Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/SVlLEhHqyoa8VmAwyeAz-eO7tmk.roa
File: SVlLEhHqyoa8VmAwyeAz-eO7tmk.roa (raw, json)
Hash identifier: 3GqZDoa/8luHJb3c9fM/8sF9/CWphehWtTWgxsoVdy8=
Subject key identifier: 49:59:4B:12:11:EA:CA:86:BC:56:60:30:C9:E0:33:F9:E3:BB:B6:69
Certificate issuer: /CN=23662c9a980ad7584650abaa3545b9ea91d3e35e
Certificate serial: 019904A82C6997E831AB6A784220391B4178
Authority key identifier: 23:66:2C:9A:98:0A:D7:58:46:50:AB:AA:35:45:B9:EA:91:D3:E3:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/SVlLEhHqyoa8VmAwyeAz-eO7tmk.roa
Signing time: Mon 01 Sep 2025 09:42:33 +0000
ROA not before: Mon 01 Sep 2025 09:42:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201701
IP address blocks: 185.66.192.0/22 maxlen: 22
185.66.193.0/24 maxlen: 24
185.66.194.0/24 maxlen: 24
185.66.195.0/24 maxlen: 24
2a03:2260::/30 maxlen: 30
2a03:2260:1000::/36 maxlen: 36
2a03:2260:2000::/36 maxlen: 36
2a03:2260:3000::/36 maxlen: 36
2a0a:d882::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.mft
rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:04:a8:2c:69:97:e8:31:ab:6a:78:42:20:39:1b:41:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23662c9a980ad7584650abaa3545b9ea91d3e35e
Validity
Not Before: Sep 1 09:42:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=49594b1211eaca86bc566030c9e033f9e3bbb669
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:3e:3d:37:da:1a:a2:77:15:58:88:3b:42:60:
0f:ed:56:cd:80:09:8c:b8:fd:4f:63:dd:7c:57:b4:
b9:51:13:b4:98:ef:12:ba:b4:93:1f:9f:10:65:fc:
16:bd:90:cd:19:9c:1a:60:1c:73:15:dd:3f:ba:35:
eb:cd:2c:e3:ec:53:5c:f4:a1:ce:cc:e1:b0:3f:4c:
2d:c3:f9:dd:07:b4:9b:91:e0:07:80:bf:b6:c4:dc:
5a:fa:56:4f:20:ea:1f:2c:3f:fe:52:ba:e8:c6:a6:
21:b7:ea:ec:4c:05:2a:18:f5:12:bc:18:84:e2:41:
04:aa:d8:34:17:aa:ab:54:d9:6e:fb:cb:81:09:13:
d7:59:b5:77:8a:74:a8:0f:1b:ec:9e:c8:53:e7:f0:
b3:ed:fe:5c:f5:25:92:15:55:66:d5:a9:f2:2a:aa:
72:58:74:41:c6:03:88:17:7f:7e:02:af:f7:fb:00:
f1:18:bc:8f:8f:78:b9:9c:24:f9:72:06:05:b5:e3:
57:72:20:08:c7:c4:e0:f2:96:c6:6e:0f:ee:17:a0:
9e:a9:e5:2c:b0:bc:b8:ae:0a:83:32:8f:3f:fc:4c:
83:c3:1c:1f:62:72:58:85:8a:e7:c7:dc:e6:a8:51:
c2:db:f1:f3:89:a1:7a:33:f3:88:3a:b1:a3:c0:69:
d9:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:59:4B:12:11:EA:CA:86:BC:56:60:30:C9:E0:33:F9:E3:BB:B6:69
X509v3 Authority Key Identifier:
keyid:23:66:2C:9A:98:0A:D7:58:46:50:AB:AA:35:45:B9:EA:91:D3:E3:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/SVlLEhHqyoa8VmAwyeAz-eO7tmk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.66.192.0/22
IPv6:
2a03:2260::/30
