Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/BG1cqZ9YVyNJo6yn7aRCRKFwi1E.roa
File: BG1cqZ9YVyNJo6yn7aRCRKFwi1E.roa (raw, json)
Hash identifier: iWMwZkGfB/SrRzVNIRiDbpY7F5RfXCU+vPN0FbVq8Zo=
Subject key identifier: 04:6D:5C:A9:9F:58:57:23:49:A3:AC:A7:ED:A4:42:44:A1:70:8B:51
Certificate issuer: /CN=fb061a39f0a037923113d6b8bb9b5bdab5b2f466
Certificate serial: 01997D7DDA181A03A3724C7DA4C10F5B2194
Authority key identifier: FB:06:1A:39:F0:A0:37:92:31:13:D6:B8:BB:9B:5B:DA:B5:B2:F4:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/BG1cqZ9YVyNJo6yn7aRCRKFwi1E.roa
Signing time: Wed 24 Sep 2025 20:50:23 +0000
ROA not before: Wed 24 Sep 2025 20:50:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19905
IP address blocks: 78.109.224.0/24 maxlen: 24
78.109.226.0/24 maxlen: 24
78.109.233.0/24 maxlen: 24
78.109.234.0/24 maxlen: 24
78.109.235.0/24 maxlen: 24
78.109.238.0/24 maxlen: 24
185.52.101.0/24 maxlen: 24
185.52.102.0/24 maxlen: 24
185.52.103.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.crl
rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7d:7d:da:18:1a:03:a3:72:4c:7d:a4:c1:0f:5b:21:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb061a39f0a037923113d6b8bb9b5bdab5b2f466
Validity
Not Before: Sep 24 20:50:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=046d5ca99f58572349a3aca7eda44244a1708b51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:ba:51:06:75:e8:72:b9:2d:82:e3:13:4f:d4:
cd:97:5f:cd:35:da:55:e8:b8:f5:e9:3b:ce:95:4d:
63:69:91:4a:40:01:a6:f6:e9:8f:cc:be:41:ec:ef:
9e:32:b2:cb:72:7d:80:80:35:67:ad:26:3a:6e:6b:
02:28:29:d9:ee:a2:75:ca:e8:a4:9b:8c:ef:72:fc:
a3:5c:95:ba:73:9b:0e:9c:04:c3:fe:6e:4c:15:03:
14:53:86:7e:3c:67:ea:de:36:cc:cd:fa:63:62:b0:
ec:9c:2a:dc:97:de:d4:f9:77:36:42:97:a0:33:c4:
5e:f7:0d:26:a6:04:43:56:7e:36:4f:62:1a:f2:d5:
3a:40:7d:56:4f:0e:a1:a2:ad:a9:34:3f:10:38:85:
a6:18:74:e7:d9:de:c7:cc:f2:bc:9d:7b:87:93:85:
70:2b:42:39:bd:af:eb:d0:9a:fe:da:d4:d6:58:18:
83:f8:6b:2b:c1:3c:3f:0d:1e:bf:62:cf:a0:93:3a:
86:53:63:30:02:82:c2:33:fd:b2:fd:40:9f:15:aa:
90:20:35:fc:b3:db:ce:de:49:15:fb:c7:df:5d:2b:
d4:45:65:e1:a0:c9:1f:56:98:ae:32:f7:17:01:fc:
26:4b:25:47:8b:05:16:29:77:26:8a:06:5c:9a:41:
7b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:6D:5C:A9:9F:58:57:23:49:A3:AC:A7:ED:A4:42:44:A1:70:8B:51
X509v3 Authority Key Identifier:
keyid:FB:06:1A:39:F0:A0:37:92:31:13:D6:B8:BB:9B:5B:DA:B5:B2:F4:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/BG1cqZ9YVyNJo6yn7aRCRKFwi1E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.109.224.0/24
78.109.226.0/24
78.109.233.0-78.109.235.255
78.109.238.0/24
185.52.101.0-185.52.103.255
