Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/rF2NbE_tOwpSRvuv6q5i4RA7Ges.roa
File: rF2NbE_tOwpSRvuv6q5i4RA7Ges.roa (raw, json)
Hash identifier: eR6zET3xve1jmE2cHBmZXtrSF9DwLLOsmXQGl2pVTjo=
Subject key identifier: AC:5D:8D:6C:4F:ED:3B:0A:52:46:FB:AF:EA:AE:62:E1:10:3B:19:EB
Certificate issuer: /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial: 01994C8912A4C60C9E35137AE2359CCABC3B
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/rF2NbE_tOwpSRvuv6q5i4RA7Ges.roa
Signing time: Mon 15 Sep 2025 08:41:15 +0000
ROA not before: Mon 15 Sep 2025 08:41:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58289
IP address blocks: 85.159.94.0/24 maxlen: 24
86.54.184.0/24 maxlen: 24
91.147.111.0/24 maxlen: 24
92.240.243.0/24 maxlen: 24
109.175.215.0/24 maxlen: 24
185.162.234.0/24 maxlen: 24
193.43.251.0/24 maxlen: 24
194.31.133.0/24 maxlen: 24
194.31.135.0/24 maxlen: 24
212.108.87.0/24 maxlen: 24
2a0e:6600::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 15:16:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:4c:89:12:a4:c6:0c:9e:35:13:7a:e2:35:9c:ca:bc:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Validity
Not Before: Sep 15 08:41:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ac5d8d6c4fed3b0a5246fbafeaae62e1103b19eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:9d:7a:d0:6d:c0:1a:d7:5f:a2:14:50:1f:27:
01:92:46:e9:2d:de:37:de:74:41:ce:be:65:b6:79:
73:89:74:70:55:a6:05:d1:8a:7f:44:12:23:e5:9b:
40:35:4c:8f:8c:62:e5:ed:79:9b:19:e5:83:18:a7:
db:9e:18:78:72:5c:54:58:96:6e:2b:ca:46:a7:96:
b6:37:44:d4:7f:19:0c:07:a8:47:77:63:b9:8f:98:
4c:58:c5:e4:6d:d9:99:0a:8b:c0:c3:e0:38:a6:7c:
75:6c:c2:37:36:23:c9:a7:75:42:b1:e1:32:d1:c0:
7e:58:76:b3:1f:b7:7d:fd:ac:8b:49:18:2b:c8:d3:
6b:ba:67:34:21:b3:4c:5b:43:90:34:f3:04:f5:d4:
8f:20:82:e8:c9:5a:ea:f6:4f:42:50:47:d3:1f:ee:
bb:6c:c4:12:9b:af:4e:1c:ae:05:ce:0a:b1:d1:43:
11:34:68:61:37:77:0b:04:fd:35:1c:12:10:f9:d7:
57:01:bf:2a:57:64:a0:90:c1:2d:bb:89:0f:01:c8:
28:b2:91:d2:b9:a9:6d:56:11:40:d6:71:21:f9:01:
4c:0a:e1:ba:f6:ef:68:19:e1:75:52:a8:ca:5d:12:
e3:eb:4a:7f:11:fc:ac:19:5d:60:dc:88:b4:96:0f:
aa:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:5D:8D:6C:4F:ED:3B:0A:52:46:FB:AF:EA:AE:62:E1:10:3B:19:EB
X509v3 Authority Key Identifier:
keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/rF2NbE_tOwpSRvuv6q5i4RA7Ges.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.159.94.0/24
86.54.184.0/24
