Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/CiNflCU4KFn7Aa5TSRjV9Pq0QJI.roa
File: CiNflCU4KFn7Aa5TSRjV9Pq0QJI.roa (raw, json)
Hash identifier: LgbEtmeOGTEJrLh9qdeICYZRrdXVnu1tQuix4Y2QoGI=
Subject key identifier: 0A:23:5F:94:25:38:28:59:FB:01:AE:53:49:18:D5:F4:FA:B4:40:92
Certificate issuer: /CN=a1e5fc635a1a775574b779aea9ccd6524cc4d0f9
Certificate serial: 01995C96FF4A3F7F1FC6ADD5E4DC2870AC3D
Authority key identifier: A1:E5:FC:63:5A:1A:77:55:74:B7:79:AE:A9:CC:D6:52:4C:C4:D0:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oeX8Y1oad1V0t3muqczWUkzE0Pk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/CiNflCU4KFn7Aa5TSRjV9Pq0QJI.roa
Signing time: Thu 18 Sep 2025 11:30:23 +0000
ROA not before: Thu 18 Sep 2025 11:30:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 28785
IP address blocks: 213.222.192.0/19 maxlen: 19
213.222.192.0/21 maxlen: 21
213.222.192.0/24 maxlen: 24
213.222.200.0/21 maxlen: 21
213.222.201.0/24 maxlen: 24
213.222.204.0/24 maxlen: 24
213.222.205.0/24 maxlen: 24
213.222.206.0/24 maxlen: 24
213.222.207.0/24 maxlen: 24
213.222.208.0/21 maxlen: 21
213.222.208.0/24 maxlen: 24
213.222.209.0/24 maxlen: 24
213.222.210.0/24 maxlen: 24
213.222.211.0/24 maxlen: 24
213.222.212.0/24 maxlen: 24
213.222.216.0/24 maxlen: 24
213.222.217.0/24 maxlen: 24
2a03:7580::/32 maxlen: 32
2a03:7580::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/oeX8Y1oad1V0t3muqczWUkzE0Pk.crl
rsync://rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/oeX8Y1oad1V0t3muqczWUkzE0Pk.mft
rsync://rpki.ripe.net/repository/DEFAULT/oeX8Y1oad1V0t3muqczWUkzE0Pk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 05:01:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:5c:96:ff:4a:3f:7f:1f:c6:ad:d5:e4:dc:28:70:ac:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a1e5fc635a1a775574b779aea9ccd6524cc4d0f9
Validity
Not Before: Sep 18 11:30:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0a235f9425382859fb01ae534918d5f4fab44092
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:f5:a9:86:46:d1:11:d5:cc:13:49:79:32:e3:
30:3e:71:b5:c3:7a:5f:58:a0:51:5b:02:53:de:91:
24:7e:c6:5d:f4:66:d8:d4:cf:ac:2c:45:a0:87:0b:
b7:59:80:8c:88:b3:c9:fa:30:4f:03:63:1d:8e:e0:
f4:27:8a:e8:10:08:c0:8e:7b:ff:bd:cd:19:b8:70:
da:64:41:c8:fa:ac:03:33:8c:a8:c6:04:94:a9:03:
04:0d:a7:d1:51:d3:2a:57:fb:c9:34:16:d3:d8:22:
e3:aa:de:b0:58:80:3c:81:ae:a9:61:53:5f:d1:ef:
6b:b4:63:99:ed:a9:96:c8:3b:ae:6c:8b:23:f7:a0:
46:40:61:6f:6b:c7:a7:1d:20:06:9c:9e:09:8c:f0:
c9:83:38:78:97:b4:89:75:7a:bb:a5:ba:09:ea:21:
e6:c5:46:a3:a3:89:97:bc:17:a3:81:15:a5:47:21:
78:51:1f:9e:40:9a:cc:96:24:ad:ba:bd:43:92:ef:
67:5e:ab:b1:43:3c:2b:ee:bd:be:59:80:87:8b:b9:
67:21:58:e4:23:49:e6:e9:ac:ae:a5:39:bb:3e:e5:
55:6e:87:8b:2e:76:98:b9:9d:00:b6:cc:4f:16:af:
2d:f6:bf:07:94:a5:32:99:1b:b6:53:21:73:75:8d:
4d:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:23:5F:94:25:38:28:59:FB:01:AE:53:49:18:D5:F4:FA:B4:40:92
X509v3 Authority Key Identifier:
