Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/ernCjSgfEA9LWQZBNK3fGU5zttM.roa
File: ernCjSgfEA9LWQZBNK3fGU5zttM.roa (raw, json)
Hash identifier: kY2/s5Yb8D1suuDatJMAprfVeeQqjI34qbiqCbluSaI=
Subject key identifier: 7A:B9:C2:8D:28:1F:10:0F:4B:59:06:41:34:AD:DF:19:4E:73:B6:D3
Certificate issuer: /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial: 019A4ABBA63985563AA8A72DF3185F4EED64
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/ernCjSgfEA9LWQZBNK3fGU5zttM.roa
Signing time: Mon 03 Nov 2025 17:20:03 +0000
ROA not before: Mon 03 Nov 2025 17:20:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6939
IP address blocks: 109.205.193.0/24 maxlen: 24
158.94.220.0/23 maxlen: 24
158.94.220.0/24 maxlen: 24
158.94.221.0/24 maxlen: 24
2a01:fb01::/32 maxlen: 32
2a01:fb04::/32 maxlen: 32
2a01:fb07::/34 maxlen: 34
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4a:bb:a6:39:85:56:3a:a8:a7:2d:f3:18:5f:4e:ed:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Validity
Not Before: Nov 3 17:20:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7ab9c28d281f100f4b59064134addf194e73b6d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:e1:46:79:67:1b:38:74:64:7a:da:52:28:ce:
e9:b6:72:39:f3:51:47:46:24:89:c8:25:ca:c2:d8:
e3:05:b6:9c:ed:44:8a:94:da:e1:fb:d4:8a:54:81:
2a:11:88:e5:52:95:90:d9:2b:78:10:70:57:db:c5:
ad:30:f3:3b:cc:14:fe:cf:b7:9e:a8:de:88:67:ba:
d7:29:b9:54:d8:b8:55:96:b7:ec:29:37:50:61:7d:
e1:49:ad:96:00:bc:09:17:44:5d:44:96:e4:da:b8:
7f:88:1c:b7:7b:aa:bc:3a:30:69:b4:1a:03:9c:5f:
3d:3e:01:ab:16:3a:d5:38:e0:7b:cd:bf:46:97:81:
64:b9:a3:d9:89:b2:20:13:70:e7:8c:06:de:90:d5:
54:9d:28:90:42:9c:bc:2a:3c:23:bb:53:e1:47:c5:
1d:a4:bd:97:60:a8:26:fb:72:aa:0e:3b:04:2a:42:
c9:a4:d9:1a:ce:34:89:e1:49:5e:30:ad:37:cc:dd:
70:58:0c:b0:be:6a:36:86:9c:0f:af:72:8e:04:48:
54:20:38:7a:79:2d:d5:e9:0a:33:40:56:f1:0e:60:
07:28:da:93:04:e5:07:64:54:b4:24:a5:ce:8c:2f:
87:e1:d9:32:d7:67:6a:82:cc:b9:d7:89:7e:e1:f7:
65:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:B9:C2:8D:28:1F:10:0F:4B:59:06:41:34:AD:DF:19:4E:73:B6:D3
X509v3 Authority Key Identifier:
keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/ernCjSgfEA9LWQZBNK3fGU5zttM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.205.193.0/24
158.94.220.0/23
IPv6:
2a01:fb01::/32
2a01:fb04::/32
2a01:fb07::/34
Signature Algorithm: sha256WithRSAEncryption
7a:2a:62:f8:63:7b:b2:5b:a1:1a:87:37:a7:04:36:9d:e9:a6:
27:f1:0f:27:0b:4f:99:7d:b9:9a:91:37:d9:2d:11:44:b7:e9:
49:75:a2:49:3f:c8:0a:a0:e1:4e:a4:6b:29:db:53:56:ed:68:
c1:7d:fc:43:86:24:81:f6:3f:43:80:56:4f:d3:31:69:59:91:
52:83:83:d5:70:ca:d4:a9:fb:81:0b:c6:50:98:62:4a:17:8b:
3f:53:3f:1a:f1:89:44:70:e0:c7:15:3e:9b:9d:50:f8:27:b9:
b8:b4:90:58:53:03:93:f2:ff:12:16:d1:2d:a5:a2:f1:64:07:
47:03:d9:ad:bb:7a:26:41:96:d8:36:d8:9f:1c:12:0a:2c:fc:
bd:fc:e5:e0:5a:7e:f0:11:a3:fd:5d:5c:fa:70:b2:05:b5:28:
1f:a5:f5:38:d5:bf:6e:5e:96:a6:e9:b3:e3:d3:d3:e4:0e:a8:
87:5d:24:fb:41:d3:b3:04:15:a3:c6:c4:76:d2:be:c2:7e:d4:
9a:71:1f:9f:40:ea:f2:48:86:a8:98:ca:ec:80:d1:67:98:24:
30:40:e6:db:91:f2:cd:3d:c8:bc:ae:73:76:37:4e:28:3f:17:
2c:51:0e:e3:94:6a:9b:75:32:f4:ff:5b:57:72:d5:87:df:8c:
a6:16:b5:f1
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZpKu6Y5hVY6qKct8xhfTu1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMTAzMTcyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWI5YzI4ZDI4MWYxMDBmNGI1OTA2NDEzNGFkZGYxOTRlNzNiNmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuFGeWcbOHRketpSKM7ptnI581FH
RiSJyCXKwtjjBbac7USKlNrh+9SKVIEqEYjlUpWQ2St4EHBX28WtMPM7zBT+z7ee
qN6IZ7rXKblU2LhVlrfsKTdQYX3hSa2WALwJF0RdRJbk2rh/iBy3e6q8OjBptBoD
nF89PgGrFjrVOOB7zb9Gl4FkuaPZibIgE3DnjAbekNVUnSiQQpy8Kjwju1PhR8Ud
pL2XYKgm+3KqDjsEKkLJpNkazjSJ4UleMK03zN1wWAywvmo2hpwPr3KOBEhUIDh6
eS3V6QozQFbxDmAHKNqTBOUHZFS0JKXOjC+H4dky12dqgsy514l+4fdl6QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFHq5wo0oHxAPS1kGQTSt3xlOc7bTMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvZXJuQ2pTZ2ZFQTlMV1FaQk5LM2ZHVTV6dHRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjASBAIAATAMAwQAbc3BAwQB
nl7cMBwEAgACMBYDBQAqAfsBAwUAKgH7BAMGBioB+wcAMA0GCSqGSIb3DQEBCwUA
A4IBAQB6KmL4Y3uyW6EahzenBDad6aYn8Q8nC0+ZfbmakTfZLRFEt+lJdaJJP8gK
oOFOpGsp21NW7WjBffxDhiSB9j9DgFZP0zFpWZFSg4PVcMrUqfuBC8ZQmGJKF4s/
Uz8a8YlEcODHFT6bnVD4J7m4tJBYUwOT8v8SFtEtpaLxZAdHA9mtu3omQZbYNtif
HBIKLPy9/OXgWn7wEaP9XVz6cLIFtSgfpfU41b9uXpam6bPj09PkDqiHXST7QdOz
BBWjxsR20r7CftSacR+fQOrySIaomMrsgNFnmCQwQObbkfLNPci8rnN2N04oPxcs
UQ7jlGqbdTL0/1tXctWH34ymFrXx
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:46:28 2025 by rpki-client