Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/qN_rG608ZhXgRutescaS-t2N0fw.roa
File: qN_rG608ZhXgRutescaS-t2N0fw.roa (raw, json)
Hash identifier: tfpFzdPe4QKgm7jdILeSk485+ZJMhoY/dG54ucE9Hqs=
Subject key identifier: A8:DF:EB:1B:AD:3C:66:15:E0:46:EB:5E:B1:C6:92:FA:DD:8D:D1:FC
Certificate issuer: /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial: 019A4168DEB92944F3B26AB09F648E5C8BE0
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/qN_rG608ZhXgRutescaS-t2N0fw.roa
Signing time: Sat 01 Nov 2025 21:53:03 +0000
ROA not before: Sat 01 Nov 2025 21:53:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 212.116.227.0/24 maxlen: 24
212.116.228.0/22 maxlen: 24
212.116.229.0/24 maxlen: 24
212.116.238.0/23 maxlen: 24
212.116.243.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:41:68:de:b9:29:44:f3:b2:6a:b0:9f:64:8e:5c:8b:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Validity
Not Before: Nov 1 21:53:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a8dfeb1bad3c6615e046eb5eb1c692fadd8dd1fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:24:4f:4a:6f:35:2a:f8:94:4d:6e:bd:d4:bf:
60:7d:96:8a:94:3a:45:fb:0d:1b:cc:c9:8c:63:05:
70:62:9b:80:48:1e:b0:20:8e:2e:1c:6b:cb:ce:d1:
ba:d1:92:df:da:1f:6f:7c:93:0d:0d:ff:2e:dd:c4:
4e:b6:d6:52:a8:d0:9e:1d:ed:70:e2:4a:3b:bb:96:
61:34:24:c5:25:39:06:b0:55:86:99:69:0b:9e:0c:
fb:ea:89:5c:9f:68:95:75:16:98:e0:8e:b0:90:f1:
ac:51:df:ec:90:d1:a8:bc:b7:6b:06:15:df:6b:6c:
f4:cf:37:87:90:1b:7f:49:2f:f7:b3:bf:36:ac:c7:
35:a5:25:e1:84:0e:ec:58:c7:64:73:18:d7:7b:1e:
50:1f:55:79:67:60:67:4d:92:f4:97:0c:7d:5c:04:
05:6a:08:02:d8:f9:db:95:40:94:e1:be:f2:b3:d4:
11:10:a1:ac:b6:2c:f4:ed:08:80:21:d0:75:c6:26:
34:cd:3e:88:fa:09:20:af:9f:11:35:49:e4:7c:0e:
9c:9b:2c:f5:74:a1:24:88:31:50:4c:06:d6:7a:2a:
8f:c2:f8:77:24:4b:0c:dd:91:25:9d:c1:cf:3d:7a:
90:8d:b2:e8:7c:fc:40:d8:b8:e1:1f:dd:a1:87:03:
0e:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:DF:EB:1B:AD:3C:66:15:E0:46:EB:5E:B1:C6:92:FA:DD:8D:D1:FC
X509v3 Authority Key Identifier:
keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/qN_rG608ZhXgRutescaS-t2N0fw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.116.227.0-212.116.231.255
212.116.238.0/23
212.116.243.0/24
Signature Algorithm: sha256WithRSAEncryption
5d:70:96:f9:70:04:fa:dc:20:62:e4:6b:d4:be:a6:06:06:bf:
e6:f8:30:07:05:df:08:ab:f6:7e:d4:d8:47:fb:1c:68:57:2a:
3c:0a:f6:27:de:20:e4:de:1b:5f:3b:e5:0e:b2:2a:b7:07:dd:
52:a4:7f:84:d8:cf:f5:31:e6:ba:7a:98:63:9e:35:1f:51:b1:
84:d0:f0:90:14:55:d2:fb:df:76:dc:5b:eb:bf:47:94:81:bf:
49:fd:1b:f8:a3:b9:cc:4e:3d:10:0e:9b:90:a3:c4:f7:a5:5b:
0a:dc:c9:1e:04:2e:46:54:85:ba:59:b7:c4:5a:82:c3:19:bd:
c1:f9:37:53:42:97:5a:7a:b3:ed:be:67:11:a0:94:bf:63:c6:
c6:b8:df:eb:40:63:af:54:12:c4:18:9f:70:5b:0d:cb:0f:de:
4c:44:ab:3a:02:82:03:fa:ed:97:d9:d5:91:6a:bc:63:c6:32:
ac:00:d3:1a:b3:87:0d:25:6a:ca:0c:da:ec:44:23:57:e7:64:
3f:b8:f7:d1:ce:7c:f0:96:35:fa:18:9d:4d:13:72:2d:31:71:
31:dc:b2:17:83:30:e8:8e:ef:ac:32:61:ae:b7:be:cf:8c:97:
cc:3b:e8:95:a0:01:f3:9f:11:71:ac:30:7f:4f:b3:35:7c:4e:
d3:8c:d2:bd
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZpBaN65KUTzsmqwn2SOXIvgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUxMTAxMjE1MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGRmZWIxYmFkM2M2NjE1ZTA0NmViNWViMWM2OTJmYWRkOGRkMWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyRPSm81KviUTW691L9gfZaKlDpF
+w0bzMmMYwVwYpuASB6wII4uHGvLztG60ZLf2h9vfJMNDf8u3cROttZSqNCeHe1w
4ko7u5ZhNCTFJTkGsFWGmWkLngz76olcn2iVdRaY4I6wkPGsUd/skNGovLdrBhXf
a2z0zzeHkBt/SS/3s782rMc1pSXhhA7sWMdkcxjXex5QH1V5Z2BnTZL0lwx9XAQF
aggC2PnblUCU4b7ys9QREKGstiz07QiAIdB1xiY0zT6I+gkgr58RNUnkfA6cmyz1
dKEkiDFQTAbWeiqPwvh3JEsM3ZElncHPPXqQjbLofPxA2LjhH92hhwMObQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKjf6xutPGYV4EbrXrHGkvrdjdH8MB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvcU5fckc2MDhaaFhnUnV0ZXNjYVMtdDJOMGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBADUdOMD
BAPUdOADBAHUdO4DBADUdPMwDQYJKoZIhvcNAQELBQADggEBAF1wlvlwBPrcIGLk
a9S+pgYGv+b4MAcF3wir9n7U2Ef7HGhXKjwK9ifeIOTeG1875Q6yKrcH3VKkf4TY
z/Ux5rp6mGOeNR9RsYTQ8JAUVdL733bcW+u/R5SBv0n9G/ijucxOPRAOm5CjxPel
WwrcyR4ELkZUhbpZt8RagsMZvcH5N1NCl1p6s+2+ZxGglL9jxsa43+tAY69UEsQY
n3BbDcsP3kxEqzoCggP67ZfZ1ZFqvGPGMqwA0xqzhw0lasoM2uxEI1fnZD+499HO
fPCWNfoYnU0Tci0xcTHcsheDMOiO76wyYa63vs+Ml8w76JWgAfOfEXGsMH9PszV8
TtOM0r0=
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:06:04 2025 by rpki-client