Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/khLj3siTURlsY89-Vmgedp1s5K4.roa
File: khLj3siTURlsY89-Vmgedp1s5K4.roa (raw, json)
Hash identifier: xKMxdzBhNZmeRr32A6V0s5rbV7HKraIiuV6YTmkyQCI=
Subject key identifier: 92:12:E3:DE:C8:93:51:19:6C:63:CF:7E:56:68:1E:76:9D:6C:E4:AE
Certificate issuer: /CN=5f7da568ad027b9e249c13e223d322769881a29f
Certificate serial: 019A4E6D639436687C01053DC5C215BA2C80
Authority key identifier: 5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/khLj3siTURlsY89-Vmgedp1s5K4.roa
Signing time: Tue 04 Nov 2025 10:33:03 +0000
ROA not before: Tue 04 Nov 2025 10:33:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29205
IP address blocks: 45.156.236.0/22 maxlen: 24
91.230.36.0/23 maxlen: 23
185.49.12.0/22 maxlen: 24
185.49.15.0/24 maxlen: 24
185.100.228.0/24 maxlen: 24
185.100.231.0/24 maxlen: 24
185.192.102.0/24 maxlen: 24
188.214.16.0/21 maxlen: 24
188.215.64.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.mft
rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4e:6d:63:94:36:68:7c:01:05:3d:c5:c2:15:ba:2c:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f7da568ad027b9e249c13e223d322769881a29f
Validity
Not Before: Nov 4 10:33:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9212e3dec89351196c63cf7e56681e769d6ce4ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:81:0e:4c:be:2c:90:20:a0:ff:01:1f:ed:21:
59:99:88:39:da:4f:c8:e3:6b:92:22:df:af:99:b3:
56:10:01:b5:50:e5:c0:6b:0a:99:cf:14:b3:b5:e0:
7e:06:fd:cf:f7:86:e8:53:bc:5b:d3:e4:fe:03:3d:
4b:8d:f9:d0:d5:2a:c3:66:f4:fc:53:48:25:36:25:
f0:26:70:18:16:f5:ad:47:ff:8b:32:d2:7a:71:a3:
2a:83:58:27:bc:60:98:33:59:62:a2:ef:1e:bc:2e:
c4:b8:51:44:a4:bc:04:fb:ae:92:86:13:8b:96:7f:
2e:d3:33:07:fd:84:fa:45:17:79:3d:fe:e0:63:6e:
63:af:77:bd:a9:fb:30:3b:69:4c:0c:89:2d:95:0c:
74:dc:6f:0f:17:07:44:de:13:61:0e:c6:9d:ed:4a:
d1:32:fb:9e:b2:5a:f3:e8:58:b6:c5:21:83:78:40:
d2:99:58:7c:68:52:6c:7a:af:9e:ab:38:53:93:b2:
0f:99:b8:cd:70:5b:a6:09:f9:73:03:24:15:22:0e:
5e:1f:1d:b7:89:55:a9:30:77:84:ad:13:30:d1:5d:
eb:4c:2d:83:88:39:cf:ad:ee:8f:84:22:23:52:3d:
a6:1f:1f:1f:ab:4f:53:29:6d:5b:0b:d2:97:bf:72:
49:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:12:E3:DE:C8:93:51:19:6C:63:CF:7E:56:68:1E:76:9D:6C:E4:AE
X509v3 Authority Key Identifier:
keyid:5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/khLj3siTURlsY89-Vmgedp1s5K4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.236.0/22
91.230.36.0/23
185.49.12.0/22
185.100.228.0/24
