Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/DB0olmJfADaR5fxbiDjK6a-QiaI.roa
File: DB0olmJfADaR5fxbiDjK6a-QiaI.roa (raw, json)
Hash identifier: 6xb4mzn2EqmqqHMZ3s82ysuZqRlbSUY/gT71HTca//k=
Subject key identifier: 0C:1D:28:96:62:5F:00:36:91:E5:FC:5B:88:38:CA:E9:AF:90:89:A2
Certificate issuer: /CN=4f4da09fbbe90fb79f0f08b207f835f0f0da29fe
Certificate serial: 019A49BEF78421150F9159558C397AD85D62
Authority key identifier: 4F:4D:A0:9F:BB:E9:0F:B7:9F:0F:08:B2:07:F8:35:F0:F0:DA:29:FE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T02gn7vpD7efDwiyB_g18PDaKf4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/DB0olmJfADaR5fxbiDjK6a-QiaI.roa
Signing time: Mon 03 Nov 2025 12:44:03 +0000
ROA not before: Mon 03 Nov 2025 12:44:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15576
IP address blocks: 185.75.152.0/22 maxlen: 22
185.75.153.0/24 maxlen: 24
193.104.116.0/24 maxlen: 24
2a03:4ae0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/T02gn7vpD7efDwiyB_g18PDaKf4.crl
rsync://rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/T02gn7vpD7efDwiyB_g18PDaKf4.mft
rsync://rpki.ripe.net/repository/DEFAULT/T02gn7vpD7efDwiyB_g18PDaKf4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:49:be:f7:84:21:15:0f:91:59:55:8c:39:7a:d8:5d:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f4da09fbbe90fb79f0f08b207f835f0f0da29fe
Validity
Not Before: Nov 3 12:44:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0c1d2896625f003691e5fc5b8838cae9af9089a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:d0:58:43:3c:cf:97:96:8f:9a:ff:a2:e4:aa:
40:b6:80:2f:e3:f8:1c:95:8c:47:38:56:cc:a1:fc:
0f:09:de:b6:cc:91:20:1a:f6:74:fc:58:88:71:f8:
ad:8d:06:41:0c:25:1d:ac:83:8d:f9:4c:93:92:31:
09:52:04:82:46:a8:29:6c:db:9d:87:25:45:79:82:
a4:1b:6e:c8:66:1e:51:ad:9e:08:7c:f3:b3:cc:61:
db:ab:fc:3c:2c:8f:d1:27:bf:d5:2a:f9:59:55:1b:
78:ed:6c:d0:90:26:96:3b:34:15:74:4e:6a:dc:3a:
14:b5:03:53:57:2c:6f:40:56:32:61:73:f9:42:e7:
2f:99:b6:81:d7:37:42:db:44:9f:41:a0:f6:b3:f2:
9f:52:ff:d6:89:d2:98:7e:ec:75:9f:91:3f:f9:d3:
d1:bd:f0:a5:61:20:96:7f:2d:37:a3:2a:82:f6:2f:
74:2e:d7:28:7c:d3:0a:bf:68:cf:c7:69:ae:8e:e4:
d8:93:43:5c:e0:8a:54:23:78:75:31:4a:70:90:51:
0d:d3:d3:d7:98:bd:16:08:82:20:f6:d3:2f:f3:99:
ef:e7:08:f2:3c:ba:95:f6:aa:f9:01:ea:07:08:49:
78:f1:29:a1:66:04:a8:e1:5a:7e:a5:1d:b7:1b:80:
46:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:1D:28:96:62:5F:00:36:91:E5:FC:5B:88:38:CA:E9:AF:90:89:A2
X509v3 Authority Key Identifier:
keyid:4F:4D:A0:9F:BB:E9:0F:B7:9F:0F:08:B2:07:F8:35:F0:F0:DA:29:FE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T02gn7vpD7efDwiyB_g18PDaKf4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/DB0olmJfADaR5fxbiDjK6a-QiaI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/66bd3a-5121-490d-8c92-6ea94a961d4c/1/T02gn7vpD7efDwiyB_g18PDaKf4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.75.152.0/22
