Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/o5dtU3rrSK8zpV_cHtLXLTvLjlg.roa
File: o5dtU3rrSK8zpV_cHtLXLTvLjlg.roa (raw, json)
Hash identifier: aPDzywX5EPT+ZosHsOnJVmthmEW1jc2eMnCKJ4XNxoY=
Subject key identifier: A3:97:6D:53:7A:EB:48:AF:33:A5:5F:DC:1E:D2:D7:2D:3B:CB:8E:58
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 019A26C7DAF7A71B20B8A1CDE75701C73216
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/o5dtU3rrSK8zpV_cHtLXLTvLjlg.roa
Signing time: Mon 27 Oct 2025 17:47:03 +0000
ROA not before: Mon 27 Oct 2025 17:47:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30738
IP address blocks: 46.8.96.0/24 maxlen: 24
46.8.100.0/22 maxlen: 24
46.8.112.0/22 maxlen: 24
46.8.118.0/23 maxlen: 24
46.8.120.0/21 maxlen: 24
46.8.194.0/23 maxlen: 24
46.8.198.0/23 maxlen: 24
46.8.202.0/24 maxlen: 24
109.248.16.0/20 maxlen: 24
188.130.182.0/24 maxlen: 24
188.130.224.0/21 maxlen: 24
195.211.52.0/22 maxlen: 24
2001:1468::/32 maxlen: 33
2001:1468:8000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:26:c7:da:f7:a7:1b:20:b8:a1:cd:e7:57:01:c7:32:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Oct 27 17:47:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a3976d537aeb48af33a55fdc1ed2d72d3bcb8e58
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:9c:ae:41:b0:c7:65:51:8a:47:f8:9e:57:44:
c4:25:ab:71:ce:0e:ef:e8:72:fe:83:1c:d5:85:b9:
d4:21:4f:1c:b0:e6:f7:bb:3e:3a:d8:f6:30:d9:7c:
3c:6f:a0:5d:8c:e3:06:e2:da:b7:ad:09:17:94:47:
16:e9:d1:29:a0:1b:6d:e9:34:66:f3:97:af:14:61:
9f:53:89:65:b1:4a:84:2c:91:48:22:ea:ae:8a:4c:
e7:cd:07:85:7c:34:29:1a:fb:e2:42:ec:ec:da:52:
56:c7:45:1c:cd:04:9c:91:72:bf:45:33:90:ca:d3:
10:b5:ee:c8:0f:cb:5b:d2:7e:f4:4d:6d:cd:08:ed:
5a:a3:03:e1:0d:85:c5:3f:3e:52:0d:0a:21:94:cd:
db:97:9b:dd:2d:fd:93:d6:5c:d6:c7:75:ce:50:f6:
f4:a8:9c:01:74:c0:fb:3c:3b:49:79:34:dc:03:fd:
31:87:c5:fe:b3:68:e9:75:70:ef:9f:c3:8f:52:2b:
10:8e:dc:94:ec:6a:3e:5a:3e:d7:c0:a7:d3:2a:da:
a3:c2:f3:7e:84:1d:85:86:ef:8f:5b:1f:f6:06:7b:
08:e6:06:b6:66:9e:ab:f9:f4:c2:d3:16:a6:92:d1:
d1:08:3f:93:be:d9:a9:e2:b0:cf:fc:9a:37:66:3e:
08:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:97:6D:53:7A:EB:48:AF:33:A5:5F:DC:1E:D2:D7:2D:3B:CB:8E:58
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/o5dtU3rrSK8zpV_cHtLXLTvLjlg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.8.96.0/24
46.8.100.0/22
46.8.112.0/22
46.8.118.0-46.8.127.255
46.8.194.0/23
