Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/Lvq4EYAEnD7iSP_yLHhiYfgSFsI.roa
File: Lvq4EYAEnD7iSP_yLHhiYfgSFsI.roa (raw, json)
Hash identifier: OuBem9w/c6wr2MmfA4/euItVJTNd4ynaKBvDB6V5Dg0=
Subject key identifier: 2E:FA:B8:11:80:04:9C:3E:E2:48:FF:F2:2C:78:62:61:F8:12:16:C2
Certificate issuer: /CN=a0dbd5d1f86dd9dd66606a14d31d64cb0eaac83b
Certificate serial: 0199326A297D949924DCFC7D01B2CB8ECE96
Authority key identifier: A0:DB:D5:D1:F8:6D:D9:DD:66:60:6A:14:D3:1D:64:CB:0E:AA:C8:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oNvV0fht2d1mYGoU0x1kyw6qyDs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/Lvq4EYAEnD7iSP_yLHhiYfgSFsI.roa
Signing time: Wed 10 Sep 2025 06:57:22 +0000
ROA not before: Wed 10 Sep 2025 06:57:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 185.200.208.0/24 maxlen: 24
185.200.209.0/24 maxlen: 24
185.200.211.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/oNvV0fht2d1mYGoU0x1kyw6qyDs.crl
rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/oNvV0fht2d1mYGoU0x1kyw6qyDs.mft
rsync://rpki.ripe.net/repository/DEFAULT/oNvV0fht2d1mYGoU0x1kyw6qyDs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:32:6a:29:7d:94:99:24:dc:fc:7d:01:b2:cb:8e:ce:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0dbd5d1f86dd9dd66606a14d31d64cb0eaac83b
Validity
Not Before: Sep 10 06:57:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2efab81180049c3ee248fff22c786261f81216c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:f0:02:27:a4:ce:86:47:96:72:52:9a:a4:86:
20:2a:a6:7d:62:c6:c9:29:10:24:27:cb:82:61:6b:
66:a0:45:f4:c2:61:54:a8:25:21:31:7a:82:98:74:
91:d1:46:13:0f:50:74:6e:7b:d8:e4:32:e0:e5:84:
9e:ea:4e:42:ea:4f:c6:6b:21:71:59:6e:1b:87:2a:
14:9b:a7:bf:9a:46:b3:3a:38:76:02:87:02:81:61:
b0:f4:d3:d3:8d:e7:0c:29:97:90:f0:9d:7f:dd:34:
4e:5d:cb:12:a7:af:76:68:7c:54:53:36:5d:28:71:
01:dc:89:4f:9a:d2:f3:42:f9:5d:aa:56:b9:0c:64:
32:0a:6d:b1:19:6a:5e:2e:be:c7:93:ec:22:89:5e:
06:61:dd:e6:42:bb:4b:ae:70:8e:37:a4:53:bc:75:
f2:d7:58:90:be:12:24:68:59:4a:80:72:a0:d6:17:
5e:3b:3f:0a:a0:bf:6b:52:e3:12:7b:58:37:b1:38:
e6:f5:ba:89:bd:fc:e5:74:5a:71:dc:59:9e:6d:ad:
8a:e4:e0:e8:88:d5:4e:6d:ac:b3:8e:e2:e8:f4:08:
8b:eb:80:3e:71:fa:96:73:23:1d:8a:77:30:da:90:
8c:35:e6:e9:bc:65:03:29:d2:c1:a7:75:a2:f0:7f:
aa:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:FA:B8:11:80:04:9C:3E:E2:48:FF:F2:2C:78:62:61:F8:12:16:C2
X509v3 Authority Key Identifier:
keyid:A0:DB:D5:D1:F8:6D:D9:DD:66:60:6A:14:D3:1D:64:CB:0E:AA:C8:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oNvV0fht2d1mYGoU0x1kyw6qyDs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/Lvq4EYAEnD7iSP_yLHhiYfgSFsI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/1d4cfc-8e5c-457c-9620-135c91ec199e/1/oNvV0fht2d1mYGoU0x1kyw6qyDs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.200.208.0/23
