Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/CCRf4uRfN50mc9puWV81ppkreOw.roa
File: CCRf4uRfN50mc9puWV81ppkreOw.roa (raw, json)
Hash identifier: LGl0z7K8wV8haQ1zz2k3H6t4IGmg2Wy0LO5aidZN86c=
Subject key identifier: 08:24:5F:E2:E4:5F:37:9D:26:73:DA:6E:59:5F:35:A6:99:2B:78:EC
Certificate issuer: /CN=df27b939934a2cc206ffba6bce9c90fdcba39c71
Certificate serial: 019A2BCE2B24E5BD8170742BEB6EBA2A9397
Authority key identifier: DF:27:B9:39:93:4A:2C:C2:06:FF:BA:6B:CE:9C:90:FD:CB:A3:9C:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/CCRf4uRfN50mc9puWV81ppkreOw.roa
Signing time: Tue 28 Oct 2025 17:12:03 +0000
ROA not before: Tue 28 Oct 2025 17:12:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58331
IP address blocks: 193.242.194.0/24 maxlen: 24
193.242.195.0/24 maxlen: 24
2a05:5440::/32 maxlen: 32
2a05:5441::/32 maxlen: 32
2a05:5442::/32 maxlen: 32
2a05:5443::/32 maxlen: 32
2a05:5444::/32 maxlen: 32
2a05:5445::/32 maxlen: 32
2a05:5446::/32 maxlen: 32
2a05:5447::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.mft
rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2b:ce:2b:24:e5:bd:81:70:74:2b:eb:6e:ba:2a:93:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df27b939934a2cc206ffba6bce9c90fdcba39c71
Validity
Not Before: Oct 28 17:12:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08245fe2e45f379d2673da6e595f35a6992b78ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:69:7f:f5:de:fc:48:57:e5:71:cc:45:25:4e:
5e:b8:f4:ad:f3:3e:25:c5:47:ab:1d:35:b0:20:21:
cd:68:f9:c1:5e:4a:6d:36:b4:99:88:52:b4:e1:18:
c6:de:15:63:cc:07:46:aa:89:cf:d3:7c:95:1e:9c:
a4:d3:e8:37:98:06:72:cb:16:cb:31:ae:f9:57:02:
d0:8f:57:47:5a:bc:dc:c3:54:1d:2d:af:e1:26:0d:
39:07:92:c3:de:a8:0b:49:17:b3:2a:c6:c9:63:fe:
20:7e:6c:7a:16:12:e1:a4:1e:81:fc:ea:a1:2a:12:
1a:ef:16:5e:3b:29:2a:9e:9e:50:74:a6:cc:97:44:
23:26:a5:a3:f2:22:b9:66:20:5b:90:fd:61:3d:9a:
c9:ce:f0:d3:37:f3:79:57:6d:b0:48:cd:9b:b5:8b:
1f:aa:ce:e1:7e:a0:f9:25:b0:08:b6:55:46:c1:dc:
99:35:3f:1b:de:7e:40:32:67:f2:3f:d5:0d:5b:26:
07:a0:7c:3c:e4:5a:10:f8:3e:cd:fe:f7:ff:4b:02:
bf:bd:19:92:0b:ec:b3:70:bd:48:dd:4a:00:f7:ec:
e0:4e:40:4b:cc:6f:b6:09:41:a2:9c:d9:e5:d4:fa:
4e:ff:79:4d:d3:dd:89:46:f3:77:b0:0d:50:00:5e:
40:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:24:5F:E2:E4:5F:37:9D:26:73:DA:6E:59:5F:35:A6:99:2B:78:EC
X509v3 Authority Key Identifier:
keyid:DF:27:B9:39:93:4A:2C:C2:06:FF:BA:6B:CE:9C:90:FD:CB:A3:9C:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ye5OZNKLMIG_7przpyQ_cujnHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/CCRf4uRfN50mc9puWV81ppkreOw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/966261-83b5-4ead-a468-6ed54d3fe4f4/1/3ye5OZNKLMIG_7przpyQ_cujnHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.242.194.0/23
