Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/OYN3165s9Ipm3JZkmY2YoXxPwXc.roa
File: OYN3165s9Ipm3JZkmY2YoXxPwXc.roa (raw, json)
Hash identifier: cpcbNpWtjSyDgdmGg67sZ/aJK/DRgTol1F8VTQooe2I=
Subject key identifier: 39:83:77:D7:AE:6C:F4:8A:66:DC:96:64:99:8D:98:A1:7C:4F:C1:77
Certificate issuer: /CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
Certificate serial: 0199A0E62AAA07DA604B539DF31E5EDF6995
Authority key identifier: 49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/OYN3165s9Ipm3JZkmY2YoXxPwXc.roa
Signing time: Wed 01 Oct 2025 17:51:02 +0000
ROA not before: Wed 01 Oct 2025 17:51:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48407
IP address blocks: 81.90.16.0/20 maxlen: 20
81.90.16.0/21 maxlen: 21
81.90.17.0/24 maxlen: 24
81.90.18.0/24 maxlen: 24
81.90.19.0/24 maxlen: 24
93.94.50.0/24 maxlen: 24
93.94.53.0/24 maxlen: 24
93.94.54.0/24 maxlen: 24
93.94.55.0/24 maxlen: 24
2a00:8b20::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:a0:e6:2a:aa:07:da:60:4b:53:9d:f3:1e:5e:df:69:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
Validity
Not Before: Oct 1 17:51:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=398377d7ae6cf48a66dc9664998d98a17c4fc177
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:03:66:36:2a:2a:41:4d:d4:d9:0c:11:5c:5b:
44:3d:a9:c0:76:cd:22:f4:92:cf:80:8a:05:6f:f1:
ef:fe:28:3f:f2:74:9d:3f:f1:62:6f:92:3d:da:b8:
01:fd:b7:31:94:5c:e5:2b:82:76:e7:13:49:36:c9:
f4:48:cc:af:f8:4f:3c:ef:cd:a4:0c:cc:b0:2d:61:
7d:26:a6:f9:90:a0:24:c1:2d:fd:4c:31:1c:b3:db:
18:df:34:70:d2:2f:f4:45:63:42:9f:4c:af:0e:38:
b5:56:e5:ee:ab:ed:90:c4:be:2b:15:33:ff:92:97:
c9:a7:5f:ac:b8:6c:8f:f2:01:61:84:f8:67:dd:b3:
f0:bf:64:1f:04:a6:aa:7f:8b:e4:39:ae:b0:19:3e:
41:1a:18:78:97:b6:0a:fb:ea:fb:e1:fa:2a:98:72:
dc:b4:62:0e:71:39:df:c1:e5:3e:b1:11:c6:d8:c0:
f8:03:a8:3b:80:a6:e3:58:48:f6:ab:52:5b:b9:14:
f8:fe:2e:ce:a8:4d:f2:1b:b7:f8:01:59:69:c9:cd:
a5:3d:31:8f:b3:5d:3b:4e:42:fb:ca:72:10:e7:b6:
29:94:ab:8b:65:19:dc:a2:4a:23:c4:6f:a5:96:b4:
fe:b8:1a:19:e9:b5:c2:4c:cf:e1:8e:ca:4e:e4:7d:
38:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:83:77:D7:AE:6C:F4:8A:66:DC:96:64:99:8D:98:A1:7C:4F:C1:77
X509v3 Authority Key Identifier:
keyid:49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/OYN3165s9Ipm3JZkmY2YoXxPwXc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.90.16.0/20
93.94.50.0/24
93.94.53.0-93.94.55.255
IPv6:
2a00:8b20::/32
