Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/SfNDVxDssqhMgryNzm12YQX_5D4.roa
File: SfNDVxDssqhMgryNzm12YQX_5D4.roa (raw, json)
Hash identifier: JNj63Cat+McVVvzwc6C6pT5U3+pDTZGt0yQbmqaAU+I=
Subject key identifier: 49:F3:43:57:10:EC:B2:A8:4C:82:BC:8D:CE:6D:76:61:05:FF:E4:3E
Certificate issuer: /CN=844969780141824cd0acbfa5a784611eeb0a7ddb
Certificate serial: 0199E80D70877AAC7E3CB817B98741B6CE50
Authority key identifier: 84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/SfNDVxDssqhMgryNzm12YQX_5D4.roa
Signing time: Wed 15 Oct 2025 13:26:58 +0000
ROA not before: Wed 15 Oct 2025 13:26:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216192
IP address blocks: 85.159.89.0/24 maxlen: 24
188.125.165.0/24 maxlen: 24
188.125.167.0/24 maxlen: 24
188.125.169.0/24 maxlen: 24
188.125.174.0/24 maxlen: 24
194.177.14.0/24 maxlen: 24
2a13:f6c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl
rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.mft
rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e8:0d:70:87:7a:ac:7e:3c:b8:17:b9:87:41:b6:ce:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=844969780141824cd0acbfa5a784611eeb0a7ddb
Validity
Not Before: Oct 15 13:26:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=49f3435710ecb2a84c82bc8dce6d766105ffe43e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:b6:d9:6d:85:f7:bf:94:f7:11:02:ac:22:a4:
2a:88:29:4e:16:50:85:aa:47:38:4b:9d:ab:57:58:
93:d7:74:a9:ef:fd:ee:d2:c2:01:4d:db:17:26:69:
65:13:04:7f:4a:e6:9d:8d:7a:a3:82:0c:a1:65:5c:
30:e3:6b:fc:66:f4:38:10:e3:6f:32:03:3f:63:42:
54:9d:fd:42:f1:b0:d4:0d:54:76:7c:e9:aa:7a:cc:
7e:ac:78:d0:cd:0e:bb:55:6d:00:96:68:fc:1a:3a:
de:cc:dc:5a:f2:7a:13:ec:de:58:ba:70:5d:3b:87:
cb:98:f1:35:c1:cc:db:92:5a:bc:28:61:9f:e2:21:
34:f5:13:8d:4f:a6:f4:08:ee:dc:36:95:a8:71:e8:
81:c8:45:aa:56:29:f2:c4:a6:0e:ec:d9:d0:d8:8f:
e7:3f:2a:d0:48:1a:27:70:75:17:2e:f5:00:8d:65:
d7:82:18:5a:93:aa:71:2b:a3:fc:e3:0d:24:5b:a9:
51:58:03:ff:06:94:bc:bf:60:b1:b8:f7:80:b2:20:
0a:8a:2d:2e:2c:e1:4f:1e:08:6b:70:35:6c:84:bc:
d5:ea:36:96:e2:6e:6d:4a:c5:ab:91:71:12:28:0d:
e1:f2:f9:d5:de:25:82:40:41:bf:14:6a:bb:83:a2:
e4:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:F3:43:57:10:EC:B2:A8:4C:82:BC:8D:CE:6D:76:61:05:FF:E4:3E
X509v3 Authority Key Identifier:
keyid:84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/SfNDVxDssqhMgryNzm12YQX_5D4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.159.89.0/24
188.125.165.0/24
188.125.167.0/24
188.125.169.0/24
