Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/h8XcxNlg2XITkIVJEK1ZC2_6O-w.roa
File: h8XcxNlg2XITkIVJEK1ZC2_6O-w.roa (raw, json)
Hash identifier: Uox6k3C3t/z5iyZxizryiDRbognV5cGwqRlM+dbYzjA=
Subject key identifier: 87:C5:DC:C4:D9:60:D9:72:13:90:85:49:10:AD:59:0B:6F:FA:3B:EC
Certificate issuer: /CN=11bc40bcab5e9053ab6db7d19e2a38df1b6f9a4b
Certificate serial: 019941F1473B89D94AF803C9F393EA2D4DDD
Authority key identifier: 11:BC:40:BC:AB:5E:90:53:AB:6D:B7:D1:9E:2A:38:DF:1B:6F:9A:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EbxAvKtekFOrbbfRnio43xtvmks.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/h8XcxNlg2XITkIVJEK1ZC2_6O-w.roa
Signing time: Sat 13 Sep 2025 07:19:15 +0000
ROA not before: Sat 13 Sep 2025 07:19:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202391
IP address blocks: 185.235.136.0/24 maxlen: 24
185.235.139.0/24 maxlen: 24
185.255.208.0/22 maxlen: 22
185.255.208.0/24 maxlen: 24
2a0a:4b80::/30 maxlen: 30
2a0a:4b84::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/EbxAvKtekFOrbbfRnio43xtvmks.crl
rsync://rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/EbxAvKtekFOrbbfRnio43xtvmks.mft
rsync://rpki.ripe.net/repository/DEFAULT/EbxAvKtekFOrbbfRnio43xtvmks.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:41:f1:47:3b:89:d9:4a:f8:03:c9:f3:93:ea:2d:4d:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11bc40bcab5e9053ab6db7d19e2a38df1b6f9a4b
Validity
Not Before: Sep 13 07:19:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=87c5dcc4d960d9721390854910ad590b6ffa3bec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:7e:f1:e9:e9:79:05:c6:4c:d2:df:cd:95:93:
db:bf:3e:43:40:08:92:3e:86:db:46:ec:64:7c:52:
df:1b:f4:38:bf:4e:91:1c:de:39:fd:16:61:22:48:
48:8b:28:9c:ce:3d:31:1c:cf:41:5b:a8:35:3d:13:
00:61:4a:4c:a8:b7:4d:0d:70:c3:f3:ba:6b:40:b9:
e4:e1:ae:c1:50:ef:4b:d7:24:14:2c:dc:7f:8d:89:
2f:b6:49:0c:33:1f:48:72:c9:9c:eb:55:59:a9:94:
34:6e:64:a6:2f:0c:9a:0a:8c:e3:92:84:c7:82:13:
48:3f:6d:51:55:8d:31:d7:a2:be:30:aa:d7:22:7d:
54:cf:5c:6c:05:92:e0:3d:88:28:1f:88:16:b6:59:
1b:8f:7d:c4:30:10:67:f0:26:4e:48:a9:d3:2d:89:
99:c1:fa:26:21:84:f6:17:35:32:a1:dd:8d:21:3e:
43:05:13:06:20:9e:b9:b0:bc:82:96:0e:42:5e:ca:
28:a3:54:95:a7:6e:5a:78:17:1a:f2:46:ba:84:9a:
37:0a:2d:da:72:fd:4c:a9:be:9e:7c:23:29:37:b8:
28:0d:08:94:d4:09:97:07:71:9c:b8:19:a5:08:2d:
9c:ea:e7:47:31:2f:19:2f:f4:ca:57:7f:15:90:93:
78:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:C5:DC:C4:D9:60:D9:72:13:90:85:49:10:AD:59:0B:6F:FA:3B:EC
X509v3 Authority Key Identifier:
keyid:11:BC:40:BC:AB:5E:90:53:AB:6D:B7:D1:9E:2A:38:DF:1B:6F:9A:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EbxAvKtekFOrbbfRnio43xtvmks.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/h8XcxNlg2XITkIVJEK1ZC2_6O-w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/EbxAvKtekFOrbbfRnio43xtvmks.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.235.136.0/24
