Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b441ca-e77c-4211-8712-182cd4aac436/1/1-rB8XTQYqpP7MjgG7HR4P6rMeyU.roa
File: 1-rB8XTQYqpP7MjgG7HR4P6rMeyU.roa (raw, json)
Hash identifier: o9F/zfrqIdfUaOEIn5d4Y/Rf/lN8VClY0SnZ+RAIGLc=
Subject key identifier: FA:B0:7C:5D:34:18:AA:93:FB:32:38:06:EC:74:78:3F:AA:CC:7B:25
Certificate issuer: /CN=bf1b489e6d9b8c7d83ca1e727a5984dbe577afbc
Certificate serial: 019A53A9E208A3CBBC57E65B603217AB955C
Authority key identifier: BF:1B:48:9E:6D:9B:8C:7D:83:CA:1E:72:7A:59:84:DB:E5:77:AF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vxtInm2bjH2Dyh5yelmE2-V3r7w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/b441ca-e77c-4211-8712-182cd4aac436/1/1-rB8XTQYqpP7MjgG7HR4P6rMeyU.roa
Signing time: Wed 05 Nov 2025 10:57:13 +0000
ROA not before: Wed 05 Nov 2025 10:57:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47721
IP address blocks: 91.241.55.0/24 maxlen: 24
146.19.74.0/24 maxlen: 24
185.124.84.0/24 maxlen: 24
185.124.85.0/24 maxlen: 24
185.124.86.0/24 maxlen: 24
185.124.87.0/24 maxlen: 24
193.9.51.0/24 maxlen: 24
195.96.145.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/b441ca-e77c-4211-8712-182cd4aac436/1/vxtInm2bjH2Dyh5yelmE2-V3r7w.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/b441ca-e77c-4211-8712-182cd4aac436/1/vxtInm2bjH2Dyh5yelmE2-V3r7w.mft
rsync://rpki.ripe.net/repository/DEFAULT/vxtInm2bjH2Dyh5yelmE2-V3r7w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Nov 2025 07:00:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:53:a9:e2:08:a3:cb:bc:57:e6:5b:60:32:17:ab:95:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf1b489e6d9b8c7d83ca1e727a5984dbe577afbc
Validity
Not Before: Nov 5 10:57:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fab07c5d3418aa93fb323806ec74783faacc7b25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:1f:7c:9a:62:06:b6:4f:d9:4d:a1:2c:75:da:
4f:1f:af:4d:e3:2a:47:fd:19:45:09:eb:e5:c0:1a:
d6:ae:d1:a1:e4:d4:28:18:2b:9a:d5:b1:26:2e:ff:
ce:a1:da:b4:2d:73:46:28:f7:d3:96:4d:97:66:68:
43:63:52:c1:9e:76:ed:3a:cf:e9:0d:f9:fa:a0:6c:
a3:e9:b3:6c:dc:58:04:dc:2f:2e:b0:b1:9a:b7:23:
9f:d4:dc:22:3b:54:b6:12:ec:23:6c:e0:98:35:5e:
33:c9:df:78:7a:2e:34:d9:77:ee:c4:5b:9d:6f:f0:
d9:61:ba:1b:8e:7f:19:e4:63:25:ab:cf:02:b0:15:
21:48:52:4b:7e:b5:e2:c6:5a:79:dd:d8:85:a5:8a:
d3:bd:64:a5:69:1e:97:49:f2:8d:3b:1a:8c:75:e8:
46:ca:e9:93:25:31:16:71:3b:51:b6:50:d7:17:a7:
c1:a2:d2:53:c9:a7:d4:8c:d3:fd:00:2a:95:e1:ba:
5e:30:aa:fd:ae:9a:db:07:c1:5e:5c:5c:dc:f0:d6:
d5:b7:de:d1:b7:96:ad:8c:84:a3:c5:9f:d4:df:cd:
3d:e0:c7:25:5e:6e:a1:a2:b8:04:83:6e:1d:d0:20:
ca:23:2b:20:df:55:83:21:90:d8:22:9e:5a:ff:50:
78:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:B0:7C:5D:34:18:AA:93:FB:32:38:06:EC:74:78:3F:AA:CC:7B:25
X509v3 Authority Key Identifier:
keyid:BF:1B:48:9E:6D:9B:8C:7D:83:CA:1E:72:7A:59:84:DB:E5:77:AF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vxtInm2bjH2Dyh5yelmE2-V3r7w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b441ca-e77c-4211-8712-182cd4aac436/1/1-rB8XTQYqpP7MjgG7HR4P6rMeyU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b441ca-e77c-4211-8712-182cd4aac436/1/vxtInm2bjH2Dyh5yelmE2-V3r7w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.241.55.0/24
146.19.74.0/24
185.124.84.0/22
193.9.51.0/24
195.96.145.0/24
Signature Algorithm: sha256WithRSAEncryption
66:8b:2c:6f:95:1e:5f:0e:31:59:30:52:69:4e:60:81:e0:2f:
62:a5:bf:74:92:64:47:27:a7:b6:99:eb:15:d7:bf:84:2c:ec:
35:8d:56:01:37:32:5b:b8:fc:3b:10:ca:de:b6:40:4f:4a:93:
04:4c:8c:96:b9:0e:fb:39:67:d2:ea:cb:a5:7a:e9:da:8d:11:
ad:e9:27:95:6e:25:7b:8d:b1:49:78:db:e4:49:f9:d0:cc:df:
40:f7:9a:c3:8c:81:77:b6:65:c9:e8:53:a9:6e:71:06:04:65:
4e:2d:11:ab:3e:39:e1:80:6c:c7:b3:1d:9a:9c:3c:55:8b:31:
42:56:10:a5:50:a8:84:e6:26:79:7d:fa:b4:d4:1c:06:2f:4d:
97:d0:3e:39:f7:9a:03:61:9b:61:af:c7:1d:10:89:08:af:21:
ec:d2:02:c0:12:d6:01:83:bd:df:5a:cf:23:e5:d8:e6:92:ef:
e0:82:ed:5a:57:c9:ed:43:bb:f0:28:ad:6a:e0:b8:8b:b3:5c:
13:a7:95:c7:e8:3c:e1:a8:ad:10:d5:1a:6b:f9:66:1f:59:f0:
97:38:bc:df:14:78:b2:c5:62:e9:cd:21:d2:77:4d:6a:48:43:
2a:5a:d9:67:51:db:de:f1:a6:2b:41:79:1d:79:83:c0:90:b1:
ab:5f:59:f9
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpTqeIIo8u8V+ZbYDIXq5VcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWI0ODllNmQ5YjhjN2Q4M2NhMWU3MjdhNTk4NGRiZTU3
N2FmYmMwHhcNMjUxMTA1MTA1NzEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWIwN2M1ZDM0MThhYTkzZmIzMjM4MDZlYzc0NzgzZmFhY2M3YjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzx98mmIGtk/ZTaEsddpPH69N4ypH
/RlFCevlwBrWrtGh5NQoGCua1bEmLv/Oodq0LXNGKPfTlk2XZmhDY1LBnnbtOs/p
Dfn6oGyj6bNs3FgE3C8usLGatyOf1NwiO1S2EuwjbOCYNV4zyd94ei402XfuxFud
b/DZYbobjn8Z5GMlq88CsBUhSFJLfrXixlp53diFpYrTvWSlaR6XSfKNOxqMdehG
yumTJTEWcTtRtlDXF6fBotJTyafUjNP9ACqV4bpeMKr9rprbB8FeXFzc8NbVt97R
t5atjISjxZ/U38094MclXm6horgEg24d0CDKIysg31WDIZDYIp5a/1B4ewIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPqwfF00GKqT+zI4Bux0eD+qzHslMB8GA1UdIwQY
MBaAFL8bSJ5tm4x9g8oecnpZhNvld6+8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnh0SW5tMmJqSDJEeWg1eWVsbUUyLVYzcjd3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iNDQxY2EtZTc3Yy00MjExLTg3MTIt
MTgyY2Q0YWFjNDM2LzEvMS1yQjhYVFFZcXBQN01qZ0c3SFI0UDZyTWV5VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjYvYjQ0MWNhLWU3N2MtNDIxMS04NzEyLTE4MmNkNGFhYzQz
Ni8xL3Z4dElubTJiakgyRHloNXllbG1FMi1WM3I3dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA3BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAFvxNwME
AJITSgMEArl8VAMEAMEJMwMEAMNgkTANBgkqhkiG9w0BAQsFAAOCAQEAZossb5Ue
Xw4xWTBSaU5ggeAvYqW/dJJkRyentpnrFde/hCzsNY1WATcyW7j8OxDK3rZAT0qT
BEyMlrkO+zln0urLpXrp2o0RreknlW4le42xSXjb5En50MzfQPeaw4yBd7ZlyehT
qW5xBgRlTi0Rqz454YBsx7Mdmpw8VYsxQlYQpVCohOYmeX36tNQcBi9Nl9A+Ofea
A2GbYa/HHRCJCK8h7NICwBLWAYO931rPI+XY5pLv4ILtWlfJ7UO78CitauC4i7Nc
E6eVx+g84aitENUaa/lmH1nwlzi83xR4ssVi6c0h0ndNakhDKlrZZ1Hb3vGmK0F5
HXmDwJCxq19Z+Q==
-----END CERTIFICATE-----
Generated at Fri Nov 7 16:50:20 2025 by rpki-client