Signature Algorithm: sha256WithRSAEncryption
b8:50:79:19:fa:21:42:a2:30:07:f5:65:e2:95:8c:5c:bc:ab:
34:8e:b5:6f:16:4e:b2:14:9b:34:90:4e:ce:46:ed:ce:7c:5c:
4e:79:8d:6e:0d:04:8b:74:df:df:86:40:4f:52:f8:1e:9a:74:
3d:8f:9c:44:d1:00:8a:15:2f:6b:c0:01:46:ea:2a:1d:ac:e5:
33:eb:1d:38:8b:9b:c3:c2:99:d3:22:fa:c3:1c:74:20:cf:7c:
5c:61:cb:04:82:2b:ce:97:af:c5:df:c7:d8:af:be:95:00:df:
e7:1b:96:fd:89:14:c4:e4:99:58:8f:dc:91:e7:57:42:3e:67:
a9:70:bc:ba:ee:76:55:d0:86:7b:3c:9c:cc:80:8a:77:80:ed:
40:80:be:59:50:60:e2:28:80:bd:b0:51:42:d0:18:a4:24:96:
ed:61:24:77:0c:6c:d1:30:31:ab:a7:d6:96:ea:3a:62:b3:53:
81:e3:e7:cf:36:04:87:82:55:d8:cd:b9:15:fa:9f:41:9f:4f:
36:d4:aa:7a:9d:ae:74:12:6a:b9:f3:3e:5f:db:a9:2e:00:e9:
92:f5:51:d1:3e:c8:1a:a0:7d:44:7e:ef:fb:37:db:74:3e:d8:
55:c8:ef:a2:58:63:97:01:d4:af:cb:d8:16:f1:3f:91:88:8a:
c5:00:87:a6
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZmg5iqqB9pgS1Od8x5e32mVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjE2ZjVjMTY1YjgyN2E3ZmQ3M2Q4MTA3YWViZDJmNjNj
NjNlMjQwHhcNMjUxMDAxMTc1MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTgzNzdkN2FlNmNmNDhhNjZkYzk2NjQ5OThkOThhMTdjNGZjMTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtANmNioqQU3U2QwRXFtEPanAds0i
9JLPgIoFb/Hv/ig/8nSdP/Fib5I92rgB/bcxlFzlK4J25xNJNsn0SMyv+E88782k
DMywLWF9Jqb5kKAkwS39TDEcs9sY3zRw0i/0RWNCn0yvDji1VuXuq+2QxL4rFTP/
kpfJp1+suGyP8gFhhPhn3bPwv2QfBKaqf4vkOa6wGT5BGhh4l7YK++r74foqmHLc
tGIOcTnfweU+sRHG2MD4A6g7gKbjWEj2q1JbuRT4/i7OqE3yG7f4AVlpyc2lPTGP
s107TkL7ynIQ57YplKuLZRncokojxG+llrT+uBoZ6bXCTM/hjspO5H04ewIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFDmDd9eubPSKZtyWZJmNmKF8T8F3MB8GA1UdIwQY
MBaAFEkhb1wWW4J6f9c9gQeuvS9jxj4kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQt
MGRiYmMyNDllNjU3LzEvT1lOMzE2NXM5SXBtM0paa21ZMllvWHhQd1hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQtMGRiYmMyNDllNjU3
LzEvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQEUVoQAwQA
XV4yMAwDBABdXjUDBANdXjAwDQQCAAIwBwMFACoAiyAwDQYJKoZIhvcNAQELBQAD
ggEBALhQeRn6IUKiMAf1ZeKVjFy8qzSOtW8WTrIUmzSQTs5G7c58XE55jW4NBIt0
39+GQE9S+B6adD2PnETRAIoVL2vAAUbqKh2s5TPrHTiLm8PCmdMi+sMcdCDPfFxh
ywSCK86Xr8Xfx9ivvpUA3+cblv2JFMTkmViP3JHnV0I+Z6lwvLrudlXQhns8nMyA
ineA7UCAvllQYOIogL2wUULQGKQklu1hJHcMbNEwMaun1pbqOmKzU4Hj5882BIeC
VdjNuRX6n0GfTzbUqnqdrnQSarnzPl/bqS4A6ZL1UdE+yBqgfUR+7/s323Q+2FXI
76JYY5cB1K/L2BbxP5GIisUAh6Y=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:18:48 2025 by rpki-client