2a0a:d882::/48
Signature Algorithm: sha256WithRSAEncryption
71:8c:f2:75:ba:98:29:16:bf:cf:df:6b:29:bd:1e:5b:b1:74:
3a:d5:95:a8:f3:0e:0a:db:16:d1:98:69:49:b7:ed:95:31:fb:
43:77:08:80:16:5a:87:8e:c5:e9:a6:d3:cb:b6:e8:9a:eb:44:
f4:c5:03:d7:87:03:c0:15:2b:bf:4b:ec:e6:5f:38:b4:3c:4f:
45:2e:53:d6:fb:3d:d2:84:4c:9a:93:2a:ef:2a:07:22:3a:41:
35:e6:13:0c:fb:e5:e6:d7:e1:7e:91:d0:85:89:79:c6:23:4a:
0c:69:a9:fb:7a:43:f7:e4:94:e3:5b:29:c8:1e:f4:6a:c7:c9:
0a:c3:57:2a:81:88:f7:5b:2f:e4:75:3d:f7:cb:75:78:22:85:
6a:38:10:18:f5:83:77:c7:6c:3a:bf:a1:88:ff:94:1c:c7:b8:
19:b9:21:82:50:ed:0d:69:c2:73:3f:40:2e:17:59:91:04:c0:
08:91:30:46:b4:d6:fb:9c:96:76:ab:c0:49:dd:90:da:9c:03:
90:8e:5a:40:84:70:7d:87:42:f2:ff:19:6c:2a:ec:64:19:e5:
f2:fb:b2:e0:bc:eb:23:fa:09:d7:85:0b:91:47:e3:03:ef:55:
1b:1c:90:d6:45:1b:e7:eb:82:bd:77:e0:1f:34:75:cb:cf:c7:
13:2b:cd:7d
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZkEqCxpl+gxq2p4QiA5G0F4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNjYyYzlhOTgwYWQ3NTg0NjUwYWJhYTM1NDViOWVhOTFk
M2UzNWUwHhcNMjUwOTAxMDk0MjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTU5NGIxMjExZWFjYTg2YmM1NjYwMzBjOWUwMzNmOWUzYmJiNjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+D49N9oaoncVWIg7QmAP7VbNgAmM
uP1PY918V7S5URO0mO8SurSTH58QZfwWvZDNGZwaYBxzFd0/ujXrzSzj7FNc9KHO
zOGwP0wtw/ndB7SbkeAHgL+2xNxa+lZPIOofLD/+UrroxqYht+rsTAUqGPUSvBiE
4kEEqtg0F6qrVNlu+8uBCRPXWbV3inSoDxvsnshT5/Cz7f5c9SWSFVVm1anyKqpy
WHRBxgOIF39+Aq/3+wDxGLyPj3i5nCT5cgYFteNXciAIx8Tg8pbGbg/uF6CeqeUs
sLy4rgqDMo8//EyDwxwfYnJYhYrnx9zmqFHC2/HziaF6M/OIOrGjwGnZMQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFElZSxIR6sqGvFZgMMngM/nju7ZpMB8GA1UdIwQY
MBaAFCNmLJqYCtdYRlCrqjVFueqR0+NeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTJZc21wZ0sxMWhHVUt1cU5VVzU2cEhUNDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wMTc1ZTYtNDI3Yi00ZWY5LThlYjEt
ODIzMmUzNTBkNDU4LzEvU1ZsTEVoSHF5b2E4Vm1Bd3llQXotZU83dG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wMTc1ZTYtNDI3Yi00ZWY5LThlYjEtODIzMmUzNTBkNDU4
LzEvSTJZc21wZ0sxMWhHVUt1cU5VVzU2cEhUNDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQCuULAMBYE
AgACMBADBQIqAyJgAwcAKgrYggAAMA0GCSqGSIb3DQEBCwUAA4IBAQBxjPJ1upgp
Fr/P32spvR5bsXQ61ZWo8w4K2xbRmGlJt+2VMftDdwiAFlqHjsXpptPLtuia60T0
xQPXhwPAFSu/S+zmXzi0PE9FLlPW+z3ShEyakyrvKgciOkE15hMM++Xm1+F+kdCF
iXnGI0oMaan7ekP35JTjWynIHvRqx8kKw1cqgYj3Wy/kdT33y3V4IoVqOBAY9YN3
x2w6v6GI/5Qcx7gZuSGCUO0NacJzP0AuF1mRBMAIkTBGtNb7nJZ2q8BJ3ZDanAOQ
jlpAhHB9h0Ly/xlsKuxkGeXy+7LgvOsj+gnXhQuRR+MD71UbHJDWRRvn64K9d+Af
NHXLz8cTK819
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:25:16 2025 by rpki-client