Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/KOY956O0ZjGYECFFFDbPr__HT1k.roa
File: KOY956O0ZjGYECFFFDbPr__HT1k.roa (raw, json)
Hash identifier: PSHRUyvb1HDzLSIQ11VKvNrKXl5fv+dVEb1Xq/ei9D8=
Subject key identifier: 28:E6:3D:E7:A3:B4:66:31:98:10:21:45:14:36:CF:AF:FF:C7:4F:59
Certificate issuer: /CN=ad442bdda2a35320a96d806bf168d5b84a76d426
Certificate serial: 01999587B47F5AD90E845945A6A3CE54B2EF
Authority key identifier: AD:44:2B:DD:A2:A3:53:20:A9:6D:80:6B:F1:68:D5:B8:4A:76:D4:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rUQr3aKjUyCpbYBr8WjVuEp21CY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/KOY956O0ZjGYECFFFDbPr__HT1k.roa
Signing time: Mon 29 Sep 2025 12:52:02 +0000
ROA not before: Mon 29 Sep 2025 12:52:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41099
IP address blocks: 193.9.15.0/24 maxlen: 24
193.9.29.0/24 maxlen: 24
193.9.255.0/24 maxlen: 24
193.16.0.0/24 maxlen: 24
195.10.215.0/24 maxlen: 24
195.10.222.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/rUQr3aKjUyCpbYBr8WjVuEp21CY.crl
rsync://rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/rUQr3aKjUyCpbYBr8WjVuEp21CY.mft
rsync://rpki.ripe.net/repository/DEFAULT/rUQr3aKjUyCpbYBr8WjVuEp21CY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:95:87:b4:7f:5a:d9:0e:84:59:45:a6:a3:ce:54:b2:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ad442bdda2a35320a96d806bf168d5b84a76d426
Validity
Not Before: Sep 29 12:52:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=28e63de7a3b46631981021451436cfafffc74f59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:4d:d0:9d:b5:85:0d:36:87:5b:47:5d:d7:3b:
4f:5c:59:fe:bd:01:56:db:49:5a:65:82:c2:65:15:
12:a1:2d:d6:2e:ad:26:ae:fe:93:ff:39:dd:00:00:
32:07:64:34:6c:ae:54:e6:8a:56:7c:05:8d:5b:16:
07:6c:86:18:38:09:89:bf:d0:21:11:e0:cc:29:09:
c3:5e:c1:74:f8:3e:a8:fe:b5:cd:94:9d:be:91:93:
0e:bf:8f:3e:01:20:0e:2c:9a:ad:b3:40:2c:90:20:
15:51:a3:ef:4a:a1:28:77:7e:12:fd:5f:c8:36:0d:
32:62:b7:60:e7:f2:77:7d:13:18:6b:43:59:e5:fb:
24:b3:7f:99:fa:f1:fe:13:2c:c9:a8:48:1d:65:29:
e9:d0:3f:35:12:d1:1e:95:29:db:d6:34:be:6a:2d:
3b:5b:c4:da:4e:be:c6:2c:0f:86:7a:3d:f7:69:4d:
30:5b:7d:6e:43:52:1b:76:e5:6e:09:ae:d2:f1:1f:
bd:6a:ce:6c:21:8b:ac:5b:f4:24:77:af:1b:fd:58:
ac:47:be:8c:a8:2e:cb:3a:75:53:c6:6c:09:fc:72:
cb:fd:80:c6:b0:92:59:85:62:66:42:b8:d5:63:5b:
82:66:24:42:70:70:f7:e4:4d:fb:bf:8c:d7:9b:68:
f8:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:E6:3D:E7:A3:B4:66:31:98:10:21:45:14:36:CF:AF:FF:C7:4F:59
X509v3 Authority Key Identifier:
keyid:AD:44:2B:DD:A2:A3:53:20:A9:6D:80:6B:F1:68:D5:B8:4A:76:D4:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rUQr3aKjUyCpbYBr8WjVuEp21CY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/KOY956O0ZjGYECFFFDbPr__HT1k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/rUQr3aKjUyCpbYBr8WjVuEp21CY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.9.15.0/24
