Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/9e3e16-6916-4ca4-b6cd-a9e4a7ddfe59/1/f0fN8BxAGys1wxUtC0u2VgJRTl0.roa
File: f0fN8BxAGys1wxUtC0u2VgJRTl0.roa (raw, json)
Hash identifier: 07e26/1ojthsdFcmpuogqBJZxqHxhDaHvUP9ikqQQeg=
Subject key identifier: 7F:47:CD:F0:1C:40:1B:2B:35:C3:15:2D:0B:4B:B6:56:02:51:4E:5D
Certificate issuer: /CN=c7872da032251bae0de510ac5ea6157e4e4e868a
Certificate serial: 01997186A4548DB2C9B36BFFA451FFA29C81
Authority key identifier: C7:87:2D:A0:32:25:1B:AE:0D:E5:10:AC:5E:A6:15:7E:4E:4E:86:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x4ctoDIlG64N5RCsXqYVfk5Ohoo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/9e3e16-6916-4ca4-b6cd-a9e4a7ddfe59/1/f0fN8BxAGys1wxUtC0u2VgJRTl0.roa
Signing time: Mon 22 Sep 2025 13:04:33 +0000
ROA not before: Mon 22 Sep 2025 13:04:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39132
IP address blocks: 83.137.72.0/21 maxlen: 24
2a13:99c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/da/9e3e16-6916-4ca4-b6cd-a9e4a7ddfe59/1/x4ctoDIlG64N5RCsXqYVfk5Ohoo.crl
rsync://rpki.ripe.net/repository/DEFAULT/da/9e3e16-6916-4ca4-b6cd-a9e4a7ddfe59/1/x4ctoDIlG64N5RCsXqYVfk5Ohoo.mft
rsync://rpki.ripe.net/repository/DEFAULT/x4ctoDIlG64N5RCsXqYVfk5Ohoo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:71:86:a4:54:8d:b2:c9:b3:6b:ff:a4:51:ff:a2:9c:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c7872da032251bae0de510ac5ea6157e4e4e868a
Validity
Not Before: Sep 22 13:04:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7f47cdf01c401b2b35c3152d0b4bb65602514e5d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:94:99:40:70:23:89:5d:8d:37:3b:80:bf:93:
e4:e3:42:6d:62:5d:a8:4c:19:62:e1:47:01:37:de:
71:b3:38:4a:e9:8d:0a:62:31:9e:8a:d4:d3:3d:2a:
a8:a9:2a:3d:21:65:7d:db:df:a5:4d:30:e1:d7:e6:
62:d8:80:58:e0:b8:68:2f:5a:ce:43:fd:08:36:7c:
0d:22:44:ec:2e:50:a6:ea:84:63:e7:58:36:4f:dd:
d0:54:91:1b:96:d8:5e:6f:41:7f:67:7d:1a:72:65:
89:4c:57:8b:2b:f0:b6:e3:8e:8d:73:d4:90:ca:8f:
96:9f:cd:50:c2:27:43:9e:71:8e:11:95:13:31:17:
61:ea:b7:ac:94:00:30:08:5a:5f:2d:90:fd:93:a0:
eb:18:ce:23:8d:db:31:cc:8d:a9:da:44:08:99:94:
12:a1:ca:ba:6b:c6:f9:07:07:d0:4e:47:76:11:32:
bf:01:c0:fd:65:92:00:95:ea:9b:bf:c4:db:c0:34:
dd:29:9a:ff:e3:2e:7b:94:ea:bb:c9:51:55:d0:05:
3c:d5:33:0b:c4:d7:0a:a9:a8:28:5b:06:e7:99:54:
ee:b7:5d:12:4d:ec:25:cc:f1:b7:70:ee:35:e4:53:
55:6b:4d:8d:0e:32:0f:51:40:7f:03:f1:5a:63:5a:
d0:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:47:CD:F0:1C:40:1B:2B:35:C3:15:2D:0B:4B:B6:56:02:51:4E:5D
X509v3 Authority Key Identifier:
keyid:C7:87:2D:A0:32:25:1B:AE:0D:E5:10:AC:5E:A6:15:7E:4E:4E:86:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x4ctoDIlG64N5RCsXqYVfk5Ohoo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/9e3e16-6916-4ca4-b6cd-a9e4a7ddfe59/1/f0fN8BxAGys1wxUtC0u2VgJRTl0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/9e3e16-6916-4ca4-b6cd-a9e4a7ddfe59/1/x4ctoDIlG64N5RCsXqYVfk5Ohoo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.72.0/21
