Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/ZYp7OzB0VDkonl-vqvogoEtvvrU.roa
File: ZYp7OzB0VDkonl-vqvogoEtvvrU.roa (raw, json)
Hash identifier: XLDH0R2aZzMq1kqL7QSYAm+5jtX2I1Y+ljQvrGChpiQ=
Subject key identifier: 65:8A:7B:3B:30:74:54:39:28:9E:5F:AF:AA:FA:20:A0:4B:6F:BE:B5
Certificate issuer: /CN=c453f5e230420bc4a70d0a61de3b47dcda1a8d0e
Certificate serial: 019A2EF116020423B1B277CF091D42A9A068
Authority key identifier: C4:53:F5:E2:30:42:0B:C4:A7:0D:0A:61:DE:3B:47:DC:DA:1A:8D:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/ZYp7OzB0VDkonl-vqvogoEtvvrU.roa
Signing time: Wed 29 Oct 2025 07:49:02 +0000
ROA not before: Wed 29 Oct 2025 07:49:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206610
IP address blocks: 78.111.128.0/20 maxlen: 24
79.141.16.0/20 maxlen: 24
92.119.100.0/24 maxlen: 24
92.119.101.0/24 maxlen: 24
92.119.102.0/24 maxlen: 24
92.119.103.0/24 maxlen: 24
185.104.168.0/22 maxlen: 24
185.173.180.0/22 maxlen: 24
2a0b:b880::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.crl
rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.mft
rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2e:f1:16:02:04:23:b1:b2:77:cf:09:1d:42:a9:a0:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c453f5e230420bc4a70d0a61de3b47dcda1a8d0e
Validity
Not Before: Oct 29 07:49:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=658a7b3b30745439289e5fafaafa20a04b6fbeb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:9c:dc:bb:f8:3f:50:2f:ad:56:19:7b:d9:6d:
69:78:f0:c1:f7:5c:fd:7e:2f:ba:77:4f:7e:cc:44:
f6:34:b8:cc:d9:c5:7d:93:cf:08:b3:1c:d0:b5:33:
00:a3:9c:91:14:3f:26:0d:6b:7c:9a:96:71:9a:01:
3d:94:5f:65:2f:ae:cb:e2:45:46:4b:83:4d:42:b9:
d0:29:ed:54:2f:34:36:d3:05:89:f0:fb:21:8e:41:
c6:75:89:44:e4:a8:2e:ea:4a:ec:6a:74:31:4f:7f:
2c:be:f1:ca:d0:d1:a9:3e:a5:67:5a:c5:e5:83:32:
3c:9c:72:59:13:90:35:4d:03:30:ef:84:07:e5:5c:
5f:7d:93:68:7f:22:b8:3c:15:64:47:ca:8f:f7:89:
16:77:b6:13:d4:22:e8:f2:02:38:a3:a4:07:fb:85:
86:b1:40:c9:93:40:79:0a:72:bf:92:76:b5:b6:ad:
ab:3f:a8:f9:81:bb:55:39:cd:60:e4:8c:7c:15:95:
eb:06:73:cb:3d:60:89:ff:f6:a0:d5:c2:9c:b1:5b:
e2:bf:d3:59:df:4a:08:2c:61:d3:11:5c:65:b9:b4:
2d:35:eb:0e:44:c1:06:03:1c:b0:9a:dc:8f:1d:37:
a1:d5:08:f2:df:db:ab:b3:43:56:d4:0d:bd:a7:f0:
ae:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:8A:7B:3B:30:74:54:39:28:9E:5F:AF:AA:FA:20:A0:4B:6F:BE:B5
X509v3 Authority Key Identifier:
keyid:C4:53:F5:E2:30:42:0B:C4:A7:0D:0A:61:DE:3B:47:DC:DA:1A:8D:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/ZYp7OzB0VDkonl-vqvogoEtvvrU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.111.128.0/20
79.141.16.0/20
92.119.100.0/22
