Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/z-4tQTTUhiBYhqAdLqUX9Ecpx2M.roa
File: z-4tQTTUhiBYhqAdLqUX9Ecpx2M.roa (raw, json)
Hash identifier: baYnDDuWAUZVbhflEJkeIazW78EwUSnih+n/77HBbF4=
Subject key identifier: CF:EE:2D:41:34:D4:86:20:58:86:A0:1D:2E:A5:17:F4:47:29:C7:63
Certificate issuer: /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial: 0199E904A217775A5550EE4BFFF75AC1C290
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/z-4tQTTUhiBYhqAdLqUX9Ecpx2M.roa
Signing time: Wed 15 Oct 2025 17:56:59 +0000
ROA not before: Wed 15 Oct 2025 17:56:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21769
IP address blocks: 45.127.248.0/22 maxlen: 22
103.71.61.0/24 maxlen: 24
185.195.212.0/22 maxlen: 22
185.195.220.0/22 maxlen: 22
185.196.188.0/22 maxlen: 22
185.199.116.0/22 maxlen: 22
194.93.4.0/22 maxlen: 22
2a09:1e80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e9:04:a2:17:77:5a:55:50:ee:4b:ff:f7:5a:c1:c2:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Validity
Not Before: Oct 15 17:56:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cfee2d4134d486205886a01d2ea517f44729c763
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:8f:11:d7:c8:07:24:e3:0f:10:c1:86:84:1f:
c4:23:83:4b:01:7f:7f:8a:cb:fc:a0:78:a1:ed:0d:
40:5d:6a:15:4e:c9:92:3e:c1:9e:e6:ad:b1:ca:d6:
13:2c:17:51:37:d8:af:c6:24:be:98:9e:33:56:e5:
92:cb:7d:95:51:7b:9a:f0:69:51:db:7c:ec:a8:4a:
c9:19:3d:4f:f8:cd:e4:8c:2f:ba:3f:1a:a9:a1:99:
37:b7:f5:92:b8:8d:4c:b2:d8:2d:9c:6e:95:45:b8:
3f:2d:bf:60:28:ec:ad:21:ba:7b:96:06:91:b6:6a:
92:5a:76:84:f0:0c:47:19:a7:e0:bc:cd:92:fb:37:
16:f7:46:1d:e4:d8:f6:14:26:ae:fd:91:1b:05:84:
71:8b:78:ae:a5:27:8a:f6:19:b4:c9:fa:ac:c8:30:
06:04:4f:23:ea:b7:18:4e:d0:e4:69:4f:f2:59:0d:
8c:b9:a3:c1:8b:7f:ee:37:c4:73:0e:3a:1f:b6:fe:
c8:c0:11:a6:00:9a:87:98:ab:d8:14:e7:59:25:1c:
40:af:2f:af:1f:f5:6c:91:6e:b0:34:5e:f6:7c:30:
71:c9:c6:fa:01:f6:8b:b6:5f:2d:5d:50:11:a6:b9:
31:50:29:48:79:a5:d9:f0:97:fd:2c:32:dd:de:09:
f7:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:EE:2D:41:34:D4:86:20:58:86:A0:1D:2E:A5:17:F4:47:29:C7:63
X509v3 Authority Key Identifier:
keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/z-4tQTTUhiBYhqAdLqUX9Ecpx2M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.127.248.0/22
103.71.61.0/24
185.195.212.0/22
185.195.220.0/22
185.196.188.0/22
185.199.116.0/22
194.93.4.0/22
IPv6:
2a09:1e80::/29
Signature Algorithm: sha256WithRSAEncryption
6c:d3:33:66:8e:34:fa:d1:51:48:42:fe:45:a3:c4:87:a9:3f:
48:50:1e:cd:86:0b:a8:42:47:77:52:ad:90:ef:8d:15:63:b5:
68:6a:46:36:c4:d5:ec:2f:96:2f:e2:e2:7b:8c:86:e5:d7:af:
ad:ac:46:ad:de:0d:b0:b8:a2:08:e4:04:49:2c:db:e8:2b:43:
8f:b0:83:c2:fe:92:9c:70:97:8e:85:5f:9a:15:cb:49:38:40:
e4:aa:21:b9:df:b7:6c:8b:2b:74:8a:87:55:db:4d:f8:84:4e:
1c:1d:0d:d9:b9:61:3b:57:ca:33:65:b2:e0:2c:0b:3c:bc:f7:
4c:43:d6:d5:8e:34:1b:fe:1e:86:b5:ae:03:eb:1c:c1:1d:ba:
52:5c:ea:ea:05:24:d7:26:ff:7a:3b:35:20:6a:6b:20:40:61:
11:3a:5a:2d:be:88:3c:28:9b:37:22:11:a0:11:a5:8c:e9:6a:
e3:c8:9e:f6:67:4d:c3:73:e8:f7:99:75:c6:36:5b:f8:fb:61:
88:39:e3:bb:13:24:50:64:65:be:dc:59:b0:b0:e1:17:f9:b6:
bd:ef:f6:40:22:31:6c:53:72:f6:5a:22:9b:1d:d2:6b:a2:ab:
28:a3:af:2b:79:4e:2d:aa:1c:58:53:25:0d:2f:0f:bf:48:7c:
3f:4f:2c:3f
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZnpBKIXd1pVUO5L//dawcKQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUxMDE1MTc1NjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmVlMmQ0MTM0ZDQ4NjIwNTg4NmEwMWQyZWE1MTdmNDQ3MjljNzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjo8R18gHJOMPEMGGhB/EI4NLAX9/
isv8oHih7Q1AXWoVTsmSPsGe5q2xytYTLBdRN9ivxiS+mJ4zVuWSy32VUXua8GlR
23zsqErJGT1P+M3kjC+6PxqpoZk3t/WSuI1MstgtnG6VRbg/Lb9gKOytIbp7lgaR
tmqSWnaE8AxHGafgvM2S+zcW90Yd5Nj2FCau/ZEbBYRxi3iupSeK9hm0yfqsyDAG
BE8j6rcYTtDkaU/yWQ2MuaPBi3/uN8RzDjoftv7IwBGmAJqHmKvYFOdZJRxAry+v
H/VskW6wNF72fDBxycb6AfaLtl8tXVARprkxUClIeaXZ8Jf9LDLd3gn3EQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFM/uLUE01IYgWIagHS6lF/RHKcdjMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvei00dFFUVFVoaUJZaHFBZExxVVg5RWNweDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCLX/4AwQA
Z0c9AwQCucPUAwQCucPcAwQCucS8AwQCucd0AwQCwl0EMA0EAgACMAcDBQMqCR6A
MA0GCSqGSIb3DQEBCwUAA4IBAQBs0zNmjjT60VFIQv5Fo8SHqT9IUB7NhguoQkd3
Uq2Q740VY7VoakY2xNXsL5Yv4uJ7jIbl16+trEat3g2wuKII5ARJLNvoK0OPsIPC
/pKccJeOhV+aFctJOEDkqiG537dsiyt0iodV2034hE4cHQ3ZuWE7V8ozZbLgLAs8
vPdMQ9bVjjQb/h6Gta4D6xzBHbpSXOrqBSTXJv96OzUgamsgQGEROlotvog8KJs3
IhGgEaWM6WrjyJ72Z03Dc+j3mXXGNlv4+2GIOeO7EyRQZGW+3FmwsOEX+ba97/ZA
IjFsU3L2WiKbHdJroqsoo68reU4tqhxYUyUNLw+/SHw/Tyw/
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:50:35 2025 by rpki-client