Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/be3Xk9pNKz5fO0j2jzivTfhyiiM.roa
File: be3Xk9pNKz5fO0j2jzivTfhyiiM.roa (raw, json)
Hash identifier: bsSd5F64tTbetVVoY+neNE5lEskWYAlXiyMGJS0XuJc=
Subject key identifier: 6D:ED:D7:93:DA:4D:2B:3E:5F:3B:48:F6:8F:38:AF:4D:F8:72:8A:23
Certificate issuer: /CN=29184647248b55523999cbb7fe5b20a99fe73be3
Certificate serial: 019A4F5B6D4A4D079BAF6858DDC05F317438
Authority key identifier: 29:18:46:47:24:8B:55:52:39:99:CB:B7:FE:5B:20:A9:9F:E7:3B:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KRhGRySLVVI5mcu3_lsgqZ_nO-M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/be3Xk9pNKz5fO0j2jzivTfhyiiM.roa
Signing time: Tue 04 Nov 2025 14:53:03 +0000
ROA not before: Tue 04 Nov 2025 14:53:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20514
IP address blocks: 185.166.32.0/22 maxlen: 24
185.166.33.0/24 maxlen: 24
217.151.192.0/20 maxlen: 20
217.151.192.0/21 maxlen: 21
217.151.207.0/24 maxlen: 24
2a03:c300::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/KRhGRySLVVI5mcu3_lsgqZ_nO-M.crl
rsync://rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/KRhGRySLVVI5mcu3_lsgqZ_nO-M.mft
rsync://rpki.ripe.net/repository/DEFAULT/KRhGRySLVVI5mcu3_lsgqZ_nO-M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 14:53:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4f:5b:6d:4a:4d:07:9b:af:68:58:dd:c0:5f:31:74:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29184647248b55523999cbb7fe5b20a99fe73be3
Validity
Not Before: Nov 4 14:53:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6dedd793da4d2b3e5f3b48f68f38af4df8728a23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:91:51:d5:9a:ea:61:af:67:13:dc:53:aa:4f:
ac:79:68:43:1d:a4:0a:36:63:7c:f3:b8:3a:2d:5f:
5b:f7:39:8b:c1:84:2d:a6:ba:56:30:77:d6:7c:69:
22:02:6b:c5:fd:04:42:87:fd:9f:2c:8e:f9:57:d9:
62:51:99:a1:81:91:2d:f1:8a:f7:7b:6b:b8:d4:17:
b2:ad:f3:9f:da:94:93:83:b6:50:d5:17:8a:6c:58:
a5:ed:9e:36:e5:03:0c:c0:64:88:26:e5:03:a7:47:
0d:32:59:9b:49:ea:22:36:81:00:8c:f4:f7:71:73:
70:22:65:b7:fe:b9:ba:46:68:cb:6d:39:1f:fd:88:
9b:fc:5e:7f:75:77:31:5c:4f:30:e9:f2:41:b4:c9:
2b:fc:93:53:db:16:1e:54:5f:8f:e9:1f:67:f0:c8:
d4:79:2f:f9:85:6e:e3:b8:4a:ff:33:29:61:6e:8d:
12:c5:54:06:4c:ea:ec:a9:3d:0a:3f:be:88:c9:6b:
c5:58:b7:54:5d:8e:f4:7a:18:64:3d:79:90:00:14:
88:30:86:0f:ef:6e:96:66:1d:d4:79:bb:cb:86:4b:
28:80:b1:59:e6:94:74:fb:8b:6d:4f:97:8d:a1:4b:
f1:8d:de:8f:2c:51:3e:c6:44:be:f0:7b:7a:95:96:
50:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:ED:D7:93:DA:4D:2B:3E:5F:3B:48:F6:8F:38:AF:4D:F8:72:8A:23
X509v3 Authority Key Identifier:
keyid:29:18:46:47:24:8B:55:52:39:99:CB:B7:FE:5B:20:A9:9F:E7:3B:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KRhGRySLVVI5mcu3_lsgqZ_nO-M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/be3Xk9pNKz5fO0j2jzivTfhyiiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/56036b-23d8-4b37-b546-8fc2373fc26e/1/KRhGRySLVVI5mcu3_lsgqZ_nO-M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.166.32.0/22
