Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/68bf9tdtZQgGYg3-0B5PInDhCfY.roa
File: 68bf9tdtZQgGYg3-0B5PInDhCfY.roa (raw, json)
Hash identifier: f8IkiTce5GYVcsogjzR0QdHaU5oLadDEov52ZX8Qu0s=
Subject key identifier: EB:C6:DF:F6:D7:6D:65:08:06:62:0D:FE:D0:1E:4F:22:70:E1:09:F6
Certificate issuer: /CN=beb12ce6a91030e27d5abad146df27bc2880652b
Certificate serial: 0199A49528D0FBB76A4F1079881079105DFA
Authority key identifier: BE:B1:2C:E6:A9:10:30:E2:7D:5A:BA:D1:46:DF:27:BC:28:80:65:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/68bf9tdtZQgGYg3-0B5PInDhCfY.roa
Signing time: Thu 02 Oct 2025 11:01:02 +0000
ROA not before: Thu 02 Oct 2025 11:01:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205020
IP address blocks: 193.186.196.0/22 maxlen: 22
193.186.196.0/23 maxlen: 23
193.186.196.0/24 maxlen: 24
193.186.197.0/24 maxlen: 24
193.186.198.0/23 maxlen: 23
193.186.198.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.crl
rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.mft
rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:a4:95:28:d0:fb:b7:6a:4f:10:79:88:10:79:10:5d:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=beb12ce6a91030e27d5abad146df27bc2880652b
Validity
Not Before: Oct 2 11:01:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ebc6dff6d76d650806620dfed01e4f2270e109f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:af:01:87:f2:34:ac:c4:3f:7b:02:55:66:60:
e2:74:02:12:72:03:28:85:0e:75:61:18:98:bd:70:
e0:f7:aa:16:b3:9a:33:d8:60:92:d8:cc:9b:bc:a8:
4c:09:aa:d0:83:3a:e0:df:cb:dd:6b:da:38:b8:11:
0f:96:ac:72:4f:4f:e9:ae:48:14:e9:fd:df:6e:a7:
3f:96:ca:72:60:bb:73:3f:7a:84:e9:ba:3c:c4:98:
56:82:f6:fd:c1:c1:52:da:5a:f0:b0:6c:76:ae:fa:
f1:b2:86:a7:d8:24:df:56:8a:3e:e8:2a:7f:0c:ab:
74:fb:0c:69:08:af:2b:df:48:3f:5d:e7:c5:d4:61:
5e:56:db:92:fa:55:2b:ae:37:12:7f:2b:ce:81:0d:
55:30:93:ef:6e:cd:83:ee:83:fb:21:f0:aa:49:5f:
39:be:5d:11:6e:e2:5d:3b:ba:30:07:fb:3e:9f:4e:
47:0d:98:d9:ee:0d:e2:42:b8:20:09:c0:56:33:07:
8e:2a:4a:95:37:fe:81:ad:97:cd:48:91:df:9e:ba:
67:35:23:8d:9a:77:c9:e6:92:b3:eb:f2:3d:64:96:
37:ef:cc:4b:1f:79:af:8c:65:96:75:f9:c7:72:c5:
32:eb:4f:d8:5e:71:05:f6:b3:6b:a9:5d:63:c3:78:
59:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:C6:DF:F6:D7:6D:65:08:06:62:0D:FE:D0:1E:4F:22:70:E1:09:F6
X509v3 Authority Key Identifier:
keyid:BE:B1:2C:E6:A9:10:30:E2:7D:5A:BA:D1:46:DF:27:BC:28:80:65:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/68bf9tdtZQgGYg3-0B5PInDhCfY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.186.196.0/22
