Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/TyiESx9vJZeklwlZv9TYvGA_OeQ.roa
File: TyiESx9vJZeklwlZv9TYvGA_OeQ.roa (raw, json)
Hash identifier: XbNgkcOdGnc+yrm7TcSh/FFTxDhIyeuN+OZSRhAEEwg=
Subject key identifier: 4F:28:84:4B:1F:6F:25:97:A4:97:09:59:BF:D4:D8:BC:60:3F:39:E4
Certificate issuer: /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial: 019A2AF7EFE27FEF8FA48662464DE7608AA0
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/TyiESx9vJZeklwlZv9TYvGA_OeQ.roa
Signing time: Tue 28 Oct 2025 13:18:03 +0000
ROA not before: Tue 28 Oct 2025 13:18:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5065
IP address blocks: 217.8.216.0/24 maxlen: 24
217.8.217.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2a:f7:ef:e2:7f:ef:8f:a4:86:62:46:4d:e7:60:8a:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Validity
Not Before: Oct 28 13:18:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4f28844b1f6f2597a4970959bfd4d8bc603f39e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:4c:07:59:d8:b6:9f:fe:1b:25:20:5a:ac:74:
b9:88:f3:b7:ff:4c:9f:4f:0c:44:fc:82:5f:3b:b3:
a5:87:a8:35:86:57:38:8f:90:16:90:b9:a3:cd:97:
bb:12:a2:14:d1:26:7e:73:70:d0:0d:3a:c4:64:57:
0a:cc:0a:dd:38:a1:03:13:0a:65:01:8c:3d:d9:c2:
b1:54:d4:56:af:7c:6a:79:e3:8f:5f:fe:0c:1c:68:
97:ae:9b:9d:e7:a1:20:e2:11:9a:47:79:14:55:8e:
bc:77:95:10:c6:ea:23:ab:e7:2b:3d:8e:8e:3c:c2:
14:57:4c:43:0d:32:49:df:08:c2:41:47:75:dd:a8:
83:e1:2c:81:0c:51:39:33:08:29:9e:e2:17:f7:e6:
97:a6:b4:a8:07:7a:84:91:f3:e0:13:06:de:c2:a3:
11:b6:18:f5:70:c7:0f:9a:bf:d1:66:5a:4d:3f:76:
8f:40:de:32:84:bf:e4:38:cf:74:16:d2:03:dc:06:
37:4b:58:07:96:32:54:b1:7f:e7:64:4c:96:7d:f5:
d5:b9:26:a7:9e:4b:7f:0a:c3:0d:9e:36:b3:3b:df:
64:4e:91:c2:6b:b8:0b:54:fa:64:61:5d:72:78:29:
d8:c3:cf:bf:35:d5:52:31:db:14:d4:56:0c:26:b4:
9f:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:28:84:4B:1F:6F:25:97:A4:97:09:59:BF:D4:D8:BC:60:3F:39:E4
X509v3 Authority Key Identifier:
keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/TyiESx9vJZeklwlZv9TYvGA_OeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.8.216.0/23
Signature Algorithm: sha256WithRSAEncryption
3d:4e:b2:a3:42:bb:3b:bf:95:47:b2:cb:76:c8:42:6e:5d:e7:
92:ed:51:87:29:bc:a6:61:cd:40:f9:51:c1:02:08:65:a5:e9:
eb:8d:45:7a:98:2c:bb:37:82:ef:05:e4:12:2b:a0:d7:15:46:
17:8d:49:e8:14:86:f8:af:2b:3a:b4:74:68:b3:39:f0:8d:6f:
12:ee:3b:12:f0:5a:79:6e:e1:97:0e:0e:a3:b0:cc:ba:a7:93:
0c:32:43:1e:96:ba:4b:88:7e:9d:1d:4c:95:9c:7a:7b:ec:22:
67:65:ef:5c:2e:62:15:87:a3:36:0e:a5:1f:6a:7d:45:83:41:
9c:a8:f9:a4:c9:8a:6f:d1:e1:8d:07:8c:47:ee:72:3c:4d:e5:
a0:59:5d:3e:42:7b:3f:0e:27:d8:52:75:75:ae:c9:d1:1b:0f:
39:c7:4a:93:d1:a1:99:2e:03:08:92:a8:76:14:ff:8a:c2:b8:
8d:25:58:46:e9:50:e1:a0:e0:cb:5a:5f:87:6e:99:9e:3e:0b:
45:07:16:a0:25:d0:7d:9e:15:59:33:2f:c0:d4:7b:55:c0:c5:
5d:fb:0a:e3:53:22:0e:41:f4:28:73:bc:d8:bd:e4:c4:f4:02:
90:05:ba:5d:e9:d8:b3:f5:5a:cc:39:8f:4a:7d:ed:de:c0:a5:
4f:41:da:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoq9+/if++PpIZiRk3nYIqgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDI4MTMxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjI4ODQ0YjFmNmYyNTk3YTQ5NzA5NTliZmQ0ZDhiYzYwM2YzOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EwHWdi2n/4bJSBarHS5iPO3/0yf
TwxE/IJfO7Olh6g1hlc4j5AWkLmjzZe7EqIU0SZ+c3DQDTrEZFcKzArdOKEDEwpl
AYw92cKxVNRWr3xqeeOPX/4MHGiXrpud56Eg4hGaR3kUVY68d5UQxuojq+crPY6O
PMIUV0xDDTJJ3wjCQUd13aiD4SyBDFE5MwgpnuIX9+aXprSoB3qEkfPgEwbewqMR
thj1cMcPmr/RZlpNP3aPQN4yhL/kOM90FtID3AY3S1gHljJUsX/nZEyWffXVuSan
nkt/CsMNnjazO99kTpHCa7gLVPpkYV1yeCnYw8+/NdVSMdsU1FYMJrSfAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8ohEsfbyWXpJcJWb/U2LxgPznkMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvVHlpRVN4OXZKWmVrbHdsWnY5VFl2R0FfT2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2QjYMA0G
CSqGSIb3DQEBCwUAA4IBAQA9TrKjQrs7v5VHsst2yEJuXeeS7VGHKbymYc1A+VHB
AghlpenrjUV6mCy7N4LvBeQSK6DXFUYXjUnoFIb4rys6tHRosznwjW8S7jsS8Fp5
buGXDg6jsMy6p5MMMkMelrpLiH6dHUyVnHp77CJnZe9cLmIVh6M2DqUfan1Fg0Gc
qPmkyYpv0eGNB4xH7nI8TeWgWV0+Qns/DifYUnV1rsnRGw85x0qT0aGZLgMIkqh2
FP+KwriNJVhG6VDhoODLWl+HbpmePgtFBxagJdB9nhVZMy/A1HtVwMVd+wrjUyIO
QfQoc7zYveTE9AKQBbpd6diz9VrMOY9Kfe3ewKVPQdqN
-----END CERTIFICATE-----
Generated at Tue Nov 4 16:34:08 2025 by rpki-client