Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/DfN89u0ZvthZxMTnUcXpfMOlKTs.roa
File: DfN89u0ZvthZxMTnUcXpfMOlKTs.roa (raw, json)
Hash identifier: msvl5pQNrCHYRzIqm+ZhzceMHlWNrK7pVc4fvVU8Aig=
Subject key identifier: 0D:F3:7C:F6:ED:19:BE:D8:59:C4:C4:E7:51:C5:E9:7C:C3:A5:29:3B
Certificate issuer: /CN=9e441e9e705ada3f9c1e827cd276dbd097487608
Certificate serial: 0199DDD1CCA7EB125E8C66E1D4183A14639E
Authority key identifier: 9E:44:1E:9E:70:5A:DA:3F:9C:1E:82:7C:D2:76:DB:D0:97:48:76:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nkQennBa2j-cHoJ80nbb0JdIdgg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/DfN89u0ZvthZxMTnUcXpfMOlKTs.roa
Signing time: Mon 13 Oct 2025 13:45:38 +0000
ROA not before: Mon 13 Oct 2025 13:45:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 28889
IP address blocks: 85.255.144.0/20 maxlen: 20
85.255.146.0/23 maxlen: 23
85.255.146.0/24 maxlen: 24
85.255.147.0/24 maxlen: 24
85.255.152.0/24 maxlen: 24
185.135.16.0/24 maxlen: 24
185.135.17.0/24 maxlen: 24
185.135.19.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/nkQennBa2j-cHoJ80nbb0JdIdgg.crl
rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/nkQennBa2j-cHoJ80nbb0JdIdgg.mft
rsync://rpki.ripe.net/repository/DEFAULT/nkQennBa2j-cHoJ80nbb0JdIdgg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:dd:d1:cc:a7:eb:12:5e:8c:66:e1:d4:18:3a:14:63:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e441e9e705ada3f9c1e827cd276dbd097487608
Validity
Not Before: Oct 13 13:45:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0df37cf6ed19bed859c4c4e751c5e97cc3a5293b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:fa:4f:87:0b:71:6f:eb:53:0d:6b:7c:29:1d:
47:d3:f4:4c:ea:fa:f9:33:fc:7f:46:fa:7c:6b:7c:
f8:c6:14:eb:cd:29:56:c9:ce:4e:53:81:60:61:d9:
84:c7:2a:60:52:e2:00:62:4f:05:28:1b:1c:d3:59:
0f:44:dc:c0:4d:01:03:26:39:ca:61:3c:c2:10:fa:
58:58:75:90:fc:53:92:b8:67:01:22:52:9d:f0:5b:
85:b3:d4:c8:54:a7:80:b7:52:56:df:0f:08:1e:06:
23:56:76:b8:c8:92:dc:6e:e7:d4:f8:e7:be:49:21:
0b:fa:c9:23:de:96:34:b6:6e:5a:a1:ca:cc:85:66:
b7:e8:9d:f3:09:f9:a3:d0:12:5e:5d:88:e5:3c:b1:
1b:58:20:8a:66:f3:9c:0a:29:fe:75:7f:f1:54:0e:
e1:d5:d4:39:ec:c4:35:d0:b5:a5:a2:fa:e7:03:9c:
ce:38:17:9a:32:64:62:31:16:44:0f:0d:a1:c5:c0:
e6:82:77:c7:ff:fd:f5:03:95:22:07:ab:0b:54:c4:
7b:83:7b:46:80:c1:72:22:52:4f:4a:9c:8a:b0:12:
c3:af:fe:a2:2e:04:30:11:32:3d:d7:5a:4f:25:14:
3b:df:1e:8d:ea:9e:95:4b:2a:ea:8b:67:1e:ce:84:
e9:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:F3:7C:F6:ED:19:BE:D8:59:C4:C4:E7:51:C5:E9:7C:C3:A5:29:3B
X509v3 Authority Key Identifier:
keyid:9E:44:1E:9E:70:5A:DA:3F:9C:1E:82:7C:D2:76:DB:D0:97:48:76:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkQennBa2j-cHoJ80nbb0JdIdgg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/DfN89u0ZvthZxMTnUcXpfMOlKTs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/nkQennBa2j-cHoJ80nbb0JdIdgg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.255.144.0/20
