Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/b27bd0-3d39-4d78-aa2c-1f3ccfa61aac/1/JZepDg8cmhIm-UJF3a4q9oRFbaM.roa
File: JZepDg8cmhIm-UJF3a4q9oRFbaM.roa (raw, json)
Hash identifier: wTv/4wR5ugYke9BGCLmcTg7vZIIrGydt69pX/2ie8SQ=
Subject key identifier: 25:97:A9:0E:0F:1C:9A:12:26:F9:42:45:DD:AE:2A:F6:84:45:6D:A3
Certificate issuer: /CN=8a4000101ad393cadf7fc8fd63daad3c6dae124f
Certificate serial: 0199BCFE89EEFA9E8B3E8FC114023EFECD5C
Authority key identifier: 8A:40:00:10:1A:D3:93:CA:DF:7F:C8:FD:63:DA:AD:3C:6D:AE:12:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ikAAEBrTk8rff8j9Y9qtPG2uEk8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/b27bd0-3d39-4d78-aa2c-1f3ccfa61aac/1/JZepDg8cmhIm-UJF3a4q9oRFbaM.roa
Signing time: Tue 07 Oct 2025 04:47:02 +0000
ROA not before: Tue 07 Oct 2025 04:47:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41549
IP address blocks: 88.84.0.0/19 maxlen: 19
89.186.208.0/21 maxlen: 21
146.185.0.0/21 maxlen: 21
157.173.80.0/20 maxlen: 20
178.21.224.0/21 maxlen: 21
185.37.72.0/22 maxlen: 22
194.11.218.0/23 maxlen: 23
195.20.64.0/19 maxlen: 19
213.159.144.0/20 maxlen: 20
217.67.128.0/20 maxlen: 20
2a01:aec0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6c/b27bd0-3d39-4d78-aa2c-1f3ccfa61aac/1/ikAAEBrTk8rff8j9Y9qtPG2uEk8.crl
rsync://rpki.ripe.net/repository/DEFAULT/6c/b27bd0-3d39-4d78-aa2c-1f3ccfa61aac/1/ikAAEBrTk8rff8j9Y9qtPG2uEk8.mft
rsync://rpki.ripe.net/repository/DEFAULT/ikAAEBrTk8rff8j9Y9qtPG2uEk8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:bc:fe:89:ee:fa:9e:8b:3e:8f:c1:14:02:3e:fe:cd:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8a4000101ad393cadf7fc8fd63daad3c6dae124f
Validity
Not Before: Oct 7 04:47:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2597a90e0f1c9a1226f94245ddae2af684456da3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:e9:69:0e:1d:ee:66:c7:ca:6b:b2:65:57:10:
7f:a0:c3:aa:ca:b4:f0:b1:54:5f:e6:62:59:c6:21:
2b:68:b1:69:62:22:8b:81:79:c0:14:a8:ef:e0:25:
ff:8b:ba:48:d0:3a:63:2f:d3:32:3f:68:d9:75:a1:
22:f9:2d:84:cc:9f:4c:34:bb:10:8c:cf:8b:1c:2b:
fe:25:be:97:6b:bb:f5:60:b2:e8:5a:3b:44:2a:c8:
d0:59:4d:25:b0:c1:e6:f8:c4:74:29:78:67:e1:e9:
7d:ef:8e:9b:1c:81:be:9d:fd:06:22:7b:92:73:b6:
c1:b1:af:06:7b:fc:38:67:72:e3:aa:42:11:7a:c2:
85:73:20:fe:3e:ba:56:00:61:62:c4:98:78:ac:b2:
e2:4c:3c:22:f6:fc:a3:84:c7:bf:4b:79:f1:cb:5e:
d6:03:cd:fc:77:fe:89:71:ba:3b:da:90:74:bd:2e:
0a:60:70:a7:1a:46:96:b1:0a:86:b5:58:16:85:9a:
25:14:6c:de:b0:2f:bc:70:be:62:a4:70:f8:0c:47:
63:1d:7e:17:d4:9e:8e:3f:39:a2:1f:c3:6c:2f:9b:
20:9b:5f:87:d0:ec:5a:9a:a3:0a:40:bf:18:1c:1a:
63:c8:75:e5:03:c1:d9:b9:2f:05:3e:a9:60:e6:57:
18:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:97:A9:0E:0F:1C:9A:12:26:F9:42:45:DD:AE:2A:F6:84:45:6D:A3
X509v3 Authority Key Identifier:
keyid:8A:40:00:10:1A:D3:93:CA:DF:7F:C8:FD:63:DA:AD:3C:6D:AE:12:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ikAAEBrTk8rff8j9Y9qtPG2uEk8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/b27bd0-3d39-4d78-aa2c-1f3ccfa61aac/1/JZepDg8cmhIm-UJF3a4q9oRFbaM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/b27bd0-3d39-4d78-aa2c-1f3ccfa61aac/1/ikAAEBrTk8rff8j9Y9qtPG2uEk8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.84.0.0/19
