Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e98a79-249a-4048-9581-f30709d9c379/1/zIaCxLUjq21dOPZ6oricOQf9_f8.roa
File: zIaCxLUjq21dOPZ6oricOQf9_f8.roa (raw, json)
Hash identifier: lDpgOF97BKIlMEFYdLb+3oy7Ebe7Mk1d7MHbR+tgmKk=
Subject key identifier: CC:86:82:C4:B5:23:AB:6D:5D:38:F6:7A:A2:B8:9C:39:07:FD:FD:FF
Certificate issuer: /CN=7e02e20abd2203b057686b1cad6cc1253444b8b2
Certificate serial: 0199A5CB85DE1629CF691BF32603B645BD9A
Authority key identifier: 7E:02:E2:0A:BD:22:03:B0:57:68:6B:1C:AD:6C:C1:25:34:44:B8:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fgLiCr0iA7BXaGscrWzBJTREuLI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/79/e98a79-249a-4048-9581-f30709d9c379/1/zIaCxLUjq21dOPZ6oricOQf9_f8.roa
Signing time: Thu 02 Oct 2025 16:40:02 +0000
ROA not before: Thu 02 Oct 2025 16:40:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9123
IP address blocks: 85.239.33.0/24 maxlen: 24
85.239.34.0/24 maxlen: 24
85.239.35.0/24 maxlen: 24
85.239.36.0/22 maxlen: 24
85.239.40.0/22 maxlen: 24
85.239.44.0/22 maxlen: 24
85.239.48.0/22 maxlen: 24
85.239.52.0/22 maxlen: 24
85.239.56.0/22 maxlen: 24
85.239.60.0/22 maxlen: 24
185.152.92.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/79/e98a79-249a-4048-9581-f30709d9c379/1/fgLiCr0iA7BXaGscrWzBJTREuLI.crl
rsync://rpki.ripe.net/repository/DEFAULT/79/e98a79-249a-4048-9581-f30709d9c379/1/fgLiCr0iA7BXaGscrWzBJTREuLI.mft
rsync://rpki.ripe.net/repository/DEFAULT/fgLiCr0iA7BXaGscrWzBJTREuLI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:a5:cb:85:de:16:29:cf:69:1b:f3:26:03:b6:45:bd:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e02e20abd2203b057686b1cad6cc1253444b8b2
Validity
Not Before: Oct 2 16:40:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cc8682c4b523ab6d5d38f67aa2b89c3907fdfdff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:9f:53:cf:ba:b1:39:b7:ef:c2:80:7a:eb:d4:
6c:87:00:2a:0f:f6:b8:d1:b1:42:56:09:71:68:f7:
8c:bb:a6:7d:13:22:af:8c:61:3a:ea:2d:59:a1:af:
7b:ad:08:01:6a:3a:e9:7b:2e:46:d8:1c:ec:21:c0:
a2:e0:34:76:22:98:51:e2:42:29:5e:41:5c:73:36:
6a:c2:29:c9:06:1d:67:1b:66:4c:13:52:a6:b9:a7:
41:e1:33:c3:dd:1f:7f:f4:04:77:21:35:d8:7d:ab:
78:0a:90:3a:15:6a:87:c1:81:5c:63:78:ad:c8:7a:
fb:2f:26:54:78:a5:c9:b1:1a:d8:ee:a7:f8:54:a4:
df:1b:cd:34:e6:2b:c2:59:d1:47:f9:85:97:ab:dc:
7d:c9:c6:14:e0:7b:83:f9:39:f9:55:3d:86:a0:17:
52:bf:5b:72:c0:49:d4:ec:0f:ff:95:a3:f8:16:26:
97:d1:31:43:a1:fc:cb:46:b8:5f:fc:25:7f:4b:36:
e2:bd:ae:4a:1d:24:b4:b8:ee:a8:5a:83:5e:54:de:
3c:ba:c0:5b:39:46:a2:d8:18:1a:7f:93:0b:34:2c:
72:ed:42:5b:77:d3:ca:86:00:58:88:31:5c:f6:5e:
90:c2:14:6e:4a:41:f5:df:75:a0:de:c6:33:3e:7b:
85:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:86:82:C4:B5:23:AB:6D:5D:38:F6:7A:A2:B8:9C:39:07:FD:FD:FF
X509v3 Authority Key Identifier:
keyid:7E:02:E2:0A:BD:22:03:B0:57:68:6B:1C:AD:6C:C1:25:34:44:B8:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fgLiCr0iA7BXaGscrWzBJTREuLI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e98a79-249a-4048-9581-f30709d9c379/1/zIaCxLUjq21dOPZ6oricOQf9_f8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e98a79-249a-4048-9581-f30709d9c379/1/fgLiCr0iA7BXaGscrWzBJTREuLI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.33.0-85.239.63.255
185.152.92.0/22
Signature Algorithm: sha256WithRSAEncryption
92:8b:8a:ca:10:3f:1d:1a:6c:d7:c7:e2:75:28:53:3c:3d:c7:
df:1a:8d:af:49:be:09:02:1a:e1:15:e1:c4:50:52:cb:ee:72:
0e:c1:29:41:59:69:f2:eb:53:4b:31:d0:d8:4e:46:d1:47:53:
89:00:f2:64:94:9a:fa:63:ad:0f:0b:19:8c:2f:be:6d:39:60:
d4:a6:17:cc:d5:f2:80:26:29:bd:ae:ce:85:18:9d:0f:d0:2c:
3c:d5:b7:30:26:c1:c4:8c:41:27:7c:49:1d:a5:58:f5:46:97:
50:dd:44:b2:e2:08:71:e9:60:7e:9b:87:a5:a7:07:c9:f7:c7:
de:2b:fa:49:96:80:6f:5a:ae:12:64:a8:5d:af:a5:e2:62:a1:
83:81:56:3b:69:82:cb:ad:61:47:a5:17:a8:4d:29:d5:c0:d2:
8d:ef:fb:99:e8:04:45:1f:ac:75:8d:37:7f:00:68:49:4c:8f:
e8:cd:f9:09:02:30:80:40:87:bf:35:25:0c:23:c9:1c:56:59:
77:fb:ba:5f:89:22:e2:80:d7:b0:b1:76:c7:5c:1c:db:cf:9f:
d8:68:9b:44:bd:b0:a0:aa:43:9b:28:26:0a:c6:23:48:97:28:
80:61:e6:0c:59:a4:7c:61:b1:1e:27:5a:c0:4f:1d:03:c2:d5:
8b:1f:7e:62
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZmly4XeFinPaRvzJgO2Rb2aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMDJlMjBhYmQyMjAzYjA1NzY4NmIxY2FkNmNjMTI1MzQ0
NGI4YjIwHhcNMjUxMDAyMTY0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzg2ODJjNGI1MjNhYjZkNWQzOGY2N2FhMmI4OWMzOTA3ZmRmZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAup9Tz7qxObfvwoB669RshwAqD/a4
0bFCVglxaPeMu6Z9EyKvjGE66i1Zoa97rQgBajrpey5G2BzsIcCi4DR2IphR4kIp
XkFcczZqwinJBh1nG2ZME1KmuadB4TPD3R9/9AR3ITXYfat4CpA6FWqHwYFcY3it
yHr7LyZUeKXJsRrY7qf4VKTfG8005ivCWdFH+YWXq9x9ycYU4HuD+Tn5VT2GoBdS
v1tywEnU7A//laP4FiaX0TFDofzLRrhf/CV/Szbiva5KHSS0uO6oWoNeVN48usBb
OUai2Bgaf5MLNCxy7UJbd9PKhgBYiDFc9l6QwhRuSkH133Wg3sYzPnuFGwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMyGgsS1I6ttXTj2eqK4nDkH/f3/MB8GA1UdIwQY
MBaAFH4C4gq9IgOwV2hrHK1swSU0RLiyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmdMaUNyMGlBN0JYYUdzY3JXekJKVFJFdUxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lOThhNzktMjQ5YS00MDQ4LTk1ODEt
ZjMwNzA5ZDljMzc5LzEveklhQ3hMVWpxMjFkT1BaNm9yaWNPUWY5X2Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lOThhNzktMjQ5YS00MDQ4LTk1ODEtZjMwNzA5ZDljMzc5
LzEvZmdMaUNyMGlBN0JYYUdzY3JXekJKVFJFdUxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABV7yED
BAZV7wADBAK5mFwwDQYJKoZIhvcNAQELBQADggEBAJKLisoQPx0abNfH4nUoUzw9
x98aja9JvgkCGuEV4cRQUsvucg7BKUFZafLrU0sx0NhORtFHU4kA8mSUmvpjrQ8L
GYwvvm05YNSmF8zV8oAmKb2uzoUYnQ/QLDzVtzAmwcSMQSd8SR2lWPVGl1DdRLLi
CHHpYH6bh6WnB8n3x94r+kmWgG9arhJkqF2vpeJioYOBVjtpgsutYUelF6hNKdXA
0o3v+5noBEUfrHWNN38AaElMj+jN+QkCMIBAh781JQwjyRxWWXf7ul+JIuKA17Cx
dsdcHNvPn9hom0S9sKCqQ5soJgrGI0iXKIBh5gxZpHxhsR4nWsBPHQPC1YsffmI=
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:12 2025 by rpki-client