Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/d37f8d-410d-4518-80e6-ecd671282c1f/1/3Gh8OdXmWQdIZ4mk5HiPN4TPVh4.roa
File: 3Gh8OdXmWQdIZ4mk5HiPN4TPVh4.roa (raw, json)
Hash identifier: Cp0uJqQCCfVS+mC0KewqKWaLegack3UYWeQPqXDJvvI=
Subject key identifier: DC:68:7C:39:D5:E6:59:07:48:67:89:A4:E4:78:8F:37:84:CF:56:1E
Certificate issuer: /CN=00046b434526bf2836e2749ce0e36e08443d6b91
Certificate serial: 019A2AE68AB2B70233856D8440AD2D076725
Authority key identifier: 00:04:6B:43:45:26:BF:28:36:E2:74:9C:E0:E3:6E:08:44:3D:6B:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AARrQ0Umvyg24nSc4ONuCEQ9a5E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/d37f8d-410d-4518-80e6-ecd671282c1f/1/3Gh8OdXmWQdIZ4mk5HiPN4TPVh4.roa
Signing time: Tue 28 Oct 2025 12:59:03 +0000
ROA not before: Tue 28 Oct 2025 12:59:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50411
IP address blocks: 45.138.152.0/22 maxlen: 22
94.103.252.0/22 maxlen: 22
109.196.144.0/20 maxlen: 20
185.49.200.0/22 maxlen: 22
185.92.248.0/22 maxlen: 22
194.124.220.0/22 maxlen: 22
195.2.212.0/23 maxlen: 23
195.2.242.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/d37f8d-410d-4518-80e6-ecd671282c1f/1/AARrQ0Umvyg24nSc4ONuCEQ9a5E.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/d37f8d-410d-4518-80e6-ecd671282c1f/1/AARrQ0Umvyg24nSc4ONuCEQ9a5E.mft
rsync://rpki.ripe.net/repository/DEFAULT/AARrQ0Umvyg24nSc4ONuCEQ9a5E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 05:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2a:e6:8a:b2:b7:02:33:85:6d:84:40:ad:2d:07:67:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00046b434526bf2836e2749ce0e36e08443d6b91
Validity
Not Before: Oct 28 12:59:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dc687c39d5e65907486789a4e4788f3784cf561e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:4d:07:d6:2f:2a:26:b9:2b:81:c1:93:4a:61:
d5:e6:43:0e:ea:52:b5:a9:fd:77:0a:05:61:a9:8a:
68:c5:67:f9:ac:b4:22:31:b1:6e:42:fe:f7:42:be:
9c:db:68:c3:1e:25:5d:18:f9:7a:8b:a3:a3:c1:21:
bb:06:a3:98:e9:dd:0b:93:7d:58:72:3f:a6:7e:e3:
cd:0b:c4:5b:68:a9:23:d2:d5:40:f0:e4:bd:60:f9:
60:85:0c:1b:0d:51:24:07:94:c9:3e:15:b5:29:2e:
9e:b3:ba:28:70:b5:4e:d8:2b:22:3e:72:d1:36:ba:
36:f5:c8:eb:fb:53:18:dc:ee:47:a2:72:15:50:fb:
7d:c9:2b:ed:ba:9e:5a:94:91:88:91:41:df:88:54:
83:a2:af:83:71:92:38:d3:1d:cb:28:a8:a7:5d:2d:
ff:0b:9b:d3:1c:45:d9:85:dc:fe:d1:0d:fc:7a:ec:
60:c7:7c:ea:c0:ba:71:36:a4:cc:3c:0d:a1:ce:ce:
7d:88:12:0f:6d:24:f4:a8:d8:e5:e3:d1:24:6d:7a:
53:e0:41:1d:02:8e:d1:85:9c:e9:a6:b3:69:ce:8f:
01:d7:7b:78:5d:19:21:36:18:4e:ed:cd:48:62:4d:
b4:5a:cc:54:3f:88:e0:ae:62:4d:dd:c7:ef:4b:33:
fd:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:68:7C:39:D5:E6:59:07:48:67:89:A4:E4:78:8F:37:84:CF:56:1E
X509v3 Authority Key Identifier:
