Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/Jd9KhT8D9dzrmclXzaM2LsTcdvk.roa
File: Jd9KhT8D9dzrmclXzaM2LsTcdvk.roa (raw, json)
Hash identifier: Xz0hJFnyzCZED2jN3f6gRmu551al736EIaABcjiPvLQ=
Subject key identifier: 25:DF:4A:85:3F:03:F5:DC:EB:99:C9:57:CD:A3:36:2E:C4:DC:76:F9
Certificate issuer: /CN=87f41ae0779e37defc69b2a5b0f7ab8fd40cd3e7
Certificate serial: 0199F105B7FEF4087D23D4CF0D0CD985E1C2
Authority key identifier: 87:F4:1A:E0:77:9E:37:DE:FC:69:B2:A5:B0:F7:AB:8F:D4:0C:D3:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/Jd9KhT8D9dzrmclXzaM2LsTcdvk.roa
Signing time: Fri 17 Oct 2025 07:15:07 +0000
ROA not before: Fri 17 Oct 2025 07:15:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199087
IP address blocks: 89.190.0.0/19 maxlen: 19
185.151.76.0/22 maxlen: 22
2a03:7c00::/29 maxlen: 32
2a03:7c00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.mft
rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 13:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f1:05:b7:fe:f4:08:7d:23:d4:cf:0d:0c:d9:85:e1:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=87f41ae0779e37defc69b2a5b0f7ab8fd40cd3e7
Validity
Not Before: Oct 17 07:15:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=25df4a853f03f5dceb99c957cda3362ec4dc76f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:b3:8b:14:68:05:0b:3c:a8:52:82:a7:c2:13:
ed:79:f0:08:b2:e6:ce:64:75:18:a3:f9:97:69:fb:
48:e6:dd:cf:00:44:2d:4f:4b:f8:e1:3d:d9:a5:5a:
64:c8:ff:3b:8c:36:b6:31:35:c8:a3:57:d0:a8:f2:
a5:68:61:a9:02:45:eb:7c:10:59:bf:41:ef:be:7f:
50:4f:24:e5:7a:31:5e:e0:ee:28:fc:d9:d7:77:ef:
bd:1c:24:dc:1b:59:a2:44:4b:00:de:10:ed:e6:bd:
f3:47:f2:8c:2a:20:5f:95:7c:cd:01:e5:8e:cb:f9:
fe:94:05:db:35:b8:ff:31:2b:22:53:35:1f:34:96:
d5:bc:97:e7:59:04:fa:0d:b7:79:34:74:ef:a5:ee:
db:df:63:20:6b:a4:14:a9:9c:4b:7a:63:d9:4a:cd:
af:b9:d0:6c:8c:ee:9b:a4:10:1e:f0:0d:5a:6d:37:
24:4a:83:28:50:6c:4b:c0:09:9d:57:e9:e8:bb:ac:
2c:7a:81:03:7f:02:b8:58:87:0d:fe:aa:72:75:3b:
16:d0:93:2a:80:48:d2:40:e9:bf:01:b6:e0:c7:db:
7f:7f:fd:b8:bf:c7:13:f6:21:3e:3c:53:dd:73:cb:
e6:13:51:5a:c2:c7:52:5c:c0:28:df:e4:9e:78:32:
cc:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:DF:4A:85:3F:03:F5:DC:EB:99:C9:57:CD:A3:36:2E:C4:DC:76:F9
X509v3 Authority Key Identifier:
keyid:87:F4:1A:E0:77:9E:37:DE:FC:69:B2:A5:B0:F7:AB:8F:D4:0C:D3:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/Jd9KhT8D9dzrmclXzaM2LsTcdvk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.190.0.0/19
185.151.76.0/22
IPv6:
2a03:7c00::/29
Signature Algorithm: sha256WithRSAEncryption
