Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/o7D1VFlPYym177UqqwAKUkdGeXA.roa
File: o7D1VFlPYym177UqqwAKUkdGeXA.roa (raw, json)
Hash identifier: YAegliI2iJFeqt4SFONdNICZjs8k28JZmdPzHdajs48=
Subject key identifier: A3:B0:F5:54:59:4F:63:29:B5:EF:B5:2A:AB:00:0A:52:47:46:79:70
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019A4DF5752C0CDB1D4B29356FDDB54AA14F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/o7D1VFlPYym177UqqwAKUkdGeXA.roa
Signing time: Tue 04 Nov 2025 08:22:03 +0000
ROA not before: Tue 04 Nov 2025 08:22:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.4.0/24 maxlen: 24
193.124.7.0/24 maxlen: 24
194.58.36.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.58.223.0/24 maxlen: 24
194.87.52.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.87.54.0/24 maxlen: 24
194.87.59.0/24 maxlen: 24
194.87.75.0/24 maxlen: 24
194.87.119.0/24 maxlen: 24
194.87.125.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.179.0/24 maxlen: 24
194.87.192.0/22 maxlen: 22
194.87.192.0/24 maxlen: 24
194.87.193.0/24 maxlen: 24
194.87.194.0/24 maxlen: 24
194.87.195.0/24 maxlen: 24
194.87.228.0/24 maxlen: 24
194.135.24.0/24 maxlen: 24
195.133.9.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.29.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.241.0/24 maxlen: 24
212.192.249.0/24 maxlen: 24
212.193.0.0/24 maxlen: 24
212.193.9.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 08:22:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4d:f5:75:2c:0c:db:1d:4b:29:35:6f:dd:b5:4a:a1:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Nov 4 08:22:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a3b0f554594f6329b5efb52aab000a5247467970
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:8e:97:b5:bd:63:ca:f7:01:5a:3b:74:6f:90:
ba:91:3e:d2:2e:54:c7:e4:df:6b:97:8e:65:dc:ff:
5e:cb:0a:0e:e1:81:d5:af:99:57:51:64:24:52:6d:
eb:af:e2:7a:92:59:c5:44:47:e5:3c:aa:65:cf:05:
a5:d4:1c:bc:81:b6:c9:2a:c1:c3:0a:48:c9:51:85:
eb:b3:c3:ff:f9:49:96:52:11:32:44:b4:14:d1:5f:
ac:bb:23:12:b5:a9:8c:1f:f5:89:f9:79:52:2b:e6:
b7:39:f1:7f:07:1f:2e:7f:9b:c4:91:58:11:80:2b:
21:99:fc:ac:9c:ee:ec:38:99:a2:b6:e8:1a:46:78:
37:a1:e1:30:4d:39:5f:da:5e:b7:fc:25:0c:9f:13:
c5:cb:8c:29:9f:ba:66:3c:8c:69:fb:d2:2b:b8:f4:
53:40:01:02:98:ea:46:87:e3:84:07:1c:44:c2:94:
02:92:75:ed:30:6a:83:24:ea:d9:a4:d6:42:02:14:
0c:c5:26:2a:e5:3c:66:c0:c8:73:a8:4d:12:d0:e0:
2c:cf:30:67:54:10:f0:6d:bd:1a:06:f9:e0:1a:49:
03:d6:81:50:eb:15:c3:1a:6d:c1:1d:32:d9:e7:f7:
45:3a:70:d4:cc:cf:52:2a:e5:fb:c6:55:77:61:b8:
6c:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:B0:F5:54:59:4F:63:29:B5:EF:B5:2A:AB:00:0A:52:47:46:79:70
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/o7D1VFlPYym177UqqwAKUkdGeXA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.4.0/24
193.124.7.0/24
