Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/dsHWjTHeRRGMMM_nmnG47d-gUzA.roa
File: dsHWjTHeRRGMMM_nmnG47d-gUzA.roa (raw, json)
Hash identifier: AOOkudODUzLnnW8+48GjiYqjo1L5I5U+lNPwyVAkVIA=
Subject key identifier: 76:C1:D6:8D:31:DE:45:11:8C:30:CF:E7:9A:71:B8:ED:DF:A0:53:30
Certificate issuer: /CN=9af9d0d4befda09e999eabd0c8724e217364de10
Certificate serial: 019A0BAD1220A3B58719ABD14995FEBD3E16
Authority key identifier: 9A:F9:D0:D4:BE:FD:A0:9E:99:9E:AB:D0:C8:72:4E:21:73:64:DE:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/dsHWjTHeRRGMMM_nmnG47d-gUzA.roa
Signing time: Wed 22 Oct 2025 11:28:03 +0000
ROA not before: Wed 22 Oct 2025 11:28:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208398
IP address blocks: 45.87.132.0/22 maxlen: 22
100.43.64.0/19 maxlen: 19
193.239.228.0/24 maxlen: 24
199.21.96.0/22 maxlen: 22
199.36.240.0/22 maxlen: 22
2a0e:fd80::/32 maxlen: 32
2a0e:fd87::/32 maxlen: 32
2a13:a400::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.mft
rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 08:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0b:ad:12:20:a3:b5:87:19:ab:d1:49:95:fe:bd:3e:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9af9d0d4befda09e999eabd0c8724e217364de10
Validity
Not Before: Oct 22 11:28:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=76c1d68d31de45118c30cfe79a71b8eddfa05330
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:48:7b:4d:63:dc:6e:0a:53:e7:81:ca:50:ec:
ad:6a:92:86:b3:67:03:20:d1:52:0c:8f:dd:88:d6:
13:be:9e:8e:3d:0c:25:f9:e1:44:ad:6d:63:a6:ae:
e4:99:f6:c0:82:c1:2b:5e:60:5e:d7:61:d3:6b:71:
2a:71:c6:b4:41:dc:0c:c2:5a:bd:78:d1:9e:01:17:
60:16:bb:25:96:72:e3:76:c5:71:c7:07:5a:e4:00:
8d:94:36:2c:76:ad:57:86:74:32:82:ea:15:ed:1c:
6f:64:63:04:be:d6:5c:f9:f5:d2:e1:64:6e:91:cc:
64:85:72:03:ea:c8:3f:88:5b:d7:60:52:38:e6:0f:
0d:cf:a0:4d:ef:49:5c:e1:8d:1b:a0:cb:8b:f2:d4:
ea:c9:6e:d1:f8:6f:aa:e8:e4:8d:31:f9:79:c0:23:
83:7d:2d:6d:78:d3:eb:5f:a0:62:00:8d:f6:8a:d3:
bf:ef:a9:bd:eb:d6:4f:2b:58:05:48:ca:63:c4:99:
f8:43:33:3f:43:42:c3:41:2f:b1:62:dc:44:a4:a4:
50:c2:d8:ed:91:13:96:2d:58:d1:3b:24:22:fc:b5:
85:d3:4a:bd:8c:a2:1e:b8:e0:cd:f1:b5:dc:cd:2f:
f5:01:ed:a8:0c:97:6f:75:ae:5a:e7:57:17:31:64:
63:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:C1:D6:8D:31:DE:45:11:8C:30:CF:E7:9A:71:B8:ED:DF:A0:53:30
X509v3 Authority Key Identifier:
keyid:9A:F9:D0:D4:BE:FD:A0:9E:99:9E:AB:D0:C8:72:4E:21:73:64:DE:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/dsHWjTHeRRGMMM_nmnG47d-gUzA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.132.0/22
100.43.64.0/19
193.239.228.0/24
199.21.96.0/22
199.36.240.0/22
IPv6:
2a0e:fd80::/32
