Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/tj2j33BZ5qBMziKxwEMdoOmheMU.roa
File: tj2j33BZ5qBMziKxwEMdoOmheMU.roa (raw, json)
Hash identifier: Ls+1dw94wulLbg28FKbSGPsIVW3+yqV/GiJSIU5Zocs=
Subject key identifier: B6:3D:A3:DF:70:59:E6:A0:4C:CE:22:B1:C0:43:1D:A0:E9:A1:78:C5
Certificate issuer: /CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Certificate serial: 0199F121F7A7B0271B2E1A88A6B0DDDB85A6
Authority key identifier: 6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/tj2j33BZ5qBMziKxwEMdoOmheMU.roa
Signing time: Fri 17 Oct 2025 07:45:59 +0000
ROA not before: Fri 17 Oct 2025 07:45:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42831
IP address blocks: 85.116.196.0/22 maxlen: 22
85.116.220.0/22 maxlen: 22
89.238.114.0/24 maxlen: 24
89.238.115.0/24 maxlen: 24
89.238.116.0/24 maxlen: 24
89.238.117.0/24 maxlen: 24
89.238.118.0/24 maxlen: 24
89.238.119.0/24 maxlen: 24
89.238.124.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.mft
rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f1:21:f7:a7:b0:27:1b:2e:1a:88:a6:b0:dd:db:85:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Validity
Not Before: Oct 17 07:45:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b63da3df7059e6a04cce22b1c0431da0e9a178c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:f9:eb:bd:d5:4c:e3:e3:42:c1:7c:11:a9:29:
8f:8c:fe:66:09:9a:e5:b9:30:0a:3a:de:cd:ee:f8:
e8:90:48:3d:70:83:6b:22:f3:3c:b5:54:40:62:d2:
1a:a1:98:00:fc:13:b8:7f:18:7a:bb:42:94:b1:41:
d9:ef:f8:e5:11:3c:d6:08:cb:16:53:5c:07:25:e0:
05:30:44:b9:0f:11:67:b5:a7:ae:38:a7:97:c3:05:
e3:c1:aa:ca:60:ca:11:a6:3b:e5:de:1b:f6:5e:ee:
ec:4e:1e:a8:b3:65:1c:56:12:03:19:e9:00:66:8a:
c1:42:24:97:ff:6b:d9:bc:91:6d:c6:54:3f:fe:e9:
fe:37:5b:33:2d:d2:8f:97:e6:13:4c:b4:46:61:07:
39:75:85:29:90:a8:c5:4c:54:e1:e2:00:52:54:4d:
70:f9:24:a8:98:5b:0a:3c:3a:2d:18:da:ce:71:2a:
9d:57:ac:6a:54:8f:7c:05:96:9e:01:84:3a:5f:a1:
e9:53:b7:cb:c1:1d:69:f6:af:61:1f:2b:7e:9a:25:
d2:ba:c6:1e:cd:7c:cc:a1:43:71:59:40:cb:aa:0f:
8e:59:09:eb:8d:71:0e:ba:b2:d0:70:47:d3:26:05:
e0:4f:ff:29:44:fa:55:11:14:6e:de:7d:fd:3a:1d:
55:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:3D:A3:DF:70:59:E6:A0:4C:CE:22:B1:C0:43:1D:A0:E9:A1:78:C5
X509v3 Authority Key Identifier:
keyid:6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/tj2j33BZ5qBMziKxwEMdoOmheMU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.116.196.0/22
85.116.220.0/22
89.238.114.0-89.238.119.255
