Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KHoUYW9JU20WHaLoy1ORbXr9-ng.roa
File: KHoUYW9JU20WHaLoy1ORbXr9-ng.roa (raw, json)
Hash identifier: CULMNv2/Xg4Buk1vDUrVv8eEI91MgcaWkJf6G+TEw3c=
Subject key identifier: 28:7A:14:61:6F:49:53:6D:16:1D:A2:E8:CB:53:91:6D:7A:FD:FA:78
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019A2A229F3F82DCA0C7C70D7101D180970B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KHoUYW9JU20WHaLoy1ORbXr9-ng.roa
Signing time: Tue 28 Oct 2025 09:25:03 +0000
ROA not before: Tue 28 Oct 2025 09:25:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20473
IP address blocks: 82.153.80.0/24 maxlen: 24
109.176.244.0/24 maxlen: 24
213.130.156.0/24 maxlen: 24
217.144.156.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2a:22:9f:3f:82:dc:a0:c7:c7:0d:71:01:d1:80:97:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Oct 28 09:25:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=287a14616f49536d161da2e8cb53916d7afdfa78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:32:c9:c9:92:c2:7c:c6:c3:2e:03:a5:fc:b1:
a3:01:90:5e:60:17:91:ab:1f:8a:09:59:de:87:b7:
a7:43:e4:8d:16:63:f7:91:a9:4b:05:7c:73:af:2d:
32:19:36:91:e7:78:56:32:0f:3a:f0:86:b2:86:cb:
1d:cc:8a:e3:c6:1a:f4:39:70:c6:b7:cd:d1:9b:4a:
98:ea:a7:4b:5a:ba:af:ca:bd:5f:c2:2e:5d:c8:ba:
b1:bf:d9:15:00:38:7e:ff:c9:8e:89:88:a0:cb:8b:
ef:54:47:04:eb:03:df:cf:15:c3:dc:9a:bd:62:c0:
1f:5f:53:88:99:4e:da:a2:f2:46:70:ed:13:74:20:
f6:86:6d:cc:8c:bf:e6:1b:17:de:26:43:d8:69:a0:
dd:b3:77:ce:f4:36:ac:48:a9:10:ee:a4:ab:df:19:
42:58:18:8f:5a:3f:2e:25:d9:10:30:b2:71:67:d4:
66:e2:17:d3:6d:ca:91:24:05:6d:df:31:fd:e5:92:
7a:6f:4a:a4:7d:bb:3c:ca:30:e2:be:90:a9:57:9a:
46:5b:04:78:78:d6:48:6f:e6:d4:e6:a0:64:36:48:
5f:07:36:a3:5c:ba:8d:c1:2d:e9:16:10:86:4f:9d:
de:6f:00:9d:e9:44:f1:94:af:c7:a5:a8:81:8d:9e:
94:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:7A:14:61:6F:49:53:6D:16:1D:A2:E8:CB:53:91:6D:7A:FD:FA:78
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KHoUYW9JU20WHaLoy1ORbXr9-ng.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.80.0/24
109.176.244.0/24
213.130.156.0/24
217.144.156.0/24
Signature Algorithm: sha256WithRSAEncryption
23:57:0a:e9:c1:5d:4d:9d:d2:51:60:77:7b:39:d6:0e:70:96:
bb:18:cc:5a:9f:f1:32:43:b2:a5:42:98:d9:f4:80:a2:45:a1:
2e:3b:56:78:7f:19:16:bb:90:34:59:9a:da:8e:a7:ca:04:9c:
97:ae:0f:bb:ef:84:5d:8a:52:2d:17:48:c3:f2:94:73:83:ff:
3c:ee:46:72:68:f3:49:47:d1:2d:da:d2:6a:63:9e:eb:39:72:
59:e7:fb:84:41:4a:2e:51:6a:b4:5c:4d:e6:38:d4:bd:41:87:
5a:30:8f:95:0d:28:ad:dd:d5:12:2e:54:df:b1:3f:07:97:8e:
5b:15:0b:93:78:65:b5:d7:3d:a4:ee:91:47:ab:cd:fd:f6:c4:
b4:64:4f:36:0a:8b:83:3b:cd:97:38:5d:1a:78:c2:8b:bb:81:
32:f8:1b:e9:b5:73:cf:8b:b7:df:49:6c:05:88:15:54:52:91:
49:1c:13:66:3a:95:b6:8c:b7:38:e2:56:6f:29:82:f3:7c:5e:
49:3f:be:25:d9:bc:ec:98:bc:77:6b:9d:84:80:33:fd:48:3a:
a4:99:db:cc:31:68:99:96:36:27:56:62:f7:86:88:fd:b2:32:
85:4b:a3:0a:11:0a:ae:76:06:69:13:af:17:58:98:00:cb:4a:
b1:a0:38:ce
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZoqIp8/gtygx8cNcQHRgJcLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDI4MDkyNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODdhMTQ2MTZmNDk1MzZkMTYxZGEyZThjYjUzOTE2ZDdhZmRmYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTLJyZLCfMbDLgOl/LGjAZBeYBeR
qx+KCVneh7enQ+SNFmP3kalLBXxzry0yGTaR53hWMg868IayhssdzIrjxhr0OXDG
t83Rm0qY6qdLWrqvyr1fwi5dyLqxv9kVADh+/8mOiYigy4vvVEcE6wPfzxXD3Jq9
YsAfX1OImU7aovJGcO0TdCD2hm3MjL/mGxfeJkPYaaDds3fO9DasSKkQ7qSr3xlC
WBiPWj8uJdkQMLJxZ9Rm4hfTbcqRJAVt3zH95ZJ6b0qkfbs8yjDivpCpV5pGWwR4
eNZIb+bU5qBkNkhfBzajXLqNwS3pFhCGT53ebwCd6UTxlK/HpaiBjZ6U5wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCh6FGFvSVNtFh2i6MtTkW16/fp4MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS0hvVVlXOUpVMjBXSGFMb3kxT1JiWHI5LW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUplQAwQA
bbD0AwQA1YKcAwQA2ZCcMA0GCSqGSIb3DQEBCwUAA4IBAQAjVwrpwV1NndJRYHd7
OdYOcJa7GMxan/EyQ7KlQpjZ9ICiRaEuO1Z4fxkWu5A0WZrajqfKBJyXrg+774Rd
ilItF0jD8pRzg/887kZyaPNJR9Et2tJqY57rOXJZ5/uEQUouUWq0XE3mONS9QYda
MI+VDSit3dUSLlTfsT8Hl45bFQuTeGW11z2k7pFHq8399sS0ZE82CouDO82XOF0a
eMKLu4Ey+BvptXPPi7ffSWwFiBVUUpFJHBNmOpW2jLc44lZvKYLzfF5JP74l2bzs
mLx3a52EgDP9SDqkmdvMMWiZljYnVmL3hoj9sjKFS6MKEQqudgZpE68XWJgAy0qx
oDjO
-----END CERTIFICATE-----
Generated at Wed Nov 5 09:34:39 2025 by rpki-client