Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cHXl0yaktvEqny09FnLgBlVAC-M.roa
File: cHXl0yaktvEqny09FnLgBlVAC-M.roa (raw, json)
Hash identifier: 0eBKG6Lgg8IflnXB00XndcBXyCcO1XbSVY/g4rco9fA=
Subject key identifier: 70:75:E5:D3:26:A4:B6:F1:2A:9F:2D:3D:16:72:E0:06:55:40:0B:E3
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019A492186F5449EBF1DC214822966E4C48F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cHXl0yaktvEqny09FnLgBlVAC-M.roa
Signing time: Mon 03 Nov 2025 09:52:04 +0000
ROA not before: Mon 03 Nov 2025 09:52:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 396356
IP address blocks: 81.5.156.0/24 maxlen: 24
81.168.41.0/24 maxlen: 24
82.152.252.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.137.0/24 maxlen: 24
82.153.139.0/24 maxlen: 24
82.153.140.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.153.240.0/24 maxlen: 24
82.153.249.0/24 maxlen: 24
82.153.250.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:49:21:86:f5:44:9e:bf:1d:c2:14:82:29:66:e4:c4:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Nov 3 09:52:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7075e5d326a4b6f12a9f2d3d1672e00655400be3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:6f:ce:95:7b:0a:24:a3:63:0c:03:83:c6:ce:
26:4e:53:19:d6:ce:3a:b3:f7:45:72:57:81:d3:3a:
97:d4:eb:a5:06:4b:1b:b2:75:39:cd:53:14:ce:e4:
10:e6:cd:fd:e3:0b:0f:50:c0:09:50:76:c3:4d:85:
bc:dd:80:88:82:07:80:c8:da:58:ff:78:98:60:d6:
0c:bf:c5:1d:98:2a:7f:20:4b:79:dd:48:09:11:de:
d7:43:1d:24:27:fe:20:59:5f:35:e5:19:dd:ed:58:
a9:b2:5c:10:6a:07:fa:54:09:16:5f:c4:7f:86:26:
ce:2d:1f:2e:f7:dc:67:13:eb:0f:56:89:b8:ae:4b:
0f:7c:7d:f1:74:32:d1:1b:9d:c7:b4:a0:fb:a2:bf:
f9:bf:a3:99:08:4c:62:6b:ca:42:24:64:0d:1e:54:
ff:3b:ea:63:43:a0:9e:41:00:f7:dd:87:5a:98:94:
84:23:ea:86:13:2b:68:33:92:90:c5:10:ee:c0:75:
9e:c8:55:ca:78:f0:ba:53:99:90:ec:83:e2:a3:b5:
e4:67:5f:a7:16:49:dc:71:39:59:b9:77:63:43:72:
f7:5d:58:b7:2f:46:e4:c4:a6:f9:3f:ad:2a:b3:7a:
12:f6:65:aa:4c:be:32:79:eb:0f:0f:25:02:58:15:
0a:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:75:E5:D3:26:A4:B6:F1:2A:9F:2D:3D:16:72:E0:06:55:40:0B:E3
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cHXl0yaktvEqny09FnLgBlVAC-M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.156.0/24
81.168.41.0/24
82.152.252.0/23
82.152.255.0/24
82.153.137.0/24
82.153.139.0-82.153.140.255
82.153.221.0/24
82.153.223.0/24
82.153.240.0/24
82.153.249.0-82.153.250.255
Signature Algorithm: sha256WithRSAEncryption
44:3f:5f:88:2e:45:20:66:f0:9d:77:30:24:44:bd:60:65:33:
c7:cd:08:a9:c6:9f:e1:b0:67:44:4c:ad:47:ad:b5:20:63:aa:
f9:97:77:cd:75:b3:b2:26:c1:37:8d:87:3d:e1:dd:a0:ae:94:
f4:1e:9e:5a:92:53:56:76:0e:91:c7:1a:9f:e4:a0:c9:ca:8b:
2b:72:0f:96:48:0f:40:23:7c:67:f8:14:3a:0b:e7:c6:92:73:
da:33:2c:e1:dc:d2:b9:dd:8f:86:df:11:62:74:a7:94:06:a3:
9e:86:ec:fe:37:4b:3c:f7:cb:ce:de:26:05:83:72:05:41:59:
cf:3c:ed:48:85:33:fe:6b:ca:1c:2d:f1:6b:c0:3e:2d:ce:ba:
7f:46:8f:8c:32:01:48:5c:48:9b:e5:b7:cc:d1:6c:cf:1d:5e:
7a:71:74:40:1d:4e:db:3b:57:9f:c4:a1:28:14:94:0a:61:c8:
6a:45:a7:b8:11:d0:32:c6:bb:80:7c:7b:7b:87:29:95:b4:33:
9d:f4:9a:5a:d1:9f:ef:10:a5:21:92:91:4c:30:46:28:3c:f1:
e7:71:b6:9a:b0:0c:01:12:27:ee:5b:d8:31:4a:d6:ce:ee:ae:
a4:e8:3f:af:53:14:e2:4c:9c:98:6d:45:3f:d4:a5:c7:6e:b1:
28:0e:8d:99
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZpJIYb1RJ6/HcIUgilm5MSPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMTAzMDk1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDc1ZTVkMzI2YTRiNmYxMmE5ZjJkM2QxNjcyZTAwNjU1NDAwYmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2/OlXsKJKNjDAODxs4mTlMZ1s46
s/dFcleB0zqX1OulBksbsnU5zVMUzuQQ5s394wsPUMAJUHbDTYW83YCIggeAyNpY
/3iYYNYMv8UdmCp/IEt53UgJEd7XQx0kJ/4gWV815Rnd7VipslwQagf6VAkWX8R/
hibOLR8u99xnE+sPVom4rksPfH3xdDLRG53HtKD7or/5v6OZCExia8pCJGQNHlT/
O+pjQ6CeQQD33YdamJSEI+qGEytoM5KQxRDuwHWeyFXKePC6U5mQ7IPio7XkZ1+n
FknccTlZuXdjQ3L3XVi3L0bkxKb5P60qs3oS9mWqTL4yeesPDyUCWBUKWwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFHB15dMmpLbxKp8tPRZy4AZVQAvjMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY0hYbDB5YWt0dkVxbnkwOUZuTGdCbFZBQy1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAUQWcAwQA
UagpAwQBUpj8AwQAUpj/AwQAUpmJMAwDBABSmYsDBABSmYwDBABSmd0DBABSmd8D
BABSmfAwDAMEAFKZ+QMEAFKZ+jANBgkqhkiG9w0BAQsFAAOCAQEARD9fiC5FIGbw
nXcwJES9YGUzx80Iqcaf4bBnREytR621IGOq+Zd3zXWzsibBN42HPeHdoK6U9B6e
WpJTVnYOkccan+SgycqLK3IPlkgPQCN8Z/gUOgvnxpJz2jMs4dzSud2Pht8RYnSn
lAajnobs/jdLPPfLzt4mBYNyBUFZzzztSIUz/mvKHC3xa8A+Lc66f0aPjDIBSFxI
m+W3zNFszx1eenF0QB1O2ztXn8ShKBSUCmHIakWnuBHQMsa7gHx7e4cplbQznfSa
WtGf7xClIZKRTDBGKDzx53G2mrAMARIn7lvYMUrWzu6upOg/r1MU4kycmG1FP9Sl
x26xKA6NmQ==
-----END CERTIFICATE-----
Generated at Tue Nov 4 20:50:19 2025 by rpki-client