Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/9df809-a8e8-4e12-a25a-c60472e9f717/1/CM1I0g6vXtA41a0rBYPAv0a0YtI.roa
File: CM1I0g6vXtA41a0rBYPAv0a0YtI.roa (raw, json)
Hash identifier: x+yWLPFvIYaQ0HKjxHn7eS1o7Fpl3blU8cO8iwEiSFM=
Subject key identifier: 08:CD:48:D2:0E:AF:5E:D0:38:D5:AD:2B:05:83:C0:BF:46:B4:62:D2
Certificate issuer: /CN=94bc3cdac46408c0c8a3581788b510d0f04e9d1f
Certificate serial: 019A1630B8DBEBE9A9F50BF9FC0B815075A2
Authority key identifier: 94:BC:3C:DA:C4:64:08:C0:C8:A3:58:17:88:B5:10:D0:F0:4E:9D:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lLw82sRkCMDIo1gXiLUQ0PBOnR8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/9df809-a8e8-4e12-a25a-c60472e9f717/1/CM1I0g6vXtA41a0rBYPAv0a0YtI.roa
Signing time: Fri 24 Oct 2025 12:28:03 +0000
ROA not before: Fri 24 Oct 2025 12:28:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 38987
IP address blocks: 37.72.120.0/21 maxlen: 21
62.133.128.0/19 maxlen: 19
168.222.232.0/22 maxlen: 22
185.13.184.0/22 maxlen: 22
2a02:22e0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/9df809-a8e8-4e12-a25a-c60472e9f717/1/lLw82sRkCMDIo1gXiLUQ0PBOnR8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/9df809-a8e8-4e12-a25a-c60472e9f717/1/lLw82sRkCMDIo1gXiLUQ0PBOnR8.mft
rsync://rpki.ripe.net/repository/DEFAULT/lLw82sRkCMDIo1gXiLUQ0PBOnR8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:16:30:b8:db:eb:e9:a9:f5:0b:f9:fc:0b:81:50:75:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94bc3cdac46408c0c8a3581788b510d0f04e9d1f
Validity
Not Before: Oct 24 12:28:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08cd48d20eaf5ed038d5ad2b0583c0bf46b462d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:21:68:35:34:6b:fe:64:44:24:18:4d:de:f7:
20:69:33:fa:64:81:61:df:5d:2f:b0:ac:55:05:ed:
66:ed:5c:de:65:07:d2:5f:ec:0d:13:e6:ed:cf:98:
3e:ff:3e:92:06:d9:d2:26:e5:69:32:31:1c:55:1e:
96:d0:d1:b3:30:4a:38:2e:5a:90:ab:ee:35:28:58:
58:44:c5:1f:21:c8:23:ae:a7:d7:b8:e4:55:27:e2:
b6:88:c9:ff:df:db:d2:1d:62:e7:10:7d:2b:80:c5:
1b:a2:2e:bc:c0:70:31:39:77:16:89:fd:59:1e:47:
5f:ef:ff:a9:9e:d2:33:b6:81:fb:a3:01:85:57:7b:
8c:34:87:2d:44:5e:49:ff:23:aa:91:7e:e4:b7:bf:
d9:7e:25:64:97:3f:7a:9e:56:1e:95:4e:02:ee:b8:
30:79:6e:2c:95:81:87:df:b5:50:09:84:37:d7:48:
82:6d:97:39:cf:c2:4a:8d:71:1b:c2:b6:fc:30:f2:
92:85:73:4c:18:f6:f3:48:1f:9f:c2:1b:6f:5c:aa:
8b:2b:d3:ce:e5:bf:e8:12:8d:f2:91:8b:d4:37:5d:
4c:e2:5d:d3:96:47:a1:31:fe:60:c7:b0:89:2b:2e:
cd:02:00:19:e6:52:b6:c4:88:d5:3f:8a:26:0f:be:
17:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:CD:48:D2:0E:AF:5E:D0:38:D5:AD:2B:05:83:C0:BF:46:B4:62:D2
X509v3 Authority Key Identifier:
keyid:94:BC:3C:DA:C4:64:08:C0:C8:A3:58:17:88:B5:10:D0:F0:4E:9D:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lLw82sRkCMDIo1gXiLUQ0PBOnR8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/9df809-a8e8-4e12-a25a-c60472e9f717/1/CM1I0g6vXtA41a0rBYPAv0a0YtI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/9df809-a8e8-4e12-a25a-c60472e9f717/1/lLw82sRkCMDIo1gXiLUQ0PBOnR8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.72.120.0/21