2a0e:fd87::/32
2a13:a400::/29
Signature Algorithm: sha256WithRSAEncryption
0d:db:a4:4c:27:e8:e3:79:85:bb:45:1a:13:42:2c:b2:bb:ea:
15:2e:9d:5d:72:db:dc:62:38:51:05:99:b7:7d:15:a2:10:c0:
62:6e:6e:45:7e:19:12:4a:7b:dd:fc:e4:85:b3:b0:b2:e4:c7:
f3:8c:4c:41:b8:1b:37:6b:3f:13:b6:62:08:aa:8c:ca:29:ea:
75:3a:3c:6b:a7:79:c0:6b:4a:41:3a:a4:3e:05:db:1b:9e:81:
31:2e:bb:bf:b2:6c:f9:b6:01:07:93:cc:9f:d8:4c:89:1d:f1:
49:d6:e4:bc:2c:75:62:99:7a:93:54:5b:29:07:3d:41:7b:ad:
e4:ea:14:c9:8b:8c:ec:5d:0d:19:ef:78:5f:0e:af:97:b3:8b:
c1:48:d6:73:08:46:91:58:4c:9a:f6:0a:79:a6:b8:2d:2e:0e:
b5:d2:16:ed:87:a3:20:03:dd:93:6c:b8:5f:de:28:a4:03:f9:
23:0c:6c:7a:77:07:34:67:b5:23:51:32:4c:f6:35:2f:39:10:
ad:f0:51:d8:9c:d1:a4:c6:ad:e5:38:49:fe:4c:62:7c:d7:9f:
3d:71:e7:ee:47:f2:0d:6e:fb:21:81:8d:68:0e:15:aa:e1:98:
35:1b:67:5d:1c:c1:dc:bd:85:52:5d:5e:4d:bb:bc:b1:e4:f8:
1a:db:ea:b6
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZoLrRIgo7WHGavRSZX+vT4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZjlkMGQ0YmVmZGEwOWU5OTllYWJkMGM4NzI0ZTIxNzM2
NGRlMTAwHhcNMjUxMDIyMTEyODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmMxZDY4ZDMxZGU0NTExOGMzMGNmZTc5YTcxYjhlZGRmYTA1MzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEh7TWPcbgpT54HKUOytapKGs2cD
INFSDI/diNYTvp6OPQwl+eFErW1jpq7kmfbAgsErXmBe12HTa3Eqcca0QdwMwlq9
eNGeARdgFrsllnLjdsVxxwda5ACNlDYsdq1XhnQyguoV7RxvZGMEvtZc+fXS4WRu
kcxkhXID6sg/iFvXYFI45g8Nz6BN70lc4Y0boMuL8tTqyW7R+G+q6OSNMfl5wCOD
fS1teNPrX6BiAI32itO/76m969ZPK1gFSMpjxJn4QzM/Q0LDQS+xYtxEpKRQwtjt
kROWLVjROyQi/LWF00q9jKIeuODN8bXczS/1Ae2oDJdvda5a51cXMWRjCwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFHbB1o0x3kURjDDP55pxuO3foFMwMB8GA1UdIwQY
MBaAFJr50NS+/aCemZ6r0MhyTiFzZN4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXZuUTFMNzlvSjZabnF2UXlISk9JWE5rM2hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wMWQ5ZmUtZTE0YS00MGE0LTg0NTgt
MjY3MDFiMTYyZmMzLzEvZHNIV2pUSGVSUkdNTU1fbm1uRzQ3ZC1nVXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wMWQ5ZmUtZTE0YS00MGE0LTg0NTgtMjY3MDFiMTYyZmMz
LzEvbXZuUTFMNzlvSjZabnF2UXlISk9JWE5rM2hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAkBAIAATAeAwQCLVeEAwQF
ZCtAAwQAwe/kAwQCxxVgAwQCxyTwMBsEAgACMBUDBQAqDv2AAwUAKg79hwMFAyoT
pAAwDQYJKoZIhvcNAQELBQADggEBAA3bpEwn6ON5hbtFGhNCLLK76hUunV1y29xi
OFEFmbd9FaIQwGJubkV+GRJKe9385IWzsLLkx/OMTEG4GzdrPxO2YgiqjMop6nU6
PGunecBrSkE6pD4F2xuegTEuu7+ybPm2AQeTzJ/YTIkd8UnW5LwsdWKZepNUWykH
PUF7reTqFMmLjOxdDRnveF8Or5ezi8FI1nMIRpFYTJr2CnmmuC0uDrXSFu2HoyAD
3ZNsuF/eKKQD+SMMbHp3BzRntSNRMkz2NS85EK3wUdic0aTGreU4Sf5MYnzXnz1x
5+5H8g1u+yGBjWgOFarhmDUbZ10cwdy9hVJdXk27vLHk+Brb6rY=
-----END CERTIFICATE-----
Generated at Wed Nov 5 16:01:36 2025 by rpki-client