Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/d2g2nSFvQFGnn9yMLyErUebzFOM.roa
File: d2g2nSFvQFGnn9yMLyErUebzFOM.roa (raw, json)
Hash identifier: DI95M4iGdVXsjEI0P3bmJ1/ixRFNXmqWvsoOnXaAOFI=
Subject key identifier: 77:68:36:9D:21:6F:40:51:A7:9F:DC:8C:2F:21:2B:51:E6:F3:14:E3
Certificate issuer: /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial: 019A295F9C733F8621F4FF46925824D88D1E
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/d2g2nSFvQFGnn9yMLyErUebzFOM.roa
Signing time: Tue 28 Oct 2025 05:52:03 +0000
ROA not before: Tue 28 Oct 2025 05:52:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44889
IP address blocks: 46.38.129.0/24 maxlen: 24
46.38.131.0/24 maxlen: 24
185.24.150.0/24 maxlen: 24
185.29.220.0/24 maxlen: 24
185.29.221.0/24 maxlen: 24
212.16.64.0/19 maxlen: 24
212.16.68.0/24 maxlen: 24
212.16.72.0/24 maxlen: 25
212.16.86.0/23 maxlen: 23
212.16.89.0/24 maxlen: 24
212.80.0.0/19 maxlen: 24
212.80.2.0/24 maxlen: 24
212.80.12.0/24 maxlen: 24
212.80.13.0/24 maxlen: 24
212.80.14.0/24 maxlen: 24
212.80.15.0/24 maxlen: 24
2a00:7d80::/29 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:29:5f:9c:73:3f:86:21:f4:ff:46:92:58:24:d8:8d:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
Validity
Not Before: Oct 28 05:52:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7768369d216f4051a79fdc8c2f212b51e6f314e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:e2:03:2a:d7:bf:21:ce:65:5f:b9:8f:75:cc:
28:ff:b4:a0:d3:58:f0:56:fc:a4:3c:1f:30:0a:81:
90:f0:7a:9a:35:df:f6:48:f7:5d:f7:b3:22:f2:59:
c6:4e:6d:3d:ad:d4:05:c2:b8:b9:65:ce:72:44:af:
a1:89:20:52:03:bf:d3:7e:96:f3:57:cd:05:36:e1:
91:88:f1:25:8a:42:ef:36:3a:68:49:ee:01:06:b2:
bc:0c:86:0a:d5:4d:a5:28:56:f1:cb:d8:96:12:79:
70:49:fc:9d:24:49:34:94:ba:75:22:55:45:12:1d:
79:87:fa:8d:0b:cf:3e:52:06:c8:40:0c:e7:74:f3:
9d:3f:d3:3b:f1:57:a2:36:b8:5b:a4:9e:ea:34:22:
55:da:2d:cd:2f:3d:53:0d:c1:ea:90:d4:50:a3:05:
54:8c:85:e5:e3:57:bc:11:f1:40:a9:f9:df:c6:48:
88:2f:fd:fd:32:0f:24:6a:ee:14:fc:e2:a4:a3:66:
9d:6f:3e:8e:77:c2:10:d8:d0:ab:f4:76:8a:4b:b2:
70:f8:6a:6b:02:c3:c7:33:e8:f6:30:6d:70:f8:73:
1c:ae:48:7d:9e:83:a0:68:cc:26:96:ae:62:06:c5:
e3:b6:16:1c:9a:ed:44:2c:b0:bb:6b:a7:72:46:65:
48:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:68:36:9D:21:6F:40:51:A7:9F:DC:8C:2F:21:2B:51:E6:F3:14:E3
X509v3 Authority Key Identifier:
keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/d2g2nSFvQFGnn9yMLyErUebzFOM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.38.129.0/24
46.38.131.0/24
185.24.150.0/24
185.29.220.0/23
212.16.64.0/19
212.80.0.0/19
IPv6:
2a00:7d80::/29
Signature Algorithm: sha256WithRSAEncryption
3f:bf:16:74:5a:39:84:d9:77:6a:c2:fc:70:b3:7a:68:7e:63:
ab:43:df:f2:54:2d:e7:ff:ac:7e:22:f0:50:ee:f5:42:dd:31:
ad:c5:16:81:96:24:ea:c0:25:92:25:9a:34:e3:7a:a7:4f:54:
de:22:f5:fa:ed:03:68:c1:52:2d:18:4d:cd:6d:fd:ab:1c:19:
f6:70:ca:e7:4f:1c:84:67:71:c3:13:34:1f:64:0d:21:55:80:
f8:5b:58:13:5e:93:e3:d2:d6:09:a6:d9:1c:6d:90:f4:79:81:
05:c7:44:14:5c:3c:d6:3e:0b:11:9f:8f:84:e2:4e:fc:68:63:
94:b1:b6:43:2a:4a:39:57:aa:ac:49:a5:09:1d:03:97:0e:46:
b3:93:27:3d:f6:41:67:5f:3c:5f:e1:eb:78:82:6f:a5:14:fe:
e2:be:38:b6:ff:7e:37:c7:b0:79:82:05:57:33:7f:62:d1:c7:
65:b4:17:49:73:67:1c:04:2b:ed:78:65:1c:55:00:08:d8:33:
9c:cc:af:f5:a2:a5:de:0d:5e:d0:6d:66:64:03:7d:6f:1b:02:
a3:01:fd:a9:93:33:4e:27:54:0a:ad:36:cb:e5:54:0d:c9:6d:
7e:15:26:44:c2:3c:ea:a4:a8:7c:42:83:da:03:c8:b3:1a:99:
8c:84:28:e8
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZopX5xzP4Yh9P9Gklgk2I0eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUxMDI4MDU1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzY4MzY5ZDIxNmY0MDUxYTc5ZmRjOGMyZjIxMmI1MWU2ZjMxNGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeIDKte/Ic5lX7mPdcwo/7Sg01jw
VvykPB8wCoGQ8HqaNd/2SPdd97Mi8lnGTm09rdQFwri5Zc5yRK+hiSBSA7/Tfpbz
V80FNuGRiPElikLvNjpoSe4BBrK8DIYK1U2lKFbxy9iWEnlwSfydJEk0lLp1IlVF
Eh15h/qNC88+UgbIQAzndPOdP9M78VeiNrhbpJ7qNCJV2i3NLz1TDcHqkNRQowVU
jIXl41e8EfFAqfnfxkiIL/39Mg8kau4U/OKko2adbz6Od8IQ2NCr9HaKS7Jw+Gpr
AsPHM+j2MG1w+HMcrkh9noOgaMwmlq5iBsXjthYcmu1ELLC7a6dyRmVIGQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFHdoNp0hb0BRp5/cjC8hK1Hm8xTjMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvZDJnMm5TRnZRRkdubjl5TUx5RXJVZWJ6Rk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQALiaBAwQA
LiaDAwQAuRiWAwQBuR3cAwQF1BBAAwQF1FAAMA0EAgACMAcDBQMqAH2AMA0GCSqG
SIb3DQEBCwUAA4IBAQA/vxZ0WjmE2Xdqwvxws3pofmOrQ9/yVC3n/6x+IvBQ7vVC
3TGtxRaBliTqwCWSJZo043qnT1TeIvX67QNowVItGE3Nbf2rHBn2cMrnTxyEZ3HD
EzQfZA0hVYD4W1gTXpPj0tYJptkcbZD0eYEFx0QUXDzWPgsRn4+E4k78aGOUsbZD
Kko5V6qsSaUJHQOXDkazkyc99kFnXzxf4et4gm+lFP7ivji2/343x7B5ggVXM39i
0cdltBdJc2ccBCvteGUcVQAI2DOczK/1oqXeDV7QbWZkA31vGwKjAf2pkzNOJ1QK
rTbL5VQNyW1+FSZEwjzqpKh8QoPaA8izGpmMhCjo
-----END CERTIFICATE-----
Generated at Tue Nov 4 15:04:20 2025 by rpki-client