Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/1-U2bMbEgdVLo-lfGFh94BMmDhEs.roa
File: 1-U2bMbEgdVLo-lfGFh94BMmDhEs.roa (raw, json)
Hash identifier: m1ebP8dAlrRzeezkjPXstD1rZZYuYl+rYjqJFsFWGxE=
Subject key identifier: F9:4D:9B:31:B1:20:75:52:E8:FA:57:C6:16:1F:78:04:C9:83:84:4B
Certificate issuer: /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial: 019A54714FAF02180CFF18E571FED3B1BD4D
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/1-U2bMbEgdVLo-lfGFh94BMmDhEs.roa
Signing time: Wed 05 Nov 2025 14:35:03 +0000
ROA not before: Wed 05 Nov 2025 14:35:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50360
IP address blocks: 78.128.114.0/24 maxlen: 24
78.142.35.0/24 maxlen: 24
78.142.49.0/24 maxlen: 24
79.124.40.0/24 maxlen: 24
79.124.41.0/24 maxlen: 24
79.124.45.0/24 maxlen: 24
79.124.49.0/24 maxlen: 24
79.124.56.0/24 maxlen: 24
79.124.58.0/24 maxlen: 24
79.124.59.0/24 maxlen: 24
79.124.60.0/24 maxlen: 24
79.124.62.0/24 maxlen: 24
91.148.128.0/24 maxlen: 24
91.148.129.0/24 maxlen: 24
91.148.186.0/24 maxlen: 24
91.148.190.0/23 maxlen: 24
91.191.220.0/24 maxlen: 24
91.191.221.0/24 maxlen: 24
91.191.222.0/24 maxlen: 24
91.191.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 14:35:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:54:71:4f:af:02:18:0c:ff:18:e5:71:fe:d3:b1:bd:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Validity
Not Before: Nov 5 14:35:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f94d9b31b1207552e8fa57c6161f7804c983844b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:ad:55:10:5f:c9:12:b2:fb:da:56:02:87:dd:
5f:20:fb:d5:7d:e7:cd:c6:19:48:44:17:df:ca:7f:
54:ff:5b:28:be:ac:1c:4e:a6:a5:fa:2f:04:e5:5e:
32:b9:bf:0e:9b:ef:b8:d7:f8:ba:49:a8:87:48:38:
01:30:99:53:19:0b:82:24:27:3d:b5:b0:ee:50:fe:
d8:93:95:4f:6f:d1:ff:7f:aa:ee:7b:77:ed:44:40:
56:0b:5c:ea:1a:64:19:c1:68:e2:dc:7d:ba:64:a6:
4f:a4:c2:75:07:59:c3:e7:5e:53:82:84:7e:86:f7:
d0:45:45:56:ac:a1:97:d3:d1:57:96:31:d8:c9:5e:
67:f9:ca:cc:f7:35:1a:fa:04:d5:49:a8:71:fc:28:
07:ff:9c:42:c9:a2:4e:53:09:15:0e:3c:bf:cf:ff:
17:b6:14:da:ec:bf:8b:c1:1d:7a:88:5a:7a:0f:59:
65:6f:76:54:a2:79:5c:e6:26:a7:8f:63:97:0f:42:
8b:00:1e:cd:61:93:3d:89:b7:9b:07:2f:b1:7c:d4:
b3:c6:4a:c2:bb:1a:be:06:86:3c:0b:d1:bb:06:74:
cf:72:aa:a5:06:13:d0:94:49:8e:c3:23:fc:6d:97:
e7:78:db:7f:4b:9e:ab:b7:f7:39:1b:b8:7a:6f:f4:
4a:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:4D:9B:31:B1:20:75:52:E8:FA:57:C6:16:1F:78:04:C9:83:84:4B
X509v3 Authority Key Identifier:
keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/1-U2bMbEgdVLo-lfGFh94BMmDhEs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.128.114.0/24