185.235.139.0/24
185.255.208.0/22
IPv6:
2a0a:4b80::/29
Signature Algorithm: sha256WithRSAEncryption
84:93:2f:7e:6f:74:50:83:6c:1f:a4:af:e5:46:bf:08:8d:4a:
1d:cb:bd:35:15:97:99:5f:8c:e4:e8:43:01:ff:4e:90:bc:76:
c7:3b:02:e0:d6:41:88:54:33:77:1a:f8:f0:64:e3:51:4a:93:
ad:4b:53:95:94:2f:98:82:4c:69:d7:d7:f7:01:7a:8a:97:36:
a8:12:d1:77:e0:97:aa:cb:91:64:8a:7b:8d:6c:bf:dd:52:04:
8d:e3:9e:a8:a8:3c:42:31:7c:02:44:5b:c9:c7:33:92:d2:c0:
1b:da:af:8f:0b:21:42:fa:dc:71:bd:3c:d7:ad:8e:fd:91:97:
29:d7:54:be:64:25:a8:a4:3a:74:52:49:c0:6e:56:b6:d3:de:
fd:2e:3d:75:ba:96:6a:0a:d7:1b:a6:51:59:15:f3:4f:1e:8a:
76:a5:d2:8b:57:3f:b5:32:b8:a1:1c:69:06:b6:1d:67:37:25:
08:91:da:96:8d:c3:37:05:c5:f6:59:78:20:32:34:dc:c6:8c:
1b:de:5b:a5:5a:67:f9:8b:4d:6d:cb:8a:37:26:fa:87:1f:e2:
7e:fa:75:a7:8b:42:bf:5b:fb:ec:fe:5a:ed:5d:ae:1a:50:ab:
80:ea:5a:f9:b6:c9:56:22:9c:39:3d:c8:28:a4:20:4e:b7:18:
47:84:2e:f9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZlB8Uc7idlK+APJ85PqLU3dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYmM0MGJjYWI1ZTkwNTNhYjZkYjdkMTllMmEzOGRmMWI2
ZjlhNGIwHhcNMjUwOTEzMDcxOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2M1ZGNjNGQ5NjBkOTcyMTM5MDg1NDkxMGFkNTkwYjZmZmEzYmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0H7x6el5BcZM0t/NlZPbvz5DQAiS
PobbRuxkfFLfG/Q4v06RHN45/RZhIkhIiyiczj0xHM9BW6g1PRMAYUpMqLdNDXDD
87prQLnk4a7BUO9L1yQULNx/jYkvtkkMMx9Icsmc61VZqZQ0bmSmLwyaCozjkoTH
ghNIP21RVY0x16K+MKrXIn1Uz1xsBZLgPYgoH4gWtlkbj33EMBBn8CZOSKnTLYmZ
wfomIYT2FzUyod2NIT5DBRMGIJ65sLyClg5CXsooo1SVp25aeBca8ka6hJo3Ci3a
cv1Mqb6efCMpN7goDQiU1AmXB3GcuBmlCC2c6udHMS8ZL/TKV38VkJN4bwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIfF3MTZYNlyE5CFSRCtWQtv+jvsMB8GA1UdIwQY
MBaAFBG8QLyrXpBTq2230Z4qON8bb5pLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWJ4QXZLdGVrRk9yYmJmUm5pbzQzeHR2bWtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kYWZmYjYtOGJkZi00MTFkLWI2YzQt
YWU0Zjg0ZTE2Y2ExLzEvaDhYY3hObGcyWElUa0lWSkVLMVpDMl82Ty13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kYWZmYjYtOGJkZi00MTFkLWI2YzQtYWU0Zjg0ZTE2Y2Ex
LzEvRWJ4QXZLdGVrRk9yYmJmUm5pbzQzeHR2bWtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAueuIAwQA
ueuLAwQCuf/QMA0EAgACMAcDBQMqCkuAMA0GCSqGSIb3DQEBCwUAA4IBAQCEky9+
b3RQg2wfpK/lRr8IjUody701FZeZX4zk6EMB/06QvHbHOwLg1kGIVDN3GvjwZONR
SpOtS1OVlC+Ygkxp19f3AXqKlzaoEtF34Jeqy5FkinuNbL/dUgSN456oqDxCMXwC
RFvJxzOS0sAb2q+PCyFC+txxvTzXrY79kZcp11S+ZCWopDp0UknAbla20979Lj11
upZqCtcbplFZFfNPHop2pdKLVz+1MrihHGkGth1nNyUIkdqWjcM3BcX2WXggMjTc
xowb3lulWmf5i01ty4o3JvqHH+J++nWni0K/W/vs/lrtXa4aUKuA6lr5tslWIpw5
PcgopCBOtxhHhC75
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:55:21 2025 by rpki-client