188.125.174.0/24
194.177.14.0/24
IPv6:
2a13:f6c0::/29
Signature Algorithm: sha256WithRSAEncryption
2d:42:b6:5f:e3:7e:55:f8:87:7d:39:64:21:0e:10:46:ad:53:
b6:57:a4:55:00:bd:7d:f7:69:90:ba:80:e5:23:97:92:22:99:
2e:56:61:8d:6f:00:f2:5a:f8:f6:f8:68:de:fb:70:a7:2e:50:
08:fe:95:ac:99:f7:9b:dc:01:2f:77:01:26:22:43:b0:81:cf:
f0:25:29:36:e4:a4:56:c1:98:de:26:e3:7e:b7:c9:21:8b:85:
0e:ef:fe:fe:16:80:8b:42:d8:9f:a7:78:0c:75:28:3e:7f:fa:
16:23:a2:3d:79:d8:bc:a4:00:11:3d:c9:a0:88:e5:b8:ce:2b:
d2:92:3b:be:cd:57:f1:7a:b9:a0:b0:de:34:cd:b3:6e:ec:66:
ca:27:eb:ee:24:12:64:d2:17:11:90:5a:44:80:38:a3:00:b7:
db:d3:c2:5a:92:5a:2b:84:34:bc:5b:5e:7a:2d:d0:fd:e9:1d:
f1:2a:4f:d6:92:bd:e7:b4:fe:fb:db:71:75:96:cf:5f:d0:43:
c2:50:dd:86:57:c2:2f:cf:8b:b8:37:64:21:b7:28:51:37:cd:
86:b1:af:a7:65:c1:68:f4:42:7d:56:f5:63:a6:06:8b:71:84:
8d:22:0d:c8:ed:ba:51:bc:75:67:72:c9:77:a5:6c:3b:5f:19:
06:4a:26:81
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZnoDXCHeqx+PLgXuYdBts5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDk2OTc4MDE0MTgyNGNkMGFjYmZhNWE3ODQ2MTFlZWIw
YTdkZGIwHhcNMjUxMDE1MTMyNjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWYzNDM1NzEwZWNiMmE4NGM4MmJjOGRjZTZkNzY2MTA1ZmZlNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbbZbYX3v5T3EQKsIqQqiClOFlCF
qkc4S52rV1iT13Sp7/3u0sIBTdsXJmllEwR/SuadjXqjggyhZVww42v8ZvQ4EONv
MgM/Y0JUnf1C8bDUDVR2fOmqesx+rHjQzQ67VW0Almj8GjrezNxa8noT7N5YunBd
O4fLmPE1wczbklq8KGGf4iE09RONT6b0CO7cNpWoceiByEWqVinyxKYO7NnQ2I/n
PyrQSBoncHUXLvUAjWXXghhak6pxK6P84w0kW6lRWAP/BpS8v2CxuPeAsiAKii0u
LOFPHghrcDVshLzV6jaW4m5tSsWrkXESKA3h8vnV3iWCQEG/FGq7g6LkJQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFEnzQ1cQ7LKoTIK8jc5tdmEF/+Q+MB8GA1UdIwQY
MBaAFIRJaXgBQYJM0Ky/paeEYR7rCn3bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAt
MDRhYzE3ODgxYWE5LzEvU2ZORFZ4RHNzcWhNZ3J5TnptMTJZUVhfNUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAtMDRhYzE3ODgxYWE5
LzEvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAVZ9ZAwQA
vH2lAwQAvH2nAwQAvH2pAwQAvH2uAwQAwrEOMA0EAgACMAcDBQMqE/bAMA0GCSqG
SIb3DQEBCwUAA4IBAQAtQrZf435V+Id9OWQhDhBGrVO2V6RVAL1992mQuoDlI5eS
IpkuVmGNbwDyWvj2+Gje+3CnLlAI/pWsmfeb3AEvdwEmIkOwgc/wJSk25KRWwZje
JuN+t8khi4UO7/7+FoCLQtifp3gMdSg+f/oWI6I9edi8pAARPcmgiOW4zivSkju+
zVfxermgsN40zbNu7GbKJ+vuJBJk0hcRkFpEgDijALfb08JaklorhDS8W156LdD9
6R3xKk/Wkr3ntP7723F1ls9f0EPCUN2GV8Ivz4u4N2QhtyhRN82Gsa+nZcFo9EJ9
VvVjpgaLcYSNIg3I7bpRvHVncsl3pWw7XxkGSiaB
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:36:43 2025 by rpki-client