194.58.36.0/24
194.58.155.0/24
194.58.223.0/24
194.87.52.0-194.87.54.255
194.87.59.0/24
194.87.75.0/24
194.87.119.0/24
194.87.125.0/24
194.87.169.0/24
194.87.179.0/24
194.87.192.0/22
194.87.228.0/24
194.135.24.0/24
195.133.9.0/24
195.133.24.0/23
195.133.29.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.241.0/24
212.192.249.0/24
212.193.0.0/24
212.193.9.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
75:45:28:8f:3e:39:a1:ac:57:46:48:a9:10:b5:46:e9:02:7b:
25:5e:a3:7a:59:75:e6:95:4d:18:5a:c7:06:b0:fc:ba:07:2c:
72:f4:61:de:df:a9:fe:8d:36:17:1e:1b:cb:dd:7e:f0:cd:3a:
94:2c:34:b0:0d:98:26:9e:87:24:2a:d8:99:d2:8d:68:5c:75:
92:09:5d:0b:d7:b6:be:97:aa:89:6a:1e:71:ed:d8:51:a5:4a:
2a:bf:20:b8:60:3d:21:07:e6:96:1f:ce:da:8b:28:b7:02:27:
91:c4:70:79:15:df:cf:7c:50:59:00:3c:34:cc:00:96:f7:ab:
b6:5b:6a:7b:ac:9f:21:14:e4:1d:56:f0:d9:f7:e0:44:38:c1:
8d:fb:0f:ee:ab:63:00:fb:4f:c9:00:19:8a:0f:48:e1:48:9a:
77:d5:36:b2:e6:9d:39:b7:00:f3:32:74:b2:d8:ca:3e:9f:ae:
1e:98:2b:39:27:5d:05:5b:7e:8a:50:03:34:c5:e1:c5:6d:70:
9f:1c:6e:7a:3f:6c:20:e7:ae:a7:7e:a1:64:b4:2a:5f:47:89:
f9:5e:43:f7:2d:72:18:6f:be:ce:58:6f:2b:00:a9:90:82:8d:
1c:c1:22:4b:65:39:63:c6:19:16:0a:06:d3:e9:6d:1e:90:b9:
9b:f7:e6:f7
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgISAZpN9XUsDNsdSyk1b921SqFPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUxMTA0MDgyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2IwZjU1NDU5NGY2MzI5YjVlZmI1MmFhYjAwMGE1MjQ3NDY3OTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY6Xtb1jyvcBWjt0b5C6kT7SLlTH
5N9rl45l3P9eywoO4YHVr5lXUWQkUm3rr+J6klnFREflPKplzwWl1By8gbbJKsHD
CkjJUYXrs8P/+UmWUhEyRLQU0V+suyMStamMH/WJ+XlSK+a3OfF/Bx8uf5vEkVgR
gCshmfysnO7sOJmitugaRng3oeEwTTlf2l63/CUMnxPFy4wpn7pmPIxp+9IruPRT
QAECmOpGh+OEBxxEwpQCknXtMGqDJOrZpNZCAhQMxSYq5TxmwMhzqE0S0OAszzBn
VBDwbb0aBvngGkkD1oFQ6xXDGm3BHTLZ5/dFOnDUzM9SKuX7xlV3YbhsyQIDAQAB
o4ICwjCCAr4wHQYDVR0OBBYEFKOw9VRZT2Mpte+1KqsAClJHRnlwMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbzdEMVZGbFBZeW0xNzdVcXF3QUtVa2RHZVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHXBggrBgEFBQcBBwEB/wSBxzCBxDCBqwQCAAEwgaQDBADB
fAQDBADBfAcDBADCOiQDBADCOpsDBADCOt8wDAMEAsJXNAMEAMJXNgMEAMJXOwME
AMJXSwMEAMJXdwMEAMJXfQMEAMJXqQMEAMJXswMEAsJXwAMEAMJX5AMEAMKHGAME
AMOFCQMEAcOFGAMEAMOFHQMEAcOFKAMEAcOFMgMEAcOFXAMEANTA8QMEANTA+QME
ANTBAAMEANTBCQMEAdTBGjAUBAIAAjAOAwUDKgFXwAMFAyoM/0AwDQYJKoZIhvcN
AQELBQADggEBAHVFKI8+OaGsV0ZIqRC1RukCeyVeo3pZdeaVTRhaxwaw/LoHLHL0
Yd7fqf6NNhceG8vdfvDNOpQsNLANmCaehyQq2JnSjWhcdZIJXQvXtr6XqolqHnHt
2FGlSiq/ILhgPSEH5pYfztqLKLcCJ5HEcHkV3898UFkAPDTMAJb3q7ZbanusnyEU
5B1W8Nn34EQ4wY37D+6rYwD7T8kAGYoPSOFImnfVNrLmnTm3APMydLLYyj6frh6Y
KzknXQVbfopQAzTF4cVtcJ8cbno/bCDnrqd+oWS0Kl9HifleQ/ctchhvvs5YbysA
qZCCjRzBIktlOWPGGRYKBtPpbR6QuZv35vc=
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:04:39 2025 by rpki-client