Signature Algorithm: sha256WithRSAEncryption
24:b0:07:a3:da:9d:c8:5c:db:b5:98:92:a7:1d:52:db:69:87:
c1:cb:76:e1:22:31:18:58:09:55:09:41:88:30:d7:d6:97:7d:
0c:af:2e:7b:7c:03:5d:20:73:b9:11:7e:4c:39:16:59:44:03:
b2:68:88:e4:7f:06:d2:90:67:cb:5c:a5:fd:23:cc:f7:e8:98:
dd:58:31:91:ac:b2:38:4a:d9:47:55:29:53:6c:4e:cf:8d:af:
ba:e1:8b:23:91:79:50:98:8a:11:bb:9c:18:68:34:5a:d0:e3:
7f:c7:13:f8:9a:39:e2:d4:63:b4:15:c9:c2:c5:48:94:46:92:
12:eb:7f:8c:41:b5:35:21:33:b3:0e:a3:8d:99:1f:08:fc:14:
98:8a:de:2a:1a:77:2e:cb:a2:a3:65:a9:bb:d9:ea:8a:77:69:
a5:0f:71:35:f5:40:bd:c7:fc:5d:b2:ce:37:c1:fe:69:2c:8d:
40:c7:c3:e3:4e:38:b9:20:30:03:bc:94:4c:21:6e:17:fc:ff:
4c:2d:58:5d:a8:c5:73:9f:88:9e:59:03:3c:2a:fc:21:d5:cd:
be:30:e7:25:64:bb:a8:44:5a:7d:7a:e5:26:40:89:23:ca:36:
f4:ff:75:8a:e2:6d:95:24:67:4c:da:0c:83:d1:5a:0a:dd:73:
9a:d9:e2:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmklSjQ+7dqTxB5iBB5EF36MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYjEyY2U2YTkxMDMwZTI3ZDVhYmFkMTQ2ZGYyN2JjMjg4
MDY1MmIwHhcNMjUxMDAyMTEwMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmM2ZGZmNmQ3NmQ2NTA4MDY2MjBkZmVkMDFlNGYyMjcwZTEwOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs68Bh/I0rMQ/ewJVZmDidAIScgMo
hQ51YRiYvXDg96oWs5oz2GCS2MybvKhMCarQgzrg38vda9o4uBEPlqxyT0/prkgU
6f3fbqc/lspyYLtzP3qE6bo8xJhWgvb9wcFS2lrwsGx2rvrxsoan2CTfVoo+6Cp/
DKt0+wxpCK8r30g/XefF1GFeVtuS+lUrrjcSfyvOgQ1VMJPvbs2D7oP7IfCqSV85
vl0RbuJdO7owB/s+n05HDZjZ7g3iQrggCcBWMweOKkqVN/6BrZfNSJHfnrpnNSON
mnfJ5pKz6/I9ZJY378xLH3mvjGWWdfnHcsUy60/YXnEF9rNrqV1jw3hZFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvG3/bXbWUIBmIN/tAeTyJw4Qn2MB8GA1UdIwQY
MBaAFL6xLOapEDDifVq60UbfJ7wogGUrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJFczVxa1FNT0o5V3JyUlJ0OG52Q2lBWlNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC83NDk0MGEtZDlmYS00NTUyLWJlNWMt
YTdhZGU0MzRkNDUxLzEvNjhiZjl0ZHRaUWdHWWczLTBCNVBJbkRoQ2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC83NDk0MGEtZDlmYS00NTUyLWJlNWMtYTdhZGU0MzRkNDUx
LzEvdnJFczVxa1FNT0o5V3JyUlJ0OG52Q2lBWlNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwbrEMA0G
CSqGSIb3DQEBCwUAA4IBAQAksAej2p3IXNu1mJKnHVLbaYfBy3bhIjEYWAlVCUGI
MNfWl30Mry57fANdIHO5EX5MORZZRAOyaIjkfwbSkGfLXKX9I8z36JjdWDGRrLI4
StlHVSlTbE7Pja+64YsjkXlQmIoRu5wYaDRa0ON/xxP4mjni1GO0FcnCxUiURpIS
63+MQbU1ITOzDqONmR8I/BSYit4qGncuy6KjZam72eqKd2mlD3E19UC9x/xdss43
wf5pLI1Ax8PjTji5IDADvJRMIW4X/P9MLVhdqMVzn4ieWQM8Kvwh1c2+MOclZLuo
RFp9euUmQIkjyjb0/3WK4m2VJGdM2gyD0VoK3XOa2eKx
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:10:25 2025 by rpki-client