Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/2Ak_ZKziVTI4_3cih9eiYO1viHI.roa
File: 2Ak_ZKziVTI4_3cih9eiYO1viHI.roa (raw, json)
Hash identifier: k7qMvcLmVAFsg1jyjo16XzLrDU45d1f2VoPV9JFx5Vw=
Subject key identifier: D8:09:3F:64:AC:E2:55:32:38:FF:77:22:87:D7:A2:60:ED:6F:88:72
Certificate issuer: /CN=22a19ed85a2c0cfc4f50bead16fc9f6f1465ad11
Certificate serial: 019A2F41A694F7A4665092C77B39336F4A10
Authority key identifier: 22:A1:9E:D8:5A:2C:0C:FC:4F:50:BE:AD:16:FC:9F:6F:14:65:AD:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IqGe2FosDPxPUL6tFvyfbxRlrRE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/2Ak_ZKziVTI4_3cih9eiYO1viHI.roa
Signing time: Wed 29 Oct 2025 09:17:02 +0000
ROA not before: Wed 29 Oct 2025 09:17:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208867
IP address blocks: 45.137.236.0/22 maxlen: 24
193.104.197.0/24 maxlen: 24
217.29.192.0/22 maxlen: 24
2a04:b1c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/IqGe2FosDPxPUL6tFvyfbxRlrRE.crl
rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/IqGe2FosDPxPUL6tFvyfbxRlrRE.mft
rsync://rpki.ripe.net/repository/DEFAULT/IqGe2FosDPxPUL6tFvyfbxRlrRE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2f:41:a6:94:f7:a4:66:50:92:c7:7b:39:33:6f:4a:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22a19ed85a2c0cfc4f50bead16fc9f6f1465ad11
Validity
Not Before: Oct 29 09:17:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d8093f64ace2553238ff772287d7a260ed6f8872
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:36:65:8c:0d:45:88:bd:17:e5:a1:af:f9:cc:
e1:bc:70:86:24:3e:78:a3:40:b7:1f:9e:fa:96:7e:
a4:21:48:02:35:33:e3:c9:da:be:02:33:0f:71:41:
1c:ca:23:2e:12:b8:ad:ec:8c:23:6f:cc:a5:1f:62:
a5:3d:54:18:0b:28:5a:7e:78:d2:8f:84:cf:b9:b5:
2e:15:07:96:74:d0:01:e1:8a:90:12:2f:88:e3:df:
b3:a9:a5:85:0e:8e:11:4b:a5:96:3b:df:b3:f8:f5:
18:2a:d2:9e:8c:96:f4:0c:c5:ff:20:56:22:01:cc:
de:72:bc:96:ad:4d:10:d1:98:a5:84:b2:21:c1:7e:
6d:fc:73:a0:d0:ce:3a:aa:42:0a:bb:29:eb:a8:a5:
e6:1a:98:91:e9:be:1f:3e:04:30:a5:92:7f:b3:dd:
5a:ad:8a:55:c2:bc:ae:c0:8a:a0:22:81:b9:ce:8c:
7f:a1:1b:0f:50:13:5e:fc:8e:e6:7d:60:04:a3:c6:
23:fd:f8:d8:0c:32:2f:dd:95:ac:ab:82:1b:74:e0:
1c:ac:8f:22:ab:d8:a4:be:46:4e:f3:a7:36:72:3d:
9e:db:f3:02:c2:fc:ab:0d:ea:29:a7:21:b2:8d:84:
f3:d9:b2:b6:51:f9:5e:00:15:53:36:bf:f2:d5:f6:
ad:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:09:3F:64:AC:E2:55:32:38:FF:77:22:87:D7:A2:60:ED:6F:88:72
X509v3 Authority Key Identifier:
keyid:22:A1:9E:D8:5A:2C:0C:FC:4F:50:BE:AD:16:FC:9F:6F:14:65:AD:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqGe2FosDPxPUL6tFvyfbxRlrRE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/2Ak_ZKziVTI4_3cih9eiYO1viHI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/44/e7edff-86da-449f-b89c-d7b2ad01a1d7/1/IqGe2FosDPxPUL6tFvyfbxRlrRE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.137.236.0/22