217.151.192.0/20
IPv6:
2a03:c300::/32
Signature Algorithm: sha256WithRSAEncryption
a0:b6:72:a3:79:94:ef:2e:b7:97:7f:11:d2:f3:e6:32:ba:ae:
82:14:cf:c4:1b:c3:01:8c:d0:0b:60:26:1e:d1:44:ae:de:70:
54:86:95:a6:14:b5:de:96:0f:fb:69:93:12:ad:3c:ac:79:1d:
8e:a4:87:8d:5a:a9:61:76:de:6d:89:cb:7b:1f:24:b2:21:1d:
0b:71:03:2e:1b:be:5b:35:1e:3d:f2:01:34:7c:e6:49:c8:ec:
3b:44:2f:5b:86:84:34:12:3f:ee:69:0b:62:9a:15:ba:4f:61:
7d:be:a0:f7:84:e5:8f:04:b8:39:95:d1:37:1a:59:ee:7d:a4:
18:1e:1d:de:d3:8c:49:b8:b8:8b:78:7e:9e:f1:6b:5d:7f:8a:
bb:1e:1a:81:6c:3d:c8:20:38:cf:82:06:68:7f:9f:f4:4b:8f:
eb:27:1a:6d:c3:fa:57:9e:d6:35:30:b4:f6:32:fc:b1:d3:2f:
82:5d:a6:7b:90:f5:ed:8d:b5:60:97:ea:94:64:5c:1f:90:f6:
57:74:dc:36:9c:95:de:8f:cd:03:ae:da:c1:04:12:10:00:9a:
ee:4e:f1:82:49:62:56:a5:ea:f4:7e:cc:96:bf:c0:ea:cd:c4:
3f:a5:3d:d2:c5:7c:e0:ce:5d:97:2f:ca:e9:8f:26:d5:94:c9:
a0:b5:74:20
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZpPW21KTQebr2hY3cBfMXQ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MTg0NjQ3MjQ4YjU1NTIzOTk5Y2JiN2ZlNWIyMGE5OWZl
NzNiZTMwHhcNMjUxMTA0MTQ1MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGVkZDc5M2RhNGQyYjNlNWYzYjQ4ZjY4ZjM4YWY0ZGY4NzI4YTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JFR1ZrqYa9nE9xTqk+seWhDHaQK
NmN887g6LV9b9zmLwYQtprpWMHfWfGkiAmvF/QRCh/2fLI75V9liUZmhgZEt8Yr3
e2u41BeyrfOf2pSTg7ZQ1ReKbFil7Z425QMMwGSIJuUDp0cNMlmbSeoiNoEAjPT3
cXNwImW3/rm6RmjLbTkf/Yib/F5/dXcxXE8w6fJBtMkr/JNT2xYeVF+P6R9n8MjU
eS/5hW7juEr/Mylhbo0SxVQGTOrsqT0KP76IyWvFWLdUXY70ehhkPXmQABSIMIYP
726WZh3UebvLhksogLFZ5pR0+4ttT5eNoUvxjd6PLFE+xkS+8Ht6lZZQGQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFG3t15PaTSs+XztI9o84r034coojMB8GA1UdIwQY
MBaAFCkYRkcki1VSOZnLt/5bIKmf5zvjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1JoR1J5U0xWVkk1bWN1M19sc2dxWl9uTy1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS81NjAzNmItMjNkOC00YjM3LWI1NDYt
OGZjMjM3M2ZjMjZlLzEvYmUzWGs5cE5LejVmTzBqMmp6aXZUZmh5aWlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS81NjAzNmItMjNkOC00YjM3LWI1NDYtOGZjMjM3M2ZjMjZl
LzEvS1JoR1J5U0xWVkk1bWN1M19sc2dxWl9uTy1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuaYgAwQE
2ZfAMA0EAgACMAcDBQAqA8MAMA0GCSqGSIb3DQEBCwUAA4IBAQCgtnKjeZTvLreX
fxHS8+Yyuq6CFM/EG8MBjNALYCYe0USu3nBUhpWmFLXelg/7aZMSrTyseR2OpIeN
Wqlhdt5tict7HySyIR0LcQMuG75bNR498gE0fOZJyOw7RC9bhoQ0Ej/uaQtimhW6
T2F9vqD3hOWPBLg5ldE3GlnufaQYHh3e04xJuLiLeH6e8Wtdf4q7HhqBbD3IIDjP
ggZof5/0S4/rJxptw/pXntY1MLT2Mvyx0y+CXaZ7kPXtjbVgl+qUZFwfkPZXdNw2
nJXej80DrtrBBBIQAJruTvGCSWJWper0fsyWv8DqzcQ/pT3SxXzgzl2XL8rpjybV
lMmgtXQg
-----END CERTIFICATE-----
Generated at Tue Nov 4 20:50:12 2025 by rpki-client