Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/df9096-36c9-439a-a0a0-a3a100ef86de/1/PsA85a4H5xNStqYehaGt_kPhY_U.roa
File: PsA85a4H5xNStqYehaGt_kPhY_U.roa (raw, json)
Hash identifier: CXsyF83m91+hpp7kQqr/RLoFFacqimzuhgmwugEeGmk=
Subject key identifier: 3E:C0:3C:E5:AE:07:E7:13:52:B6:A6:1E:85:A1:AD:FE:43:E1:63:F5
Certificate issuer: /CN=a023766c62deb51297155708eccb421c8b04780a
Certificate serial: 0199E747AF920D09AEA49D01BF78863C3571
Authority key identifier: A0:23:76:6C:62:DE:B5:12:97:15:57:08:EC:CB:42:1C:8B:04:78:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oCN2bGLetRKXFVcI7MtCHIsEeAo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/df9096-36c9-439a-a0a0-a3a100ef86de/1/PsA85a4H5xNStqYehaGt_kPhY_U.roa
Signing time: Wed 15 Oct 2025 09:50:58 +0000
ROA not before: Wed 15 Oct 2025 09:50:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207784
IP address blocks: 195.144.27.0/24 maxlen: 24
195.149.67.0/24 maxlen: 24
195.149.73.0/24 maxlen: 24
195.149.90.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dc/df9096-36c9-439a-a0a0-a3a100ef86de/1/oCN2bGLetRKXFVcI7MtCHIsEeAo.crl
rsync://rpki.ripe.net/repository/DEFAULT/dc/df9096-36c9-439a-a0a0-a3a100ef86de/1/oCN2bGLetRKXFVcI7MtCHIsEeAo.mft
rsync://rpki.ripe.net/repository/DEFAULT/oCN2bGLetRKXFVcI7MtCHIsEeAo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e7:47:af:92:0d:09:ae:a4:9d:01:bf:78:86:3c:35:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a023766c62deb51297155708eccb421c8b04780a
Validity
Not Before: Oct 15 09:50:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3ec03ce5ae07e71352b6a61e85a1adfe43e163f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:19:75:53:12:df:67:7d:50:ea:c0:c5:e1:4b:
95:e6:10:f7:5a:ff:67:4f:6d:60:70:f8:6a:85:f6:
18:17:56:00:bc:1a:e1:a1:6c:c6:90:44:c8:d1:3c:
ac:4f:b1:ed:ae:c3:fc:0f:3f:1e:c1:8f:93:1b:b3:
13:a8:39:5a:c0:43:96:8e:58:18:7d:ea:f4:cb:48:
d4:71:a3:6c:2f:10:18:77:d3:50:65:83:5e:04:e4:
c5:0a:d9:11:78:43:69:37:ac:8f:82:03:cb:90:ff:
d1:c9:78:18:31:92:a6:be:f8:36:bb:c5:ac:e1:e4:
ad:d0:a6:08:73:96:04:05:bc:08:47:16:98:7d:f3:
f2:fe:36:c7:53:16:67:77:4a:41:9a:86:aa:ed:51:
76:06:22:1f:51:a6:bb:e8:d6:0e:cc:b1:f8:3a:6a:
5e:e8:ec:3b:d7:19:3b:68:f3:28:ee:2a:8c:0a:76:
0d:12:e6:8c:eb:bd:a7:20:eb:0a:de:d9:d9:d4:81:
93:ef:89:60:de:d4:dc:7e:89:b3:d0:72:c1:bd:68:
11:73:75:b1:0d:a0:41:fd:09:6b:06:f6:9a:60:17:
ef:a4:2e:a2:49:c1:a7:f9:0a:02:4d:3a:5d:8b:52:
82:99:d6:3d:0b:73:86:e1:c0:05:c3:f0:75:40:27:
ce:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:C0:3C:E5:AE:07:E7:13:52:B6:A6:1E:85:A1:AD:FE:43:E1:63:F5
X509v3 Authority Key Identifier:
keyid:A0:23:76:6C:62:DE:B5:12:97:15:57:08:EC:CB:42:1C:8B:04:78:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oCN2bGLetRKXFVcI7MtCHIsEeAo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/df9096-36c9-439a-a0a0-a3a100ef86de/1/PsA85a4H5xNStqYehaGt_kPhY_U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/df9096-36c9-439a-a0a0-a3a100ef86de/1/oCN2bGLetRKXFVcI7MtCHIsEeAo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.144.27.0/24
