Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/kJpnFfw8n78tH9D7HP7VhWn_yG8.roa
File: kJpnFfw8n78tH9D7HP7VhWn_yG8.roa (raw, json)
Hash identifier: zD2UT9UbAcs3fzfPASqcGZ6kYoQbvEM/+XTWIgqOIQA=
Subject key identifier: 90:9A:67:15:FC:3C:9F:BF:2D:1F:D0:FB:1C:FE:D5:85:69:FF:C8:6F
Certificate issuer: /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial: 019A170E4858A616BE03399A329743C0DB7B
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/kJpnFfw8n78tH9D7HP7VhWn_yG8.roa
Signing time: Fri 24 Oct 2025 16:30:03 +0000
ROA not before: Fri 24 Oct 2025 16:30:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 5.102.36.0/24 maxlen: 24
5.102.39.0/24 maxlen: 24
195.5.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:17:0e:48:58:a6:16:be:03:39:9a:32:97:43:c0:db:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Validity
Not Before: Oct 24 16:30:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=909a6715fc3c9fbf2d1fd0fb1cfed58569ffc86f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:80:df:86:26:8e:80:31:ad:53:53:9b:fa:e4:
30:b1:ed:4a:03:79:cb:fc:93:5c:7a:d4:b2:fe:f3:
53:6e:ee:07:37:12:b8:fe:7e:65:26:8a:36:8a:1a:
7a:a6:88:1e:b9:cd:d3:79:37:f8:d3:26:d1:5f:76:
10:67:d4:55:b6:95:31:41:5b:5d:fe:dc:95:83:c8:
51:57:eb:36:67:f1:0e:ea:e2:60:80:59:61:08:ea:
a3:22:12:a0:3f:ca:76:91:36:53:6d:6d:78:9e:cd:
95:af:0e:d9:65:18:f4:c1:f0:95:19:e8:75:18:58:
3f:35:b5:1e:2d:a3:53:56:e5:63:ca:40:46:0b:60:
f5:ec:93:bd:06:dd:c6:74:aa:54:d3:9d:34:a3:42:
fb:7c:09:4e:e4:fa:ca:aa:d7:dd:1d:13:af:b8:40:
5e:4b:82:78:93:40:bf:c5:97:2e:72:ca:58:fb:0c:
06:97:04:d5:b1:ae:b6:ad:e6:9d:fa:4e:e3:25:f5:
51:12:61:47:5b:d8:d4:3f:39:11:ce:7d:3c:c4:0e:
78:39:29:f8:53:6b:8e:40:5f:bd:40:7c:26:0d:9a:
36:76:98:61:f9:fa:a1:1d:57:dc:f7:bb:ec:ad:cd:
a6:22:0a:19:b2:26:8a:4a:b2:bd:77:8c:09:78:6c:
19:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:9A:67:15:FC:3C:9F:BF:2D:1F:D0:FB:1C:FE:D5:85:69:FF:C8:6F
X509v3 Authority Key Identifier:
keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/kJpnFfw8n78tH9D7HP7VhWn_yG8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.36.0/24
5.102.39.0/24
195.5.125.0/24
Signature Algorithm: sha256WithRSAEncryption
31:f8:dd:e1:68:8f:8f:82:6c:3e:04:5d:db:54:34:74:16:af:
86:bb:81:98:57:70:05:e3:2f:80:ff:8e:31:8a:8b:a7:13:a6:
17:85:92:22:94:e6:29:f8:21:fe:9f:d3:fc:ea:c1:05:aa:e9:
f8:74:6f:d9:b2:24:85:4a:f0:b5:1a:9d:a9:7c:dc:02:8f:85:
47:47:54:ee:21:de:f9:10:c8:7d:37:e5:37:c5:ee:ef:16:cf:
4d:03:3b:2e:b7:62:3a:e3:92:93:c6:1e:10:e3:4c:02:93:8e:
56:d0:62:c3:e0:a9:7b:0e:e3:3d:d5:ae:09:44:00:93:1e:59:
39:3c:76:da:75:88:4e:f1:29:a0:fc:bd:66:35:c2:de:ab:ea:
5b:12:47:b2:06:f6:57:c6:0e:82:24:92:aa:42:5d:72:45:3c:
c8:5b:70:6a:56:83:1a:23:29:96:e8:71:02:45:ec:b7:86:86:
8d:95:34:41:2d:b0:8f:9c:6c:80:25:63:ea:5f:17:e4:ad:15:
6c:45:8f:09:bd:c3:35:89:ba:ed:50:1e:94:6c:a9:08:c2:4e:
3b:02:36:ad:37:2e:13:85:25:3a:0d:e4:d8:9b:16:e6:da:3c:
b3:6d:fa:74:f7:15:9e:23:1c:3c:b0:f9:f4:17:3e:cf:07:6e:
bb:23:dc:aa
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoXDkhYpha+AzmaMpdDwNt7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjUxMDI0MTYzMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDlhNjcxNWZjM2M5ZmJmMmQxZmQwZmIxY2ZlZDU4NTY5ZmZjODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyoDfhiaOgDGtU1Ob+uQwse1KA3nL
/JNcetSy/vNTbu4HNxK4/n5lJoo2ihp6pogeuc3TeTf40ybRX3YQZ9RVtpUxQVtd
/tyVg8hRV+s2Z/EO6uJggFlhCOqjIhKgP8p2kTZTbW14ns2Vrw7ZZRj0wfCVGeh1
GFg/NbUeLaNTVuVjykBGC2D17JO9Bt3GdKpU0500o0L7fAlO5PrKqtfdHROvuEBe
S4J4k0C/xZcucspY+wwGlwTVsa62read+k7jJfVREmFHW9jUPzkRzn08xA54OSn4
U2uOQF+9QHwmDZo2dphh+fqhHVfc97vsrc2mIgoZsiaKSrK9d4wJeGwZIwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJCaZxX8PJ+/LR/Q+xz+1YVp/8hvMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEva0pwbkZmdzhuNzh0SDlEN0hQN1ZoV25feUc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABWYkAwQA
BWYnAwQAwwV9MA0GCSqGSIb3DQEBCwUAA4IBAQAx+N3haI+Pgmw+BF3bVDR0Fq+G
u4GYV3AF4y+A/44xiounE6YXhZIilOYp+CH+n9P86sEFqun4dG/ZsiSFSvC1Gp2p
fNwCj4VHR1TuId75EMh9N+U3xe7vFs9NAzsut2I645KTxh4Q40wCk45W0GLD4Kl7
DuM91a4JRACTHlk5PHbadYhO8Smg/L1mNcLeq+pbEkeyBvZXxg6CJJKqQl1yRTzI
W3BqVoMaIymW6HECRey3hoaNlTRBLbCPnGyAJWPqXxfkrRVsRY8JvcM1ibrtUB6U
bKkIwk47AjatNy4ThSU6DeTYmxbm2jyzbfp09xWeIxw8sPn0Fz7PB267I9yq
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:24:30 2025 by rpki-client