185.100.231.0/24
185.192.102.0/24
188.214.16.0/21
188.215.64.0/24
Signature Algorithm: sha256WithRSAEncryption
55:e4:fd:38:c3:6b:2c:f8:98:ad:5d:2e:12:50:86:d3:40:d5:
8f:1c:23:ef:00:f5:d2:9c:67:5a:b5:11:5f:0c:a9:cd:04:ab:
99:31:0e:97:34:cf:4e:9a:dd:a1:a7:89:12:e6:51:0c:b5:ef:
90:8e:7f:2a:e2:00:f2:95:51:13:33:df:bd:ec:99:46:2f:34:
d7:54:a4:f1:a6:c5:9d:11:b5:3f:03:52:31:50:7e:ca:9b:59:
75:47:1b:88:99:fd:16:ff:7c:12:3d:8c:52:53:ec:35:5c:5c:
d7:c1:e6:74:df:3d:0c:13:65:48:19:3c:c6:37:fa:60:ae:3d:
de:82:0a:dd:0e:bd:5d:40:ea:5e:74:dc:ca:ff:7a:a7:83:d3:
c8:1d:64:d4:21:6e:01:bd:15:cc:4e:67:7e:fa:0c:ef:42:44:
cb:2a:a7:b5:c0:8e:08:2b:bd:e7:f7:81:61:2d:95:d9:dc:34:
05:50:88:7a:9b:44:ae:54:a7:41:81:35:54:fb:97:e3:e3:40:
89:cc:ce:71:11:08:9e:a1:41:40:52:14:a3:3b:84:bb:96:a3:
fc:03:7f:23:5a:5b:31:35:f8:04:c4:ed:ca:e3:fc:bf:64:ab:
85:c2:c1:85:96:43:49:18:c2:d7:73:19:4d:c8:ca:51:41:f0:
24:fb:b0:c9
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZpObWOUNmh8AQU9xcIVuiyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmN2RhNTY4YWQwMjdiOWUyNDljMTNlMjIzZDMyMjc2OTg4
MWEyOWYwHhcNMjUxMTA0MTAzMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjEyZTNkZWM4OTM1MTE5NmM2M2NmN2U1NjY4MWU3NjlkNmNlNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoEOTL4skCCg/wEf7SFZmYg52k/I
42uSIt+vmbNWEAG1UOXAawqZzxSzteB+Bv3P94boU7xb0+T+Az1LjfnQ1SrDZvT8
U0glNiXwJnAYFvWtR/+LMtJ6caMqg1gnvGCYM1liou8evC7EuFFEpLwE+66ShhOL
ln8u0zMH/YT6RRd5Pf7gY25jr3e9qfswO2lMDIktlQx03G8PFwdE3hNhDsad7UrR
Mvueslrz6Fi2xSGDeEDSmVh8aFJseq+eqzhTk7IPmbjNcFumCflzAyQVIg5eHx23
iVWpMHeErRMw0V3rTC2DiDnPre6PhCIjUj2mHx8fq09TKW1bC9KXv3JJGQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJIS497Ik1EZbGPPflZoHnadbOSuMB8GA1UdIwQY
MBaAFF99pWitAnueJJwT4iPTInaYgaKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUt
Mzc1NzUzOWMyYWM5LzEva2hMajNzaVRVUmxzWTg5LVZtZ2VkcDFzNUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUtMzc1NzUzOWMyYWM5
LzEvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLZzsAwQB
W+YkAwQCuTEMAwQAuWTkAwQAuWTnAwQAucBmAwQDvNYQAwQAvNdAMA0GCSqGSIb3
DQEBCwUAA4IBAQBV5P04w2ss+JitXS4SUIbTQNWPHCPvAPXSnGdatRFfDKnNBKuZ
MQ6XNM9Omt2hp4kS5lEMte+Qjn8q4gDylVETM9+97JlGLzTXVKTxpsWdEbU/A1Ix
UH7Km1l1RxuImf0W/3wSPYxSU+w1XFzXweZ03z0ME2VIGTzGN/pgrj3eggrdDr1d
QOpedNzK/3qng9PIHWTUIW4BvRXMTmd++gzvQkTLKqe1wI4IK73n94FhLZXZ3DQF
UIh6m0SuVKdBgTVU+5fj40CJzM5xEQieoUFAUhSjO4S7lqP8A38jWlsxNfgExO3K
4/y/ZKuFwsGFlkNJGMLXcxlNyMpRQfAk+7DJ
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:22:17 2025 by rpki-client