185.104.168.0/22
185.173.180.0/22
IPv6:
2a0b:b880::/29
Signature Algorithm: sha256WithRSAEncryption
79:52:dc:18:0b:1e:6b:e8:06:db:c2:56:1e:4d:a7:67:8b:6a:
13:bd:c4:81:22:6d:c9:64:8b:ff:f0:7a:18:79:3e:d1:23:f1:
ae:c3:4a:4b:92:36:b5:6e:d9:27:3d:3e:f5:42:4b:f0:c2:7b:
e9:6c:12:a3:78:34:ca:34:05:76:de:a9:29:ae:cf:96:71:6e:
0d:92:70:43:e4:89:c4:2d:f3:69:23:e0:af:bc:8e:d8:cd:ae:
d5:cf:65:9c:67:79:35:8b:62:70:f0:54:71:d8:f5:26:2b:7c:
39:08:5c:6a:d1:8b:a7:96:f0:95:a6:b5:09:73:4f:a3:2e:ab:
62:13:58:12:25:7e:12:48:fc:49:3f:58:b8:44:2a:d9:9f:a2:
62:e7:16:4d:13:65:a2:07:21:dc:15:b2:30:5f:fc:cb:03:a9:
78:cb:e7:1b:20:b8:0c:81:e9:47:3e:63:f5:18:22:1f:78:94:
87:db:46:64:64:76:ac:e4:04:a1:86:d7:9d:a5:75:ff:6c:20:
d7:61:19:96:76:9e:70:78:2b:57:77:fb:30:a5:e6:2e:c4:eb:
84:67:db:d1:35:f3:e0:74:a2:c4:14:52:14:01:ea:c1:6b:1a:
13:c4:0e:fa:97:4f:99:87:a6:00:3e:4c:85:c7:3c:9b:f1:bb:
5f:cd:72:c6
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZou8RYCBCOxsnfPCR1CqaBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NTNmNWUyMzA0MjBiYzRhNzBkMGE2MWRlM2I0N2RjZGEx
YThkMGUwHhcNMjUxMDI5MDc0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NThhN2IzYjMwNzQ1NDM5Mjg5ZTVmYWZhYWZhMjBhMDRiNmZiZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJzcu/g/UC+tVhl72W1pePDB91z9
fi+6d09+zET2NLjM2cV9k88IsxzQtTMAo5yRFD8mDWt8mpZxmgE9lF9lL67L4kVG
S4NNQrnQKe1ULzQ20wWJ8PshjkHGdYlE5Kgu6krsanQxT38svvHK0NGpPqVnWsXl
gzI8nHJZE5A1TQMw74QH5VxffZNofyK4PBVkR8qP94kWd7YT1CLo8gI4o6QH+4WG
sUDJk0B5CnK/kna1tq2rP6j5gbtVOc1g5Ix8FZXrBnPLPWCJ//ag1cKcsVviv9NZ
30oILGHTEVxlubQtNesORMEGAxywmtyPHTeh1Qjy39urs0NW1A29p/CuhwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFGWKezswdFQ5KJ5fr6r6IKBLb761MB8GA1UdIwQY
MBaAFMRT9eIwQgvEpw0KYd47R9zaGo0OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZQMTRqQkNDOFNuRFFwaDNqdEgzTm9halE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ODc1NjItZDE3MS00Njg2LTg1Njkt
ZTZjZjE3Y2RkYTRmLzEvWllwN096QjBWRGtvbmwtdnF2b2dvRXR2dnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ODc1NjItZDE3MS00Njg2LTg1NjktZTZjZjE3Y2RkYTRm
LzEveEZQMTRqQkNDOFNuRFFwaDNqdEgzTm9halE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQETm+AAwQE
T40QAwQCXHdkAwQCuWioAwQCua20MA0EAgACMAcDBQMqC7iAMA0GCSqGSIb3DQEB
CwUAA4IBAQB5UtwYCx5r6AbbwlYeTadni2oTvcSBIm3JZIv/8HoYeT7RI/Guw0pL
kja1btknPT71QkvwwnvpbBKjeDTKNAV23qkprs+WcW4NknBD5InELfNpI+CvvI7Y
za7Vz2WcZ3k1i2Jw8FRx2PUmK3w5CFxq0YunlvCVprUJc0+jLqtiE1gSJX4SSPxJ
P1i4RCrZn6Ji5xZNE2WiByHcFbIwX/zLA6l4y+cbILgMgelHPmP1GCIfeJSH20Zk
ZHas5AShhtedpXX/bCDXYRmWdp5weCtXd/swpeYuxOuEZ9vRNfPgdKLEFFIUAerB
axoTxA76l0+Zh6YAPkyFxzyb8btfzXLG
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:24:33 2025 by rpki-client