46.8.198.0/23
46.8.202.0/24
109.248.16.0/20
188.130.182.0/24
188.130.224.0/21
195.211.52.0/22
IPv6:
2001:1468::/32
Signature Algorithm: sha256WithRSAEncryption
b3:73:e2:b6:fb:5a:b1:68:b3:3a:7a:82:e5:9b:24:86:4d:be:
30:82:ac:62:20:dc:c7:82:26:86:87:76:46:7c:a5:fa:d9:5f:
3c:f7:91:5b:19:c0:c4:b2:bb:6e:0f:b2:1c:ee:5a:2b:4f:87:
c8:3f:db:94:c5:d8:0e:15:4b:b7:b6:5f:27:dd:7a:df:1b:2a:
4d:49:14:b9:8b:2f:5c:f8:83:b7:1a:c1:ab:09:62:39:e9:56:
b8:ae:25:bd:b8:bd:e3:5e:ab:4c:df:51:4a:be:08:4d:39:28:
4f:bf:2d:43:c3:80:12:ab:88:71:10:d2:07:cb:7d:d5:76:44:
b0:6e:68:2f:1c:63:cf:b3:3f:bc:01:e1:58:6f:e9:74:65:bd:
77:c6:4c:83:f3:8a:20:c7:97:54:c2:e1:88:dd:f2:b9:04:04:
1b:73:3e:c4:c8:d0:ae:9f:5a:95:fd:1a:6c:78:97:6b:bf:7a:
44:d5:9a:01:e3:fd:b9:89:9c:b4:7f:d9:4e:bb:f7:81:5c:58:
79:a2:e0:41:b1:4c:2e:a9:dc:32:c8:40:13:7c:3c:0e:5b:58:
f0:1c:e8:f3:08:de:1d:5b:33:e0:f2:ae:44:51:c5:89:21:24:
61:04:01:ff:fe:e3:8b:5f:22:01:15:16:8f:9d:17:d6:0a:2e:
c6:d8:0a:fc
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZomx9r3pxsguKHN51cBxzIWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUxMDI3MTc0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzk3NmQ1MzdhZWI0OGFmMzNhNTVmZGMxZWQyZDcyZDNiY2I4ZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJyuQbDHZVGKR/ieV0TEJatxzg7v
6HL+gxzVhbnUIU8csOb3uz462PYw2Xw8b6BdjOMG4tq3rQkXlEcW6dEpoBtt6TRm
85evFGGfU4llsUqELJFIIuquikznzQeFfDQpGvviQuzs2lJWx0UczQSckXK/RTOQ
ytMQte7ID8tb0n70TW3NCO1aowPhDYXFPz5SDQohlM3bl5vdLf2T1lzWx3XOUPb0
qJwBdMD7PDtJeTTcA/0xh8X+s2jpdXDvn8OPUisQjtyU7Go+Wj7XwKfTKtqjwvN+
hB2Fhu+PWx/2BnsI5ga2Zp6r+fTC0xamktHRCD+Tvtmp4rDP/Jo3Zj4I6QIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFKOXbVN660ivM6Vf3B7S1y07y45YMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvbzVkdFUzcnJTSzh6cFZfY0h0TFhMVHZMamxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQALghgAwQC
LghkAwQCLghwMAwDBAEuCHYDBAcuCAADBAEuCMIDBAEuCMYDBAAuCMoDBARt+BAD
BAC8grYDBAO8guADBALD0zQwDQQCAAIwBwMFACABFGgwDQYJKoZIhvcNAQELBQAD
ggEBALNz4rb7WrFoszp6guWbJIZNvjCCrGIg3MeCJoaHdkZ8pfrZXzz3kVsZwMSy
u24PshzuWitPh8g/25TF2A4VS7e2Xyfdet8bKk1JFLmLL1z4g7cawasJYjnpVriu
Jb24veNeq0zfUUq+CE05KE+/LUPDgBKriHEQ0gfLfdV2RLBuaC8cY8+zP7wB4Vhv
6XRlvXfGTIPziiDHl1TC4Yjd8rkEBBtzPsTI0K6fWpX9Gmx4l2u/ekTVmgHj/bmJ
nLR/2U6794FcWHmi4EGxTC6p3DLIQBN8PA5bWPAc6PMI3h1bM+DyrkRRxYkhJGEE
Af/+44tfIgEVFo+dF9YKLsbYCvw=
-----END CERTIFICATE-----
Generated at Tue Nov 4 17:32:49 2025 by rpki-client