Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/aYuOMRleQsCQtZg3X-RrYGmlGWU.roa
File: aYuOMRleQsCQtZg3X-RrYGmlGWU.roa (raw, json)
Hash identifier: MqwbamaP+A+XdjoWsCuBh8Vc+mp43ckOX8NYE92d8oY=
Subject key identifier: 69:8B:8E:31:19:5E:42:C0:90:B5:98:37:5F:E4:6B:60:69:A5:19:65
Certificate issuer: /CN=935c42857e302feb14017301e43c39fe45e7f629
Certificate serial: 0199E9B813BDBF5CB7016FDBF36997ECB6B6
Authority key identifier: 93:5C:42:85:7E:30:2F:EB:14:01:73:01:E4:3C:39:FE:45:E7:F6:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/k1xChX4wL-sUAXMB5Dw5_kXn9ik.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/aYuOMRleQsCQtZg3X-RrYGmlGWU.roa
Signing time: Wed 15 Oct 2025 21:12:58 +0000
ROA not before: Wed 15 Oct 2025 21:12:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44612
IP address blocks: 185.214.24.0/22 maxlen: 24
185.214.24.0/24 maxlen: 24
185.214.25.0/24 maxlen: 24
185.214.26.0/24 maxlen: 24
185.214.27.0/24 maxlen: 24
2a0b:9440::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/k1xChX4wL-sUAXMB5Dw5_kXn9ik.crl
rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/k1xChX4wL-sUAXMB5Dw5_kXn9ik.mft
rsync://rpki.ripe.net/repository/DEFAULT/k1xChX4wL-sUAXMB5Dw5_kXn9ik.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e9:b8:13:bd:bf:5c:b7:01:6f:db:f3:69:97:ec:b6:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=935c42857e302feb14017301e43c39fe45e7f629
Validity
Not Before: Oct 15 21:12:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=698b8e31195e42c090b598375fe46b6069a51965
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fb:d8:bf:37:34:aa:37:ae:db:68:3e:05:70:
b5:cd:91:a1:fd:03:4a:e8:f8:4e:48:18:41:60:3e:
81:39:63:b1:41:98:b4:f7:a0:15:d4:93:f9:f2:48:
86:38:9c:18:71:91:b0:96:de:ee:61:1d:bd:e5:b3:
79:ac:c5:45:c1:44:06:31:e8:f0:8e:76:9e:19:c8:
1e:80:f6:dc:db:d7:53:5b:87:26:ea:18:50:64:20:
76:3f:93:29:96:f6:59:c7:aa:4c:e7:17:47:d2:c0:
3a:99:6a:e9:4a:b9:7b:5d:00:3d:6d:5f:8a:93:32:
31:51:91:cf:76:f6:47:5e:8d:f1:f1:67:24:e1:17:
9f:30:9c:2c:ae:c5:ed:70:ec:f3:cc:69:5e:8d:9c:
c7:35:b7:17:88:34:01:43:7d:5d:e5:95:55:15:ef:
67:f9:59:fe:c1:4d:6f:cd:83:cf:62:77:77:58:d1:
7b:26:17:86:6e:28:dd:34:ce:8e:c0:1c:6d:a4:4d:
2e:3c:f8:74:a4:7f:fa:1c:47:88:b4:5f:90:b7:b0:
44:11:61:67:0e:95:5d:34:3e:5a:0f:91:8c:5b:4b:
0c:d4:86:b3:4d:5a:0a:90:66:52:ea:ae:1c:bc:d9:
c8:2a:54:2c:0b:3c:bc:33:51:5a:00:8e:a1:83:a3:
68:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:8B:8E:31:19:5E:42:C0:90:B5:98:37:5F:E4:6B:60:69:A5:19:65
X509v3 Authority Key Identifier:
keyid:93:5C:42:85:7E:30:2F:EB:14:01:73:01:E4:3C:39:FE:45:E7:F6:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k1xChX4wL-sUAXMB5Dw5_kXn9ik.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/aYuOMRleQsCQtZg3X-RrYGmlGWU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/k1xChX4wL-sUAXMB5Dw5_kXn9ik.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.214.24.0/22
