Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/CStL8iSjdEFU3iEnaPTRCZ1zjeM.roa
File: CStL8iSjdEFU3iEnaPTRCZ1zjeM.roa (raw, json)
Hash identifier: 00JgC0sSu/qPgUkD2huvLVVq++ZTOBn8u911fCHk+AU=
Subject key identifier: 09:2B:4B:F2:24:A3:74:41:54:DE:21:27:68:F4:D1:09:9D:73:8D:E3
Certificate issuer: /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial: 019A39EA16A7A8529680C0A8982AFD07F841
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/CStL8iSjdEFU3iEnaPTRCZ1zjeM.roa
Signing time: Fri 31 Oct 2025 10:57:13 +0000
ROA not before: Fri 31 Oct 2025 10:57:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199653
IP address blocks: 89.36.212.0/22 maxlen: 24
89.38.148.0/22 maxlen: 24
89.40.112.0/22 maxlen: 24
94.177.232.0/21 maxlen: 24
94.177.240.0/22 maxlen: 24
185.35.64.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.mft
rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 13:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:39:ea:16:a7:a8:52:96:80:c0:a8:98:2a:fd:07:f8:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Validity
Not Before: Oct 31 10:57:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=092b4bf224a3744154de212768f4d1099d738de3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:ce:de:70:b1:e1:d2:00:34:67:17:e7:f6:9d:
39:c0:60:d4:f4:5f:80:94:1a:ab:7a:09:d7:8e:76:
13:fb:e1:3c:8a:57:d3:c7:66:1e:18:a6:b7:53:99:
16:2b:7d:cd:fb:91:c6:31:8f:7f:03:4b:18:0e:ca:
3c:77:f8:d0:c1:55:0c:51:ca:bb:8f:55:4e:6b:e6:
bb:72:16:00:68:14:46:ff:15:cd:9b:3a:81:41:64:
0f:e3:87:27:4a:9e:3d:30:d3:a8:fe:10:0e:c5:15:
11:35:11:a5:07:1e:f9:93:9a:6d:04:e7:25:fa:80:
58:f3:f5:c9:bd:12:91:15:3e:18:3b:36:73:f5:0b:
82:86:fa:e5:3d:b7:53:16:18:00:66:25:ad:cc:92:
6a:94:02:36:03:77:73:21:bd:03:e8:74:c0:7e:5d:
20:27:6f:f0:51:c9:bb:23:69:60:5a:39:0f:13:79:
6c:46:82:86:21:64:49:f7:02:35:ad:0c:fc:22:91:
a5:37:de:1e:25:b0:5f:05:da:49:b0:08:28:86:32:
b3:bb:3b:37:87:e1:b3:7e:e4:68:f6:42:ff:73:ec:
46:25:4d:88:5c:de:35:12:1b:c6:f3:f1:eb:8d:8a:
f4:41:84:54:96:48:62:c2:06:22:27:76:3c:d2:03:
1b:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:2B:4B:F2:24:A3:74:41:54:DE:21:27:68:F4:D1:09:9D:73:8D:E3
X509v3 Authority Key Identifier:
keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/CStL8iSjdEFU3iEnaPTRCZ1zjeM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.36.212.0/22
89.38.148.0/22
89.40.112.0/22
94.177.232.0-94.177.243.255
185.35.64.0/22
Signature Algorithm: sha256WithRSAEncryption
a3:f2:6f:3e:34:11:85:98:d9:b8:99:b9:8d:bf:32:e8:5e:eb:
02:9b:cb:d1:88:9a:d0:80:ba:fc:29:28:b7:dd:bb:b2:ce:82:
70:85:86:9f:a7:d8:77:35:f4:29:94:9f:47:15:37:e4:72:67:
75:bb:1d:8f:38:40:6c:7e:c9:b6:2e:37:6f:8b:7b:67:45:b0:
ec:c9:73:f9:a6:c0:fb:79:2f:eb:ba:18:6b:6a:31:18:a2:67:
09:d6:8a:6f:03:19:93:c0:50:8e:b0:63:86:95:5b:f2:8e:04:
a7:d5:4e:68:b0:9b:fa:40:7a:9c:41:ec:2f:1a:2b:06:85:08:
b7:5b:91:25:55:a9:4a:22:6b:c0:5a:e1:97:c8:d5:59:67:f2:
d6:de:26:b6:2f:aa:99:07:1f:07:1c:93:fd:87:fa:be:c0:fc:
ce:40:e8:7a:0d:25:99:b5:01:f1:18:94:0d:94:42:40:1e:88:
b8:e2:70:10:3a:c2:86:41:f4:45:19:e2:48:16:21:18:95:63:
6d:e3:a8:08:0e:c2:bd:0c:04:ec:03:af:d6:6e:ef:18:a6:e4:
49:76:cf:c7:e1:04:b8:c3:34:d0:8c:e5:33:a2:29:ef:fb:a7:
14:33:12:8d:77:59:69:54:76:5b:b5:82:45:ef:42:ef:d5:69:
e0:98:03:46
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZo56hanqFKWgMComCr9B/hBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjUxMDMxMTA1NzEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTJiNGJmMjI0YTM3NDQxNTRkZTIxMjc2OGY0ZDEwOTlkNzM4ZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqM7ecLHh0gA0Zxfn9p05wGDU9F+A
lBqregnXjnYT++E8ilfTx2YeGKa3U5kWK33N+5HGMY9/A0sYDso8d/jQwVUMUcq7
j1VOa+a7chYAaBRG/xXNmzqBQWQP44cnSp49MNOo/hAOxRURNRGlBx75k5ptBOcl
+oBY8/XJvRKRFT4YOzZz9QuChvrlPbdTFhgAZiWtzJJqlAI2A3dzIb0D6HTAfl0g
J2/wUcm7I2lgWjkPE3lsRoKGIWRJ9wI1rQz8IpGlN94eJbBfBdpJsAgohjKzuzs3
h+GzfuRo9kL/c+xGJU2IXN41EhvG8/HrjYr0QYRUlkhiwgYiJ3Y80gMb+wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFAkrS/Iko3RBVN4hJ2j00Qmdc43jMB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvQ1N0TDhpU2pkRUZVM2lFbmFQVFJDWjF6amVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCWSTUAwQC
WSaUAwQCWShwMAwDBANesegDBAJesfADBAK5I0AwDQYJKoZIhvcNAQELBQADggEB
AKPybz40EYWY2biZuY2/Muhe6wKby9GImtCAuvwpKLfdu7LOgnCFhp+n2Hc19CmU
n0cVN+RyZ3W7HY84QGx+ybYuN2+Le2dFsOzJc/mmwPt5L+u6GGtqMRiiZwnWim8D
GZPAUI6wY4aVW/KOBKfVTmiwm/pAepxB7C8aKwaFCLdbkSVVqUoia8Ba4ZfI1Vln
8tbeJrYvqpkHHwcck/2H+r7A/M5A6HoNJZm1AfEYlA2UQkAeiLjicBA6woZB9EUZ
4kgWIRiVY23jqAgOwr0MBOwDr9Zu7xim5El2z8fhBLjDNNCM5TOiKe/7pxQzEo13
WWlUdlu1gkXvQu/VaeCYA0Y=
-----END CERTIFICATE-----
Generated at Tue Nov 4 20:50:13 2025 by rpki-client