89.238.124.0/24
Signature Algorithm: sha256WithRSAEncryption
a9:1c:f7:59:77:a1:5b:2f:be:89:2f:ba:66:8a:0b:5f:c8:35:
f2:3c:66:a7:1f:e1:b4:c8:cf:e6:1a:33:ef:a5:1f:8e:3a:05:
86:8c:1b:5f:14:9a:03:74:2b:11:48:f4:27:fe:8c:9f:50:44:
c2:8b:29:f7:03:af:4c:80:b7:eb:bc:54:d3:3e:79:f9:99:f3:
5e:58:0d:10:02:03:dc:4f:d5:ce:21:c5:6c:18:bd:ab:26:d0:
8d:82:73:ba:51:7e:4b:48:c4:81:db:fa:74:b9:84:be:fc:20:
da:69:cc:77:0a:97:da:d7:93:7b:f2:44:b9:27:73:02:c4:cd:
56:5a:35:4c:6b:06:16:f1:8c:77:1d:8d:8f:81:22:ed:95:83:
6b:e6:d9:ec:88:cf:fe:d9:b3:c6:41:73:8a:a7:b0:42:23:65:
18:7d:5a:06:80:0a:87:83:e7:29:79:9d:83:ef:cf:4f:57:94:
0e:7c:e4:21:b1:00:a9:43:8e:d8:bc:c2:08:2f:73:95:fe:8e:
78:29:76:b0:fe:92:ea:78:6f:33:55:2d:0d:ce:d0:3f:26:4f:
87:3a:2b:45:da:e0:80:39:fe:87:86:59:ed:53:a1:89:4b:44:
f8:72:3a:65:ea:66:b5:c1:fd:9e:a5:a8:d8:91:38:39:07:d3:
94:d3:30:e8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZnxIfensCcbLhqIprDd24WmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDAzOTJhYzc2NjBiZDE0NjBmYTFkNTAzMWQxODQwZDAx
Yjk0MTIwHhcNMjUxMDE3MDc0NTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjNkYTNkZjcwNTllNmEwNGNjZTIyYjFjMDQzMWRhMGU5YTE3OGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfnrvdVM4+NCwXwRqSmPjP5mCZrl
uTAKOt7N7vjokEg9cINrIvM8tVRAYtIaoZgA/BO4fxh6u0KUsUHZ7/jlETzWCMsW
U1wHJeAFMES5DxFntaeuOKeXwwXjwarKYMoRpjvl3hv2Xu7sTh6os2UcVhIDGekA
ZorBQiSX/2vZvJFtxlQ//un+N1szLdKPl+YTTLRGYQc5dYUpkKjFTFTh4gBSVE1w
+SSomFsKPDotGNrOcSqdV6xqVI98BZaeAYQ6X6HpU7fLwR1p9q9hHyt+miXSusYe
zXzMoUNxWUDLqg+OWQnrjXEOurLQcEfTJgXgT/8pRPpVERRu3n39Oh1VjwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFLY9o99wWeagTM4iscBDHaDpoXjFMB8GA1UdIwQY
MBaAFG7QOSrHZgvRRg+h1QMdGEDQG5QSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQt
ZThiYWY5ZmZhZGY4LzEvdGoyajMzQlo1cUJNemlLeHdFTWRvT21oZU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQtZThiYWY5ZmZhZGY4
LzEvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCVXTEAwQC
VXTcMAwDBAFZ7nIDBANZ7nADBABZ7nwwDQYJKoZIhvcNAQELBQADggEBAKkc91l3
oVsvvokvumaKC1/INfI8Zqcf4bTIz+YaM++lH446BYaMG18UmgN0KxFI9Cf+jJ9Q
RMKLKfcDr0yAt+u8VNM+efmZ815YDRACA9xP1c4hxWwYvasm0I2Cc7pRfktIxIHb
+nS5hL78INppzHcKl9rXk3vyRLkncwLEzVZaNUxrBhbxjHcdjY+BIu2Vg2vm2eyI
z/7Zs8ZBc4qnsEIjZRh9WgaACoeD5yl5nYPvz09XlA585CGxAKlDjti8wggvc5X+
jngpdrD+kup4bzNVLQ3O0D8mT4c6K0Xa4IA5/oeGWe1ToYlLRPhyOmXqZrXB/Z6l
qNiRODkH05TTMOg=
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:43:16 2025 by rpki-client