185.135.16.0/23
185.135.19.0/24
Signature Algorithm: sha256WithRSAEncryption
20:f8:b3:1b:8a:33:15:1e:fd:db:e6:84:0b:2a:bf:20:6d:bf:
8e:43:ad:0c:96:72:14:ab:b4:78:55:9e:f2:02:63:f8:44:08:
9e:85:07:00:2f:df:25:55:36:d6:40:1d:67:ec:e9:cd:69:28:
2d:e7:49:48:71:5e:1a:43:95:86:94:71:fb:39:68:42:7b:a3:
14:c6:d0:e7:cb:eb:10:71:31:c7:e6:fa:20:53:5f:d9:98:46:
30:ce:8d:f2:0e:5e:14:2e:21:5b:d4:b5:1c:4a:a3:02:02:da:
e1:3c:ad:74:d4:b2:27:a7:a9:b0:4e:fc:c1:60:73:c2:32:98:
06:e0:c2:c9:f9:de:94:63:9f:b9:6b:3c:b3:67:b1:5e:2b:42:
e7:ac:eb:27:ab:55:59:fe:c5:57:4b:47:f2:21:06:44:bd:e2:
99:69:4e:e7:85:c5:29:f3:98:88:08:6e:3f:f8:cf:9c:f2:17:
10:fb:c1:df:5d:aa:bf:c9:b0:b0:19:c7:79:0a:32:da:9f:0a:
b8:4a:07:ec:f1:33:b0:b0:82:ff:f3:97:2d:42:77:04:a1:a2:
f2:20:a1:52:2c:93:4b:43:cc:9a:db:98:ba:5a:21:35:35:59:
05:28:3c:9f:44:b7:80:87:13:b3:d1:b2:44:ca:08:3c:97:73:
fb:9d:bb:c4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnd0cyn6xJejGbh1Bg6FGOeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDQxZTllNzA1YWRhM2Y5YzFlODI3Y2QyNzZkYmQwOTc0
ODc2MDgwHhcNMjUxMDEzMTM0NTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGYzN2NmNmVkMTliZWQ4NTljNGM0ZTc1MWM1ZTk3Y2MzYTUyOTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvpPhwtxb+tTDWt8KR1H0/RM6vr5
M/x/Rvp8a3z4xhTrzSlWyc5OU4FgYdmExypgUuIAYk8FKBsc01kPRNzATQEDJjnK
YTzCEPpYWHWQ/FOSuGcBIlKd8FuFs9TIVKeAt1JW3w8IHgYjVna4yJLcbufU+Oe+
SSEL+skj3pY0tm5aocrMhWa36J3zCfmj0BJeXYjlPLEbWCCKZvOcCin+dX/xVA7h
1dQ57MQ10LWlovrnA5zOOBeaMmRiMRZEDw2hxcDmgnfH//31A5UiB6sLVMR7g3tG
gMFyIlJPSpyKsBLDr/6iLgQwETI911pPJRQ73x6N6p6VSyrqi2cezoTp4QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA3zfPbtGb7YWcTE51HF6XzDpSk7MB8GA1UdIwQY
MBaAFJ5EHp5wWto/nB6CfNJ229CXSHYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtRZW5uQmEyai1jSG9KODBuYmIwSmRJZGdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9jZTE2ZjctYjg2OC00YjRjLTlkOWIt
OTMyZDE2YjA4ZGYwLzEvRGZOODl1MFp2dGhaeE1UblVjWHBmTU9sS1RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9jZTE2ZjctYjg2OC00YjRjLTlkOWItOTMyZDE2YjA4ZGYw
LzEvbmtRZW5uQmEyai1jSG9KODBuYmIwSmRJZGdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEVf+QAwQB
uYcQAwQAuYcTMA0GCSqGSIb3DQEBCwUAA4IBAQAg+LMbijMVHv3b5oQLKr8gbb+O
Q60MlnIUq7R4VZ7yAmP4RAiehQcAL98lVTbWQB1n7OnNaSgt50lIcV4aQ5WGlHH7
OWhCe6MUxtDny+sQcTHH5vogU1/ZmEYwzo3yDl4ULiFb1LUcSqMCAtrhPK101LIn
p6mwTvzBYHPCMpgG4MLJ+d6UY5+5azyzZ7FeK0LnrOsnq1VZ/sVXS0fyIQZEveKZ
aU7nhcUp85iICG4/+M+c8hcQ+8HfXaq/ybCwGcd5CjLanwq4Sgfs8TOwsIL/85ct
QncEoaLyIKFSLJNLQ8ya25i6WiE1NVkFKDyfRLeAhxOz0bJEygg8l3P7nbvE
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:05:03 2025 by rpki-client