Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/GndSNDnYY5pE309qMmxYa0hkH28.roa
File: GndSNDnYY5pE309qMmxYa0hkH28.roa (raw, json)
Hash identifier: YwhSTuf8Te5KANILU7Be237rI8HwxVyNe+Ujys0foRU=
Subject key identifier: 1A:77:52:34:39:D8:63:9A:44:DF:4F:6A:32:6C:58:6B:48:64:1F:6F
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019981218A35AE7C69CB3CF272593839D43D
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/GndSNDnYY5pE309qMmxYa0hkH28.roa
Signing time: Thu 25 Sep 2025 13:48:02 +0000
ROA not before: Thu 25 Sep 2025 13:48:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206320
IP address blocks: 192.71.186.0/24 maxlen: 24
193.235.205.0/24 maxlen: 24
194.68.182.0/24 maxlen: 24
194.68.184.0/24 maxlen: 24
2a01:280:318::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:81:21:8a:35:ae:7c:69:cb:3c:f2:72:59:38:39:d4:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Sep 25 13:48:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1a77523439d8639a44df4f6a326c586b48641f6f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:dc:ef:59:97:d1:12:09:4b:78:41:1d:4f:cf:
5c:39:6a:c1:07:45:8e:f0:f2:f4:ec:92:05:62:7a:
de:85:cc:35:e9:ed:a6:fd:9d:ef:4e:8a:0d:32:9d:
d2:a7:13:f6:b8:b1:c8:51:20:5e:85:29:7f:a7:56:
ec:af:4a:ee:91:ab:d4:2c:70:08:df:d7:e4:96:8e:
0a:9a:ee:08:02:86:dc:1c:1d:a0:f1:5a:79:6e:26:
0f:23:a0:db:0f:b8:3b:f1:1f:0a:c3:ae:ea:9e:a1:
6c:1f:2e:fe:1a:ac:5f:f1:31:af:d1:19:68:d4:a8:
7b:bb:7f:66:f1:76:b4:30:af:eb:e6:e5:09:57:47:
26:f3:af:92:1a:f2:66:98:71:88:c2:ce:15:d1:45:
d5:ad:c8:39:2b:7d:68:db:27:c9:81:a8:ab:5d:4c:
7c:3a:68:4b:07:9e:e9:a2:65:98:ca:12:07:31:f8:
67:fb:fa:f8:e2:dc:8a:2f:ac:e0:d1:aa:89:82:dd:
0e:d5:2e:79:c4:1e:de:06:26:ca:16:2f:e8:58:ce:
5a:a5:97:45:27:0d:6f:46:df:2a:b3:03:af:ce:84:
79:61:04:09:39:7b:aa:b3:85:51:3e:e3:a9:4b:45:
49:24:e3:d0:43:d8:2d:4b:4d:48:fe:19:9b:8a:67:
2c:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:77:52:34:39:D8:63:9A:44:DF:4F:6A:32:6C:58:6B:48:64:1F:6F
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/GndSNDnYY5pE309qMmxYa0hkH28.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.71.186.0/24
193.235.205.0/24
194.68.182.0/24
194.68.184.0/24
IPv6:
2a01:280:318::/48
Signature Algorithm: sha256WithRSAEncryption
a7:1b:59:9a:78:1f:2d:72:d4:f9:1d:c7:2b:aa:af:23:43:9f:
4e:c4:02:22:2d:b0:91:75:21:86:f5:fe:52:26:6f:45:4f:f6:
be:90:ee:c5:88:cd:85:5b:23:19:c7:a4:01:70:e3:3d:66:94:
b5:6f:dd:e2:c0:9c:6b:7a:45:e1:f5:6f:43:47:30:93:32:87:
e7:76:5d:76:5d:80:a2:ed:81:d7:6c:c0:9c:1e:ab:f6:d9:1c:
e2:6b:3d:56:7a:a7:79:bc:51:9c:86:0d:a5:25:05:a8:c6:dd:
dd:96:50:6d:b3:af:30:be:72:1a:b9:eb:4e:94:b0:82:49:02:
b3:b0:58:c2:be:90:f1:a5:cb:23:64:89:0b:2b:c3:d3:d4:cc:
2a:38:35:49:53:fe:44:24:a3:b6:54:e5:4e:b7:14:28:fb:fd:
52:04:0a:1f:99:11:8e:10:d1:c6:f8:64:b3:78:42:dc:ed:29:
62:2e:97:02:a0:43:33:3a:c6:5b:13:08:95:eb:97:f3:99:75:
67:66:67:2b:d7:a8:99:eb:ac:1c:7b:5d:32:b1:05:73:c6:2b:
19:8d:4e:3a:34:eb:c1:18:ae:e9:96:f5:3d:80:b1:5a:bb:9e:
69:be:9b:a8:2f:ac:e6:6c:22:a7:62:1f:42:fa:35:73:e4:13:
b6:10:5b:27
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZmBIYo1rnxpyzzyclk4OdQ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwOTI1MTM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTc3NTIzNDM5ZDg2MzlhNDRkZjRmNmEzMjZjNTg2YjQ4NjQxZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNzvWZfREglLeEEdT89cOWrBB0WO
8PL07JIFYnrehcw16e2m/Z3vTooNMp3SpxP2uLHIUSBehSl/p1bsr0rukavULHAI
39fklo4Kmu4IAobcHB2g8Vp5biYPI6DbD7g78R8Kw67qnqFsHy7+Gqxf8TGv0Rlo
1Kh7u39m8Xa0MK/r5uUJV0cm86+SGvJmmHGIws4V0UXVrcg5K31o2yfJgairXUx8
OmhLB57pomWYyhIHMfhn+/r44tyKL6zg0aqJgt0O1S55xB7eBibKFi/oWM5apZdF
Jw1vRt8qswOvzoR5YQQJOXuqs4VRPuOpS0VJJOPQQ9gtS01I/hmbimcslQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFBp3UjQ52GOaRN9PajJsWGtIZB9vMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvR25kU05EbllZNXBFMzA5cU1teFlhMGhrSDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQAwEe6AwQA
wevNAwQAwkS2AwQAwkS4MA8EAgACMAkDBwAqAQKAAxgwDQYJKoZIhvcNAQELBQAD
ggEBAKcbWZp4Hy1y1PkdxyuqryNDn07EAiItsJF1IYb1/lImb0VP9r6Q7sWIzYVb
IxnHpAFw4z1mlLVv3eLAnGt6ReH1b0NHMJMyh+d2XXZdgKLtgddswJweq/bZHOJr
PVZ6p3m8UZyGDaUlBajG3d2WUG2zrzC+chq5606UsIJJArOwWMK+kPGlyyNkiQsr
w9PUzCo4NUlT/kQko7ZU5U63FCj7/VIECh+ZEY4Q0cb4ZLN4QtztKWIulwKgQzM6
xlsTCJXrl/OZdWdmZyvXqJnrrBx7XTKxBXPGKxmNTjo068EYrumW9T2AsVq7nmm+
m6gvrOZsIqdiH0L6NXPkE7YQWyc=
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:14:33 2025 by rpki-client