Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/x9OQVd5EhLuMfEc41OZ9FtQxau0.roa
File: x9OQVd5EhLuMfEc41OZ9FtQxau0.roa (raw, json)
Hash identifier: S4KeHAe6LXOVOw99dVjAwA7gRPfLYoFF69p3U5kCgFk=
Subject key identifier: C7:D3:90:55:DE:44:84:BB:8C:7C:47:38:D4:E6:7D:16:D4:31:6A:ED
Certificate issuer: /CN=dd64166a91179308f253a9175616ccc6828c4463
Certificate serial: 019855A4B0CCB788CA8DB3B9D2E9BC411174
Authority key identifier: DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/x9OQVd5EhLuMfEc41OZ9FtQxau0.roa
Signing time: Tue 29 Jul 2025 10:05:13 +0000
ROA not before: Tue 29 Jul 2025 10:05:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202660
IP address blocks: 89.126.208.0/22 maxlen: 22
92.63.206.0/24 maxlen: 24
92.63.207.0/24 maxlen: 24
109.94.172.0/24 maxlen: 24
185.100.52.0/22 maxlen: 22
198.163.206.0/24 maxlen: 24
198.163.207.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.mft
rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 25 Aug 2025 07:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:55:a4:b0:cc:b7:88:ca:8d:b3:b9:d2:e9:bc:41:11:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd64166a91179308f253a9175616ccc6828c4463
Validity
Not Before: Jul 29 10:05:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c7d39055de4484bb8c7c4738d4e67d16d4316aed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:db:75:dd:10:99:a3:df:47:35:21:a0:36:ff:
dc:f4:4f:59:1d:11:18:d3:b7:d9:dc:65:5f:15:e4:
ef:e0:7b:21:bd:40:b7:47:c4:da:2b:1e:16:97:75:
5a:7c:7e:99:17:b8:af:30:d1:7c:af:a4:25:f7:ef:
c2:dd:a8:56:06:90:93:0e:cf:4d:93:b3:ba:c7:4e:
c4:a2:34:1e:0b:c5:3a:f2:13:4e:58:6f:a9:3b:47:
4b:c2:d5:27:34:99:10:c5:33:11:71:d2:44:4e:71:
92:04:ec:d7:c4:95:20:52:c1:d9:5e:d7:4b:90:06:
85:61:1b:f3:4e:b3:6a:15:18:5e:4f:44:31:7f:48:
45:6f:23:e2:c4:60:ba:0a:9f:8c:c5:f3:02:1d:a8:
a6:27:3c:a9:6b:b5:25:e7:2d:c6:3f:c1:78:6b:de:
67:2c:a0:23:c4:64:3c:12:8b:21:97:86:72:86:fb:
50:3d:40:0f:65:48:81:b7:5e:ef:1d:bc:cb:a5:2a:
65:f4:85:12:49:0b:93:1d:77:2c:d6:52:07:01:0a:
09:b6:12:0c:3e:f5:27:a2:3d:c9:3f:18:fa:c6:40:
3d:a7:85:61:df:f3:d6:9b:17:4b:45:f2:b1:3b:0d:
d7:30:3b:ad:21:f4:03:49:2a:3f:9d:51:06:d7:79:
26:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:D3:90:55:DE:44:84:BB:8C:7C:47:38:D4:E6:7D:16:D4:31:6A:ED
X509v3 Authority Key Identifier:
keyid:DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/x9OQVd5EhLuMfEc41OZ9FtQxau0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.126.208.0/22
92.63.206.0/23
109.94.172.0/24
185.100.52.0/22
198.163.206.0/23
Signature Algorithm: sha256WithRSAEncryption
