Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/caa68e-7a9e-4cae-8d2a-e90219bc8ff1/1/mhs3Nz7QjciOX4d86VYjGkjh0E4.roa
File: mhs3Nz7QjciOX4d86VYjGkjh0E4.roa (raw, json)
Hash identifier: 996gZhmkk+3+kH+oeNkCYFvze5tTj0kdaq8k/9bdW1Q=
Subject key identifier: 9A:1B:37:37:3E:D0:8D:C8:8E:5F:87:7C:E9:56:23:1A:48:E1:D0:4E
Certificate issuer: /CN=6eb9a0a73e3ba569381ddda6d6470dc7c873c959
Certificate serial: 019A0139D6311E208A3AEB48CEF6340A1490
Authority key identifier: 6E:B9:A0:A7:3E:3B:A5:69:38:1D:DD:A6:D6:47:0D:C7:C8:73:C9:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/brmgpz47pWk4Hd2m1kcNx8hzyVk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/caa68e-7a9e-4cae-8d2a-e90219bc8ff1/1/mhs3Nz7QjciOX4d86VYjGkjh0E4.roa
Signing time: Mon 20 Oct 2025 10:45:58 +0000
ROA not before: Mon 20 Oct 2025 10:45:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8368
IP address blocks: 31.3.72.0/21 maxlen: 24
80.88.152.0/21 maxlen: 24
80.88.152.0/24 maxlen: 24
94.127.48.0/21 maxlen: 24
109.70.48.0/21 maxlen: 24
185.17.52.0/22 maxlen: 24
185.81.36.0/22 maxlen: 24
193.223.99.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/77/caa68e-7a9e-4cae-8d2a-e90219bc8ff1/1/brmgpz47pWk4Hd2m1kcNx8hzyVk.crl
rsync://rpki.ripe.net/repository/DEFAULT/77/caa68e-7a9e-4cae-8d2a-e90219bc8ff1/1/brmgpz47pWk4Hd2m1kcNx8hzyVk.mft
rsync://rpki.ripe.net/repository/DEFAULT/brmgpz47pWk4Hd2m1kcNx8hzyVk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:01:39:d6:31:1e:20:8a:3a:eb:48:ce:f6:34:0a:14:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6eb9a0a73e3ba569381ddda6d6470dc7c873c959
Validity
Not Before: Oct 20 10:45:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9a1b37373ed08dc88e5f877ce956231a48e1d04e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:db:66:53:3b:bf:fd:5d:b5:1b:74:20:ba:cd:
91:57:bc:0c:77:36:81:9f:85:f5:6f:89:73:a0:4b:
fe:a2:44:82:cb:4f:c8:a2:9b:f1:1a:ca:e7:fd:c5:
1d:79:41:58:af:a6:3f:64:6d:af:40:fe:36:2b:2a:
dd:25:c7:a7:b1:93:06:09:06:0b:db:74:43:70:25:
d7:9a:d4:2c:6a:71:f5:7e:a8:26:36:3b:ee:c9:5a:
41:1d:fd:e1:ee:0a:ec:30:3d:be:ba:75:5d:a0:13:
5d:2f:fb:f3:c7:df:f3:8a:ca:9e:21:e1:70:06:17:
ed:c6:ac:93:69:f2:e1:e8:a1:4d:75:76:3f:24:5b:
07:79:39:3f:7c:34:64:3b:05:73:7d:96:ae:cf:e5:
4f:45:19:73:3e:53:6d:95:f5:87:b8:27:90:a5:cb:
27:f1:f1:11:eb:f0:fa:4f:01:6b:fa:1b:91:6a:3c:
dc:16:bf:b4:21:4f:ed:45:2e:dc:b8:a0:c4:1c:38:
46:4c:d9:ff:6f:9b:4b:4f:f6:d7:6c:fd:da:82:e5:
71:e2:df:c2:56:64:33:a8:31:9d:a2:91:fe:f4:84:
88:b6:ab:8c:35:a0:a9:8b:d3:18:0d:6f:8f:d5:80:
9e:f3:9e:58:aa:72:43:24:da:05:f5:00:82:30:e7:
d8:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:1B:37:37:3E:D0:8D:C8:8E:5F:87:7C:E9:56:23:1A:48:E1:D0:4E
X509v3 Authority Key Identifier:
keyid:6E:B9:A0:A7:3E:3B:A5:69:38:1D:DD:A6:D6:47:0D:C7:C8:73:C9:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/brmgpz47pWk4Hd2m1kcNx8hzyVk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/caa68e-7a9e-4cae-8d2a-e90219bc8ff1/1/mhs3Nz7QjciOX4d86VYjGkjh0E4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/caa68e-7a9e-4cae-8d2a-e90219bc8ff1/1/brmgpz47pWk4Hd2m1kcNx8hzyVk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.3.72.0/21
80.88.152.0/21
94.127.48.0/21
109.70.48.0/21
185.17.52.0/22
185.81.36.0/22
193.223.99.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:53:d4:eb:f2:a5:9d:68:e4:7f:61:ea:04:0d:e3:10:fd:6b:
f4:d5:a1:7c:04:1a:8e:90:6f:98:0a:b2:c6:02:22:c9:bd:83:
e6:64:4a:15:e8:08:cb:04:3f:9e:31:7a:aa:a9:a9:73:e9:d9:
95:89:1e:11:aa:a6:18:a6:a2:fb:80:e5:69:47:e1:68:f4:af:
d6:f6:78:9d:20:1d:b0:40:18:5d:ef:09:b0:49:8b:33:0f:cb:
1c:a3:12:1f:df:91:23:d3:1a:a0:d2:c8:8d:05:db:85:4d:3a:
58:7c:af:be:a3:01:f0:87:66:de:a6:48:c6:e5:57:3e:27:7d:
21:65:7a:4d:95:71:b3:74:d8:3a:cf:00:65:97:e8:6f:91:22:
b5:23:c1:6c:8b:71:0c:40:54:7f:5d:76:0e:58:4a:bc:38:54:
3d:c9:14:76:1d:cb:d5:a7:21:53:d1:0a:61:22:33:71:3f:20:
54:93:85:a0:04:77:2c:1d:5a:2c:67:63:47:39:e9:26:37:ea:
67:cf:7a:77:ff:d9:e1:1b:6f:4e:88:e8:15:02:36:ae:2d:da:
c0:27:f6:99:26:f1:b3:50:71:7d:b8:8e:06:f7:a7:1a:ee:2e:
1a:19:35:5b:f6:9b:11:03:75:f7:c6:0d:bc:33:94:45:0d:d1:
ef:81:54:10
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZoBOdYxHiCKOutIzvY0ChSQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYjlhMGE3M2UzYmE1NjkzODFkZGRhNmQ2NDcwZGM3Yzg3
M2M5NTkwHhcNMjUxMDIwMTA0NTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTFiMzczNzNlZDA4ZGM4OGU1Zjg3N2NlOTU2MjMxYTQ4ZTFkMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNtmUzu//V21G3Qgus2RV7wMdzaB
n4X1b4lzoEv+okSCy0/IopvxGsrn/cUdeUFYr6Y/ZG2vQP42KyrdJcensZMGCQYL
23RDcCXXmtQsanH1fqgmNjvuyVpBHf3h7grsMD2+unVdoBNdL/vzx9/zisqeIeFw
BhftxqyTafLh6KFNdXY/JFsHeTk/fDRkOwVzfZauz+VPRRlzPlNtlfWHuCeQpcsn
8fER6/D6TwFr+huRajzcFr+0IU/tRS7cuKDEHDhGTNn/b5tLT/bXbP3aguVx4t/C
VmQzqDGdopH+9ISItquMNaCpi9MYDW+P1YCe855YqnJDJNoF9QCCMOfYBQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJobNzc+0I3Ijl+HfOlWIxpI4dBOMB8GA1UdIwQY
MBaAFG65oKc+O6VpOB3dptZHDcfIc8lZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnJtZ3B6NDdwV2s0SGQybTFrY054OGh6eVZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9jYWE2OGUtN2E5ZS00Y2FlLThkMmEt
ZTkwMjE5YmM4ZmYxLzEvbWhzM056N1FqY2lPWDRkODZWWWpHa2poMEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9jYWE2OGUtN2E5ZS00Y2FlLThkMmEtZTkwMjE5YmM4ZmYx
LzEvYnJtZ3B6NDdwV2s0SGQybTFrY054OGh6eVZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQDHwNIAwQD
UFiYAwQDXn8wAwQDbUYwAwQCuRE0AwQCuVEkAwQAwd9jMA0GCSqGSIb3DQEBCwUA
A4IBAQBuU9Tr8qWdaOR/YeoEDeMQ/Wv01aF8BBqOkG+YCrLGAiLJvYPmZEoV6AjL
BD+eMXqqqalz6dmViR4RqqYYpqL7gOVpR+Fo9K/W9nidIB2wQBhd7wmwSYszD8sc
oxIf35Ej0xqg0siNBduFTTpYfK++owHwh2bepkjG5Vc+J30hZXpNlXGzdNg6zwBl
l+hvkSK1I8Fsi3EMQFR/XXYOWEq8OFQ9yRR2HcvVpyFT0QphIjNxPyBUk4WgBHcs
HVosZ2NHOekmN+pnz3p3/9nhG29OiOgVAjauLdrAJ/aZJvGzUHF9uI4G96ca7i4a
GTVb9psRA3X3xg28M5RFDdHvgVQQ
-----END CERTIFICATE-----
Generated at Wed Nov 5 19:05:02 2025 by rpki-client