Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/NNtuOH7Ss0GK2NCY4ASxIdJwy5M.roa
File: NNtuOH7Ss0GK2NCY4ASxIdJwy5M.roa (raw, json)
Hash identifier: XEhO+BECYJy48qc1PZIYHLHaFzNgbkvhwIUjzz8UOEI=
Subject key identifier: 34:DB:6E:38:7E:D2:B3:41:8A:D8:D0:98:E0:04:B1:21:D2:70:CB:93
Certificate issuer: /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial: 01994CC0EAF9BCD202CFC9271F709B6E3191
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/NNtuOH7Ss0GK2NCY4ASxIdJwy5M.roa
Signing time: Mon 15 Sep 2025 09:42:15 +0000
ROA not before: Mon 15 Sep 2025 09:42:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42130
IP address blocks: 93.88.20.0/24 maxlen: 24
93.88.21.0/24 maxlen: 24
93.88.22.0/24 maxlen: 24
93.88.23.0/24 maxlen: 24
103.127.47.0/24 maxlen: 24
185.198.49.0/24 maxlen: 24
185.207.172.0/24 maxlen: 24
185.207.174.0/24 maxlen: 24
195.245.72.0/24 maxlen: 24
195.245.88.0/24 maxlen: 24
2a13:b2c0::/32 maxlen: 32
2a13:b2c1:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:4c:c0:ea:f9:bc:d2:02:cf:c9:27:1f:70:9b:6e:31:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Validity
Not Before: Sep 15 09:42:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=34db6e387ed2b3418ad8d098e004b121d270cb93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:ad:65:26:0d:79:bc:c4:f9:58:ac:46:21:ad:
9c:15:95:bc:95:78:6b:1b:a5:31:71:e0:65:9b:79:
d5:5a:74:d6:7d:e5:27:84:0f:4c:15:11:1b:2c:2c:
d6:82:ee:a6:83:33:2b:70:8a:4c:ba:16:66:0d:0c:
6a:af:3b:f0:87:bb:6e:5b:1c:ef:1a:a0:a0:48:01:
74:32:d7:3d:f5:11:d8:71:2e:67:cc:9a:36:91:ae:
27:22:d8:d7:b0:48:81:96:5f:bf:dc:4c:0f:81:37:
f9:3a:d9:0c:52:07:9a:67:6c:c6:23:dc:62:49:55:
5d:18:99:89:74:0e:8a:2d:8c:c9:bd:7d:fd:43:d0:
46:8e:6a:d4:22:83:bd:ed:0f:40:b6:d4:65:fd:37:
50:97:06:8c:96:8c:c1:a1:e3:63:93:70:3c:87:15:
0b:f9:81:a2:b5:05:d4:3e:0a:8e:64:4a:36:7a:4f:
f1:c3:37:85:40:a3:26:8e:cf:4c:b9:d7:31:e0:ac:
03:61:dd:e3:34:42:d5:df:6b:db:06:42:c1:41:cc:
82:1e:8c:36:df:5d:9d:ec:c6:04:1f:d7:8f:50:45:
97:1a:8d:47:a9:27:ed:0e:ee:ec:55:d8:9d:e8:b7:
59:40:62:0d:44:89:30:47:84:b4:55:b6:7c:3c:a3:
fb:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:DB:6E:38:7E:D2:B3:41:8A:D8:D0:98:E0:04:B1:21:D2:70:CB:93
X509v3 Authority Key Identifier:
keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/NNtuOH7Ss0GK2NCY4ASxIdJwy5M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.88.20.0/22
103.127.47.0/24