IPv6:
2a13:99c0::/29
Signature Algorithm: sha256WithRSAEncryption
4e:b5:49:de:45:49:38:19:3b:56:b1:dc:29:4a:a4:fe:ae:cd:
ec:50:d8:d3:12:ec:30:42:d5:76:e9:45:19:33:1f:e0:de:61:
f2:4f:3b:d8:9d:50:56:e5:95:6f:ed:e1:56:aa:df:a1:db:9b:
c2:61:fc:82:32:d2:e0:c8:87:25:68:dd:28:33:57:e4:1b:21:
08:e8:16:8e:2f:fb:67:70:e6:4d:b0:67:5b:04:9f:0c:74:8f:
30:28:cb:2a:f8:2f:d5:25:a5:ee:17:11:6e:39:16:29:23:1a:
b4:46:b7:9d:7d:77:c3:31:d5:31:6a:d8:64:c3:6b:b9:42:3e:
d0:4e:8c:0a:18:0c:5b:65:c1:3e:e7:da:e6:7c:d6:21:82:6c:
3f:fe:4b:0c:00:6c:ab:bd:c0:2f:76:23:7a:c3:6d:07:3d:1f:
db:6c:24:d4:96:87:af:36:40:38:cd:7e:49:34:e7:d3:e8:4e:
5d:c4:64:ad:ca:5d:82:8c:ff:91:b0:ef:b5:7f:01:19:88:5e:
79:48:8e:72:ec:cf:1b:ce:0f:8c:1f:20:05:bb:b4:36:a3:75:
72:c6:db:d1:9d:4a:c6:94:8e:37:90:37:81:b0:20:d3:8f:ef:
6d:25:e2:b6:5e:e3:e6:a0:7a:59:b7:4c:39:4f:a1:19:2b:4b:
87:e5:89:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZlxhqRUjbLJs2v/pFH/opyBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ODcyZGEwMzIyNTFiYWUwZGU1MTBhYzVlYTYxNTdlNGU0
ZTg2OGEwHhcNMjUwOTIyMTMwNDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjQ3Y2RmMDFjNDAxYjJiMzVjMzE1MmQwYjRiYjY1NjAyNTE0ZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpSZQHAjiV2NNzuAv5Pk40JtYl2o
TBli4UcBN95xszhK6Y0KYjGeitTTPSqoqSo9IWV929+lTTDh1+Zi2IBY4LhoL1rO
Q/0INnwNIkTsLlCm6oRj51g2T93QVJEbltheb0F/Z30acmWJTFeLK/C2446Nc9SQ
yo+Wn81QwidDnnGOEZUTMRdh6reslAAwCFpfLZD9k6DrGM4jjdsxzI2p2kQImZQS
ocq6a8b5BwfQTkd2ETK/AcD9ZZIAleqbv8TbwDTdKZr/4y57lOq7yVFV0AU81TML
xNcKqagoWwbnmVTut10STewlzPG3cO415FNVa02NDjIPUUB/A/FaY1rQUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH9HzfAcQBsrNcMVLQtLtlYCUU5dMB8GA1UdIwQY
MBaAFMeHLaAyJRuuDeUQrF6mFX5OToaKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDRjdG9ESWxHNjRONVJDc1hxWVZmazVPaG9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS85ZTNlMTYtNjkxNi00Y2E0LWI2Y2Qt
YTllNGE3ZGRmZTU5LzEvZjBmTjhCeEFHeXMxd3hVdEMwdTJWZ0pSVGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS85ZTNlMTYtNjkxNi00Y2E0LWI2Y2QtYTllNGE3ZGRmZTU5
LzEveDRjdG9ESWxHNjRONVJDc1hxWVZmazVPaG9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDU4lIMA0E
AgACMAcDBQMqE5nAMA0GCSqGSIb3DQEBCwUAA4IBAQBOtUneRUk4GTtWsdwpSqT+
rs3sUNjTEuwwQtV26UUZMx/g3mHyTzvYnVBW5ZVv7eFWqt+h25vCYfyCMtLgyIcl
aN0oM1fkGyEI6BaOL/tncOZNsGdbBJ8MdI8wKMsq+C/VJaXuFxFuORYpIxq0Rred
fXfDMdUxathkw2u5Qj7QTowKGAxbZcE+59rmfNYhgmw//ksMAGyrvcAvdiN6w20H
PR/bbCTUloevNkA4zX5JNOfT6E5dxGStyl2CjP+RsO+1fwEZiF55SI5y7M8bzg+M
HyAFu7Q2o3VyxtvRnUrGlI43kDeBsCDTj+9tJeK2XuPmoHpZt0w5T6EZK0uH5YmE
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:13:21 2025 by rpki-client