aa:d2:d4:75:87:ae:94:db:6a:98:1d:c8:b2:e0:81:26:ec:eb:
1a:d5:31:13:22:b3:39:3c:25:f3:95:be:4d:79:44:b1:35:b7:
40:1f:41:24:0b:e2:fe:d3:6e:44:e9:3a:59:3c:b7:d8:94:77:
5a:3b:01:50:ce:55:55:f2:0a:2e:31:0d:88:b6:a2:cd:2b:d4:
29:99:db:43:0c:ac:f2:9e:d5:61:38:e8:f5:d8:c1:0a:6a:d3:
ad:ac:79:9a:5d:a8:2c:b8:b3:bd:98:88:d8:b5:03:3d:32:1f:
1f:52:1e:01:fd:cd:87:a2:15:31:f2:bc:98:bd:79:c8:47:54:
c5:e5:de:44:2b:8d:9d:92:56:f1:8f:f0:ae:4e:bb:e6:53:40:
d1:68:45:c4:14:b7:5a:f7:c9:27:57:ea:aa:66:fa:86:ed:43:
35:3d:ef:cd:85:31:67:5e:45:21:83:9f:26:1d:a5:f4:78:60:
d3:db:7b:a5:f2:af:58:4d:0e:e5:3c:5a:b5:7b:af:c4:04:61:
e4:88:a9:29:ce:48:4b:38:ba:9f:cc:88:c3:15:c3:53:a0:12:
25:70:55:18:42:0d:5e:29:3a:63:fe:ea:68:50:02:37:15:63:
1f:55:64:2d:ac:a5:43:71:2b:93:26:f1:47:90:5c:22:2c:38:
dd:2a:b5:2b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZnxBbf+9Ah9I9TPDQzZheHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZjQxYWUwNzc5ZTM3ZGVmYzY5YjJhNWIwZjdhYjhmZDQw
Y2QzZTcwHhcNMjUxMDE3MDcxNTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWRmNGE4NTNmMDNmNWRjZWI5OWM5NTdjZGEzMzYyZWM0ZGM3NmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrOLFGgFCzyoUoKnwhPtefAIsubO
ZHUYo/mXaftI5t3PAEQtT0v44T3ZpVpkyP87jDa2MTXIo1fQqPKlaGGpAkXrfBBZ
v0Hvvn9QTyTlejFe4O4o/NnXd++9HCTcG1miREsA3hDt5r3zR/KMKiBflXzNAeWO
y/n+lAXbNbj/MSsiUzUfNJbVvJfnWQT6Dbd5NHTvpe7b32Mga6QUqZxLemPZSs2v
udBsjO6bpBAe8A1abTckSoMoUGxLwAmdV+nou6wseoEDfwK4WIcN/qpydTsW0JMq
gEjSQOm/Abbgx9t/f/24v8cT9iE+PFPdc8vmE1FawsdSXMAo3+SeeDLMKQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCXfSoU/A/Xc65nJV82jNi7E3Hb5MB8GA1UdIwQY
MBaAFIf0GuB3njfe/GmypbD3q4/UDNPnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaF9RYTRIZWVOOTc4YWJLbHNQZXJqOVFNMC1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xODVjYjUtNDc1Mi00M2I4LThlNDYt
YzQzYWIyYTEyZDU1LzEvSmQ5S2hUOEQ5ZHpybWNsWHphTTJMc1RjZHZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xODVjYjUtNDc1Mi00M2I4LThlNDYtYzQzYWIyYTEyZDU1
LzEvaF9RYTRIZWVOOTc4YWJLbHNQZXJqOVFNMC1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFWb4AAwQC
uZdMMA0EAgACMAcDBQMqA3wAMA0GCSqGSIb3DQEBCwUAA4IBAQCq0tR1h66U22qY
Hciy4IEm7Osa1TETIrM5PCXzlb5NeUSxNbdAH0EkC+L+025E6TpZPLfYlHdaOwFQ
zlVV8gouMQ2ItqLNK9QpmdtDDKzyntVhOOj12MEKatOtrHmaXagsuLO9mIjYtQM9
Mh8fUh4B/c2HohUx8ryYvXnIR1TF5d5EK42dklbxj/CuTrvmU0DRaEXEFLda98kn
V+qqZvqG7UM1Pe/NhTFnXkUhg58mHaX0eGDT23ul8q9YTQ7lPFq1e6/EBGHkiKkp
zkhLOLqfzIjDFcNToBIlcFUYQg1eKTpj/upoUAI3FWMfVWQtrKVDcSuTJvFHkFwi
LDjdKrUr
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:46:39 2025 by rpki-client