Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/R4FmsnUoBv32hIQfOsFBIJAcy94.roa
File: R4FmsnUoBv32hIQfOsFBIJAcy94.roa (raw, json)
Hash identifier: 6kCVXpptWnPUtqwzVF9W/MkzfoaZ3BK4usx4hMk/bHI=
Subject key identifier: 47:81:66:B2:75:28:06:FD:F6:84:84:1F:3A:C1:41:20:90:1C:CB:DE
Certificate issuer: /CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Certificate serial: 019A25E6A2322D3E614CFAB8628D5CAB848D
Authority key identifier: 22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/R4FmsnUoBv32hIQfOsFBIJAcy94.roa
Signing time: Mon 27 Oct 2025 13:41:03 +0000
ROA not before: Mon 27 Oct 2025 13:41:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 136787
IP address blocks: 91.236.89.0/24 maxlen: 24
109.166.32.0/24 maxlen: 24
109.166.33.0/24 maxlen: 24
109.166.34.0/24 maxlen: 24
109.166.35.0/24 maxlen: 24
151.248.64.0/24 maxlen: 24
151.248.65.0/24 maxlen: 24
151.248.66.0/24 maxlen: 24
151.248.67.0/24 maxlen: 24
151.248.92.0/24 maxlen: 24
151.248.93.0/24 maxlen: 24
151.248.94.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.mft
rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:25:e6:a2:32:2d:3e:61:4c:fa:b8:62:8d:5c:ab:84:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Validity
Not Before: Oct 27 13:41:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=478166b2752806fdf684841f3ac14120901ccbde
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:17:28:57:75:6c:ac:dd:f9:7b:98:8c:88:4e:
01:05:2b:3e:7f:48:80:ea:41:21:15:a0:6f:09:00:
df:71:97:1f:f9:58:d6:b1:5c:fa:a8:a4:0f:59:54:
3c:c4:13:ad:e2:00:b7:5e:65:25:fc:f5:07:18:75:
71:4f:06:38:7b:0a:d8:ee:d1:23:3a:47:d1:22:49:
50:07:a7:24:4d:11:05:bb:4f:ce:b3:45:ff:25:ec:
eb:db:52:ef:4f:89:a8:9e:58:fe:28:6b:c1:24:ce:
74:a5:c9:48:9b:45:20:9a:5e:4d:7c:5f:de:ec:fe:
63:bb:3e:3d:44:21:29:af:28:f7:15:e9:11:7d:bc:
ed:aa:22:25:91:65:01:2e:f0:60:cd:62:22:47:bc:
9f:2b:9e:ba:52:b2:c6:c8:96:de:38:1b:39:07:37:
20:34:8e:2d:0c:6d:ab:f9:a0:6c:af:53:0d:da:32:
17:ab:f1:4d:5f:0a:e8:d2:94:51:89:8e:8f:67:d4:
04:11:b1:64:6a:64:b0:ed:91:b6:8f:19:a0:0f:9c:
09:38:94:f7:c9:22:d6:79:1a:84:97:97:0d:27:76:
3d:78:5a:aa:dc:f5:5e:f3:cd:c4:c8:52:03:b1:5c:
2b:ed:5d:8e:0f:2d:d1:5c:89:3a:dc:df:70:7e:10:
0b:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:81:66:B2:75:28:06:FD:F6:84:84:1F:3A:C1:41:20:90:1C:CB:DE
X509v3 Authority Key Identifier:
keyid:22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/R4FmsnUoBv32hIQfOsFBIJAcy94.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.236.89.0/24