193.104.197.0/24
217.29.192.0/22
IPv6:
2a04:b1c0::/29
Signature Algorithm: sha256WithRSAEncryption
21:91:50:75:88:06:07:7e:58:cb:71:a7:9b:56:c4:1e:16:78:
9c:b8:b2:76:08:e4:0b:25:1b:45:eb:f0:95:e5:e7:63:a2:20:
0f:67:e8:32:e1:7f:99:44:81:f9:cf:bb:05:69:e6:48:44:57:
54:03:d0:9d:02:9d:d8:18:be:28:2d:d9:8a:b3:ff:27:34:75:
50:d4:80:6f:5d:7e:af:e9:7d:08:68:38:e6:3f:97:df:c3:d1:
43:54:24:14:0d:70:73:ce:31:30:17:05:42:6b:c0:5b:33:0d:
5f:cb:09:63:6c:77:60:46:32:1b:c9:81:43:65:d1:f0:02:47:
fd:d1:c3:ed:66:d7:67:96:46:dc:b2:25:08:3d:57:55:bb:d6:
31:cb:71:6f:96:b1:0e:57:67:45:70:72:3c:1a:29:92:d1:8d:
92:4e:15:ec:47:3e:13:46:7b:1a:20:c4:c6:f1:36:b0:37:43:
2f:56:35:e4:65:00:44:6e:2b:1b:23:8d:57:9f:c3:c6:34:7b:
29:ca:b9:77:27:26:2b:06:2d:47:8c:b7:7e:3f:51:e8:be:a3:
55:c6:ac:3f:99:b5:0b:22:12:5a:ae:9a:17:5c:68:85:0d:97:
eb:f4:c7:bb:62:e8:01:b4:40:15:88:e3:52:b7:08:93:0f:7a:
ca:81:e1:6e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZovQaaU96RmUJLHezkzb0oQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTE5ZWQ4NWEyYzBjZmM0ZjUwYmVhZDE2ZmM5ZjZmMTQ2
NWFkMTEwHhcNMjUxMDI5MDkxNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODA5M2Y2NGFjZTI1NTMyMzhmZjc3MjI4N2Q3YTI2MGVkNmY4ODcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDZljA1FiL0X5aGv+czhvHCGJD54
o0C3H576ln6kIUgCNTPjydq+AjMPcUEcyiMuErit7Iwjb8ylH2KlPVQYCyhafnjS
j4TPubUuFQeWdNAB4YqQEi+I49+zqaWFDo4RS6WWO9+z+PUYKtKejJb0DMX/IFYi
AczecryWrU0Q0ZilhLIhwX5t/HOg0M46qkIKuynrqKXmGpiR6b4fPgQwpZJ/s91a
rYpVwryuwIqgIoG5zox/oRsPUBNe/I7mfWAEo8Yj/fjYDDIv3ZWsq4IbdOAcrI8i
q9ikvkZO86c2cj2e2/MCwvyrDeoppyGyjYTz2bK2UfleABVTNr/y1fatjQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNgJP2Ss4lUyOP93IofXomDtb4hyMB8GA1UdIwQY
MBaAFCKhnthaLAz8T1C+rRb8n28UZa0RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFHZTJGb3NEUHhQVUw2dEZ2eWZieFJsclJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9lN2VkZmYtODZkYS00NDlmLWI4OWMt
ZDdiMmFkMDFhMWQ3LzEvMkFrX1pLemlWVEk0XzNjaWg5ZWlZTzF2aUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9lN2VkZmYtODZkYS00NDlmLWI4OWMtZDdiMmFkMDFhMWQ3
LzEvSXFHZTJGb3NEUHhQVUw2dEZ2eWZieFJsclJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLYnsAwQA
wWjFAwQC2R3AMA0EAgACMAcDBQMqBLHAMA0GCSqGSIb3DQEBCwUAA4IBAQAhkVB1
iAYHfljLcaebVsQeFnicuLJ2COQLJRtF6/CV5edjoiAPZ+gy4X+ZRIH5z7sFaeZI
RFdUA9CdAp3YGL4oLdmKs/8nNHVQ1IBvXX6v6X0IaDjmP5ffw9FDVCQUDXBzzjEw
FwVCa8BbMw1fywljbHdgRjIbyYFDZdHwAkf90cPtZtdnlkbcsiUIPVdVu9Yxy3Fv
lrEOV2dFcHI8GimS0Y2SThXsRz4TRnsaIMTG8TawN0MvVjXkZQBEbisbI41Xn8PG
NHspyrl3JyYrBi1HjLd+P1HovqNVxqw/mbULIhJarpoXXGiFDZfr9Me7YugBtEAV
iONStwiTD3rKgeFu
-----END CERTIFICATE-----
Generated at Wed Nov 5 19:05:56 2025 by rpki-client