Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cuTqnm6-Npd1s0B2i2x-BPoHhIY.roa
File: cuTqnm6-Npd1s0B2i2x-BPoHhIY.roa (raw, json)
Hash identifier: DpWZQBn/6UWYQonPNvDAro6RhsBcWwU7H4ptbMrtNMM=
Subject key identifier: 72:E4:EA:9E:6E:BE:36:97:75:B3:40:76:8B:6C:7E:04:FA:07:84:86
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019A2B44D8A04E339F16D71C69EF8ACB2F6C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cuTqnm6-Npd1s0B2i2x-BPoHhIY.roa
Signing time: Tue 28 Oct 2025 14:42:03 +0000
ROA not before: Tue 28 Oct 2025 14:42:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16276
IP address blocks: 37.139.130.0/24 maxlen: 24
45.149.243.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
85.217.144.0/23 maxlen: 24
87.121.60.0/24 maxlen: 24
185.225.74.0/23 maxlen: 24
193.148.253.0/24 maxlen: 24
193.149.28.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2b:44:d8:a0:4e:33:9f:16:d7:1c:69:ef:8a:cb:2f:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 28 14:42:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=72e4ea9e6ebe369775b340768b6c7e04fa078486
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:9e:1e:66:a7:4d:03:15:10:d1:17:a8:70:c3:
57:2a:f5:ae:b1:b4:5b:7c:ee:f2:12:1c:ad:5b:5e:
bc:d5:91:2a:49:87:21:26:c0:e3:11:2f:94:40:c2:
8f:fd:59:71:2e:ce:c9:62:c3:ea:f3:f2:0f:10:2c:
d9:1b:47:83:fa:3c:45:cb:59:c1:f0:b1:f6:74:3e:
55:f3:38:5f:b3:3e:7e:17:cf:5b:20:bb:5b:d4:a0:
fe:bb:c9:bb:ba:4d:24:85:a1:2a:4e:85:ba:30:e0:
a0:37:d7:fc:f6:11:2a:e1:a5:4f:2b:43:6b:a3:2f:
3e:9d:c8:24:21:4f:87:80:de:9a:ab:9a:47:6f:89:
3a:cd:61:0d:b1:26:a2:64:47:33:9a:26:81:a1:cc:
b5:99:10:52:c8:52:aa:f3:8b:e9:ab:e9:aa:52:e7:
5c:99:29:cb:32:bf:4d:41:a8:1a:2d:4c:03:3c:fb:
83:30:36:a0:57:b7:93:cc:41:f3:43:fd:f1:54:f8:
bf:af:fa:d8:57:48:df:c2:2d:2d:a6:09:de:bf:5a:
68:ab:90:38:88:a7:86:b5:a6:01:bd:66:5a:9b:0a:
56:7a:88:48:cc:29:31:47:97:2d:38:2d:88:a2:cb:
b7:e7:7e:ce:3f:82:ff:41:9a:06:cf:22:6b:7c:90:
b0:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:E4:EA:9E:6E:BE:36:97:75:B3:40:76:8B:6C:7E:04:FA:07:84:86
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cuTqnm6-Npd1s0B2i2x-BPoHhIY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.149.243.0/24
79.110.61.0/24
85.217.144.0/23
87.121.60.0/24
185.225.74.0/23
193.148.253.0/24
193.149.28.0/22
Signature Algorithm: sha256WithRSAEncryption
a7:ad:73:35:f3:16:fa:22:b2:1b:5e:bf:8f:f4:3c:17:69:48:
5b:b8:01:bb:7b:4e:b3:3e:c8:8d:f5:e6:fa:c5:34:df:b9:24:
10:a9:30:96:59:98:73:83:f1:b2:f9:f7:b3:00:90:fc:81:d8:
e4:24:ea:17:26:fe:54:61:46:64:e3:37:52:a6:c2:2c:3e:f8:
10:74:63:79:a4:9c:1f:50:09:06:ac:9d:be:ce:89:fc:78:85:
6b:36:1e:b9:df:37:66:53:0c:40:90:ec:d6:9f:13:e0:7f:09:
70:9f:56:d1:71:f3:b1:cb:ca:12:28:c2:54:31:a1:ab:2d:a8:
97:4e:27:95:86:71:55:cc:1a:b2:c4:34:4b:66:d4:62:81:dd:
15:f6:67:ff:0f:5e:bc:c8:79:e4:24:11:20:5c:c0:bf:69:3a:
7b:e9:6a:08:12:8e:d6:01:c9:6c:f1:0d:12:c5:0d:27:49:db:
6b:bc:a4:6c:41:f3:b2:6d:44:ad:58:12:08:16:51:50:f6:9e:
07:43:cf:1a:6d:4f:23:6a:2f:e4:ae:de:e5:f8:d3:9e:a7:f5:
17:08:86:4d:35:e7:5b:3d:3a:43:fa:2f:d6:5e:30:bc:d4:9a:
7f:29:43:bd:0c:c7:33:b9:2d:1b:ff:53:86:04:de:5d:48:ac:
a7:c9:58:2e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZorRNigTjOfFtccae+Kyy9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUxMDI4MTQ0MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmU0ZWE5ZTZlYmUzNjk3NzViMzQwNzY4YjZjN2UwNGZhMDc4NDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm54eZqdNAxUQ0ReocMNXKvWusbRb
fO7yEhytW1681ZEqSYchJsDjES+UQMKP/VlxLs7JYsPq8/IPECzZG0eD+jxFy1nB
8LH2dD5V8zhfsz5+F89bILtb1KD+u8m7uk0khaEqToW6MOCgN9f89hEq4aVPK0Nr
oy8+ncgkIU+HgN6aq5pHb4k6zWENsSaiZEczmiaBocy1mRBSyFKq84vpq+mqUudc
mSnLMr9NQagaLUwDPPuDMDagV7eTzEHzQ/3xVPi/r/rYV0jfwi0tpgnev1poq5A4
iKeGtaYBvWZamwpWeohIzCkxR5ctOC2Iosu3537OP4L/QZoGzyJrfJCwyQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHLk6p5uvjaXdbNAdotsfgT6B4SGMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvY3VUcW5tNi1OcGQxczBCMmkyeC1CUG9IaElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAJYuCAwQA
LZXzAwQAT249AwQBVdmQAwQAV3k8AwQBueFKAwQAwZT9AwQCwZUcMA0GCSqGSIb3
DQEBCwUAA4IBAQCnrXM18xb6IrIbXr+P9DwXaUhbuAG7e06zPsiN9eb6xTTfuSQQ
qTCWWZhzg/Gy+fezAJD8gdjkJOoXJv5UYUZk4zdSpsIsPvgQdGN5pJwfUAkGrJ2+
zon8eIVrNh653zdmUwxAkOzWnxPgfwlwn1bRcfOxy8oSKMJUMaGrLaiXTieVhnFV
zBqyxDRLZtRigd0V9mf/D168yHnkJBEgXMC/aTp76WoIEo7WAcls8Q0SxQ0nSdtr
vKRsQfOybUStWBIIFlFQ9p4HQ88abU8jai/krt7l+NOep/UXCIZNNedbPTpD+i/W
XjC81Jp/KUO9DMczuS0b/1OGBN5dSKynyVgu
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:47:27 2025 by rpki-client