keyid:00:04:6B:43:45:26:BF:28:36:E2:74:9C:E0:E3:6E:08:44:3D:6B:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AARrQ0Umvyg24nSc4ONuCEQ9a5E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d37f8d-410d-4518-80e6-ecd671282c1f/1/3Gh8OdXmWQdIZ4mk5HiPN4TPVh4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d37f8d-410d-4518-80e6-ecd671282c1f/1/AARrQ0Umvyg24nSc4ONuCEQ9a5E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.138.152.0/22
94.103.252.0/22
109.196.144.0/20
185.49.200.0/22
185.92.248.0/22
194.124.220.0/22
195.2.212.0/23
195.2.242.0/23
Signature Algorithm: sha256WithRSAEncryption
5c:65:74:e0:df:6a:36:82:fe:e0:ac:b2:d4:60:90:9c:a6:56:
dd:db:57:4f:10:01:1c:2f:3a:68:a4:fb:65:c5:38:8d:93:e6:
6a:0f:1f:63:9f:b0:2e:a5:c8:f0:a1:bc:39:4e:cd:5c:9a:cd:
56:83:e5:5f:ac:b1:76:be:1e:2c:da:59:9c:6a:bd:b0:dd:4b:
fd:cd:84:61:1a:3a:81:af:20:a0:6f:7f:99:02:77:ae:9f:59:
8c:32:6e:88:e5:f1:bf:7a:0f:d8:ed:13:00:59:fc:a0:fc:e6:
0b:92:39:1a:79:80:fc:3a:aa:b0:1f:57:3e:d3:88:09:ac:81:
1a:df:8d:35:62:7e:d6:19:32:3d:22:b0:59:75:5e:f7:b9:42:
e8:cc:bc:9f:5c:7f:90:4d:55:f9:17:d3:ee:37:a9:79:92:9c:
33:a2:00:3c:dc:90:08:55:f6:1a:5b:ea:5d:e0:38:19:24:78:
60:5a:4a:79:fe:04:9a:40:9e:2d:ab:c0:ea:66:04:a5:e7:8f:
18:fe:8f:ac:26:60:ec:ad:3c:ef:6b:a0:f6:9b:a5:20:b3:37:
16:4b:62:b7:e0:61:f5:b3:21:05:39:e9:0b:23:b9:2c:61:ad:
50:7f:5d:b3:cd:e1:b2:1e:52:6f:39:1e:f7:43:4a:2f:27:e8:
dc:d9:c5:35
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZoq5oqytwIzhW2EQK0tB2clMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMDQ2YjQzNDUyNmJmMjgzNmUyNzQ5Y2UwZTM2ZTA4NDQz
ZDZiOTEwHhcNMjUxMDI4MTI1OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzY4N2MzOWQ1ZTY1OTA3NDg2Nzg5YTRlNDc4OGYzNzg0Y2Y1NjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz00H1i8qJrkrgcGTSmHV5kMO6lK1
qf13CgVhqYpoxWf5rLQiMbFuQv73Qr6c22jDHiVdGPl6i6OjwSG7BqOY6d0Lk31Y
cj+mfuPNC8RbaKkj0tVA8OS9YPlghQwbDVEkB5TJPhW1KS6es7oocLVO2CsiPnLR
Nro29cjr+1MY3O5HonIVUPt9ySvtup5alJGIkUHfiFSDoq+DcZI40x3LKKinXS3/
C5vTHEXZhdz+0Q38euxgx3zqwLpxNqTMPA2hzs59iBIPbST0qNjl49EkbXpT4EEd
Ao7RhZzpprNpzo8B13t4XRkhNhhO7c1IYk20WsxUP4jgrmJN3cfvSzP9awIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNxofDnV5lkHSGeJpOR4jzeEz1YeMB8GA1UdIwQY
MBaAFAAEa0NFJr8oNuJ0nODjbghEPWuRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUFSclEwVW12eWcyNG5TYzRPTnVDRVE5YTVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9kMzdmOGQtNDEwZC00NTE4LTgwZTYt
ZWNkNjcxMjgyYzFmLzEvM0doOE9kWG1XUWRJWjRtazVIaVBONFRQVmg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9kMzdmOGQtNDEwZC00NTE4LTgwZTYtZWNkNjcxMjgyYzFm
LzEvQUFSclEwVW12eWcyNG5TYzRPTnVDRVE5YTVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLYqYAwQC
Xmf8AwQEbcSQAwQCuTHIAwQCuVz4AwQCwnzcAwQBwwLUAwQBwwLyMA0GCSqGSIb3
DQEBCwUAA4IBAQBcZXTg32o2gv7grLLUYJCcplbd21dPEAEcLzpopPtlxTiNk+Zq
Dx9jn7Aupcjwobw5Ts1cms1Wg+VfrLF2vh4s2lmcar2w3Uv9zYRhGjqBryCgb3+Z
Aneun1mMMm6I5fG/eg/Y7RMAWfyg/OYLkjkaeYD8OqqwH1c+04gJrIEa3401Yn7W
GTI9IrBZdV73uULozLyfXH+QTVX5F9PuN6l5kpwzogA83JAIVfYaW+pd4DgZJHhg
Wkp5/gSaQJ4tq8DqZgSl548Y/o+sJmDsrTzva6D2m6UgszcWS2K34GH1syEFOekL
I7ksYa1Qf12zzeGyHlJvOR73Q0ovJ+jc2cU1
-----END CERTIFICATE-----
Generated at Wed Nov 5 14:48:43 2025 by rpki-client