62.133.128.0/19
168.222.232.0/22
185.13.184.0/22
IPv6:
2a02:22e0::/32
Signature Algorithm: sha256WithRSAEncryption
3a:11:fd:75:02:b1:4e:d3:c4:8a:5c:bb:f4:ae:44:38:76:20:
a9:63:7b:07:c4:56:9e:8a:e9:67:7a:5b:d9:f7:a6:90:b1:a2:
aa:59:1c:af:b6:da:09:8a:f1:ba:08:f6:e2:f7:8f:bb:88:c7:
9b:4d:71:fd:10:92:0b:ea:67:ba:5c:18:5f:40:ff:83:14:64:
87:ea:6b:8e:a0:9d:e8:ef:57:e8:6e:e3:74:28:75:bc:c6:d3:
de:91:95:a2:83:0e:c2:6a:22:62:df:f7:45:ca:04:5a:83:54:
c0:e5:96:70:6a:3d:b7:44:e0:ef:e0:3a:f9:07:2d:38:8c:9c:
d4:f4:49:96:ff:31:9e:c0:f4:6f:8a:26:66:06:b6:dc:34:a6:
21:d5:31:3e:bd:e1:d5:86:52:0e:9b:08:36:fc:3a:30:3c:34:
e3:30:34:30:a1:78:07:ac:34:1b:37:76:3c:1e:dc:38:16:63:
23:c0:27:35:37:e1:9b:41:df:c5:6a:15:b9:b0:16:53:bd:60:
3e:2f:0e:7d:97:76:7c:c8:cb:84:b4:ad:10:c1:25:2e:11:bf:
5c:4a:71:bb:11:d3:5c:bd:bc:94:aa:cc:41:57:ff:5a:0d:81:
29:a4:78:ec:2a:0c:0a:ef:a7:6b:7e:7e:1c:3b:4d:be:36:18:
4f:6b:41:88
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZoWMLjb6+mp9Qv5/AuBUHWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0YmMzY2RhYzQ2NDA4YzBjOGEzNTgxNzg4YjUxMGQwZjA0
ZTlkMWYwHhcNMjUxMDI0MTIyODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGNkNDhkMjBlYWY1ZWQwMzhkNWFkMmIwNTgzYzBiZjQ2YjQ2MmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyFoNTRr/mREJBhN3vcgaTP6ZIFh
310vsKxVBe1m7VzeZQfSX+wNE+btz5g+/z6SBtnSJuVpMjEcVR6W0NGzMEo4LlqQ
q+41KFhYRMUfIcgjrqfXuORVJ+K2iMn/39vSHWLnEH0rgMUboi68wHAxOXcWif1Z
Hkdf7/+pntIztoH7owGFV3uMNIctRF5J/yOqkX7kt7/ZfiVklz96nlYelU4C7rgw
eW4slYGH37VQCYQ310iCbZc5z8JKjXEbwrb8MPKShXNMGPbzSB+fwhtvXKqLK9PO
5b/oEo3ykYvUN11M4l3TlkehMf5gx7CJKy7NAgAZ5lK2xIjVP4omD74X1wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFAjNSNIOr17QONWtKwWDwL9GtGLSMB8GA1UdIwQY
MBaAFJS8PNrEZAjAyKNYF4i1ENDwTp0fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEx3ODJzUmtDTURJbzFnWGlMVVEwUEJPblI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS85ZGY4MDktYThlOC00ZTEyLWEyNWEt
YzYwNDcyZTlmNzE3LzEvQ00xSTBnNnZYdEE0MWEwckJZUEF2MGEwWXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS85ZGY4MDktYThlOC00ZTEyLWEyNWEtYzYwNDcyZTlmNzE3
LzEvbEx3ODJzUmtDTURJbzFnWGlMVVEwUEJPblI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDJUh4AwQF
PoWAAwQCqN7oAwQCuQ24MA0EAgACMAcDBQAqAiLgMA0GCSqGSIb3DQEBCwUAA4IB
AQA6Ef11ArFO08SKXLv0rkQ4diCpY3sHxFaeiulnelvZ96aQsaKqWRyvttoJivG6
CPbi94+7iMebTXH9EJIL6me6XBhfQP+DFGSH6muOoJ3o71fobuN0KHW8xtPekZWi
gw7CaiJi3/dFygRag1TA5ZZwaj23RODv4Dr5By04jJzU9EmW/zGewPRviiZmBrbc
NKYh1TE+veHVhlIOmwg2/DowPDTjMDQwoXgHrDQbN3Y8Htw4FmMjwCc1N+GbQd/F
ahW5sBZTvWA+Lw59l3Z8yMuEtK0QwSUuEb9cSnG7EdNcvbyUqsxBV/9aDYEppHjs
KgwK76drfn4cO02+NhhPa0GI
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:30:15 2025 by rpki-client