195.149.67.0/24
195.149.73.0/24
195.149.90.0/24
Signature Algorithm: sha256WithRSAEncryption
20:7b:9c:75:4e:35:25:59:83:5c:4a:14:f8:ed:aa:19:fd:ba:
19:f6:d1:2a:64:09:5d:cb:5a:f4:6e:d5:21:cd:2c:37:c2:db:
9f:8a:0a:0c:56:34:f9:39:28:32:92:37:9c:af:27:89:a6:12:
2e:38:64:66:52:cb:37:41:21:e8:95:23:62:ee:78:29:d9:01:
99:06:74:13:96:79:f6:cd:bf:99:f3:d5:74:b2:f9:37:a6:1a:
f4:35:8d:fd:17:de:07:d7:b5:f6:40:d5:01:a2:34:97:95:cc:
09:d4:95:d9:50:7e:e7:3c:29:a9:a6:a5:32:a1:d8:7a:54:2a:
5c:a6:76:a1:81:ff:f1:03:95:26:61:08:2b:4f:70:b2:98:c1:
1f:30:23:d3:52:24:90:ba:9c:10:b9:98:de:7d:6d:eb:a4:a6:
1d:b2:57:20:f0:27:9f:8c:cd:f3:9d:8c:c6:dc:08:1a:8b:82:
f2:4c:1e:15:f3:72:ba:c7:ea:1e:b9:91:59:77:41:43:a3:81:
34:7b:ff:9c:9b:99:3a:bd:45:fe:4e:b0:83:21:24:c2:31:9e:
92:55:39:ef:d0:db:f7:d5:07:7e:19:30:75:e7:dc:a6:ac:d8:
6c:e1:ae:ef:32:ef:3e:56:10:10:b6:39:45:95:b7:57:19:e9:
2e:9c:1c:99
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZnnR6+SDQmupJ0Bv3iGPDVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMjM3NjZjNjJkZWI1MTI5NzE1NTcwOGVjY2I0MjFjOGIw
NDc4MGEwHhcNMjUxMDE1MDk1MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWMwM2NlNWFlMDdlNzEzNTJiNmE2MWU4NWExYWRmZTQzZTE2M2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhl1UxLfZ31Q6sDF4UuV5hD3Wv9n
T21gcPhqhfYYF1YAvBrhoWzGkETI0TysT7HtrsP8Dz8ewY+TG7MTqDlawEOWjlgY
fer0y0jUcaNsLxAYd9NQZYNeBOTFCtkReENpN6yPggPLkP/RyXgYMZKmvvg2u8Ws
4eSt0KYIc5YEBbwIRxaYffPy/jbHUxZnd0pBmoaq7VF2BiIfUaa76NYOzLH4Ompe
6Ow71xk7aPMo7iqMCnYNEuaM672nIOsK3tnZ1IGT74lg3tTcfomz0HLBvWgRc3Wx
DaBB/QlrBvaaYBfvpC6iScGn+QoCTTpdi1KCmdY9C3OG4cAFw/B1QCfOHwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFD7APOWuB+cTUramHoWhrf5D4WP1MB8GA1UdIwQY
MBaAFKAjdmxi3rUSlxVXCOzLQhyLBHgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0NOMmJHTGV0UktYRlZjSTdNdENISXNFZUFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kZjkwOTYtMzZjOS00MzlhLWEwYTAt
YTNhMTAwZWY4NmRlLzEvUHNBODVhNEg1eE5TdHFZZWhhR3Rfa1BoWV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kZjkwOTYtMzZjOS00MzlhLWEwYTAtYTNhMTAwZWY4NmRl
LzEvb0NOMmJHTGV0UktYRlZjSTdNdENISXNFZUFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAw5AbAwQA
w5VDAwQAw5VJAwQAw5VaMA0GCSqGSIb3DQEBCwUAA4IBAQAge5x1TjUlWYNcShT4
7aoZ/boZ9tEqZAldy1r0btUhzSw3wtufigoMVjT5OSgykjecryeJphIuOGRmUss3
QSHolSNi7ngp2QGZBnQTlnn2zb+Z89V0svk3phr0NY39F94H17X2QNUBojSXlcwJ
1JXZUH7nPCmppqUyodh6VCpcpnahgf/xA5UmYQgrT3CymMEfMCPTUiSQupwQuZje
fW3rpKYdslcg8CefjM3znYzG3Agai4LyTB4V83K6x+oeuZFZd0FDo4E0e/+cm5k6
vUX+TrCDISTCMZ6SVTnv0Nv31Qd+GTB159ymrNhs4a7vMu8+VhAQtjlFlbdXGeku
nByZ
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:32:27 2025 by rpki-client