78.142.35.0/24
78.142.49.0/24
79.124.40.0/23
79.124.45.0/24
79.124.49.0/24
79.124.56.0/24
79.124.58.0-79.124.60.255
79.124.62.0/24
91.148.128.0/23
91.148.186.0/24
91.148.190.0/23
91.191.220.0/22
Signature Algorithm: sha256WithRSAEncryption
c8:95:b5:f7:70:38:2d:d2:96:86:5f:96:e0:8a:8c:ec:a5:23:
5c:00:4e:5f:47:f3:49:1a:6c:68:37:f4:4a:05:43:78:1c:91:
d7:5f:aa:0e:60:53:9c:e8:36:41:27:a6:d1:db:ba:4f:e2:5c:
6e:e5:ac:c5:92:cf:1d:05:ca:ee:58:3d:7d:0c:c0:e0:69:3e:
85:23:71:b2:e0:c1:16:5b:ff:da:3e:62:ac:d3:19:2b:67:ea:
f9:ee:21:ea:40:c7:c9:53:a0:cc:0f:4b:aa:82:1d:c8:51:8b:
0c:0a:66:d9:45:d8:c1:60:45:1b:dd:7c:98:e0:19:3a:4f:d1:
5a:bc:4c:15:d8:2c:f6:70:d4:c7:6c:e9:be:b7:be:41:b4:64:
92:36:f3:f0:c6:c6:57:16:2a:ee:c1:c2:de:48:18:89:19:98:
94:5e:40:05:22:a3:19:78:85:da:d8:3d:c9:8e:62:e7:d4:93:
01:24:41:9e:0c:08:8c:fd:0f:e9:81:5b:18:3f:31:27:5a:b7:
ff:50:c5:c9:cd:e7:bc:ce:11:83:22:0e:1d:b9:6d:27:19:ae:
7f:da:34:ea:c8:b3:a4:97:4b:5a:92:5c:46:b3:d2:d5:e9:ac:
1d:48:80:ff:b5:8d:50:52:ff:71:93:32:2a:eb:db:23:e1:30:
82:49:fb:c3
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZpUcU+vAhgM/xjlcf7Tsb1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUxMTA1MTQzNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTRkOWIzMWIxMjA3NTUyZThmYTU3YzYxNjFmNzgwNGM5ODM4NDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs61VEF/JErL72lYCh91fIPvVfefN
xhlIRBffyn9U/1sovqwcTqal+i8E5V4yub8Om++41/i6SaiHSDgBMJlTGQuCJCc9
tbDuUP7Yk5VPb9H/f6rue3ftREBWC1zqGmQZwWji3H26ZKZPpMJ1B1nD515TgoR+
hvfQRUVWrKGX09FXljHYyV5n+crM9zUa+gTVSahx/CgH/5xCyaJOUwkVDjy/z/8X
thTa7L+LwR16iFp6D1llb3ZUonlc5ianj2OXD0KLAB7NYZM9ibebBy+xfNSzxkrC
uxq+BoY8C9G7BnTPcqqlBhPQlEmOwyP8bZfneNt/S56rt/c5G7h6b/RKJQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFPlNmzGxIHVS6PpXxhYfeATJg4RLMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvMS1VMmJNYkVnZFZMby1sZkdGaDk0Qk1tRGhFcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDMvY2NkZDhiLTc3MjAtNGRlMC04YzQzLWRhY2I1ZjM1NmVh
My8xL3cxNnNaT3BJQXVhQ1JvYjN3TklCOHNoY3Nxby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBvBggrBgEFBQcBBwEB/wRgMF4wXAQCAAEwVgMEAE6AcgME
AE6OIwMEAE6OMQMEAU98KAMEAE98LQMEAE98MQMEAE98ODAMAwQBT3w6AwQAT3w8
AwQAT3w+AwQBW5SAAwQAW5S6AwQBW5S+AwQCW7/cMA0GCSqGSIb3DQEBCwUAA4IB
AQDIlbX3cDgt0paGX5bgiozspSNcAE5fR/NJGmxoN/RKBUN4HJHXX6oOYFOc6DZB
J6bR27pP4lxu5azFks8dBcruWD19DMDgaT6FI3Gy4MEWW//aPmKs0xkrZ+r57iHq
QMfJU6DMD0uqgh3IUYsMCmbZRdjBYEUb3XyY4Bk6T9FavEwV2Cz2cNTHbOm+t75B
tGSSNvPwxsZXFiruwcLeSBiJGZiUXkAFIqMZeIXa2D3JjmLn1JMBJEGeDAiM/Q/p
gVsYPzEnWrf/UMXJzee8zhGDIg4duW0nGa5/2jTqyLOkl0taklxGs9LV6awdSID/
tY1QUv9xkzIq69sj4TCCSfvD
-----END CERTIFICATE-----
Generated at Wed Nov 5 23:01:17 2025 by rpki-client