109.166.32.0/22
151.248.64.0/22
151.248.92.0-151.248.94.255
Signature Algorithm: sha256WithRSAEncryption
7e:a8:7b:83:cd:ea:76:d8:95:ea:8a:ca:a2:25:c9:a6:fa:a2:
5b:72:b2:80:87:b1:f7:cc:25:11:5f:bb:a9:ad:09:1e:26:7a:
c5:d8:43:df:83:5d:17:3b:56:ce:b0:12:6a:c0:2c:9a:e6:e8:
39:fb:ca:de:45:7a:66:eb:66:49:37:df:7c:cc:6a:6c:cb:5e:
6e:6a:16:af:35:e8:df:79:6b:4b:e9:8a:7b:a2:a6:3c:83:c1:
46:7a:bb:42:75:81:6b:6d:65:fd:a1:ec:3e:9f:ac:30:5f:50:
10:ef:64:c2:91:e0:dd:15:b0:59:d9:1e:93:2e:c3:67:dd:1c:
01:30:ca:ce:95:07:dd:3f:da:62:3c:0a:bf:ac:95:eb:34:af:
b2:0c:19:99:85:fc:4d:a9:40:70:01:3b:b0:ac:35:22:64:f0:
3a:3c:25:3a:b1:10:ec:35:6d:d6:af:54:90:ad:57:ff:7c:32:
44:6d:7c:ed:5d:e1:6e:2e:f1:ad:dc:4f:e3:e7:84:53:73:e7:
71:e8:a8:b4:bd:9d:55:e4:ed:11:c6:44:f1:0c:d9:35:f2:47:
66:e3:a1:2f:52:23:d3:da:e8:93:da:1f:64:20:f2:37:f7:1c:
f2:42:a7:1d:72:7a:98:cc:c2:ad:99:f6:62:fc:63:a9:3e:51:
98:66:15:80
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZol5qIyLT5hTPq4Yo1cq4SNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjJjMmU3YmMxZGE1NGQ5MTljYTViNTk0MWQzNzg4OTJi
MmNjYjIwHhcNMjUxMDI3MTM0MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzgxNjZiMjc1MjgwNmZkZjY4NDg0MWYzYWMxNDEyMDkwMWNjYmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhcoV3VsrN35e5iMiE4BBSs+f0iA
6kEhFaBvCQDfcZcf+VjWsVz6qKQPWVQ8xBOt4gC3XmUl/PUHGHVxTwY4ewrY7tEj
OkfRIklQB6ckTREFu0/Os0X/Jezr21LvT4monlj+KGvBJM50pclIm0Ugml5NfF/e
7P5juz49RCEpryj3FekRfbztqiIlkWUBLvBgzWIiR7yfK566UrLGyJbeOBs5Bzcg
NI4tDG2r+aBsr1MN2jIXq/FNXwro0pRRiY6PZ9QEEbFkamSw7ZG2jxmgD5wJOJT3
ySLWeRqEl5cNJ3Y9eFqq3PVe883EyFIDsVwr7V2ODy3RXIk63N9wfhALTwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFEeBZrJ1KAb99oSEHzrBQSCQHMveMB8GA1UdIwQY
MBaAFCLywue8HaVNkZyltZQdN4iSssyyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUt
MDJkZWY2ZTg0YzkxLzEvUjRGbXNuVW9CdjMyaElRZk9zRkJJSkFjeTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUtMDJkZWY2ZTg0Yzkx
LzEvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAW+xZAwQC
baYgAwQCl/hAMAwDBAKX+FwDBACX+F4wDQYJKoZIhvcNAQELBQADggEBAH6oe4PN
6nbYleqKyqIlyab6oltysoCHsffMJRFfu6mtCR4mesXYQ9+DXRc7Vs6wEmrALJrm
6Dn7yt5FembrZkk333zMamzLXm5qFq816N95a0vpinuipjyDwUZ6u0J1gWttZf2h
7D6frDBfUBDvZMKR4N0VsFnZHpMuw2fdHAEwys6VB90/2mI8Cr+sles0r7IMGZmF
/E2pQHABO7CsNSJk8Do8JTqxEOw1bdavVJCtV/98MkRtfO1d4W4u8a3cT+PnhFNz
53HoqLS9nVXk7RHGRPEM2TXyR2bjoS9SI9Pa6JPaH2Qg8jf3HPJCpx1yepjMwq2Z
9mL8Y6k+UZhmFYA=
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:24:53 2025 by rpki-client