193.9.29.0/24
193.9.255.0/24
193.16.0.0/24
195.10.215.0/24
195.10.222.0/24
Signature Algorithm: sha256WithRSAEncryption
bf:9a:86:e9:e8:83:e1:ef:81:3f:69:ba:b9:4f:bb:9f:ea:61:
a4:56:07:af:fb:14:c7:24:70:03:fa:c5:4c:d7:16:a6:d4:a3:
d7:56:bd:1d:3f:9e:62:df:d5:81:9a:aa:d5:30:e5:d6:94:4e:
72:78:d2:25:16:12:5e:13:11:28:c5:30:23:e8:b6:8c:af:98:
2f:01:5d:1b:e3:99:b3:c1:e6:03:f5:f9:cd:be:98:56:ec:29:
59:f1:ca:9a:f4:35:7f:04:05:ca:cf:57:fe:1f:8f:92:73:71:
a7:b8:fb:86:43:a9:f9:a9:f8:3a:ac:76:24:c0:91:0e:34:43:
ee:b7:11:9e:57:24:f5:fe:4b:ce:ff:47:6a:d1:82:8c:64:82:
89:51:e7:90:92:13:26:c0:ab:eb:93:1d:61:fe:b1:8e:f8:36:
7b:b6:46:ee:c4:1b:cf:80:4f:b5:fd:95:70:c3:98:de:d3:b6:
4e:95:6d:62:e8:45:4a:e8:47:fd:b8:f5:c4:77:28:02:21:53:
cf:19:2d:d3:f3:0f:96:31:bb:bb:09:8e:8a:44:d7:6d:49:0e:
73:35:6d:dd:25:bd:23:7e:fe:48:b3:b1:db:ac:66:f5:21:cf:
24:ee:59:f7:2f:75:d0:d5:8c:7e:93:5b:60:31:90:6c:27:19:
39:ca:d8:61
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZmVh7R/WtkOhFlFpqPOVLLvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNDQyYmRkYTJhMzUzMjBhOTZkODA2YmYxNjhkNWI4NGE3
NmQ0MjYwHhcNMjUwOTI5MTI1MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGU2M2RlN2EzYjQ2NjMxOTgxMDIxNDUxNDM2Y2ZhZmZmYzc0ZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA003QnbWFDTaHW0dd1ztPXFn+vQFW
20laZYLCZRUSoS3WLq0mrv6T/zndAAAyB2Q0bK5U5opWfAWNWxYHbIYYOAmJv9Ah
EeDMKQnDXsF0+D6o/rXNlJ2+kZMOv48+ASAOLJqts0AskCAVUaPvSqEod34S/V/I
Ng0yYrdg5/J3fRMYa0NZ5fsks3+Z+vH+EyzJqEgdZSnp0D81EtEelSnb1jS+ai07
W8TaTr7GLA+Gej33aU0wW31uQ1IbduVuCa7S8R+9as5sIYusW/Qkd68b/VisR76M
qC7LOnVTxmwJ/HLL/YDGsJJZhWJmQrjVY1uCZiRCcHD35E37v4zXm2j4dQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFCjmPeejtGYxmBAhRRQ2z6//x09ZMB8GA1UdIwQY
MBaAFK1EK92io1MgqW2Aa/Fo1bhKdtQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclVRcjNhS2pVeUNwYllCcjhXalZ1RXAyMUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS9kZDY3MmQtZTk4MC00ZGNhLTkxOTUt
ODU5ZGJjYTM4NzE0LzEvS09ZOTU2TzBaakdZRUNGRkZEYlByX19IVDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS9kZDY3MmQtZTk4MC00ZGNhLTkxOTUtODU5ZGJjYTM4NzE0
LzEvclVRcjNhS2pVeUNwYllCcjhXalZ1RXAyMUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwQkPAwQA
wQkdAwQAwQn/AwQAwRAAAwQAwwrXAwQAwwreMA0GCSqGSIb3DQEBCwUAA4IBAQC/
mobp6IPh74E/abq5T7uf6mGkVgev+xTHJHAD+sVM1xam1KPXVr0dP55i39WBmqrV
MOXWlE5yeNIlFhJeExEoxTAj6LaMr5gvAV0b45mzweYD9fnNvphW7ClZ8cqa9DV/
BAXKz1f+H4+Sc3GnuPuGQ6n5qfg6rHYkwJEONEPutxGeVyT1/kvO/0dq0YKMZIKJ
UeeQkhMmwKvrkx1h/rGO+DZ7tkbuxBvPgE+1/ZVww5je07ZOlW1i6EVK6Ef9uPXE
dygCIVPPGS3T8w+WMbu7CY6KRNdtSQ5zNW3dJb0jfv5Is7HbrGb1Ic8k7ln3L3XQ
1Yx+k1tgMZBsJxk5ythh
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:31:06 2025 by rpki-client