Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/hwJf6VumQco-ZneET3L8ACOfvX8.roa
File: hwJf6VumQco-ZneET3L8ACOfvX8.roa (raw, json)
Hash identifier: EcoD8v/r1aMC/ov7E8diQalSosE5t0EwMU8AArCBREA=
Subject key identifier: 87:02:5F:E9:5B:A6:41:CA:3E:66:77:84:4F:72:FC:00:23:9F:BD:7F
Certificate issuer: /CN=0842759a04fcfd9dd386486f04820e4a060397f2
Certificate serial: 0199E18CB17F98DB182140F1AEEC87976448
Authority key identifier: 08:42:75:9A:04:FC:FD:9D:D3:86:48:6F:04:82:0E:4A:06:03:97:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/hwJf6VumQco-ZneET3L8ACOfvX8.roa
Signing time: Tue 14 Oct 2025 07:08:38 +0000
ROA not before: Tue 14 Oct 2025 07:08:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35617
IP address blocks: 85.204.42.0/24 maxlen: 24
86.104.135.0/24 maxlen: 24
109.239.240.0/20 maxlen: 20
178.132.88.0/21 maxlen: 21
185.59.132.0/22 maxlen: 22
185.72.40.0/22 maxlen: 22
185.225.128.0/22 maxlen: 22
212.81.60.0/22 maxlen: 22
2a04:e240::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.crl
rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.mft
rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 13:01:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e1:8c:b1:7f:98:db:18:21:40:f1:ae:ec:87:97:64:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0842759a04fcfd9dd386486f04820e4a060397f2
Validity
Not Before: Oct 14 07:08:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=87025fe95ba641ca3e6677844f72fc00239fbd7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:22:33:6e:6a:dd:34:24:42:90:67:e5:2d:c5:
00:4d:e2:57:95:08:2a:39:2b:f7:d8:48:f0:37:c1:
f2:93:0f:5d:8a:41:69:e3:77:e2:e9:ae:0e:d2:bd:
11:a3:f6:b2:04:93:ea:25:a9:8e:91:21:c4:f3:06:
a0:27:fe:08:a2:a4:4c:5f:53:f2:aa:d1:76:37:c3:
b4:87:1d:a5:3a:e4:7e:33:a1:2c:dd:20:91:29:81:
1e:e5:bb:86:f7:62:0e:69:ec:98:b2:ba:03:a4:36:
50:6f:c8:cb:ae:7f:ad:e8:81:9e:ac:f8:ac:86:ed:
8f:e0:a8:ef:b7:d6:93:c3:81:d6:f8:25:9b:ca:9a:
3b:0e:0c:4b:c0:f3:aa:9e:24:78:69:03:5c:9a:b6:
59:4b:e5:8a:4a:a3:af:b8:bb:c3:8f:bd:54:4d:54:
0c:8d:fa:0d:09:6e:5c:2c:a3:d7:da:6c:72:e4:aa:
9f:78:fb:72:3c:92:d3:05:fd:cf:dd:9b:7e:b9:b4:
44:c3:e9:34:1d:6a:90:96:89:6e:5c:34:e8:47:16:
94:e0:a2:35:51:b3:a6:fc:a4:9e:21:42:8a:33:f2:
29:6b:24:70:5f:f1:90:6d:81:35:32:67:00:c6:89:
70:e9:f5:07:ae:d3:6a:ab:57:3a:ab:74:02:cd:fa:
11:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:02:5F:E9:5B:A6:41:CA:3E:66:77:84:4F:72:FC:00:23:9F:BD:7F
X509v3 Authority Key Identifier:
keyid:08:42:75:9A:04:FC:FD:9D:D3:86:48:6F:04:82:0E:4A:06:03:97:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/hwJf6VumQco-ZneET3L8ACOfvX8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.42.0/24
86.104.135.0/24
109.239.240.0/20
178.132.88.0/21
