Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/pnQcYsmQZsm10e61MqOqe9dnIiw.roa
File: pnQcYsmQZsm10e61MqOqe9dnIiw.roa (raw, json)
Hash identifier: cbhwVLoAneccYzQ8so2ih+tfiHpOi7W5EczugxqMHT0=
Subject key identifier: A6:74:1C:62:C9:90:66:C9:B5:D1:EE:B5:32:A3:AA:7B:D7:67:22:2C
Certificate issuer: /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial: 019A35A035B4951939E37791C221A7397233
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/pnQcYsmQZsm10e61MqOqe9dnIiw.roa
Signing time: Thu 30 Oct 2025 14:58:03 +0000
ROA not before: Thu 30 Oct 2025 14:58:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34879
IP address blocks: 195.208.64.0/24 maxlen: 24
195.208.65.0/24 maxlen: 24
195.208.66.0/24 maxlen: 24
195.208.67.0/24 maxlen: 24
195.208.68.0/24 maxlen: 24
195.208.69.0/24 maxlen: 24
195.208.70.0/24 maxlen: 24
195.208.71.0/24 maxlen: 24
195.208.72.0/24 maxlen: 24
195.208.73.0/24 maxlen: 24
195.208.74.0/24 maxlen: 24
195.208.75.0/24 maxlen: 24
195.208.76.0/24 maxlen: 24
195.208.77.0/24 maxlen: 24
195.209.64.0/24 maxlen: 24
195.209.65.0/24 maxlen: 24
195.209.66.0/24 maxlen: 24
195.209.67.0/24 maxlen: 24
195.209.68.0/24 maxlen: 24
195.209.69.0/24 maxlen: 24
195.209.70.0/24 maxlen: 24
195.209.71.0/24 maxlen: 24
195.209.72.0/23 maxlen: 24
195.209.74.0/24 maxlen: 24
195.209.75.0/24 maxlen: 24
195.209.76.0/24 maxlen: 24
195.209.77.0/24 maxlen: 24
195.209.78.0/24 maxlen: 24
195.209.79.0/24 maxlen: 24
195.209.80.0/24 maxlen: 24
195.209.81.0/24 maxlen: 24
195.209.82.0/24 maxlen: 24
195.209.83.0/24 maxlen: 24
195.209.84.0/24 maxlen: 24
195.209.85.0/24 maxlen: 24
195.209.86.0/24 maxlen: 24
195.209.87.0/24 maxlen: 24
195.209.88.0/21 maxlen: 24
195.209.192.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:35:a0:35:b4:95:19:39:e3:77:91:c2:21:a7:39:72:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
Validity
Not Before: Oct 30 14:58:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a6741c62c99066c9b5d1eeb532a3aa7bd767222c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:60:b0:7e:88:ca:80:c5:a2:cb:90:91:7e:3f:
44:48:cf:13:6d:3a:c9:bf:6a:82:ec:ef:46:ae:e2:
8e:72:5a:6f:86:f9:cc:6c:3e:90:2d:75:35:2b:84:
08:d1:14:e1:37:d5:ec:6a:a1:24:82:71:4e:3f:d1:
d8:81:8e:b2:7b:62:d8:06:58:ad:f0:c5:58:a4:12:
d6:51:fb:85:5d:27:18:8b:2b:f4:93:8c:8a:a1:e4:
b5:90:d9:6d:b7:98:fe:74:6b:d8:c4:8d:b4:2e:2c:
27:f4:aa:97:f7:18:24:a2:65:77:18:21:e4:60:91:
42:1b:f2:7e:58:12:98:77:c4:0c:aa:89:de:12:d5:
ad:25:8d:82:35:df:7d:ff:ef:f4:1e:2e:25:e8:6d:
51:ae:19:80:4b:11:41:39:3b:89:53:b4:13:71:84:
2d:6a:b2:d1:6f:55:07:3d:36:20:35:a0:20:5d:ac:
56:55:7b:ac:68:5b:f5:af:d3:3e:bb:1a:4c:a2:67:
99:51:6b:3e:00:da:c2:d4:c1:72:91:7e:2e:1c:78:
ab:45:e5:94:cc:a0:bb:e0:6f:a8:ce:96:60:39:ed:
9c:84:f0:6b:ff:d0:70:26:07:65:04:e0:c8:aa:6a:
40:68:fb:6e:09:31:6e:b7:aa:01:58:c5:f8:14:3d:
a4:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:74:1C:62:C9:90:66:C9:B5:D1:EE:B5:32:A3:AA:7B:D7:67:22:2C
X509v3 Authority Key Identifier:
keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/pnQcYsmQZsm10e61MqOqe9dnIiw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.208.64.0-195.208.77.255
195.209.64.0/19
195.209.192.0/20
Signature Algorithm: sha256WithRSAEncryption
2f:7f:54:66:ba:65:2b:61:ee:e8:22:c4:b8:25:7e:8e:f6:e5:
96:e4:e0:25:61:5b:32:fd:ee:17:f8:af:01:80:be:41:5b:74:
78:4c:0c:ed:8a:d4:af:81:c5:1d:4d:a4:89:32:d8:30:5b:84:
51:e8:d3:02:8d:4d:42:8c:f3:b1:48:a7:31:66:e5:0f:6c:8c:
fa:12:67:5f:6a:d1:e6:ab:cf:ca:49:7c:2e:88:f2:40:47:34:
ff:2f:22:b6:c7:a8:d3:c0:d4:f1:0d:49:60:59:e4:f7:99:f0:
3b:dd:ec:d3:da:9a:18:40:91:5a:2f:02:97:ab:13:ec:78:cc:
7e:a8:cc:e6:25:be:6e:c4:a1:20:d1:6e:53:d9:fd:73:49:59:
87:c6:63:7f:0b:28:03:a0:93:82:ae:60:49:0c:0a:cc:c5:0d:
3b:da:77:8f:47:ac:a2:c2:9a:ac:7c:20:a2:27:eb:e5:cd:6b:
9e:1c:26:12:02:3e:0f:20:f4:e7:b8:a7:81:5f:e4:b3:eb:7a:
cf:d4:51:e3:3c:6c:45:c1:26:4d:2c:48:67:ef:a4:59:16:f3:
8a:df:26:e6:f0:c7:dd:d6:eb:bb:aa:ef:02:cd:31:ae:25:df:
11:85:e5:cc:7b:fc:0f:48:5d:ad:49:4a:c2:da:11:41:74:85:
17:ac:cc:18
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZo1oDW0lRk543eRwiGnOXIzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUxMDMwMTQ1ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjc0MWM2MmM5OTA2NmM5YjVkMWVlYjUzMmEzYWE3YmQ3NjcyMjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmCwfojKgMWiy5CRfj9ESM8TbTrJ
v2qC7O9GruKOclpvhvnMbD6QLXU1K4QI0RThN9XsaqEkgnFOP9HYgY6ye2LYBlit
8MVYpBLWUfuFXScYiyv0k4yKoeS1kNltt5j+dGvYxI20Liwn9KqX9xgkomV3GCHk
YJFCG/J+WBKYd8QMqoneEtWtJY2CNd99/+/0Hi4l6G1RrhmASxFBOTuJU7QTcYQt
arLRb1UHPTYgNaAgXaxWVXusaFv1r9M+uxpMomeZUWs+ANrC1MFykX4uHHirReWU
zKC74G+ozpZgOe2chPBr/9BwJgdlBODIqmpAaPtuCTFut6oBWMX4FD2kPQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKZ0HGLJkGbJtdHutTKjqnvXZyIsMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvcG5RY1lzbVFac20xMGU2MU1xT3FlOWRuSWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAbD0EAD
BAHD0EwDBAXD0UADBATD0cAwDQYJKoZIhvcNAQELBQADggEBAC9/VGa6ZSth7ugi
xLglfo725Zbk4CVhWzL97hf4rwGAvkFbdHhMDO2K1K+BxR1NpIky2DBbhFHo0wKN
TUKM87FIpzFm5Q9sjPoSZ19q0earz8pJfC6I8kBHNP8vIrbHqNPA1PENSWBZ5PeZ
8Dvd7NPamhhAkVovAperE+x4zH6ozOYlvm7EoSDRblPZ/XNJWYfGY38LKAOgk4Ku
YEkMCszFDTvad49HrKLCmqx8IKIn6+XNa54cJhICPg8g9Oe4p4Ff5LPres/UUeM8
bEXBJk0sSGfvpFkW84rfJubwx93W67uq7wLNMa4l3xGF5cx7/A9IXa1JSsLaEUF0
hReszBg=
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:31:59 2025 by rpki-client