Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/fpKUqxxKUPc_O5n9wxHsQg8T_FY.roa
File: fpKUqxxKUPc_O5n9wxHsQg8T_FY.roa (raw, json)
Hash identifier: OrgW5t1N1aQKAHTjeWlGlcEAJmvI2Q1WBkLpeJc3hPs=
Subject key identifier: 7E:92:94:AB:1C:4A:50:F7:3F:3B:99:FD:C3:11:EC:42:0F:13:FC:56
Certificate issuer: /CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
Certificate serial: 019A4D25A1EEEB1D62F1D15B0A1969C67E49
Authority key identifier: 4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/fpKUqxxKUPc_O5n9wxHsQg8T_FY.roa
Signing time: Tue 04 Nov 2025 04:35:03 +0000
ROA not before: Tue 04 Nov 2025 04:35:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198102
IP address blocks: 5.133.48.0/22 maxlen: 22
78.111.224.0/20 maxlen: 24
86.105.236.0/22 maxlen: 24
89.35.168.0/22 maxlen: 24
89.45.212.0/22 maxlen: 24
91.231.62.0/24 maxlen: 24
128.65.200.0/21 maxlen: 21
134.255.164.0/22 maxlen: 24
134.255.168.0/22 maxlen: 24
185.11.224.0/22 maxlen: 24
185.85.192.0/22 maxlen: 22
195.28.8.0/23 maxlen: 24
195.210.40.0/23 maxlen: 24
195.225.40.0/23 maxlen: 24
195.238.80.0/23 maxlen: 24
213.225.240.0/20 maxlen: 24
2a00:4060::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.mft
rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4d:25:a1:ee:eb:1d:62:f1:d1:5b:0a:19:69:c6:7e:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
Validity
Not Before: Nov 4 04:35:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7e9294ab1c4a50f73f3b99fdc311ec420f13fc56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:04:f7:81:a3:18:66:a5:c1:d7:6d:80:bf:2b:
fd:13:ff:03:3f:15:08:8d:ea:3a:8e:a0:4a:5c:5b:
69:b1:60:16:70:8f:5a:cb:bf:c7:27:50:2f:53:ae:
f6:8f:a7:4e:f9:bf:cb:03:8e:5c:13:58:98:27:3f:
2d:f9:0f:c7:da:9f:f7:2d:05:ac:38:b5:a5:a4:b8:
bf:79:53:fa:7d:7d:4b:41:20:dc:f1:de:b4:cb:a2:
51:ab:a7:11:55:74:a5:34:62:33:83:26:1e:ec:3e:
04:65:b6:12:bd:d8:5f:7f:b8:9d:6d:9a:18:f2:b9:
67:73:04:34:12:5b:40:29:5b:e3:d2:a1:a3:79:06:
ad:23:4b:63:1e:e3:82:e0:ef:20:e6:9d:de:9b:59:
70:0d:1c:99:10:e7:7a:10:59:23:9b:2d:d3:7e:8c:
29:d5:e3:6e:76:a4:2d:94:c0:12:e4:f0:7f:b2:2a:
af:c3:67:73:c3:11:0e:ab:98:67:7b:7c:de:ae:1a:
d1:69:32:48:89:96:0c:da:5c:45:7d:ee:8a:1e:17:
39:11:41:0f:7c:1a:24:63:bb:59:d4:77:13:87:ef:
c7:4d:9a:72:cd:bd:d3:3c:b9:1a:a3:12:7b:f5:fa:
09:a3:1d:30:c3:d2:a5:d4:4d:70:3d:25:4a:99:4c:
af:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:92:94:AB:1C:4A:50:F7:3F:3B:99:FD:C3:11:EC:42:0F:13:FC:56
X509v3 Authority Key Identifier:
keyid:4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/fpKUqxxKUPc_O5n9wxHsQg8T_FY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.48.0/22
78.111.224.0/20
86.105.236.0/22
89.35.168.0/22
89.45.212.0/22
91.231.62.0/24
128.65.200.0/21
134.255.164.0-134.255.171.255
185.11.224.0/22
185.85.192.0/22
195.28.8.0/23