193.104.116.0/24
IPv6:
2a03:4ae0::/32
Signature Algorithm: sha256WithRSAEncryption
7e:a2:fe:26:eb:b8:2e:55:73:af:6a:4e:87:ed:95:c1:9c:43:
8a:f8:9a:d0:6e:51:fd:31:4d:6c:f7:b2:de:36:ae:53:df:81:
6f:79:d6:b8:09:a3:15:38:c7:0b:4f:4d:c6:15:c4:cf:c8:e6:
42:36:fc:c5:07:59:93:4f:19:bb:62:e7:f7:15:7c:52:a4:50:
bb:df:4e:67:48:8e:b9:d1:d7:ab:05:2e:93:3d:97:9a:05:b0:
c5:80:5a:ef:18:4c:d8:e6:65:2b:70:a4:95:bb:ee:06:a3:4e:
90:6b:4c:22:d4:df:36:f2:ea:b8:a8:ba:f2:dd:28:a8:7e:20:
e3:18:6d:d2:c0:70:e5:56:28:71:a1:d4:58:b7:d7:d0:b2:59:
68:06:75:b5:6e:ca:4e:16:05:e3:55:e4:e9:c9:af:60:82:fd:
a1:ab:30:f4:28:03:d8:30:b5:eb:a8:ea:78:0d:6e:9b:c5:94:
be:11:a5:00:96:cc:09:e5:7c:ea:04:65:9b:c9:40:56:b1:40:
66:29:35:69:df:66:10:b6:b3:6c:29:31:5c:e1:77:24:5d:72:
4e:e3:91:49:74:a5:44:4c:b3:cf:f2:24:ef:b8:45:e9:a2:21:
b7:ae:9a:29:a9:51:98:2d:1a:6f:8a:2c:11:aa:78:ff:ed:d5:
a0:a4:84:34
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZpJvveEIRUPkVlVjDl62F1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNGRhMDlmYmJlOTBmYjc5ZjBmMDhiMjA3ZjgzNWYwZjBk
YTI5ZmUwHhcNMjUxMTAzMTI0NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzFkMjg5NjYyNWYwMDM2OTFlNWZjNWI4ODM4Y2FlOWFmOTA4OWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NBYQzzPl5aPmv+i5KpAtoAv4/gc
lYxHOFbMofwPCd62zJEgGvZ0/FiIcfitjQZBDCUdrION+UyTkjEJUgSCRqgpbNud
hyVFeYKkG27IZh5RrZ4IfPOzzGHbq/w8LI/RJ7/VKvlZVRt47WzQkCaWOzQVdE5q
3DoUtQNTVyxvQFYyYXP5QucvmbaB1zdC20SfQaD2s/KfUv/WidKYfux1n5E/+dPR
vfClYSCWfy03oyqC9i90LtcofNMKv2jPx2mujuTYk0Nc4IpUI3h1MUpwkFEN09PX
mL0WCIIg9tMv85nv5wjyPLqV9qr5AeoHCEl48SmhZgSo4Vp+pR23G4BGOwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAwdKJZiXwA2keX8W4g4yumvkImiMB8GA1UdIwQY
MBaAFE9NoJ+76Q+3nw8Isgf4NfDw2in+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDAyZ243dnBEN2VmRHdpeUJfZzE4UERhS2Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My82NmJkM2EtNTEyMS00OTBkLThjOTIt
NmVhOTRhOTYxZDRjLzEvREIwb2xtSmZBRGFSNWZ4YmlEaks2YS1RaWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My82NmJkM2EtNTEyMS00OTBkLThjOTItNmVhOTRhOTYxZDRj
LzEvVDAyZ243dnBEN2VmRHdpeUJfZzE4UERhS2Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuUuYAwQA
wWh0MA0EAgACMAcDBQAqA0rgMA0GCSqGSIb3DQEBCwUAA4IBAQB+ov4m67guVXOv
ak6H7ZXBnEOK+JrQblH9MU1s97LeNq5T34Fveda4CaMVOMcLT03GFcTPyOZCNvzF
B1mTTxm7Yuf3FXxSpFC7305nSI650derBS6TPZeaBbDFgFrvGEzY5mUrcKSVu+4G
o06Qa0wi1N828uq4qLry3SiofiDjGG3SwHDlVihxodRYt9fQslloBnW1bspOFgXj
VeTpya9ggv2hqzD0KAPYMLXrqOp4DW6bxZS+EaUAlswJ5XzqBGWbyUBWsUBmKTVp
32YQtrNsKTFc4XckXXJO45FJdKVETLPP8iTvuEXpoiG3rpopqVGYLRpviiwRqnj/
7dWgpIQ0
-----END CERTIFICATE-----
Generated at Wed Nov 5 10:41:59 2025 by rpki-client