Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/THPD3lLlzzkH5l5DVBqn5cQNl4c.roa
File: THPD3lLlzzkH5l5DVBqn5cQNl4c.roa (raw, json)
Hash identifier: W6o5VtDA7e3IOmToR2Oe/vjaLEcOszTcqtHIrTkcnAo=
Subject key identifier: 4C:73:C3:DE:52:E5:CF:39:07:E6:5E:43:54:1A:A7:E5:C4:0D:97:87
Certificate issuer: /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial: 019A4DCF00A7FB286AC413BD224E5C756604
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/THPD3lLlzzkH5l5DVBqn5cQNl4c.roa
Signing time: Tue 04 Nov 2025 07:40:03 +0000
ROA not before: Tue 04 Nov 2025 07:40:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 61317
IP address blocks: 45.139.30.0/24 maxlen: 24
45.141.185.0/24 maxlen: 24
45.141.196.0/24 maxlen: 24
85.209.105.0/24 maxlen: 24
85.209.106.0/24 maxlen: 24
85.209.107.0/24 maxlen: 24
109.196.175.0/24 maxlen: 24
195.2.248.0/24 maxlen: 24
213.139.228.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4d:cf:00:a7:fb:28:6a:c4:13:bd:22:4e:5c:75:66:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Validity
Not Before: Nov 4 07:40:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4c73c3de52e5cf3907e65e43541aa7e5c40d9787
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:62:34:8c:d6:00:7b:23:fa:c5:a0:00:3f:b9:
d0:48:c2:71:33:b3:12:02:6d:d0:d9:62:65:dc:65:
63:5a:41:f0:f0:7d:6c:10:90:d9:ad:3f:59:95:d5:
5a:07:ba:2b:b6:3e:72:b3:51:79:96:3b:bc:ff:7e:
b6:5a:1f:21:61:72:e5:77:8c:f9:fd:08:b8:bb:00:
91:a3:58:dc:5b:3c:4a:1f:73:b7:40:3b:45:0e:b1:
24:44:ca:33:06:37:ae:cb:35:32:03:a8:86:3a:10:
7f:31:ec:4c:b0:fe:94:6b:a4:6b:4f:53:f9:c4:09:
61:fc:3b:9b:30:60:e7:03:7c:8e:87:19:7b:b8:f9:
e1:58:61:44:eb:56:b8:0d:e6:ae:78:82:98:a4:f4:
21:e3:17:0d:d7:84:2d:46:fd:f3:56:56:df:f1:c6:
a2:c9:bf:cf:1a:a7:6c:3a:c2:13:10:e6:4c:37:ed:
e1:38:ab:ba:0a:fb:28:1b:14:13:b2:59:08:d3:11:
81:0e:a7:95:5e:eb:7c:77:2f:38:92:bf:d3:1a:86:
b1:68:59:0c:d1:9a:23:70:c6:ce:a5:4f:03:81:23:
22:34:7e:02:17:f2:dc:37:08:25:e8:59:1a:8b:33:
0e:d3:14:96:d8:76:8d:a7:08:0d:75:2c:65:27:8b:
0b:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:73:C3:DE:52:E5:CF:39:07:E6:5E:43:54:1A:A7:E5:C4:0D:97:87
X509v3 Authority Key Identifier:
keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/THPD3lLlzzkH5l5DVBqn5cQNl4c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.139.30.0/24
45.141.185.0/24
45.141.196.0/24
85.209.105.0-85.209.107.255
109.196.175.0/24
195.2.248.0/24
213.139.228.0/24
Signature Algorithm: sha256WithRSAEncryption
59:76:4f:d2:c9:37:ae:d1:f8:4b:f9:3d:62:6a:ca:b8:6b:60:
ab:a8:d8:88:48:18:02:73:f6:91:30:84:5a:ea:44:d9:ba:81:
1a:60:72:4a:02:3f:0c:8b:f4:29:5d:f0:90:15:80:4f:24:c4:
bb:fc:36:b8:c9:d3:b1:59:e6:45:16:7c:f1:5e:d2:5d:6e:dc:
66:71:a2:c9:77:cc:0f:24:f8:98:f0:e2:ca:cd:74:c4:c3:48:
b4:91:8e:5a:a4:6f:81:b4:64:da:61:43:bf:63:b3:4a:47:18:
93:f1:56:f4:55:86:02:cc:71:f4:f4:32:4b:a6:b8:18:7b:20:
b0:75:c6:b9:d8:55:46:e7:5b:fd:8b:3a:f2:1c:52:05:ec:9d:
00:a0:9a:64:85:03:16:5b:91:2b:31:90:f1:d4:87:2e:89:f6:
b8:60:cb:09:fc:fd:78:02:1e:8a:88:7c:17:81:94:07:f8:2e:
73:c9:bb:6a:4f:75:35:75:0b:80:31:54:c3:df:dc:4c:0b:ca:
ec:24:52:68:f8:68:19:76:19:2e:cc:4d:52:53:ca:cf:f3:1e:
61:02:14:b8:f2:0f:b8:a1:b0:8c:67:5d:a2:37:fa:57:df:c8:
9c:52:66:6f:ae:d5:45:bd:d7:01:7f:2d:2e:da:64:52:c9:1a:
15:16:e9:93
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZpNzwCn+yhqxBO9Ik5cdWYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjUxMTA0MDc0MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzczYzNkZTUyZTVjZjM5MDdlNjVlNDM1NDFhYTdlNWM0MGQ5Nzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA82I0jNYAeyP6xaAAP7nQSMJxM7MS
Am3Q2WJl3GVjWkHw8H1sEJDZrT9ZldVaB7ortj5ys1F5lju8/362Wh8hYXLld4z5
/Qi4uwCRo1jcWzxKH3O3QDtFDrEkRMozBjeuyzUyA6iGOhB/MexMsP6Ua6RrT1P5
xAlh/DubMGDnA3yOhxl7uPnhWGFE61a4DeaueIKYpPQh4xcN14QtRv3zVlbf8cai
yb/PGqdsOsITEOZMN+3hOKu6CvsoGxQTslkI0xGBDqeVXut8dy84kr/TGoaxaFkM
0ZojcMbOpU8DgSMiNH4CF/LcNwgl6FkaizMO0xSW2HaNpwgNdSxlJ4sL4QIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFExzw95S5c85B+ZeQ1Qap+XEDZeHMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvVEhQRDNsTGx6emtINWw1RFZCcW41Y1FObDRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALYseAwQA
LY25AwQALY3EMAwDBABV0WkDBAJV0WgDBABtxK8DBADDAvgDBADVi+QwDQYJKoZI
hvcNAQELBQADggEBAFl2T9LJN67R+Ev5PWJqyrhrYKuo2IhIGAJz9pEwhFrqRNm6
gRpgckoCPwyL9Cld8JAVgE8kxLv8NrjJ07FZ5kUWfPFe0l1u3GZxosl3zA8k+Jjw
4srNdMTDSLSRjlqkb4G0ZNphQ79js0pHGJPxVvRVhgLMcfT0MkumuBh7ILB1xrnY
VUbnW/2LOvIcUgXsnQCgmmSFAxZbkSsxkPHUhy6J9rhgywn8/XgCHoqIfBeBlAf4
LnPJu2pPdTV1C4AxVMPf3EwLyuwkUmj4aBl2GS7MTVJTys/zHmECFLjyD7ihsIxn
XaI3+lffyJxSZm+u1UW91wF/LS7aZFLJGhUW6ZM=
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:24:45 2025 by rpki-client