185.200.211.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:17:a5:ec:cd:37:32:c6:05:74:d2:c4:6f:12:0f:a4:19:76:
52:fe:24:ba:56:b5:9b:a9:ea:f7:82:4d:8c:84:f4:97:10:99:
6b:5a:e3:33:96:2f:91:04:a4:cc:10:bf:9f:ae:70:a1:11:9a:
c0:52:68:df:5e:ba:b9:c5:dc:b7:aa:be:0d:58:86:97:15:ed:
49:f7:0c:be:2d:fd:46:63:11:96:2d:40:41:ce:70:23:46:5e:
cd:f0:91:77:00:ca:66:ae:3d:9c:9a:6e:1d:01:11:5d:1c:93:
96:9a:13:f9:42:9b:93:00:d3:6c:9d:81:43:61:a9:97:a7:f7:
fe:6e:a7:4c:55:fb:b0:c9:2d:c2:7e:8d:8f:dc:27:75:fa:30:
d3:39:85:5c:76:fc:47:4a:46:c6:4e:f2:f2:e1:35:4b:3f:31:
cf:d1:ba:18:ce:95:13:5a:79:b7:1e:43:b9:8b:42:e9:b2:a1:
55:5c:7b:88:fc:07:73:2d:d7:e0:bc:a8:67:89:63:57:41:5c:
0a:b6:1f:7b:7d:8d:73:74:78:79:d2:98:61:d6:bf:3e:20:4f:
da:a7:85:43:f3:a7:a2:b0:f4:ec:28:88:24:d0:8e:fc:59:dc:
e7:c5:d1:b7:0c:49:6e:5a:03:39:8e:23:b9:2f:d1:3e:01:a2:
ca:8c:b7:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkyail9lJkk3Px9AbLLjs6WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZGJkNWQxZjg2ZGQ5ZGQ2NjYwNmExNGQzMWQ2NGNiMGVh
YWM4M2IwHhcNMjUwOTEwMDY1NzIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWZhYjgxMTgwMDQ5YzNlZTI0OGZmZjIyYzc4NjI2MWY4MTIxNmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/ACJ6TOhkeWclKapIYgKqZ9YsbJ
KRAkJ8uCYWtmoEX0wmFUqCUhMXqCmHSR0UYTD1B0bnvY5DLg5YSe6k5C6k/GayFx
WW4bhyoUm6e/mkazOjh2AocCgWGw9NPTjecMKZeQ8J1/3TROXcsSp692aHxUUzZd
KHEB3IlPmtLzQvldqla5DGQyCm2xGWpeLr7Hk+wiiV4GYd3mQrtLrnCON6RTvHXy
11iQvhIkaFlKgHKg1hdeOz8KoL9rUuMSe1g3sTjm9bqJvfzldFpx3Fmeba2K5ODo
iNVObayzjuLo9AiL64A+cfqWcyMdincw2pCMNebpvGUDKdLBp3Wi8H+qVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC76uBGABJw+4kj/8ix4YmH4EhbCMB8GA1UdIwQY
MBaAFKDb1dH4bdndZmBqFNMdZMsOqsg7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb052VjBmaHQyZDFtWUdvVTB4MWt5dzZxeURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8xZDRjZmMtOGU1Yy00NTdjLTk2MjAt
MTM1YzkxZWMxOTllLzEvTHZxNEVZQUVuRDdpU1BfeUxIaGlZZmdTRnNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8xZDRjZmMtOGU1Yy00NTdjLTk2MjAtMTM1YzkxZWMxOTll
LzEvb052VjBmaHQyZDFtWUdvVTB4MWt5dzZxeURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBucjQAwQA
ucjTMA0GCSqGSIb3DQEBCwUAA4IBAQCbF6XszTcyxgV00sRvEg+kGXZS/iS6VrWb
qer3gk2MhPSXEJlrWuMzli+RBKTMEL+frnChEZrAUmjfXrq5xdy3qr4NWIaXFe1J
9wy+Lf1GYxGWLUBBznAjRl7N8JF3AMpmrj2cmm4dARFdHJOWmhP5QpuTANNsnYFD
YamXp/f+bqdMVfuwyS3Cfo2P3Cd1+jDTOYVcdvxHSkbGTvLy4TVLPzHP0boYzpUT
Wnm3HkO5i0LpsqFVXHuI/AdzLdfgvKhniWNXQVwKth97fY1zdHh50phh1r8+IE/a
p4VD86eisPTsKIgk0I78WdznxdG3DEluWgM5jiO5L9E+AaLKjLfk
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:00:39 2025 by rpki-client