91.147.111.0/24
92.240.243.0/24
109.175.215.0/24
185.162.234.0/24
193.43.251.0/24
194.31.133.0/24
194.31.135.0/24
212.108.87.0/24
IPv6:
2a0e:6600::/48
Signature Algorithm: sha256WithRSAEncryption
27:2f:ea:37:9e:a1:b9:4d:d4:a4:51:aa:20:d5:49:df:3f:c7:
3b:1e:12:f0:84:f0:8b:67:fe:22:88:2f:13:17:ba:9b:7a:a8:
2c:93:59:8a:c0:85:a8:e7:1b:63:ea:0f:7d:3b:62:b5:50:81:
ce:69:76:92:90:7c:bb:be:a1:25:ea:65:08:e4:f4:b3:35:56:
a6:23:b7:52:50:99:ae:6f:3e:a7:d9:87:ed:5b:97:50:10:0a:
1b:7d:a0:82:78:27:84:98:c6:d8:62:50:b5:55:3a:23:d8:85:
8f:8f:02:8a:f2:c0:71:bc:7b:26:ee:0a:9e:69:0c:8a:d5:f8:
24:40:40:54:e8:54:34:16:63:bb:28:b0:47:e2:6a:cc:83:aa:
55:79:b3:9d:27:6f:64:89:c3:bc:17:be:72:4d:fe:7d:af:a4:
5c:78:f2:52:25:2c:98:c0:78:f9:3e:b0:ba:54:9e:c8:83:13:
01:d7:1e:4d:f0:3c:6c:fb:2a:68:43:5b:3b:83:2b:f5:2f:39:
1e:5c:f0:66:50:e1:c9:6f:71:07:78:66:a3:c6:ee:c6:0e:45:
6e:43:7b:9a:21:37:93:e4:66:66:7e:43:ba:5f:8c:46:f4:dc:
be:b2:4c:7f:36:3c:ae:ab:62:fd:42:2a:69:a0:44:46:48:44:
fa:cc:18:db
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZlMiRKkxgyeNRN64jWcyrw7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjUwOTE1MDg0MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzVkOGQ2YzRmZWQzYjBhNTI0NmZiYWZlYWFlNjJlMTEwM2IxOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp160G3AGtdfohRQHycBkkbpLd43
3nRBzr5ltnlziXRwVaYF0Yp/RBIj5ZtANUyPjGLl7XmbGeWDGKfbnhh4clxUWJZu
K8pGp5a2N0TUfxkMB6hHd2O5j5hMWMXkbdmZCovAw+A4pnx1bMI3NiPJp3VCseEy
0cB+WHazH7d9/ayLSRgryNNrumc0IbNMW0OQNPME9dSPIILoyVrq9k9CUEfTH+67
bMQSm69OHK4Fzgqx0UMRNGhhN3cLBP01HBIQ+ddXAb8qV2SgkMEtu4kPAcgospHS
ualtVhFA1nEh+QFMCuG69u9oGeF1UqjKXRLj60p/EfysGV1g3Ii0lg+qfwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFKxdjWxP7TsKUkb7r+quYuEQOxnrMB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvckYyTmJFX3RPd3BTUnZ1djZxNWk0UkE3R2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBCBAIAATA8AwQAVZ9eAwQA
Vja4AwQAW5NvAwQAXPDzAwQAba/XAwQAuaLqAwQAwSv7AwQAwh+FAwQAwh+HAwQA
1GxXMA8EAgACMAkDBwAqDmYAAAAwDQYJKoZIhvcNAQELBQADggEBACcv6jeeoblN
1KRRqiDVSd8/xzseEvCE8Itn/iKILxMXupt6qCyTWYrAhajnG2PqD307YrVQgc5p
dpKQfLu+oSXqZQjk9LM1VqYjt1JQma5vPqfZh+1bl1AQCht9oIJ4J4SYxthiULVV
OiPYhY+PAorywHG8eybuCp5pDIrV+CRAQFToVDQWY7sosEfiasyDqlV5s50nb2SJ
w7wXvnJN/n2vpFx48lIlLJjAePk+sLpUnsiDEwHXHk3wPGz7KmhDWzuDK/UvOR5c
8GZQ4clvcQd4ZqPG7sYORW5De5ohN5PkZmZ+Q7pfjEb03L6yTH82PK6rYv1CKmmg
REZIRPrMGNs=
-----END CERTIFICATE-----
Generated at Tue Oct 21 00:56:18 2025 by rpki-client