195.210.40.0/23
195.225.40.0/23
195.238.80.0/23
213.225.240.0/20
IPv6:
2a00:4060::/29
Signature Algorithm: sha256WithRSAEncryption
64:69:47:fa:0b:99:6b:da:ab:45:0f:52:53:4b:43:bc:ac:92:
e2:8b:c0:b9:1d:ce:f7:30:10:a2:5b:fd:3f:cb:13:0a:6c:df:
4f:64:ba:9c:d1:6b:37:32:f7:e6:f7:a2:af:ed:b4:7e:67:46:
4a:e4:3a:5f:f4:e3:fa:2c:dc:5f:d4:3a:9e:5a:6d:06:1c:5a:
58:53:00:d1:8d:86:49:b9:61:a9:0f:aa:e9:87:0d:7e:d0:2d:
67:4f:d0:ab:09:1f:83:46:31:b9:48:d9:d0:75:31:5f:26:bb:
d9:5a:4f:f2:4a:6c:1b:05:f2:ce:70:fc:7e:7e:89:93:11:aa:
c3:16:73:95:57:e0:57:1f:6d:42:a0:2f:2f:5b:bd:22:24:68:
b9:bb:e6:5f:ce:43:46:2a:1e:14:e7:63:5b:b8:54:a8:ad:e4:
97:2f:14:04:9d:06:cf:fb:d7:4a:2d:0a:ed:b9:ba:17:ea:69:
d0:e1:25:1a:4f:c0:9e:9e:f7:1a:69:17:ba:b7:98:6a:89:0c:
37:77:cc:c5:ba:33:fa:65:52:23:65:73:91:31:ee:0c:c0:54:
5b:36:8e:0d:a1:37:98:1a:fb:4d:18:99:8e:99:93:86:a6:1d:
97:46:67:45:ee:f0:bf:e4:0d:7e:fd:af:c7:a5:d8:a1:ee:18:
60:5e:d5:f4
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgISAZpNJaHu6x1i8dFbChlpxn5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNTE0NmJiNGUyMTk3NDRmNThjMjY4ZTllYzYyMWMxOGRk
MjI5YzMwHhcNMjUxMTA0MDQzNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTkyOTRhYjFjNGE1MGY3M2YzYjk5ZmRjMzExZWM0MjBmMTNmYzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQT3gaMYZqXB122Avyv9E/8DPxUI
jeo6jqBKXFtpsWAWcI9ay7/HJ1AvU672j6dO+b/LA45cE1iYJz8t+Q/H2p/3LQWs
OLWlpLi/eVP6fX1LQSDc8d60y6JRq6cRVXSlNGIzgyYe7D4EZbYSvdhff7idbZoY
8rlncwQ0EltAKVvj0qGjeQatI0tjHuOC4O8g5p3em1lwDRyZEOd6EFkjmy3Tfowp
1eNudqQtlMAS5PB/siqvw2dzwxEOq5hne3zerhrRaTJIiZYM2lxFfe6KHhc5EUEP
fBokY7tZ1HcTh+/HTZpyzb3TPLkaoxJ79foJox0ww9Kl1E1wPSVKmUyv1wIDAQAB
o4ICdTCCAnEwHQYDVR0OBBYEFH6SlKscSlD3PzuZ/cMR7EIPE/xWMB8GA1UdIwQY
MBaAFE5RRrtOIZdE9Ywmjp7GIcGN0inDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGxGR3UwNGhsMFQxakNhT25zWWh3WTNTS2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yNWI1NGEtZTc3MC00NGFiLWEwMDQt
YzkyMGM1MTdkNjAwLzEvZnBLVXF4eEtVUGNfTzVuOXd4SHNRZzhUX0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yNWI1NGEtZTc3MC00NGFiLWEwMDQtYzkyMGM1MTdkNjAw
LzEvVGxGR3UwNGhsMFQxakNhT25zWWh3WTNTS2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGKBggrBgEFBQcBBwEB/wR7MHkwaAQCAAEwYgMEAgWFMAME
BE5v4AMEAlZp7AMEAlkjqAMEAlkt1AMEAFvnPgMEA4BByDAMAwQChv+kAwQChv+o
AwQCuQvgAwQCuVXAAwQBwxwIAwQBw9IoAwQBw+EoAwQBw+5QAwQE1eHwMA0EAgAC
MAcDBQMqAEBgMA0GCSqGSIb3DQEBCwUAA4IBAQBkaUf6C5lr2qtFD1JTS0O8rJLi
i8C5Hc73MBCiW/0/yxMKbN9PZLqc0Ws3Mvfm96Kv7bR+Z0ZK5Dpf9OP6LNxf1Dqe
Wm0GHFpYUwDRjYZJuWGpD6rphw1+0C1nT9CrCR+DRjG5SNnQdTFfJrvZWk/ySmwb
BfLOcPx+fomTEarDFnOVV+BXH21CoC8vW70iJGi5u+ZfzkNGKh4U52NbuFSoreSX
LxQEnQbP+9dKLQrtuboX6mnQ4SUaT8CenvcaaRe6t5hqiQw3d8zFujP6ZVIjZXOR
Me4MwFRbNo4NoTeYGvtNGJmOmZOGph2XRmdF7vC/5A1+/a/Hpdih7hhgXtX0
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:12:10 2025 by rpki-client