IPv6:
2a05:5440::/29
Signature Algorithm: sha256WithRSAEncryption
2b:9e:7b:02:b9:15:9b:1c:da:5f:c8:f3:05:42:5f:49:bb:06:
0e:b6:7b:87:e8:a5:29:5e:f6:5c:b1:9a:11:1e:98:e1:9b:d1:
a5:2c:ba:55:eb:e4:3f:49:26:6e:42:16:f6:93:1a:02:03:25:
77:2b:4a:65:6f:26:07:a4:06:27:aa:0a:d2:dc:6f:93:9e:0d:
8c:7b:f0:ef:e2:63:40:cb:1f:31:d6:32:97:2b:70:57:a9:4a:
0d:c4:e9:9a:c2:6f:76:a1:ef:5f:8c:46:af:59:60:7d:3b:74:
75:51:ab:db:a3:c3:ca:79:d3:e6:5c:ed:fd:d3:4e:83:3f:91:
51:31:8e:9e:de:28:9b:5d:e2:c2:54:22:a1:ca:82:23:bd:af:
ae:d8:51:4b:0c:5c:ae:4f:ca:43:ff:b6:c0:16:eb:8a:58:d3:
97:f2:1d:65:4d:8c:93:7e:3d:4d:f1:ea:21:b8:4e:07:2d:c4:
d7:3b:a1:4d:ea:b1:8e:b6:06:4f:38:46:41:a5:24:82:f7:5d:
39:09:b7:0d:63:18:4b:bd:e5:b2:1c:6e:f9:ed:8c:2e:4b:71:
ec:b9:01:cb:31:ae:a4:51:cc:89:c2:bd:19:0e:ea:b2:e2:f7:
c5:93:c5:8f:c4:c6:35:cc:0a:51:00:cc:4a:b2:b3:2f:48:aa:
07:1c:b1:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZorzisk5b2BcHQr6266KpOXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMjdiOTM5OTM0YTJjYzIwNmZmYmE2YmNlOWM5MGZkY2Jh
MzljNzEwHhcNMjUxMDI4MTcxMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODI0NWZlMmU0NWYzNzlkMjY3M2RhNmU1OTVmMzVhNjk5MmI3OGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2l/9d78SFflccxFJU5euPSt8z4l
xUerHTWwICHNaPnBXkptNrSZiFK04RjG3hVjzAdGqonP03yVHpyk0+g3mAZyyxbL
Ma75VwLQj1dHWrzcw1QdLa/hJg05B5LD3qgLSRezKsbJY/4gfmx6FhLhpB6B/Oqh
KhIa7xZeOykqnp5QdKbMl0QjJqWj8iK5ZiBbkP1hPZrJzvDTN/N5V22wSM2btYsf
qs7hfqD5JbAItlVGwdyZNT8b3n5AMmfyP9UNWyYHoHw85FoQ+D7N/vf/SwK/vRmS
C+yzcL1I3UoA9+zgTkBLzG+2CUGinNnl1PpO/3lN092JRvN3sA1QAF5AYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAgkX+LkXzedJnPabllfNaaZK3jsMB8GA1UdIwQY
MBaAFN8nuTmTSizCBv+6a86ckP3Lo5xxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3llNU9aTktMTUlHXzdwcnpweVFfY3VqbkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi85NjYyNjEtODNiNS00ZWFkLWE0Njgt
NmVkNTRkM2ZlNGY0LzEvQ0NSZjR1UmZONTBtYzlwdVdWODFwcGtyZU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi85NjYyNjEtODNiNS00ZWFkLWE0NjgtNmVkNTRkM2ZlNGY0
LzEvM3llNU9aTktMTUlHXzdwcnpweVFfY3VqbkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwfLCMA0E
AgACMAcDBQMqBVRAMA0GCSqGSIb3DQEBCwUAA4IBAQArnnsCuRWbHNpfyPMFQl9J
uwYOtnuH6KUpXvZcsZoRHpjhm9GlLLpV6+Q/SSZuQhb2kxoCAyV3K0plbyYHpAYn
qgrS3G+Tng2Me/Dv4mNAyx8x1jKXK3BXqUoNxOmawm92oe9fjEavWWB9O3R1Uavb
o8PKedPmXO39006DP5FRMY6e3iibXeLCVCKhyoIjva+u2FFLDFyuT8pD/7bAFuuK
WNOX8h1lTYyTfj1N8eohuE4HLcTXO6FN6rGOtgZPOEZBpSSC9105CbcNYxhLveWy
HG757YwuS3HsuQHLMa6kUcyJwr0ZDuqy4vfFk8WPxMY1zApRAMxKsrMvSKoHHLHD
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:13:37 2025 by rpki-client