Signature Algorithm: sha256WithRSAEncryption
67:ef:55:5e:37:b3:bf:6e:5d:8b:dd:da:ea:fc:f0:a7:43:15:
95:bd:ea:36:88:b9:51:44:85:00:3a:db:80:c8:74:b9:cf:15:
4c:61:6f:20:e0:77:45:be:3c:de:cd:a1:d2:bb:db:f1:ed:17:
c7:ed:2b:37:9a:e5:3c:f0:a0:c3:30:72:82:be:4f:6b:18:11:
32:dd:4b:ae:82:ab:27:f0:6d:74:8d:90:cd:8c:df:51:7d:62:
cf:44:b7:2f:29:d4:4c:bb:cf:93:61:27:f4:4d:e4:dd:33:0e:
1c:31:c9:a7:53:e8:2d:6e:88:ed:2f:b0:bc:cd:e3:e8:cf:53:
79:44:5e:fb:b9:54:41:7c:67:1d:8b:bd:b2:ff:4b:44:02:a4:
8b:5f:6a:c0:ab:b8:b0:1e:b8:11:3e:fc:ef:80:6e:48:f3:c8:
1b:64:b9:b1:54:1b:65:8d:69:ab:a4:37:44:b3:72:b5:47:a8:
d5:74:48:75:71:5b:5e:44:0b:af:95:1d:93:72:8d:cd:61:dd:
70:37:a1:20:d1:d9:04:62:08:f4:40:d3:e2:a5:5a:13:8d:bc:
50:3a:f3:93:ec:61:7d:39:54:c9:06:f6:3c:b2:6d:e7:e7:e8:
77:ae:95:2e:41:cb:d1:cc:22:59:28:9d:e3:29:94:bc:0b:41:
46:5f:b8:77
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZl9fdoYGgOjckx9pMEPWyGUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMDYxYTM5ZjBhMDM3OTIzMTEzZDZiOGJiOWI1YmRhYjVi
MmY0NjYwHhcNMjUwOTI0MjA1MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDZkNWNhOTlmNTg1NzIzNDlhM2FjYTdlZGE0NDI0NGExNzA4YjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbpRBnXocrktguMTT9TNl1/NNdpV
6Lj16TvOlU1jaZFKQAGm9umPzL5B7O+eMrLLcn2AgDVnrSY6bmsCKCnZ7qJ1yuik
m4zvcvyjXJW6c5sOnATD/m5MFQMUU4Z+PGfq3jbMzfpjYrDsnCrcl97U+Xc2Qpeg
M8Re9w0mpgRDVn42T2Ia8tU6QH1WTw6hoq2pND8QOIWmGHTn2d7HzPK8nXuHk4Vw
K0I5va/r0Jr+2tTWWBiD+GsrwTw/DR6/Ys+gkzqGU2MwAoLCM/2y/UCfFaqQIDX8
s9vO3kkV+8ffXSvURWXhoMkfVpiuMvcXAfwmSyVHiwUWKXcmigZcmkF7dwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFARtXKmfWFcjSaOsp+2kQkShcItRMB8GA1UdIwQY
MBaAFPsGGjnwoDeSMRPWuLubW9q1svRmMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS13WWFPZkNnTjVJeEU5YTR1NXRiMnJXeTlHWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvYTMyOTRiLWQ0NzgtNGRiZC1hYWU1
LWZkMTY3YWQ5MmE5ZC8xL0JHMWNxWjlZVnlOSm82eW43YVJDUktGd2kxRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjMvYTMyOTRiLWQ0NzgtNGRiZC1hYWU1LWZkMTY3YWQ5MmE5
ZC8xLzEtd1lhT2ZDZ041SXhFOWE0dTV0YjJyV3k5R1kuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwRwYIKwYBBQUHAQcBAf8EODA2MDQEAgABMC4DBABObeAD
BABObeIwDAMEAE5t6QMEAk5t6AMEAE5t7jAMAwQAuTRlAwQDuTRgMA0GCSqGSIb3
DQEBCwUAA4IBAQBn71VeN7O/bl2L3drq/PCnQxWVveo2iLlRRIUAOtuAyHS5zxVM
YW8g4HdFvjzezaHSu9vx7RfH7Ss3muU88KDDMHKCvk9rGBEy3Uuugqsn8G10jZDN
jN9RfWLPRLcvKdRMu8+TYSf0TeTdMw4cMcmnU+gtbojtL7C8zePoz1N5RF77uVRB
fGcdi72y/0tEAqSLX2rAq7iwHrgRPvzvgG5I88gbZLmxVBtljWmrpDdEs3K1R6jV
dEh1cVteRAuvlR2Tco3NYd1wN6Eg0dkEYgj0QNPipVoTjbxQOvOT7GF9OVTJBvY8
sm3n5+h3rpUuQcvRzCJZKJ3jKZS8C0FGX7h3
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:10:19 2025 by rpki-client