185.59.132.0/22
185.72.40.0/22
185.225.128.0/22
212.81.60.0/22
IPv6:
2a04:e240::/29
Signature Algorithm: sha256WithRSAEncryption
8a:6b:21:e8:90:f5:e0:6a:b0:ec:7a:31:c6:16:79:20:80:6c:
2f:63:82:e8:76:76:8b:51:be:5f:65:54:2a:7d:6d:de:48:67:
4e:68:ca:80:63:63:84:e9:8d:73:a6:dd:72:65:22:1f:28:4a:
2e:9d:7a:37:74:b4:05:7b:64:75:04:06:11:e6:66:ae:96:1d:
a8:8e:2c:1c:f3:a1:7e:a5:50:59:12:41:45:bf:dc:70:65:02:
39:98:63:b9:8e:83:74:aa:77:e3:c1:1e:99:a0:8f:f7:2c:ca:
90:19:d2:12:b5:9a:c6:bc:f2:9b:7d:1c:d0:3a:1b:d7:b7:d6:
3c:0f:32:20:fe:b2:6b:af:23:72:e3:01:cf:bf:d5:50:b9:b7:
36:f7:b6:f3:3a:71:97:c7:a8:6c:65:d5:89:e4:53:32:71:0f:
00:7f:74:24:19:ad:fc:56:c2:b3:4d:4c:6d:aa:2e:71:3e:54:
18:ed:87:7c:40:f4:15:06:f6:c2:ad:ca:d8:9e:eb:4f:a7:fc:
97:ed:9e:4e:38:61:a4:2e:7e:db:94:67:69:d1:13:90:c1:4b:
4a:a9:72:e0:07:53:13:27:74:d3:a0:99:b1:d5:7b:67:fc:69:
5a:ee:ee:58:61:63:ab:d1:7f:38:3a:04:c2:e6:03:fc:83:3f:
a0:05:5f:d9
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZnhjLF/mNsYIUDxruyHl2RIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NDI3NTlhMDRmY2ZkOWRkMzg2NDg2ZjA0ODIwZTRhMDYw
Mzk3ZjIwHhcNMjUxMDE0MDcwODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzAyNWZlOTViYTY0MWNhM2U2Njc3ODQ0ZjcyZmMwMDIzOWZiZDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyIzbmrdNCRCkGflLcUATeJXlQgq
OSv32EjwN8Hykw9dikFp43fi6a4O0r0Ro/ayBJPqJamOkSHE8wagJ/4IoqRMX1Py
qtF2N8O0hx2lOuR+M6Es3SCRKYEe5buG92IOaeyYsroDpDZQb8jLrn+t6IGerPis
hu2P4Kjvt9aTw4HW+CWbypo7DgxLwPOqniR4aQNcmrZZS+WKSqOvuLvDj71UTVQM
jfoNCW5cLKPX2mxy5KqfePtyPJLTBf3P3Zt+ubREw+k0HWqQloluXDToRxaU4KI1
UbOm/KSeIUKKM/IpayRwX/GQbYE1MmcAxolw6fUHrtNqq1c6q3QCzfoRLQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFIcCX+lbpkHKPmZ3hE9y/AAjn71/MB8GA1UdIwQY
MBaAFAhCdZoE/P2d04ZIbwSCDkoGA5fyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0VKMW1nVDhfWjNUaGtodkJJSU9TZ1lEbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8zZGZlN2YtNTdhZS00NTBjLTkyZTEt
NzAyNWUxODgwNjhjLzEvaHdKZjZWdW1RY28tWm5lRVQzTDhBQ09mdlg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8zZGZlN2YtNTdhZS00NTBjLTkyZTEtNzAyNWUxODgwNjhj
LzEvQ0VKMW1nVDhfWjNUaGtodkJJSU9TZ1lEbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQAVcwqAwQA
VmiHAwQEbe/wAwQDsoRYAwQCuTuEAwQCuUgoAwQCueGAAwQC1FE8MA0EAgACMAcD
BQMqBOJAMA0GCSqGSIb3DQEBCwUAA4IBAQCKayHokPXgarDsejHGFnkggGwvY4Lo
dnaLUb5fZVQqfW3eSGdOaMqAY2OE6Y1zpt1yZSIfKEounXo3dLQFe2R1BAYR5mau
lh2ojiwc86F+pVBZEkFFv9xwZQI5mGO5joN0qnfjwR6ZoI/3LMqQGdIStZrGvPKb
fRzQOhvXt9Y8DzIg/rJrryNy4wHPv9VQubc297bzOnGXx6hsZdWJ5FMycQ8Af3Qk
Ga38VsKzTUxtqi5xPlQY7Yd8QPQVBvbCrcrYnutPp/yX7Z5OOGGkLn7blGdp0ROQ
wUtKqXLgB1MTJ3TToJmx1Xtn/Gla7u5YYWOr0X84OgTC5gP8gz+gBV/Z
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:14:59 2025 by rpki-client