IPv6:
2a0b:9440::/29
Signature Algorithm: sha256WithRSAEncryption
98:b8:bb:3f:f3:da:b5:5a:f1:fa:ca:96:14:4f:04:14:74:db:
59:af:4b:d6:c4:4f:8f:d2:b8:ad:ce:b3:4c:9f:a1:36:bd:63:
2d:b2:04:b3:1e:56:63:87:bb:bd:c3:c9:33:7d:33:98:80:62:
06:49:37:ca:66:31:8a:4e:08:e6:4b:7d:a2:83:9c:0e:e5:83:
b4:7b:f6:30:da:ca:80:cc:05:ce:42:be:77:24:57:f7:f4:38:
80:14:b1:aa:bf:f8:77:89:8e:82:51:81:1f:c8:7b:db:16:8d:
ff:65:83:f5:4a:8b:52:e9:ca:82:6b:b6:ec:24:1f:4c:c6:fc:
eb:19:22:37:af:43:93:ff:5f:c5:58:69:e6:03:b4:17:59:fd:
06:1f:8c:67:d4:77:27:44:18:05:ab:dd:dd:aa:3e:16:1d:7b:
bb:ab:b4:d4:4f:7f:42:d3:3a:d6:aa:9f:58:d2:f3:2d:4c:b0:
50:08:7b:9e:4d:96:66:ef:79:0b:fb:ff:2f:8a:e3:98:39:20:
1a:4a:e2:6d:e2:5f:28:92:c4:d5:7d:35:61:9c:ea:f4:be:1a:
5b:92:0a:90:48:44:b7:fc:c7:4d:42:c9:0a:7e:81:f5:41:58:
a9:7d:ad:35:33:3b:49:0c:62:ac:db:29:8d:47:b8:41:eb:06:
fb:63:f0:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZnpuBO9v1y3AW/b82mX7La2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNWM0Mjg1N2UzMDJmZWIxNDAxNzMwMWU0M2MzOWZlNDVl
N2Y2MjkwHhcNMjUxMDE1MjExMjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OThiOGUzMTE5NWU0MmMwOTBiNTk4Mzc1ZmU0NmI2MDY5YTUxOTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvvYvzc0qjeu22g+BXC1zZGh/QNK
6PhOSBhBYD6BOWOxQZi096AV1JP58kiGOJwYcZGwlt7uYR295bN5rMVFwUQGMejw
jnaeGcgegPbc29dTW4cm6hhQZCB2P5MplvZZx6pM5xdH0sA6mWrpSrl7XQA9bV+K
kzIxUZHPdvZHXo3x8Wck4RefMJwsrsXtcOzzzGlejZzHNbcXiDQBQ31d5ZVVFe9n
+Vn+wU1vzYPPYnd3WNF7JheGbijdNM6OwBxtpE0uPPh0pH/6HEeItF+Qt7BEEWFn
DpVdND5aD5GMW0sM1IazTVoKkGZS6q4cvNnIKlQsCzy8M1FaAI6hg6NoUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGmLjjEZXkLAkLWYN1/ka2BppRllMB8GA1UdIwQY
MBaAFJNcQoV+MC/rFAFzAeQ8Of5F5/YpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazF4Q2hYNHdMLXNVQVhNQjVEdzVfa1huOWlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81NWU1MjktYjgzOS00NDRmLTg3MmQt
MWJmZDEwYTg4NDVhLzEvYVl1T01SbGVRc0NRdFpnM1gtUnJZR21sR1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81NWU1MjktYjgzOS00NDRmLTg3MmQtMWJmZDEwYTg4NDVh
LzEvazF4Q2hYNHdMLXNVQVhNQjVEdzVfa1huOWlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudYYMA0E
AgACMAcDBQMqC5RAMA0GCSqGSIb3DQEBCwUAA4IBAQCYuLs/89q1WvH6ypYUTwQU
dNtZr0vWxE+P0ritzrNMn6E2vWMtsgSzHlZjh7u9w8kzfTOYgGIGSTfKZjGKTgjm
S32ig5wO5YO0e/Yw2sqAzAXOQr53JFf39DiAFLGqv/h3iY6CUYEfyHvbFo3/ZYP1
SotS6cqCa7bsJB9MxvzrGSI3r0OT/1/FWGnmA7QXWf0GH4xn1HcnRBgFq93dqj4W
HXu7q7TUT39C0zrWqp9Y0vMtTLBQCHueTZZm73kL+/8viuOYOSAaSuJt4l8oksTV
fTVhnOr0vhpbkgqQSES3/MdNQskKfoH1QVipfa01MztJDGKs2ymNR7hB6wb7Y/Bx
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:09:53 2025 by rpki-client