89.186.208.0/21
146.185.0.0/21
157.173.80.0/20
178.21.224.0/21
185.37.72.0/22
194.11.218.0/23
195.20.64.0/19
213.159.144.0/20
217.67.128.0/20
IPv6:
2a01:aec0::/32
Signature Algorithm: sha256WithRSAEncryption
26:3d:a5:d4:41:68:86:ac:0b:e1:5e:ac:ab:b3:24:8b:4a:d0:
ed:45:7c:4c:a3:4d:6d:2e:85:59:0d:7a:58:a9:ed:5a:0c:87:
ae:23:ef:96:00:5e:46:ce:bd:f8:88:e1:38:6e:0d:fc:87:cc:
de:bd:e1:5f:97:13:c2:5b:5f:03:1c:f9:3a:2d:7b:b2:b7:ac:
05:ef:c8:40:98:3c:d7:e0:6e:dd:56:21:fb:da:63:c6:b0:7a:
80:9d:9d:ae:2c:35:39:c9:f4:b6:8c:cf:b7:84:7e:22:3f:a0:
e9:36:10:7c:46:98:0d:6c:fd:8d:6c:de:79:53:07:fb:48:b5:
9a:96:27:61:d0:79:ce:84:77:5f:39:0a:6a:8c:1d:10:6c:aa:
46:65:03:09:d4:bd:22:2a:bd:88:ea:0a:72:e9:4b:6c:71:e8:
51:ca:b1:60:bd:70:e7:2e:85:0e:d4:3a:87:b4:34:77:7f:b9:
50:3b:58:9c:41:72:5d:58:fe:a9:c5:66:fd:57:3d:cd:f4:c2:
b1:bc:d0:ca:b5:d2:85:f0:7d:c9:5e:f2:c2:8c:5f:77:f4:c0:
1b:fd:05:57:2d:92:bc:23:00:88:ec:77:3c:3e:e9:64:a2:ab:
b3:5b:49:aa:15:3c:28:f8:d8:12:59:d1:70:53:af:9c:c3:4f:
d9:bc:d1:e1
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZm8/onu+p6LPo/BFAI+/s1cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNDAwMDEwMWFkMzkzY2FkZjdmYzhmZDYzZGFhZDNjNmRh
ZTEyNGYwHhcNMjUxMDA3MDQ0NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTk3YTkwZTBmMWM5YTEyMjZmOTQyNDVkZGFlMmFmNjg0NDU2ZGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+lpDh3uZsfKa7JlVxB/oMOqyrTw
sVRf5mJZxiEraLFpYiKLgXnAFKjv4CX/i7pI0DpjL9MyP2jZdaEi+S2EzJ9MNLsQ
jM+LHCv+Jb6Xa7v1YLLoWjtEKsjQWU0lsMHm+MR0KXhn4el9746bHIG+nf0GInuS
c7bBsa8Ge/w4Z3LjqkIResKFcyD+PrpWAGFixJh4rLLiTDwi9vyjhMe/S3nxy17W
A838d/6Jcbo72pB0vS4KYHCnGkaWsQqGtVgWhZolFGzesC+8cL5ipHD4DEdjHX4X
1J6OPzmiH8NsL5sgm1+H0OxamqMKQL8YHBpjyHXlA8HZuS8FPqlg5lcYRwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFCWXqQ4PHJoSJvlCRd2uKvaERW2jMB8GA1UdIwQY
MBaAFIpAABAa05PK33/I/WParTxtrhJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWtBQUVCclRrOHJmZjhqOVk5cXRQRzJ1RWs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9iMjdiZDAtM2QzOS00ZDc4LWFhMmMt
MWYzY2NmYTYxYWFjLzEvSlplcERnOGNtaEltLVVKRjNhNHE5b1JGYmFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9iMjdiZDAtM2QzOS00ZDc4LWFhMmMtMWYzY2NmYTYxYWFj
LzEvaWtBQUVCclRrOHJmZjhqOVk5cXRQRzJ1RWs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQFWFQAAwQD
WbrQAwQDkrkAAwQEna1QAwQDshXgAwQCuSVIAwQBwgvaAwQFwxRAAwQE1Z+QAwQE
2UOAMA0EAgACMAcDBQAqAa7AMA0GCSqGSIb3DQEBCwUAA4IBAQAmPaXUQWiGrAvh
XqyrsySLStDtRXxMo01tLoVZDXpYqe1aDIeuI++WAF5Gzr34iOE4bg38h8zeveFf
lxPCW18DHPk6LXuyt6wF78hAmDzX4G7dViH72mPGsHqAnZ2uLDU5yfS2jM+3hH4i
P6DpNhB8RpgNbP2NbN55Uwf7SLWalidh0HnOhHdfOQpqjB0QbKpGZQMJ1L0iKr2I
6gpy6UtscehRyrFgvXDnLoUO1DqHtDR3f7lQO1icQXJdWP6pxWb9Vz3N9MKxvNDK
tdKF8H3JXvLCjF939MAb/QVXLZK8IwCI7Hc8PulkoquzW0mqFTwo+NgSWdFwU6+c
w0/ZvNHh
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:42:39 2025 by rpki-client