Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/J7Mq7A3jpKO6MctLoycxbGYGUKE.roa
File: J7Mq7A3jpKO6MctLoycxbGYGUKE.roa (raw, json)
Hash identifier: BOAsWVPt08z408fa5M73TMfMWbdYH0PR4ngkjEtOvUU=
Subject key identifier: 27:B3:2A:EC:0D:E3:A4:A3:BA:31:CB:4B:A3:27:31:6C:66:06:50:A1
Certificate issuer: /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial: 019A52A87541A30060AAF42BBDCB247ECB5E
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/J7Mq7A3jpKO6MctLoycxbGYGUKE.roa
Signing time: Wed 05 Nov 2025 06:16:02 +0000
ROA not before: Wed 05 Nov 2025 06:16:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 95.170.12.0/24 maxlen: 24
95.170.19.0/24 maxlen: 24
95.170.22.0/24 maxlen: 24
95.170.23.0/24 maxlen: 24
95.170.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 06:16:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:52:a8:75:41:a3:00:60:aa:f4:2b:bd:cb:24:7e:cb:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Validity
Not Before: Nov 5 06:16:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=27b32aec0de3a4a3ba31cb4ba327316c660650a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:67:71:4b:16:ea:56:cd:95:58:2f:a2:9a:d0:
9e:ec:b5:da:eb:14:5a:14:9b:1e:cf:24:0d:c0:5a:
82:d5:a5:7b:8b:8a:10:71:3c:e1:2a:68:0e:b5:d5:
9c:66:c4:0b:58:6f:e5:6d:ea:08:aa:86:46:b5:1e:
09:13:96:5e:03:4e:ef:64:9d:c3:c3:61:99:36:54:
be:00:d6:24:53:db:9c:53:cb:1a:28:1a:11:d5:d9:
3e:20:63:dc:a6:65:dd:91:e8:84:75:5a:6d:6a:e3:
f5:a7:ba:bd:fc:00:75:69:8b:c8:cd:26:e1:0a:91:
38:f3:bf:ce:dc:b6:86:64:b7:ec:97:25:9a:66:38:
cd:90:f8:3e:81:d3:2a:fc:3a:d5:9c:9d:52:2e:54:
df:ce:46:c9:3d:a6:9c:e3:41:a8:a1:40:c1:a1:a5:
5a:fd:ef:bd:3b:08:8e:4d:f5:0e:c3:96:04:bc:bb:
81:6b:63:45:ce:bc:ea:7f:a5:3d:c8:6a:11:4a:6d:
7b:58:d3:c1:b9:47:ed:72:8a:5e:7a:0f:37:c4:30:
fc:8a:1c:1e:f6:ad:65:57:e0:41:04:5f:6c:88:f3:
ca:a2:e0:45:d9:95:fa:af:99:32:cf:61:1b:04:ad:
7d:3a:d7:66:11:01:04:43:5f:9d:f9:57:92:90:87:
fa:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:B3:2A:EC:0D:E3:A4:A3:BA:31:CB:4B:A3:27:31:6C:66:06:50:A1
X509v3 Authority Key Identifier:
keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/J7Mq7A3jpKO6MctLoycxbGYGUKE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.170.12.0/24
95.170.19.0/24
95.170.22.0/23
95.170.28.0/24
Signature Algorithm: sha256WithRSAEncryption
97:c6:3e:17:60:23:63:9a:1b:76:39:da:5d:9b:9d:ed:6d:78:
d3:e8:23:31:30:04:4d:de:d0:bc:59:01:37:56:63:eb:3c:04:
f0:35:5a:0c:77:04:39:22:5d:ff:1e:3d:f0:7d:74:3a:a3:48:
84:8c:13:57:c1:e5:df:35:4a:f2:c3:f9:2d:ea:b9:24:a7:55:
ae:91:72:8d:1e:eb:10:ea:8a:8f:8e:b0:68:6d:02:e7:83:52:
1e:ed:c5:04:28:6d:58:c8:ca:f4:de:65:db:54:43:c1:b6:41:
31:c7:d1:92:12:f3:19:f9:7b:8e:81:99:38:bf:c0:dd:50:76:
b9:b3:df:58:ea:80:36:ef:3a:a1:2f:a9:2f:97:54:9d:2c:da:
c2:6a:43:05:89:d1:b6:cb:60:db:ff:14:fa:38:da:e6:03:e8:
fc:cd:39:41:aa:28:24:49:19:47:b8:42:97:ff:2a:0b:15:7d:
2a:7a:83:c6:57:ef:a4:93:31:b2:05:94:75:cc:2d:36:10:19:
3d:69:6b:35:50:39:f7:85:7f:8b:b2:72:06:c6:ac:25:9d:7d:
fc:62:b6:e1:d9:02:05:6d:a7:ec:23:e4:af:38:4a:d9:c1:f4:
65:5c:18:9a:aa:15:a1:94:da:fe:d6:f8:70:ed:c1:7d:e4:70:
50:b2:27:69
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZpSqHVBowBgqvQrvcskfsteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUxMTA1MDYxNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2IzMmFlYzBkZTNhNGEzYmEzMWNiNGJhMzI3MzE2YzY2MDY1MGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGdxSxbqVs2VWC+imtCe7LXa6xRa
FJsezyQNwFqC1aV7i4oQcTzhKmgOtdWcZsQLWG/lbeoIqoZGtR4JE5ZeA07vZJ3D
w2GZNlS+ANYkU9ucU8saKBoR1dk+IGPcpmXdkeiEdVptauP1p7q9/AB1aYvIzSbh
CpE487/O3LaGZLfslyWaZjjNkPg+gdMq/DrVnJ1SLlTfzkbJPaac40GooUDBoaVa
/e+9OwiOTfUOw5YEvLuBa2NFzrzqf6U9yGoRSm17WNPBuUftcopeeg83xDD8ihwe
9q1lV+BBBF9siPPKouBF2ZX6r5kyz2EbBK19OtdmEQEEQ1+d+VeSkIf6swIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCezKuwN46SjujHLS6MnMWxmBlChMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvSjdNcTdBM2pwS082TWN0TG95Y3hiR1lHVUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAX6oMAwQA
X6oTAwQBX6oWAwQAX6ocMA0GCSqGSIb3DQEBCwUAA4IBAQCXxj4XYCNjmht2Odpd
m53tbXjT6CMxMARN3tC8WQE3VmPrPATwNVoMdwQ5Il3/Hj3wfXQ6o0iEjBNXweXf
NUryw/kt6rkkp1WukXKNHusQ6oqPjrBobQLng1Ie7cUEKG1YyMr03mXbVEPBtkEx
x9GSEvMZ+XuOgZk4v8DdUHa5s99Y6oA27zqhL6kvl1SdLNrCakMFidG2y2Db/xT6
ONrmA+j8zTlBqigkSRlHuEKX/yoLFX0qeoPGV++kkzGyBZR1zC02EBk9aWs1UDn3
hX+LsnIGxqwlnX38Yrbh2QIFbafsI+SvOErZwfRlXBiaqhWhlNr+1vhw7cF95HBQ
sidp
-----END CERTIFICATE-----
Generated at Wed Nov 5 14:48:51 2025 by rpki-client