Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/iv5EUzjVpBdmpaJ1z2SFs7v4hLo.roa
File: iv5EUzjVpBdmpaJ1z2SFs7v4hLo.roa (raw, json)
Hash identifier: NFn/bpexHXEnSGSFgUN3g3qDK6GmqqQ7RS4OsbF+ySY=
Subject key identifier: 8A:FE:44:53:38:D5:A4:17:66:A5:A2:75:CF:64:85:B3:BB:F8:84:BA
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019A489F7DE02173293164D82FE55CB2EE4C
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/iv5EUzjVpBdmpaJ1z2SFs7v4hLo.roa
Signing time: Mon 03 Nov 2025 07:30:03 +0000
ROA not before: Mon 03 Nov 2025 07:30:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48678
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.155.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:48:9f:7d:e0:21:73:29:31:64:d8:2f:e5:5c:b2:ee:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Nov 3 07:30:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8afe445338d5a41766a5a275cf6485b3bbf884ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:c6:4f:91:2a:83:ba:26:2a:b8:e3:6e:5a:27:
f9:4d:c4:c2:e1:b6:75:46:16:43:e6:42:8a:7f:8d:
3b:7b:08:c2:7f:c3:6f:b5:b3:17:f9:80:00:4c:2a:
4b:df:29:a3:40:60:76:09:d4:d2:07:b8:a8:4d:30:
e7:b3:a2:17:32:7b:ec:ed:b0:b1:78:0a:14:9c:1a:
cc:b5:76:61:8c:ef:66:e9:26:0e:10:3b:9e:da:2a:
6b:b6:dd:55:1d:e4:61:17:2f:a6:4b:89:d5:38:b7:
fb:c3:d7:08:b4:c8:b9:98:8b:a3:f7:c1:de:91:3f:
ca:8e:80:26:85:92:36:d8:d2:3c:9e:c5:d0:9d:54:
0e:cb:77:c0:c3:87:8e:60:01:4b:10:b8:05:56:fc:
ef:d7:13:4d:ca:5a:ee:9d:24:0a:fd:f8:03:e9:f5:
63:c1:2b:d6:48:ef:65:cd:9d:24:c8:c1:af:2d:79:
04:63:ca:33:de:d3:8f:85:9c:3d:4a:77:f5:99:6f:
df:93:06:fe:75:00:84:73:b7:49:8c:2d:3f:d3:38:
55:cc:66:e3:43:51:47:f9:03:99:08:19:3b:65:c9:
cc:02:90:78:ed:47:2f:5a:e9:dc:b3:ea:7a:0d:cd:
e8:4b:d8:bd:2c:70:4f:2c:d4:69:9c:f0:f5:f0:30:
40:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:FE:44:53:38:D5:A4:17:66:A5:A2:75:CF:64:85:B3:BB:F8:84:BA
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/iv5EUzjVpBdmpaJ1z2SFs7v4hLo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0/24
109.236.51.0/24
185.254.28.0/23
193.35.152.0/24
193.35.155.0/24
Signature Algorithm: sha256WithRSAEncryption
24:a9:34:95:a6:8c:92:f2:7b:33:b1:1a:c6:76:30:3b:47:ed:
8a:e8:4e:8b:f2:04:8e:7c:92:0b:93:b8:99:f3:27:25:b5:5e:
64:e8:7e:59:90:7c:1f:cf:92:bc:e1:80:f5:af:fa:0d:a6:f8:
6f:b4:9b:66:73:7a:a1:48:e0:0f:60:77:f6:1a:02:03:3f:a9:
bd:73:61:94:89:9d:88:c4:ca:e7:6f:01:19:3d:30:d1:cf:d7:
8c:c3:3b:34:98:22:e6:09:7f:b3:65:21:64:61:9a:ff:0e:f9:
d5:96:16:6d:be:cd:29:95:83:6b:f6:d7:d2:cf:d5:49:d5:6d:
38:73:d9:d3:7b:0d:1b:36:cc:b9:ea:69:be:58:7a:3f:ff:c6:
96:4b:e5:49:dd:0a:c3:ad:63:7a:ea:7a:71:95:c9:d2:83:31:
ce:d3:00:72:c2:1a:36:1d:4f:be:96:ec:63:32:d1:24:29:a4:
1b:57:52:0a:5a:ec:ae:b7:1f:d3:a1:ba:29:90:53:33:64:1d:
af:f3:6b:07:e6:d6:ae:12:9f:3b:7d:7c:c8:8e:d5:8d:db:cd:
c0:41:b2:00:7b:e2:9b:7b:33:22:ae:ec:0b:a8:0a:07:77:4b:
81:97:38:60:7a:01:25:75:00:ec:14:93:54:22:40:3b:49:d8:
3e:9e:bc:63
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZpIn33gIXMpMWTYL+Vcsu5MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUxMTAzMDczMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWZlNDQ1MzM4ZDVhNDE3NjZhNWEyNzVjZjY0ODViM2JiZjg4NGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsZPkSqDuiYquONuWif5TcTC4bZ1
RhZD5kKKf407ewjCf8NvtbMX+YAATCpL3ymjQGB2CdTSB7ioTTDns6IXMnvs7bCx
eAoUnBrMtXZhjO9m6SYOEDue2iprtt1VHeRhFy+mS4nVOLf7w9cItMi5mIuj98He
kT/KjoAmhZI22NI8nsXQnVQOy3fAw4eOYAFLELgFVvzv1xNNylrunSQK/fgD6fVj
wSvWSO9lzZ0kyMGvLXkEY8oz3tOPhZw9Snf1mW/fkwb+dQCEc7dJjC0/0zhVzGbj
Q1FH+QOZCBk7ZcnMApB47UcvWuncs+p6Dc3oS9i9LHBPLNRpnPD18DBA4wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIr+RFM41aQXZqWidc9khbO7+IS6MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvaXY1RVV6alZwQmRtcGFKMXoyU0ZzN3Y0aExvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAbewxAwQA
bewzAwQBuf4cAwQAwSOYAwQAwSObMA0GCSqGSIb3DQEBCwUAA4IBAQAkqTSVpoyS
8nszsRrGdjA7R+2K6E6L8gSOfJILk7iZ8ycltV5k6H5ZkHwfz5K84YD1r/oNpvhv
tJtmc3qhSOAPYHf2GgIDP6m9c2GUiZ2IxMrnbwEZPTDRz9eMwzs0mCLmCX+zZSFk
YZr/DvnVlhZtvs0plYNr9tfSz9VJ1W04c9nTew0bNsy56mm+WHo//8aWS+VJ3QrD
rWN66npxlcnSgzHO0wBywho2HU++luxjMtEkKaQbV1IKWuyutx/TobopkFMzZB2v
82sH5tauEp87fXzIjtWN283AQbIAe+KbezMiruwLqAoHd0uBlzhgegEldQDsFJNU
IkA7Sdg+nrxj
-----END CERTIFICATE-----
Generated at Wed Nov 5 09:34:46 2025 by rpki-client