185.198.49.0/24
185.207.172.0/24
185.207.174.0/24
195.245.72.0/24
195.245.88.0/24
IPv6:
2a13:b2c0::/32
2a13:b2c1:1::/48
Signature Algorithm: sha256WithRSAEncryption
3d:77:74:d0:38:52:40:9a:ce:bf:fa:33:ac:9a:8e:f4:4b:c1:
21:12:9d:5d:c8:05:f8:2d:52:9c:5e:a0:b6:d0:46:66:a1:cf:
8b:3e:b8:9b:97:69:69:3c:17:0a:c1:b3:50:2e:a4:92:fb:cb:
9f:77:1d:70:c2:7c:b1:ce:32:30:12:80:a4:ce:85:57:de:15:
8a:b7:80:e9:b5:ef:a9:1d:15:24:e5:f6:f6:3c:1a:f0:48:03:
40:fe:92:9e:ad:3a:59:ec:75:4a:5b:29:a6:9e:c3:2d:63:20:
d9:71:6b:34:9d:84:a6:03:f7:c0:26:0f:e6:1a:1d:d1:f2:a3:
8a:dd:e7:ef:10:22:f0:b8:58:6a:5f:08:93:94:c6:0b:f0:03:
e4:cf:fb:86:76:b7:92:25:1c:6a:e7:cd:c3:be:aa:ee:93:d0:
d2:9a:ae:58:6d:d8:35:d7:c1:3a:dd:68:60:f8:a7:c8:61:d2:
fb:74:9e:7b:88:4e:6a:62:6f:1d:91:a4:e5:e5:be:e9:17:58:
ab:21:5f:b3:c1:53:0c:b3:a9:a5:57:3c:33:23:99:a2:28:27:
0e:0c:28:3d:ad:ce:0a:20:e0:1a:4c:44:2e:50:d3:0b:cd:41:
2a:41:71:8c:9d:7e:aa:c1:e9:ed:e2:25:eb:77:32:23:91:aa:
82:be:4f:fd
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZlMwOr5vNICz8knH3CbbjGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjUwOTE1MDk0MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGRiNmUzODdlZDJiMzQxOGFkOGQwOThlMDA0YjEyMWQyNzBjYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmK1lJg15vMT5WKxGIa2cFZW8lXhr
G6UxceBlm3nVWnTWfeUnhA9MFREbLCzWgu6mgzMrcIpMuhZmDQxqrzvwh7tuWxzv
GqCgSAF0Mtc99RHYcS5nzJo2ka4nItjXsEiBll+/3EwPgTf5OtkMUgeaZ2zGI9xi
SVVdGJmJdA6KLYzJvX39Q9BGjmrUIoO97Q9AttRl/TdQlwaMlozBoeNjk3A8hxUL
+YGitQXUPgqOZEo2ek/xwzeFQKMmjs9Mudcx4KwDYd3jNELV32vbBkLBQcyCHow2
312d7MYEH9ePUEWXGo1HqSftDu7sVdid6LdZQGINRIkwR4S0VbZ8PKP7EQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDTbbjh+0rNBitjQmOAEsSHScMuTMB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvTk50dU9IN1NzMEdLMk5DWTRBU3hJZEp3eTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAwBAIAATAqAwQCXVgUAwQA
Z38vAwQAucYxAwQAuc+sAwQAuc+uAwQAw/VIAwQAw/VYMBYEAgACMBADBQAqE7LA
AwcAKhOywQABMA0GCSqGSIb3DQEBCwUAA4IBAQA9d3TQOFJAms6/+jOsmo70S8Eh
Ep1dyAX4LVKcXqC20EZmoc+LPribl2lpPBcKwbNQLqSS+8ufdx1wwnyxzjIwEoCk
zoVX3hWKt4Dpte+pHRUk5fb2PBrwSANA/pKerTpZ7HVKWymmnsMtYyDZcWs0nYSm
A/fAJg/mGh3R8qOK3efvECLwuFhqXwiTlMYL8APkz/uGdreSJRxq583Dvqruk9DS
mq5Ybdg118E63Whg+KfIYdL7dJ57iE5qYm8dkaTl5b7pF1irIV+zwVMMs6mlVzwz
I5miKCcODCg9rc4KIOAaTEQuUNMLzUEqQXGMnX6qwent4iXrdzIjkaqCvk/9
-----END CERTIFICATE-----
Generated at Mon Oct 20 00:04:48 2025 by rpki-client