Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/kwOAwgiCOUhVNtJRBCQb6ZiqnBQ.roa
File: kwOAwgiCOUhVNtJRBCQb6ZiqnBQ.roa (raw, json)
Hash identifier: atWOmjTzujEHbunSba5esKgGqowchxKn3GSwQ9XKCbA=
Subject key identifier: 93:03:80:C2:08:82:39:48:55:36:D2:51:04:24:1B:E9:98:AA:9C:14
Certificate issuer: /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial: 019A2EF77EF2416950B68D0B2DF4CA8A6685
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/kwOAwgiCOUhVNtJRBCQb6ZiqnBQ.roa
Signing time: Wed 29 Oct 2025 07:56:03 +0000
ROA not before: Wed 29 Oct 2025 07:56:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 37.44.228.0/22 maxlen: 24
45.66.92.0/23 maxlen: 23
165.84.224.0/22 maxlen: 22
165.84.228.0/22 maxlen: 22
192.145.52.0/22 maxlen: 24
192.145.52.0/24 maxlen: 24
194.15.32.0/24 maxlen: 24
194.15.34.0/23 maxlen: 23
194.15.34.0/24 maxlen: 24
194.15.35.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2e:f7:7e:f2:41:69:50:b6:8d:0b:2d:f4:ca:8a:66:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Validity
Not Before: Oct 29 07:56:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=930380c2088239485536d25104241be998aa9c14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:2c:e5:6a:62:06:5f:76:66:4f:16:55:31:31:
a3:a8:6d:8b:63:43:04:bb:22:77:11:e8:2d:98:bb:
0c:4d:57:d6:49:c5:db:c5:8d:5b:c9:63:41:99:e5:
a5:54:85:5a:6c:ad:b9:9c:6f:60:e1:01:0a:da:28:
09:0e:d9:5a:11:80:5a:f9:8a:87:8b:67:53:3e:fc:
fb:52:b4:f7:4d:dc:aa:12:62:06:3b:2c:af:e0:f1:
a6:10:76:68:e7:f6:ec:3a:b4:49:6a:72:59:19:3c:
74:c4:27:fd:54:c4:9d:a1:b8:2b:70:0b:fe:10:81:
84:66:73:85:3c:7c:d6:ce:b1:80:0d:2f:8c:df:e2:
7d:72:02:41:f8:82:73:57:77:59:19:5a:bd:ca:4b:
95:49:1d:82:07:ca:ea:9c:19:34:04:30:e3:a8:41:
24:19:74:ed:9d:f3:38:32:ed:97:3e:fc:98:e2:c6:
ba:f1:f0:67:5a:65:32:7d:29:f4:b7:02:96:ae:0e:
7c:1b:d0:0e:d7:9f:e0:f2:c3:67:9d:ae:05:b0:85:
90:44:f7:00:7e:3a:29:ef:9c:80:5d:cd:d3:b6:89:
3d:fe:11:8a:91:7f:1d:51:8e:93:bf:48:ca:64:44:
3a:c0:52:ab:f6:d9:97:7a:de:5b:f6:33:1d:5f:bf:
28:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:03:80:C2:08:82:39:48:55:36:D2:51:04:24:1B:E9:98:AA:9C:14
X509v3 Authority Key Identifier:
keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/kwOAwgiCOUhVNtJRBCQb6ZiqnBQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.44.228.0/22
45.66.92.0/23
165.84.224.0/21
192.145.52.0/22
194.15.32.0/24
194.15.34.0/23
Signature Algorithm: sha256WithRSAEncryption
71:7a:99:cb:87:84:f5:2d:fd:28:b2:f0:8e:23:16:c7:ae:b3:
f9:c1:2e:4a:51:f3:fc:7d:8b:b9:e0:f0:f1:57:3e:8b:d1:76:
48:90:cf:41:fd:e8:12:59:c2:cf:a3:83:aa:e6:c6:ca:f1:88:
29:75:ed:c6:26:e7:96:44:d9:a7:a5:34:19:ca:aa:04:e3:bc:
ee:14:45:03:fb:44:80:e2:93:e8:87:af:a0:25:6b:c1:89:65:
91:64:04:1c:e9:9b:c3:ea:88:98:88:52:5f:b9:20:90:f5:e5:
e3:86:61:39:a6:11:f9:d5:22:ce:2a:05:6c:03:52:9b:cf:2a:
e7:17:03:82:64:f0:81:95:de:35:72:38:3c:e5:7c:e6:b1:30:
fc:3b:5b:4a:bf:16:48:46:a7:ba:96:e2:58:81:0e:df:3e:65:
82:6b:4c:05:86:8f:73:41:30:b1:d4:88:33:2b:09:01:cc:e2:
fc:91:d9:27:10:3f:0d:a5:5f:80:27:9a:cb:f5:10:f0:22:db:
38:cb:53:06:a3:6e:a5:23:44:69:0b:8b:7c:95:95:ef:b6:f9:
91:d9:c3:c4:ee:e7:f6:8e:34:11:0c:7c:9a:99:61:62:5f:69:
8b:0b:05:b0:a9:fa:28:e6:f7:c4:13:e3:a1:69:06:df:71:48:
b7:1d:8a:8b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZou937yQWlQto0LLfTKimaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUxMDI5MDc1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzAzODBjMjA4ODIzOTQ4NTUzNmQyNTEwNDI0MWJlOTk4YWE5YzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySzlamIGX3ZmTxZVMTGjqG2LY0ME
uyJ3EegtmLsMTVfWScXbxY1byWNBmeWlVIVabK25nG9g4QEK2igJDtlaEYBa+YqH
i2dTPvz7UrT3TdyqEmIGOyyv4PGmEHZo5/bsOrRJanJZGTx0xCf9VMSdobgrcAv+
EIGEZnOFPHzWzrGADS+M3+J9cgJB+IJzV3dZGVq9ykuVSR2CB8rqnBk0BDDjqEEk
GXTtnfM4Mu2XPvyY4sa68fBnWmUyfSn0twKWrg58G9AO15/g8sNnna4FsIWQRPcA
fjop75yAXc3Ttok9/hGKkX8dUY6Tv0jKZEQ6wFKr9tmXet5b9jMdX78ozwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJMDgMIIgjlIVTbSUQQkG+mYqpwUMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEva3dPQXdnaUNPVWhWTnRKUkJDUWI2WmlxbkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCJSzkAwQB
LUJcAwQDpVTgAwQCwJE0AwQAwg8gAwQBwg8iMA0GCSqGSIb3DQEBCwUAA4IBAQBx
epnLh4T1Lf0osvCOIxbHrrP5wS5KUfP8fYu54PDxVz6L0XZIkM9B/egSWcLPo4Oq
5sbK8Ygpde3GJueWRNmnpTQZyqoE47zuFEUD+0SA4pPoh6+gJWvBiWWRZAQc6ZvD
6oiYiFJfuSCQ9eXjhmE5phH51SLOKgVsA1KbzyrnFwOCZPCBld41cjg85XzmsTD8
O1tKvxZIRqe6luJYgQ7fPmWCa0wFho9zQTCx1IgzKwkBzOL8kdknED8NpV+AJ5rL
9RDwIts4y1MGo26lI0RpC4t8lZXvtvmR2cPE7uf2jjQRDHyamWFiX2mLCwWwqfoo
5vfEE+OhaQbfcUi3HYqL
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:13:28 2025 by rpki-client