Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/SSBMzkm-jf_y5E7eeLfr40dA4CE.roa
File: SSBMzkm-jf_y5E7eeLfr40dA4CE.roa (raw, json)
Hash identifier: 46QdoM079olXIRvtJI0XHjDc3RUOZR3rP6kBJA82cO8=
Subject key identifier: 49:20:4C:CE:49:BE:8D:FF:F2:E4:4E:DE:78:B7:EB:E3:47:40:E0:21
Certificate issuer: /CN=c9aef87167585d2898315aa3753f3fa68dad2c6d
Certificate serial: 0199ED27E666D42066DDD9BCD815F57CB258
Authority key identifier: C9:AE:F8:71:67:58:5D:28:98:31:5A:A3:75:3F:3F:A6:8D:AD:2C:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ya74cWdYXSiYMVqjdT8_po2tLG0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/SSBMzkm-jf_y5E7eeLfr40dA4CE.roa
Signing time: Thu 16 Oct 2025 13:13:59 +0000
ROA not before: Thu 16 Oct 2025 13:13:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215892
IP address blocks: 185.129.108.0/22 maxlen: 22
185.129.109.0/24 maxlen: 24
185.129.110.0/24 maxlen: 24
185.129.111.0/24 maxlen: 24
185.151.236.0/22 maxlen: 22
185.151.236.0/24 maxlen: 24
185.151.237.0/24 maxlen: 24
185.151.238.0/24 maxlen: 24
185.151.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/ya74cWdYXSiYMVqjdT8_po2tLG0.crl
rsync://rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/ya74cWdYXSiYMVqjdT8_po2tLG0.mft
rsync://rpki.ripe.net/repository/DEFAULT/ya74cWdYXSiYMVqjdT8_po2tLG0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ed:27:e6:66:d4:20:66:dd:d9:bc:d8:15:f5:7c:b2:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c9aef87167585d2898315aa3753f3fa68dad2c6d
Validity
Not Before: Oct 16 13:13:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=49204cce49be8dfff2e44ede78b7ebe34740e021
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:fc:14:d2:4f:95:2c:96:bb:b4:5e:d1:56:7a:
2a:a8:6d:d1:74:40:eb:c4:57:50:be:32:7f:58:ac:
2f:79:2f:03:62:bb:08:25:d3:7e:2c:d6:8d:13:88:
73:1a:08:3b:ea:e8:e2:40:6c:34:cd:d9:4b:ad:ae:
5f:83:76:83:28:4c:a6:10:78:59:4f:09:8f:42:76:
54:46:6a:e1:fc:3f:50:73:fc:6d:e3:36:aa:c6:2b:
de:3d:00:76:be:ff:6f:66:b4:c0:04:13:07:29:95:
1e:ce:52:c8:62:66:a9:e8:c4:4a:f5:22:2c:60:74:
03:cf:b3:fd:06:58:16:7a:a0:6c:ab:0e:dc:59:05:
bc:bd:3b:1c:c8:d0:6d:a7:78:c1:82:7c:06:68:d3:
43:ee:01:bf:0a:5a:1c:1b:1a:e4:b8:c6:28:a9:56:
59:dd:e9:7d:bc:92:41:6b:5b:ed:47:c9:bc:a2:98:
08:b2:3a:8b:ad:47:13:68:24:c8:2a:6c:b6:d9:c9:
64:9d:e1:90:39:4e:82:5e:eb:c2:cb:85:2e:ac:6b:
62:80:90:c2:0b:98:32:5f:a2:93:7c:13:c1:3f:1f:
cb:6f:b6:7e:ec:19:1f:2d:5c:5b:99:cb:98:b2:f7:
5c:f4:95:cf:fd:9a:5a:92:93:7a:69:f1:c2:c5:41:
cd:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:20:4C:CE:49:BE:8D:FF:F2:E4:4E:DE:78:B7:EB:E3:47:40:E0:21
X509v3 Authority Key Identifier:
keyid:C9:AE:F8:71:67:58:5D:28:98:31:5A:A3:75:3F:3F:A6:8D:AD:2C:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ya74cWdYXSiYMVqjdT8_po2tLG0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/SSBMzkm-jf_y5E7eeLfr40dA4CE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/85ce82-dd06-4958-9e82-db10dcfec4bf/1/ya74cWdYXSiYMVqjdT8_po2tLG0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.129.108.0/22
185.151.236.0/22
Signature Algorithm: sha256WithRSAEncryption
06:23:51:34:5d:66:ef:da:e0:4c:2d:38:35:1c:6b:92:d8:09:
dd:bc:72:4c:5e:c1:cb:4b:2a:01:55:59:66:c3:d2:d2:c9:51:
c4:2d:c8:d8:d1:4d:6a:c6:24:95:42:94:cf:e6:0b:1c:be:26:
90:8c:22:87:86:d9:ca:04:95:91:cc:9c:b9:0d:3b:ef:8e:08:
a8:c7:3f:02:6a:d2:46:33:24:16:ba:db:d6:7d:8c:bd:48:97:
8b:3f:e3:9d:5e:cf:f9:69:97:55:73:85:c3:8d:e9:af:a0:56:
c7:33:e4:01:dd:fd:cf:54:d1:08:b7:ca:9f:ce:1e:a2:ad:ba:
79:f7:4a:98:13:b5:60:1e:ae:45:fe:10:f9:23:95:0d:97:67:
91:40:bf:6e:45:4a:8e:29:45:c1:b6:2a:35:7a:ef:87:03:fd:
f8:29:e9:6e:a2:78:71:61:39:9f:7c:55:86:9a:9f:a6:15:f7:
0d:ec:1c:9e:8a:bf:f4:41:25:0c:2c:dc:7e:c6:33:89:0a:41:
56:60:5a:e4:03:60:ac:cf:af:9d:23:14:d1:3d:47:1a:3b:79:
79:3a:8d:43:11:52:1e:6c:48:30:cb:bf:8e:43:d9:27:91:a4:
c4:93:aa:c5:89:2f:20:0a:83:ae:33:35:aa:09:fc:24:da:3d:
92:0c:ed:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZntJ+Zm1CBm3dm82BX1fLJYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YWVmODcxNjc1ODVkMjg5ODMxNWFhMzc1M2YzZmE2OGRh
ZDJjNmQwHhcNMjUxMDE2MTMxMzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTIwNGNjZTQ5YmU4ZGZmZjJlNDRlZGU3OGI3ZWJlMzQ3NDBlMDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/wU0k+VLJa7tF7RVnoqqG3RdEDr
xFdQvjJ/WKwveS8DYrsIJdN+LNaNE4hzGgg76ujiQGw0zdlLra5fg3aDKEymEHhZ
TwmPQnZURmrh/D9Qc/xt4zaqxivePQB2vv9vZrTABBMHKZUezlLIYmap6MRK9SIs
YHQDz7P9BlgWeqBsqw7cWQW8vTscyNBtp3jBgnwGaNND7gG/ClocGxrkuMYoqVZZ
3el9vJJBa1vtR8m8opgIsjqLrUcTaCTIKmy22clkneGQOU6CXuvCy4UurGtigJDC
C5gyX6KTfBPBPx/Lb7Z+7BkfLVxbmcuYsvdc9JXP/ZpakpN6afHCxUHNuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEkgTM5Jvo3/8uRO3ni36+NHQOAhMB8GA1UdIwQY
MBaAFMmu+HFnWF0omDFao3U/P6aNrSxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWE3NGNXZFlYU2lZTVZxamRUOF9wbzJ0TEcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi84NWNlODItZGQwNi00OTU4LTllODIt
ZGIxMGRjZmVjNGJmLzEvU1NCTXprbS1qZl95NUU3ZWVMZnI0MGRBNENFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi84NWNlODItZGQwNi00OTU4LTllODItZGIxMGRjZmVjNGJm
LzEveWE3NGNXZFlYU2lZTVZxamRUOF9wbzJ0TEcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYFsAwQC
uZfsMA0GCSqGSIb3DQEBCwUAA4IBAQAGI1E0XWbv2uBMLTg1HGuS2AndvHJMXsHL
SyoBVVlmw9LSyVHELcjY0U1qxiSVQpTP5gscviaQjCKHhtnKBJWRzJy5DTvvjgio
xz8CatJGMyQWutvWfYy9SJeLP+OdXs/5aZdVc4XDjemvoFbHM+QB3f3PVNEIt8qf
zh6irbp590qYE7VgHq5F/hD5I5UNl2eRQL9uRUqOKUXBtio1eu+HA/34Keluonhx
YTmffFWGmp+mFfcN7Byeir/0QSUMLNx+xjOJCkFWYFrkA2Csz6+dIxTRPUcaO3l5
Oo1DEVIebEgwy7+OQ9knkaTEk6rFiS8gCoOuMzWqCfwk2j2SDO2/
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:38:02 2025 by rpki-client