoPOW+UZbPQ94syarJblJUBgJz6KuEr2OQ4tooIPBdu
Y3EGNtVwp3nXfcAz7nl0wEYy3bqm1pE4FzqgKZHind2klnlDiLAyHO63D7Ag3fF9
d+BRndV2jN/Gm+dyTsSRzyThoWjtI1nY7fBjYSefUbNMFauzLdp0JVu2bgKWoi8y
UWQ4J4ljXehmTKFFGJ2sJCz/HDiTtI2OkenWrN6tPEgWRfuWaTaz4ZjVTGpeXxid
/H+zXCXfMx874VWnEoUcvgjq6rab+9XVXBhQwJbOXhVh5wPmEENAxFsIt3Hlaxsj
9BT1/7QcZRhEiGZFW4b5N7jju3nktcr+7lI=
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:11:27 2025 by rpki-client