Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KIvP3RLPTDgnmU8HFb5gmxSlENg.roa
File: KIvP3RLPTDgnmU8HFb5gmxSlENg.roa (raw, json)
Hash identifier: DLpT9uoPm2OElVJ18iLrHvEFF2poiJxa8S34rZ4OQ30=
Subject key identifier: 28:8B:CF:DD:12:CF:4C:38:27:99:4F:07:15:BE:60:9B:14:A5:10:D8
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019A49218138EC784FB8EC2C4A56F76AA841
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KIvP3RLPTDgnmU8HFb5gmxSlENg.roa
Signing time: Mon 03 Nov 2025 09:52:03 +0000
ROA not before: Mon 03 Nov 2025 09:52:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25369
IP address blocks: 81.168.120.0/24 maxlen: 24
82.152.3.0/24 maxlen: 24
82.152.233.0/24 maxlen: 24
82.153.72.0/24 maxlen: 24
109.176.200.0/24 maxlen: 24
213.130.155.0/24 maxlen: 24
213.218.213.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:49:21:81:38:ec:78:4f:b8:ec:2c:4a:56:f7:6a:a8:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Nov 3 09:52:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=288bcfdd12cf4c3827994f0715be609b14a510d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:50:a6:16:49:cb:89:e9:0b:a2:c4:37:1e:9f:
29:d7:34:a4:8c:0f:fe:f2:c0:99:c7:d1:d2:df:7d:
c6:9d:96:4b:72:00:eb:cc:8e:e9:fc:f0:25:b2:bd:
34:f0:b4:5a:07:96:05:75:15:0c:0a:d4:46:3e:48:
a8:41:4c:17:ac:8d:1e:74:0e:58:e6:e7:ea:0e:b6:
3a:ce:95:ce:92:06:6e:9d:f5:3f:d1:65:68:04:8b:
99:cb:c8:68:1b:aa:83:2f:c1:92:53:fa:fc:40:73:
39:10:c5:15:bb:6a:83:04:bd:28:22:65:bc:90:0a:
46:d3:a3:cf:1d:5a:7c:d7:de:34:c9:43:c6:56:85:
f5:04:20:8e:3d:d7:09:20:29:ca:69:d4:87:3b:1c:
78:cd:d9:04:9d:b8:f9:09:21:a9:8a:b7:45:9a:99:
34:a2:56:66:08:57:fb:7e:49:26:a2:03:3f:a4:11:
10:a4:87:db:30:28:f8:94:8c:b3:79:6d:75:d3:d7:
0a:e0:ff:54:b3:84:7d:2b:af:92:44:6e:92:be:82:
9d:0e:91:cb:2a:e9:f7:a6:72:82:88:2f:8f:4e:14:
fe:30:4b:41:af:31:9d:1f:49:5d:9d:94:80:b7:11:
41:3f:e8:6e:1e:5f:d8:77:62:66:cd:77:5d:77:c5:
76:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:8B:CF:DD:12:CF:4C:38:27:99:4F:07:15:BE:60:9B:14:A5:10:D8
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KIvP3RLPTDgnmU8HFb5gmxSlENg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.120.0/24
82.152.3.0/24
82.152.233.0/24
82.153.72.0/24
109.176.200.0/24
213.130.155.0/24
213.218.213.0/24
Signature Algorithm: sha256WithRSAEncryption
79:d7:1e:8c:2d:74:cc:58:3f:4c:cb:60:e6:63:c3:69:09:ea:
2d:0f:bb:34:e5:22:68:55:0b:0c:db:48:d5:4f:dd:99:88:6f:
74:41:22:f5:97:65:9a:83:31:12:71:87:8f:d8:dc:82:e1:f4:
1d:40:8c:1d:98:1d:51:99:50:26:6a:c1:b4:07:ac:9b:2a:94:
34:64:bf:f8:7f:1c:aa:79:03:72:bd:20:ca:1c:91:23:f1:f7:
ee:17:e7:b9:69:ce:50:1f:25:16:8a:38:77:ac:39:c4:89:94:
e5:b7:0f:da:9d:06:de:d4:61:29:1d:9f:73:3f:a3:4d:dc:8c:
be:46:1c:7c:21:49:37:0e:ac:8e:ee:9c:d1:23:3d:af:c1:77:
01:0c:cd:55:a5:7d:e0:f0:72:d2:ef:cd:92:98:ed:de:27:08:
09:eb:c1:8c:4c:f3:4b:8e:16:ed:c1:5f:0f:38:db:ac:6e:99:
5f:e1:b8:fa:1c:26:a3:3f:51:a6:f6:d5:27:fa:ae:ae:ed:fc:
d3:81:b5:47:b8:a7:37:95:84:ba:1a:35:0c:a9:f0:fa:83:be:
0b:50:7e:77:b1:ee:74:f3:55:73:df:c0:5b:2d:db:ef:03:75:
c0:c9:1a:76:03:bd:57:54:1d:87:92:cb:2d:0a:20:e4:b0:5a:
b9:20:30:c6
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZpJIYE47HhPuOwsSlb3aqhBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMTAzMDk1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODhiY2ZkZDEyY2Y0YzM4Mjc5OTRmMDcxNWJlNjA5YjE0YTUxMGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFCmFknLiekLosQ3Hp8p1zSkjA/+
8sCZx9HS333GnZZLcgDrzI7p/PAlsr008LRaB5YFdRUMCtRGPkioQUwXrI0edA5Y
5ufqDrY6zpXOkgZunfU/0WVoBIuZy8hoG6qDL8GSU/r8QHM5EMUVu2qDBL0oImW8
kApG06PPHVp81940yUPGVoX1BCCOPdcJICnKadSHOxx4zdkEnbj5CSGpirdFmpk0
olZmCFf7fkkmogM/pBEQpIfbMCj4lIyzeW1109cK4P9Us4R9K6+SRG6SvoKdDpHL
Kun3pnKCiC+PThT+MEtBrzGdH0ldnZSAtxFBP+huHl/Yd2JmzXddd8V2lwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCiLz90Sz0w4J5lPBxW+YJsUpRDYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS0l2UDNSTFBURGdubVU4SEZiNWdteFNsRU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAUah4AwQA
UpgDAwQAUpjpAwQAUplIAwQAbbDIAwQA1YKbAwQA1drVMA0GCSqGSIb3DQEBCwUA
A4IBAQB51x6MLXTMWD9My2DmY8NpCeotD7s05SJoVQsM20jVT92ZiG90QSL1l2Wa
gzEScYeP2NyC4fQdQIwdmB1RmVAmasG0B6ybKpQ0ZL/4fxyqeQNyvSDKHJEj8ffu
F+e5ac5QHyUWijh3rDnEiZTltw/anQbe1GEpHZ9zP6NN3Iy+Rhx8IUk3DqyO7pzR
Iz2vwXcBDM1VpX3g8HLS782SmO3eJwgJ68GMTPNLjhbtwV8PONusbplf4bj6HCaj
P1Gm9tUn+q6u7fzTgbVHuKc3lYS6GjUMqfD6g74LUH53se5081Vz38BbLdvvA3XA
yRp2A71XVB2HksstCiDksFq5IDDG
-----END CERTIFICATE-----
Generated at Wed Nov 5 12:30:43 2025 by rpki-client