11:15:80:a1:0b:f0:a8:fa:c9:28:8d:fe:16:27:61:30:54:52:
c4:63:57:49:1c:98:18:c0:e0:36:f3:66:e2:ec:1a:3f:e6:66:
83:58:95:9e:2f:36:41:e2:03:2b:14:ad:8a:87:87:13:7c:cb:
7a:19:a5:c6:59:2e:93:c4:97:45:0b:99:6a:ad:ff:cb:00:95:
88:52:64:8b:e1:9e:cc:bd:34:28:17:3d:da:33:a9:2c:a7:2d:
3b:f6:9f:da:9f:a3:86:2c:be:0c:9f:7a:da:48:18:c5:4d:93:
36:5d:cf:b7:6c:99:e9:40:70:4b:0c:ba:e6:1d:96:8e:d6:fd:
4c:b1:69:74:f0:4a:28:05:f1:5d:1d:81:30:a3:5c:89:5a:16:
77:f0:6a:bc:41:55:4b:40:1a:f4:40:55:cb:ad:ca:49:fc:e9:
dc:1a:ee:44:91:a7:ac:02:d0:a2:f1:ea:6e:f6:46:97:bc:f7:
29:2b:6c:ca:06:0d:37:9e:9f:eb:0a:c8:af:4a:c4:30:2a:46:
c1:b0:23:c8:af:3c:1a:0c:22:6c:3c:5e:04:2b:b2:e0:f3:82:
58:b7:6b:b9:4d:09:3f:bc:19:66:97:d0:f3:f1:0a:a9:4a:cb:
ee:22:f9:06:e2:88:ff:a4:67:ee:32:14:35:7b:7f:66:b9:91:
9f:8d:7a:7e
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZhVpLDMt4jKjbO50um8QRF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNjQxNjZhOTExNzkzMDhmMjUzYTkxNzU2MTZjY2M2ODI4
YzQ0NjMwHhcNMjUwNzI5MTAwNTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2QzOTA1NWRlNDQ4NGJiOGM3YzQ3MzhkNGU2N2QxNmQ0MzE2YWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdt13RCZo99HNSGgNv/c9E9ZHREY
07fZ3GVfFeTv4HshvUC3R8TaKx4Wl3VafH6ZF7ivMNF8r6Ql9+/C3ahWBpCTDs9N
k7O6x07EojQeC8U68hNOWG+pO0dLwtUnNJkQxTMRcdJETnGSBOzXxJUgUsHZXtdL
kAaFYRvzTrNqFRheT0Qxf0hFbyPixGC6Cp+MxfMCHaimJzypa7Ul5y3GP8F4a95n
LKAjxGQ8Eoshl4ZyhvtQPUAPZUiBt17vHbzLpSpl9IUSSQuTHXcs1lIHAQoJthIM
PvUnoj3JPxj6xkA9p4Vh3/PWmxdLRfKxOw3XMDutIfQDSSo/nVEG13kmgwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMfTkFXeRIS7jHxHONTmfRbUMWrtMB8GA1UdIwQY
MBaAFN1kFmqRF5MI8lOpF1YWzMaCjERjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1dRV2FwRVhrd2p5VTZrWFZoYk14b0tNUkdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8wYTQ4OWItOWQ5ZS00ZjZhLTg3Yzct
NzRkZTI1OGE3NmY4LzEveDlPUVZkNUVoTHVNZkVjNDFPWjlGdFF4YXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8wYTQ4OWItOWQ5ZS00ZjZhLTg3YzctNzRkZTI1OGE3NmY4
LzEvM1dRV2FwRVhrd2p5VTZrWFZoYk14b0tNUkdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWX7QAwQB
XD/OAwQAbV6sAwQCuWQ0AwQBxqPOMA0GCSqGSIb3DQEBCwUAA4IBAQARFYChC/Co
+skojf4WJ2EwVFLEY1dJHJgYwOA282bi7Bo/5maDWJWeLzZB4gMrFK2Kh4cTfMt6
GaXGWS6TxJdFC5lqrf/LAJWIUmSL4Z7MvTQoFz3aM6kspy079p/an6OGLL4Mn3ra
SBjFTZM2Xc+3bJnpQHBLDLrmHZaO1v1MsWl08EooBfFdHYEwo1yJWhZ38Gq8QVVL
QBr0QFXLrcpJ/OncGu5EkaesAtCi8epu9kaXvPcpK2zKBg03np/rCsivSsQwKkbB
sCPIrzwaDCJsPF4EK7Lg84JYt2u5TQk/vBlml9Dz8QqpSsvuIvkG4oj/pGfuMhQ1
e39muZGfjXp+
-----END CERTIFICATE-----
Generated at Sun Aug 24 10:58:19 2025 by rpki-client