Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/4dd06d-e7a6-4491-9e13-a288b41a50f6/1/BvIKnOZDDnJ3fYjwKb9MPS2VREA.roa
File: BvIKnOZDDnJ3fYjwKb9MPS2VREA.roa (raw, json)
Hash identifier: 6YHj3YUhTYKgioEXOjY6pW/I1gB2DwKxLtlbSUJymPw=
Subject key identifier: 06:F2:0A:9C:E6:43:0E:72:77:7D:88:F0:29:BF:4C:3D:2D:95:44:40
Certificate issuer: /CN=0011fe2b2f67547ad712d6fc36ac67dd692f0e1e
Certificate serial: 0198A8B7568EE91DC71BFE299E709D8D1639
Authority key identifier: 00:11:FE:2B:2F:67:54:7A:D7:12:D6:FC:36:AC:67:DD:69:2F:0E:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ABH-Ky9nVHrXEtb8Nqxn3WkvDh4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/4dd06d-e7a6-4491-9e13-a288b41a50f6/1/BvIKnOZDDnJ3fYjwKb9MPS2VREA.roa
Signing time: Thu 14 Aug 2025 13:14:04 +0000
ROA not before: Thu 14 Aug 2025 13:14:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39659
IP address blocks: 185.229.36.0/22 maxlen: 22
185.229.36.0/23 maxlen: 23
185.229.36.0/24 maxlen: 24
185.229.37.0/24 maxlen: 24
185.229.38.0/23 maxlen: 23
185.229.38.0/24 maxlen: 24
185.229.39.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/81/4dd06d-e7a6-4491-9e13-a288b41a50f6/1/ABH-Ky9nVHrXEtb8Nqxn3WkvDh4.crl
rsync://rpki.ripe.net/repository/DEFAULT/81/4dd06d-e7a6-4491-9e13-a288b41a50f6/1/ABH-Ky9nVHrXEtb8Nqxn3WkvDh4.mft
rsync://rpki.ripe.net/repository/DEFAULT/ABH-Ky9nVHrXEtb8Nqxn3WkvDh4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a8:b7:56:8e:e9:1d:c7:1b:fe:29:9e:70:9d:8d:16:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0011fe2b2f67547ad712d6fc36ac67dd692f0e1e
Validity
Not Before: Aug 14 13:14:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=06f20a9ce6430e72777d88f029bf4c3d2d954440
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:84:cf:33:5e:ae:47:f7:ec:1e:0f:1d:05:9d:
5a:a8:18:95:87:c4:54:f5:ac:1d:59:b0:67:a5:ad:
31:bf:e1:35:fb:80:da:9b:f6:f9:5f:5d:86:33:bb:
b7:33:8d:c3:e5:e2:b3:f9:63:72:92:b7:ae:3d:a2:
c7:bd:0a:32:ca:f0:b5:50:17:d1:91:ca:fc:6e:c2:
90:35:92:5f:ee:e7:7d:0e:ee:21:2f:cb:a8:d4:85:
c5:e4:e3:8a:fb:f3:3c:4a:2e:a2:42:38:4b:34:98:
fc:7c:17:ce:0c:d3:ae:d1:04:96:8f:aa:7e:95:83:
c9:26:6f:1a:04:11:6e:7f:f7:85:5a:72:3f:57:2d:
b4:8b:e0:55:32:0e:b0:87:ab:bf:17:5d:9e:1d:a5:
98:24:ac:27:ec:ab:62:40:db:81:0b:90:44:45:ef:
3f:f0:d2:1b:da:2e:e2:a1:84:12:bc:d6:f1:10:82:
b6:3d:17:5f:9d:ee:ce:45:81:63:d4:0e:fb:4e:f7:
be:8b:45:a8:c0:70:3e:4e:71:66:e4:7c:51:99:36:
f8:95:2f:92:36:f4:10:90:d8:ea:9b:e9:8a:97:8a:
06:5f:54:02:08:8a:ff:26:10:43:30:fc:b9:0c:d0:
4f:97:74:ce:7c:90:93:72:5e:83:61:70:cf:5e:1e:
06:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:F2:0A:9C:E6:43:0E:72:77:7D:88:F0:29:BF:4C:3D:2D:95:44:40
X509v3 Authority Key Identifier:
keyid:00:11:FE:2B:2F:67:54:7A:D7:12:D6:FC:36:AC:67:DD:69:2F:0E:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ABH-Ky9nVHrXEtb8Nqxn3WkvDh4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4dd06d-e7a6-4491-9e13-a288b41a50f6/1/BvIKnOZDDnJ3fYjwKb9MPS2VREA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4dd06d-e7a6-4491-9e13-a288b41a50f6/1/ABH-Ky9nVHrXEtb8Nqxn3WkvDh4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.229.36.0/22
Signature Algorithm: sha256WithRSAEncryption
2e:67:56:95:dd:9d:f6:1a:bd:17:c8:85:f9:64:1b:e3:e2:48:
62:9d:cc:bb:fb:33:61:5a:19:74:67:61:01:93:55:91:32:46:
30:37:91:9d:1d:13:a5:0a:96:64:09:86:fb:01:23:04:97:24:
cc:3d:0f:98:b5:8a:7c:f4:e4:a9:c7:31:3a:b8:66:77:b4:2b:
d5:7e:e7:0b:f8:9f:76:fe:97:d4:18:46:10:1a:8b:69:a1:23:
04:0f:88:c3:f9:cc:38:fe:c6:98:ce:ae:a0:72:8a:fe:cc:2f:
db:98:69:a3:88:cf:cb:db:97:49:e9:17:22:16:c3:75:47:8e:
99:95:45:8e:95:79:e2:f4:16:23:96:41:68:ad:00:10:26:14:
75:58:4e:eb:7d:6f:92:0a:52:2b:d6:73:5f:89:f6:bd:a1:e3:
d0:87:32:ca:01:38:1c:c8:39:02:32:b0:65:da:1b:c6:96:3d:
b6:77:14:b0:16:d9:db:ed:fb:68:6b:f6:2e:78:cd:20:30:57:
e8:7e:a8:93:cf:85:a3:10:11:e5:1a:24:39:47:b3:d8:69:1a:
db:38:8e:43:2e:7b:07:d0:fd:14:a5:7b:d6:63:d0:d2:98:79:
e1:bd:06:99:65:df:69:55:48:88:87:19:a9:49:9c:c6:5a:d9:
cf:f9:0b:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiot1aO6R3HG/4pnnCdjRY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMTFmZTJiMmY2NzU0N2FkNzEyZDZmYzM2YWM2N2RkNjky
ZjBlMWUwHhcNMjUwODE0MTMxNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmYyMGE5Y2U2NDMwZTcyNzc3ZDg4ZjAyOWJmNGMzZDJkOTU0NDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YTPM16uR/fsHg8dBZ1aqBiVh8RU
9awdWbBnpa0xv+E1+4Dam/b5X12GM7u3M43D5eKz+WNykreuPaLHvQoyyvC1UBfR
kcr8bsKQNZJf7ud9Du4hL8uo1IXF5OOK+/M8Si6iQjhLNJj8fBfODNOu0QSWj6p+
lYPJJm8aBBFuf/eFWnI/Vy20i+BVMg6wh6u/F12eHaWYJKwn7KtiQNuBC5BERe8/
8NIb2i7ioYQSvNbxEIK2PRdfne7ORYFj1A77Tve+i0WowHA+TnFm5HxRmTb4lS+S
NvQQkNjqm+mKl4oGX1QCCIr/JhBDMPy5DNBPl3TOfJCTcl6DYXDPXh4GjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbyCpzmQw5yd32I8Cm/TD0tlURAMB8GA1UdIwQY
MBaAFAAR/isvZ1R61xLW/DasZ91pLw4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUJILUt5OW5WSHJYRXRiOE5xeG4zV2t2RGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS80ZGQwNmQtZTdhNi00NDkxLTllMTMt
YTI4OGI0MWE1MGY2LzEvQnZJS25PWkREbkozZllqd0tiOU1QUzJWUkVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS80ZGQwNmQtZTdhNi00NDkxLTllMTMtYTI4OGI0MWE1MGY2
LzEvQUJILUt5OW5WSHJYRXRiOE5xeG4zV2t2RGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueUkMA0G
CSqGSIb3DQEBCwUAA4IBAQAuZ1aV3Z32Gr0XyIX5ZBvj4khincy7+zNhWhl0Z2EB
k1WRMkYwN5GdHROlCpZkCYb7ASMElyTMPQ+YtYp89OSpxzE6uGZ3tCvVfucL+J92
/pfUGEYQGotpoSMED4jD+cw4/saYzq6gcor+zC/bmGmjiM/L25dJ6RciFsN1R46Z
lUWOlXni9BYjlkForQAQJhR1WE7rfW+SClIr1nNfifa9oePQhzLKATgcyDkCMrBl
2hvGlj22dxSwFtnb7ftoa/YueM0gMFfofqiTz4WjEBHlGiQ5R7PYaRrbOI5DLnsH
0P0UpXvWY9DSmHnhvQaZZd9pVUiIhxmpSZzGWtnP+QvS
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:53:51 2025 by rpki-client