Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/gNhY-7xJdUQMRPrX1gO8ZeGI4wU.roa
File: gNhY-7xJdUQMRPrX1gO8ZeGI4wU.roa (raw, json)
Hash identifier: dZtdS8i5eIi4mWSH+iDQCD3utKdV+69DN6KDuyKoQuo=
Subject key identifier: 80:D8:58:FB:BC:49:75:44:0C:44:FA:D7:D6:03:BC:65:E1:88:E3:05
Certificate issuer: /CN=567ac9bf0be91e0a48664ec8b6a6770957a21020
Certificate serial: 019A4645124B451FFFD00FF4CD395FB2BE9D
Authority key identifier: 56:7A:C9:BF:0B:E9:1E:0A:48:66:4E:C8:B6:A6:77:09:57:A2:10:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/gNhY-7xJdUQMRPrX1gO8ZeGI4wU.roa
Signing time: Sun 02 Nov 2025 20:32:02 +0000
ROA not before: Sun 02 Nov 2025 20:32:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58208
IP address blocks: 5.42.152.0/22 maxlen: 24
5.42.153.0/24 maxlen: 24
5.42.156.0/23 maxlen: 24
5.42.159.0/24 maxlen: 24
91.216.120.0/24 maxlen: 24
185.118.68.0/24 maxlen: 24
2a01:45c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.crl
rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.mft
rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:46:45:12:4b:45:1f:ff:d0:0f:f4:cd:39:5f:b2:be:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=567ac9bf0be91e0a48664ec8b6a6770957a21020
Validity
Not Before: Nov 2 20:32:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=80d858fbbc4975440c44fad7d603bc65e188e305
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:51:ed:ca:51:a5:a4:94:48:9a:4e:0e:80:18:
5d:fd:2c:02:33:17:bd:6b:8d:b3:2a:c1:75:11:c4:
04:9a:f1:7b:31:a7:1b:51:24:c1:c5:f6:9d:f8:a5:
4b:8a:65:54:81:f9:58:f6:50:81:cb:0e:b4:0b:59:
4c:89:b3:01:00:bf:1a:e8:3d:5e:94:f3:9f:99:e2:
10:af:79:49:35:4b:e2:0e:cf:9e:66:d9:34:71:9c:
1d:81:d9:e1:2d:4f:17:ed:76:33:35:76:2b:61:ee:
d3:ab:64:e2:27:6a:25:75:6e:46:f5:52:f0:51:4c:
32:22:2d:ac:f7:a4:81:e3:74:a3:40:38:51:c4:fe:
9a:2c:aa:86:d4:c9:9c:a7:85:3f:91:91:d8:c1:65:
a5:d3:9c:fa:d5:67:60:53:02:32:e4:2c:3b:ea:96:
13:5c:e7:44:50:9f:5a:56:be:a1:0a:a7:f9:81:67:
b4:0f:2f:7e:42:6f:6b:cf:15:7c:63:94:b9:cf:02:
3a:6c:c9:5a:c6:74:96:0c:22:5c:41:49:ed:ab:10:
82:33:c1:f5:ba:db:4b:30:32:13:ca:37:01:7f:24:
ca:d8:e3:10:38:ab:b1:ec:af:ba:30:8f:6d:d8:c3:
1b:dd:1e:5b:4a:d3:ce:70:53:95:44:6c:7c:f7:2d:
ca:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:D8:58:FB:BC:49:75:44:0C:44:FA:D7:D6:03:BC:65:E1:88:E3:05
X509v3 Authority Key Identifier:
keyid:56:7A:C9:BF:0B:E9:1E:0A:48:66:4E:C8:B6:A6:77:09:57:A2:10:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/gNhY-7xJdUQMRPrX1gO8ZeGI4wU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.152.0-5.42.157.255
5.42.159.0/24
91.216.120.0/24
185.118.68.0/24
IPv6:
2a01:45c0::/32
Signature Algorithm: sha256WithRSAEncryption
67:af:98:30:b4:1f:6d:cf:e8:6a:3e:34:62:f8:65:3b:55:0f:
22:b0:f3:96:7f:51:48:16:61:2d:df:83:d4:79:f5:1f:19:ae:
5d:b5:70:2a:06:48:f0:dc:db:19:42:47:f2:55:aa:a4:bd:e1:
9a:bb:f1:5c:10:4d:5c:e6:80:cb:19:79:fe:c2:c0:7e:ec:43:
df:23:bf:2d:6b:1f:54:42:ac:8d:95:f3:b2:7f:40:03:56:13:
74:9c:4a:da:c2:da:05:bb:42:76:c3:2c:4e:3c:f4:d3:18:48:
31:5a:0c:9d:eb:08:3a:af:da:21:3f:d0:37:48:ca:74:56:3b:
6a:a7:27:a1:c6:31:af:90:75:8c:e1:79:60:cf:03:c5:cd:08:
2e:f4:17:5c:f1:23:14:82:52:90:3e:52:ba:af:58:92:ba:d2:
92:b6:bc:10:f2:18:46:e9:dd:c5:fa:b9:29:6f:04:36:95:33:
79:36:b0:3e:6b:08:53:1b:15:19:de:d2:d0:cc:2b:57:9d:fe:
d8:39:6a:ac:a8:65:7d:d7:9f:4e:5c:2f:a0:73:5c:44:8e:f7:
e0:ff:c1:79:9a:ef:8f:6e:28:bf:73:f9:f2:64:f7:f7:1d:8b:
60:31:79:b7:8b:6c:e6:8e:36:e6:d9:79:37:40:5f:ab:b9:8d:
ec:c3:f6:29
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZpGRRJLRR//0A/0zTlfsr6dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2N2FjOWJmMGJlOTFlMGE0ODY2NGVjOGI2YTY3NzA5NTdh
MjEwMjAwHhcNMjUxMTAyMjAzMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGQ4NThmYmJjNDk3NTQ0MGM0NGZhZDdkNjAzYmM2NWUxODhlMzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1HtylGlpJRImk4OgBhd/SwCMxe9
a42zKsF1EcQEmvF7MacbUSTBxfad+KVLimVUgflY9lCByw60C1lMibMBAL8a6D1e
lPOfmeIQr3lJNUviDs+eZtk0cZwdgdnhLU8X7XYzNXYrYe7Tq2TiJ2oldW5G9VLw
UUwyIi2s96SB43SjQDhRxP6aLKqG1Mmcp4U/kZHYwWWl05z61WdgUwIy5Cw76pYT
XOdEUJ9aVr6hCqf5gWe0Dy9+Qm9rzxV8Y5S5zwI6bMlaxnSWDCJcQUntqxCCM8H1
uttLMDITyjcBfyTK2OMQOKux7K+6MI9t2MMb3R5bStPOcFOVRGx89y3KWwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFIDYWPu8SXVEDET619YDvGXhiOMFMB8GA1UdIwQY
MBaAFFZ6yb8L6R4KSGZOyLamdwlXohAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5ySnZ3dnBIZ3BJWms3SXRxWjNDVmVpRUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNTFkMDgtODU3NS00YmZiLWFmNmUt
MDE4ODljYzAzZWJhLzEvZ05oWS03eEpkVVFNUlByWDFnTzhaZUdJNHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNTFkMDgtODU3NS00YmZiLWFmNmUtMDE4ODljYzAzZWJh
LzEvVm5ySnZ3dnBIZ3BJWms3SXRxWjNDVmVpRUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBAMFKpgD
BAEFKpwDBAAFKp8DBABb2HgDBAC5dkQwDQQCAAIwBwMFACoBRcAwDQYJKoZIhvcN
AQELBQADggEBAGevmDC0H23P6Go+NGL4ZTtVDyKw85Z/UUgWYS3fg9R59R8Zrl21
cCoGSPDc2xlCR/JVqqS94Zq78VwQTVzmgMsZef7CwH7sQ98jvy1rH1RCrI2V87J/
QANWE3ScStrC2gW7QnbDLE489NMYSDFaDJ3rCDqv2iE/0DdIynRWO2qnJ6HGMa+Q
dYzheWDPA8XNCC70F1zxIxSCUpA+UrqvWJK60pK2vBDyGEbp3cX6uSlvBDaVM3k2
sD5rCFMbFRne0tDMK1ed/tg5aqyoZX3Xn05cL6BzXESO9+D/wXma749uKL9z+fJk
9/cdi2AxebeLbOaONubZeTdAX6u5jezD9ik=
-----END CERTIFICATE-----
Generated at Tue Nov 4 19:59:31 2025 by rpki-client