keyid:A1:E5:FC:63:5A:1A:77:55:74:B7:79:AE:A9:CC:D6:52:4C:C4:D0:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oeX8Y1oad1V0t3muqczWUkzE0Pk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/CiNflCU4KFn7Aa5TSRjV9Pq0QJI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/07d0c7-dc1e-4089-bd48-7ee0e60bb053/1/oeX8Y1oad1V0t3muqczWUkzE0Pk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.222.192.0/19
IPv6:
2a03:7580::/32
Signature Algorithm: sha256WithRSAEncryption
08:15:ed:06:f1:cd:70:1c:f6:61:10:a7:24:63:c0:c8:62:c2:
83:34:45:bf:4a:46:6f:b4:6c:55:e5:18:88:13:b3:4f:3a:d7:
54:51:95:b0:81:28:bc:bf:c1:71:e7:90:f2:ca:d2:c8:7d:5a:
5f:6e:26:42:16:ea:1c:58:27:6d:30:63:a0:44:d9:72:38:ed:
c9:6a:1a:2e:ff:80:ac:be:e5:e5:76:2a:2f:a2:b4:7a:95:ea:
c5:3f:36:af:04:a4:bb:e0:0f:a9:0a:c4:ba:b6:02:65:b5:80:
64:58:af:1b:ba:e8:d8:d4:9b:42:5e:28:c4:e1:b9:06:8a:96:
90:57:2a:bb:58:41:bd:41:c8:e3:b4:84:90:b6:94:23:86:78:
dc:b8:19:d1:d0:43:d8:24:12:cc:e5:00:69:f7:ca:d3:7a:ab:
08:86:f5:d9:71:5b:ce:f4:b4:c4:f9:d4:30:ea:27:f3:79:29:
e6:cf:a0:57:37:9a:63:17:ac:95:d9:25:16:d2:a7:ec:a6:f2:
df:46:b1:a2:fa:50:8a:f5:b3:aa:fa:47:23:3e:cd:a5:c2:51:
75:12:c5:9f:07:4e:c8:13:cd:e7:36:f5:72:cc:2f:31:6a:2a:
8a:a2:fb:50:0a:f7:a8:9d:a7:98:f2:29:d7:ee:27:48:8d:be:
21:67:0d:b3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZlclv9KP38fxq3V5NwocKw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZTVmYzYzNWExYTc3NTU3NGI3NzlhZWE5Y2NkNjUyNGNj
NGQwZjkwHhcNMjUwOTE4MTEzMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTIzNWY5NDI1MzgyODU5ZmIwMWFlNTM0OTE4ZDVmNGZhYjQ0MDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvWphkbREdXME0l5MuMwPnG1w3pf
WKBRWwJT3pEkfsZd9GbY1M+sLEWghwu3WYCMiLPJ+jBPA2MdjuD0J4roEAjAjnv/
vc0ZuHDaZEHI+qwDM4yoxgSUqQMEDafRUdMqV/vJNBbT2CLjqt6wWIA8ga6pYVNf
0e9rtGOZ7amWyDuubIsj96BGQGFva8enHSAGnJ4JjPDJgzh4l7SJdXq7pboJ6iHm
xUajo4mXvBejgRWlRyF4UR+eQJrMliStur1Dku9nXquxQzwr7r2+WYCHi7lnIVjk
I0nm6ayupTm7PuVVboeLLnaYuZ0AtsxPFq8t9r8HlKUymRu2UyFzdY1NrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAojX5QlOChZ+wGuU0kY1fT6tECSMB8GA1UdIwQY
MBaAFKHl/GNaGndVdLd5rqnM1lJMxND5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2VYOFkxb2FkMVYwdDNtdXFjeldVa3pFMFBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8wN2QwYzctZGMxZS00MDg5LWJkNDgt
N2VlMGU2MGJiMDUzLzEvQ2lOZmxDVTRLRm43QWE1VFNSalY5UHEwUUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8wN2QwYzctZGMxZS00MDg5LWJkNDgtN2VlMGU2MGJiMDUz
LzEvb2VYOFkxb2FkMVYwdDNtdXFjeldVa3pFMFBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1d7AMA0E
AgACMAcDBQAqA3WAMA0GCSqGSIb3DQEBCwUAA4IBAQAIFe0G8c1wHPZhEKckY8DI
YsKDNEW/SkZvtGxV5RiIE7NPOtdUUZWwgSi8v8Fx55DyytLIfVpfbiZCFuocWCdt
MGOgRNlyOO3Jahou/4CsvuXldiovorR6lerFPzavBKS74A+pCsS6tgJltYBkWK8b
uujY1JtCXijE4bkGipaQVyq7WEG9QcjjtISQtpQjhnjcuBnR0EPYJBLM5QBp98rT
eqsIhvXZcVvO9LTE+dQw6ifzeSnmz6BXN5pjF6yV2SUW0qfspvLfRrGi+lCK9bOq
+kcjPs2lwlF1EsWfB07IE83nNvVyzC8xaiqKovtQCveonaeY8inX7idIjb4hZw2z
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:35 2025 by rpki-client