Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/iYrh6kgklmXt3OMm1j72TOtV99Q.roa
File: iYrh6kgklmXt3OMm1j72TOtV99Q.roa (raw, json)
Hash identifier: G93OEfB6NAVCu9uU8ghRcqmmsrUeCTXAMsgU4oLPza4=
Subject key identifier: 89:8A:E1:EA:48:24:96:65:ED:DC:E3:26:D6:3E:F6:4C:EB:55:F7:D4
Certificate issuer: /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial: 0199ED29BAB26E6590D941DC32E00C5C260D
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/iYrh6kgklmXt3OMm1j72TOtV99Q.roa
Signing time: Thu 16 Oct 2025 13:15:58 +0000
ROA not before: Thu 16 Oct 2025 13:15:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213301
IP address blocks: 80.71.145.0/24 maxlen: 24
185.78.84.0/24 maxlen: 24
185.78.85.0/24 maxlen: 24
185.174.68.0/24 maxlen: 24
185.174.70.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 13:01:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ed:29:ba:b2:6e:65:90:d9:41:dc:32:e0:0c:5c:26:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Validity
Not Before: Oct 16 13:15:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=898ae1ea48249665eddce326d63ef64ceb55f7d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:0a:9e:08:8e:bd:46:d3:58:1b:4f:8e:b2:7c:
74:e0:e8:dc:7d:89:cc:72:41:bf:a2:58:f2:0c:41:
2b:7f:fe:5f:15:73:39:47:cb:8b:d0:bb:b5:c9:6e:
3c:3b:07:7b:15:28:6a:3a:9e:b1:78:df:14:af:5e:
0f:24:27:64:e6:f0:f2:19:e5:6a:d8:1b:95:fb:6d:
04:74:f1:c1:6e:15:2f:c0:95:98:8b:59:6b:d0:45:
df:d3:f7:f1:b7:1b:34:f0:7d:6f:b9:3b:78:a2:4d:
7a:0a:f7:80:0d:61:8d:ef:a8:d0:2a:8c:8c:69:f4:
3c:23:7d:cc:a9:92:50:93:69:7f:70:b1:12:67:24:
b2:77:6a:f6:54:7d:44:62:24:42:76:39:4b:cd:2f:
46:dc:0b:55:ff:f1:e0:0f:5b:96:99:66:e3:d7:78:
aa:3b:63:8a:88:03:4d:1b:bc:ab:2c:94:c7:84:67:
88:9b:d4:6b:31:55:37:1d:3f:c6:df:29:89:5d:70:
9c:1a:5b:16:64:ad:10:c3:1a:aa:74:5e:66:f9:74:
94:49:63:f2:07:19:55:56:92:7e:53:f3:18:1b:f6:
d5:27:9c:94:fd:f5:90:9a:e0:30:25:7d:78:d7:70:
36:97:44:26:bf:bd:d0:66:a1:f2:6a:c7:34:e4:ab:
02:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:8A:E1:EA:48:24:96:65:ED:DC:E3:26:D6:3E:F6:4C:EB:55:F7:D4
X509v3 Authority Key Identifier:
keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/iYrh6kgklmXt3OMm1j72TOtV99Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.71.145.0/24
185.78.84.0/23
185.174.68.0/24
185.174.70.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:05:ba:74:78:f1:9c:65:04:c8:88:55:0c:ac:dd:56:c8:7b:
b6:ee:e8:1c:e5:e1:fa:63:6f:df:9a:8b:3c:4c:4b:0a:8c:d6:
70:9e:1f:8c:bf:7f:3e:bc:85:c4:3a:ff:ae:37:c5:86:ed:b5:
19:8d:7f:ff:3b:43:c2:7e:34:d0:e9:af:93:c9:59:8f:e0:3d:
d2:58:ee:2e:5c:68:52:98:96:65:12:6b:80:0a:84:87:48:09:
9b:e2:dc:e0:91:6c:35:18:f1:07:f2:89:f7:09:b9:74:f9:c8:
dd:70:77:cc:53:45:f2:8d:d8:54:df:87:92:be:71:9e:8f:2b:
bc:b3:b7:a7:f1:25:79:f7:33:18:cb:28:82:45:09:a3:9d:9f:
ca:2c:b9:76:7a:f4:86:38:1b:08:1d:ec:ce:22:ae:fb:a2:72:
3e:6b:53:ae:30:b8:f4:48:8b:74:f4:cd:4b:72:c7:1c:66:55:
3f:8b:4f:70:3a:1a:eb:a1:1f:21:e1:25:7e:22:e0:04:b5:8d:
11:df:22:ca:e9:30:70:3e:9c:47:a4:f9:44:a2:00:e1:36:3b:
30:2e:7d:df:98:11:9e:4a:63:ef:6a:2a:aa:b4:bb:38:14:82:
7f:aa:a6:fc:45:b9:61:29:36:d1:6a:fe:2f:09:db:08:f1:c0:
5e:7d:12:d9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZntKbqybmWQ2UHcMuAMXCYNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjUxMDE2MTMxNTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OThhZTFlYTQ4MjQ5NjY1ZWRkY2UzMjZkNjNlZjY0Y2ViNTVmN2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAqeCI69RtNYG0+Osnx04OjcfYnM
ckG/oljyDEErf/5fFXM5R8uL0Lu1yW48Owd7FShqOp6xeN8Ur14PJCdk5vDyGeVq
2BuV+20EdPHBbhUvwJWYi1lr0EXf0/fxtxs08H1vuTt4ok16CveADWGN76jQKoyM
afQ8I33MqZJQk2l/cLESZySyd2r2VH1EYiRCdjlLzS9G3AtV//HgD1uWmWbj13iq
O2OKiANNG7yrLJTHhGeIm9RrMVU3HT/G3ymJXXCcGlsWZK0QwxqqdF5m+XSUSWPy
BxlVVpJ+U/MYG/bVJ5yU/fWQmuAwJX1413A2l0Qmv73QZqHyasc05KsCswIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFImK4epIJJZl7dzjJtY+9kzrVffUMB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvaVlyaDZrZ2tsbVh0M09NbTFqNzJUT3RWOTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUEeRAwQB
uU5UAwQAua5EAwQAua5GMA0GCSqGSIb3DQEBCwUAA4IBAQBOBbp0ePGcZQTIiFUM
rN1WyHu27ugc5eH6Y2/fmos8TEsKjNZwnh+Mv38+vIXEOv+uN8WG7bUZjX//O0PC
fjTQ6a+TyVmP4D3SWO4uXGhSmJZlEmuACoSHSAmb4tzgkWw1GPEH8on3Cbl0+cjd
cHfMU0XyjdhU34eSvnGejyu8s7en8SV59zMYyyiCRQmjnZ/KLLl2evSGOBsIHezO
Iq77onI+a1OuMLj0SIt09M1LcsccZlU/i09wOhrroR8h4SV+IuAEtY0R3yLK6TBw
PpxHpPlEogDhNjswLn3fmBGeSmPvaiqqtLs4FIJ/qqb8RblhKTbRav4vCdsI8cBe
fRLZ
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:57:31 2025 by rpki-client