Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/U0kz5BkcYHKTFNPtHMwJo21XKHU.roa
File: U0kz5BkcYHKTFNPtHMwJo21XKHU.roa (raw, json)
Hash identifier: iaCyCipdJ6ekGgikYiiFtPDbJGVukpDzv6A6Dr6X+s8=
Subject key identifier: 53:49:33:E4:19:1C:60:72:93:14:D3:ED:1C:CC:09:A3:6D:57:28:75
Certificate issuer: /CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
Certificate serial: 0198F4C39AFD8D6D7147C19DC78539EA09F4
Authority key identifier: 6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/U0kz5BkcYHKTFNPtHMwJo21XKHU.roa
Signing time: Fri 29 Aug 2025 07:38:36 +0000
ROA not before: Fri 29 Aug 2025 07:38:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16024
IP address blocks: 46.28.32.0/21 maxlen: 24
149.232.184.0/22 maxlen: 24
149.232.190.0/23 maxlen: 24
149.232.244.0/22 maxlen: 24
149.232.248.0/22 maxlen: 24
156.67.56.0/23 maxlen: 23
156.67.56.0/24 maxlen: 24
156.67.57.0/24 maxlen: 24
185.47.232.0/22 maxlen: 24
185.159.32.0/22 maxlen: 24
217.70.160.0/20 maxlen: 24
217.70.161.0/24 maxlen: 24
217.70.162.0/24 maxlen: 24
217.70.167.0/24 maxlen: 24
217.70.172.0/24 maxlen: 24
2a02:1670::/29 maxlen: 32
2a02:1670::/32 maxlen: 32
2a02:1671::/32 maxlen: 32
2a02:1672::/32 maxlen: 32
2a02:1673::/32 maxlen: 32
2a02:1674::/32 maxlen: 32
2a02:1675::/32 maxlen: 32
2a02:1676::/32 maxlen: 32
2a02:1677::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bz2JqB_CmfOcCS5PbQFzqanPvGU.crl
rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bz2JqB_CmfOcCS5PbQFzqanPvGU.mft
rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f4:c3:9a:fd:8d:6d:71:47:c1:9d:c7:85:39:ea:09:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
Validity
Not Before: Aug 29 07:38:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=534933e4191c60729314d3ed1ccc09a36d572875
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:1c:60:7e:72:f6:c2:65:1f:46:cb:1a:ff:3d:
15:a8:44:94:60:21:c0:7a:b3:6b:b7:52:0d:a5:60:
8b:b3:2a:7b:62:b8:04:57:9f:14:b7:e0:eb:fb:b6:
aa:47:bd:37:09:21:02:33:a5:b3:c3:9b:27:02:bd:
1e:fd:c6:e8:6d:38:25:f0:c2:82:97:2f:18:8a:41:
1e:23:fc:18:b8:5a:88:8b:96:b3:11:b6:32:bd:03:
db:04:a0:c1:ba:1a:9f:54:d1:74:07:63:79:58:85:
ba:4a:fd:eb:3e:2d:73:03:79:7f:5d:ae:d9:76:e0:
43:f1:e1:8d:87:9e:64:f5:20:8d:9d:ed:bc:ba:47:
c0:9b:60:3b:b1:b8:d8:6d:c8:fe:bc:74:ce:64:7e:
59:42:34:31:d8:d2:52:0d:16:fe:57:8b:10:33:07:
12:e3:c7:68:93:b9:55:00:a1:62:44:98:03:b1:52:
a5:c6:01:0a:ae:a9:d4:77:3e:57:82:83:d9:9f:00:
fd:c0:3d:a6:a3:8e:f1:9f:75:6e:9d:1d:e0:7b:fa:
d4:1a:7e:68:cf:e6:b1:0c:70:3a:0c:82:73:3d:0d:
e5:7a:a0:67:d0:bb:d9:90:0c:16:2b:ec:11:a3:65:
2a:b9:71:35:5e:db:c7:18:84:a9:73:18:09:2a:d9:
23:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:49:33:E4:19:1C:60:72:93:14:D3:ED:1C:CC:09:A3:6D:57:28:75
X509v3 Authority Key Identifier:
keyid:6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/U0kz5BkcYHKTFNPtHMwJo21XKHU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bz2JqB_CmfOcCS5PbQFzqanPvGU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.28.32.0/21
149.232.184.0/22
149.232.190.0/23
149.232.244.0-149.232.251.255
156.67.56.0/23
185.47.232.0/22
185.159.32.0/22
217.70.160.0/20
IPv6:
2a02:1670::/29
Signature Algorithm: sha256WithRSAEncryption
b8:5c:e9:2b:c7:76:ba:54:d4:a2:44:e5:cb:26:06:ad:a7:dc:
b3:88:f6:db:07:4d:c4:59:7d:03:58:14:3a:3d:cf:72:4b:56:
f6:6c:a0:f5:c5:48:1c:6e:19:1c:f7:d9:58:84:03:92:de:9d:
e5:62:b0:17:81:4f:97:48:15:f0:2d:c1:ec:2f:40:da:52:78:
3e:ac:c8:44:41:ca:53:60:3b:e3:f2:c1:76:92:27:21:55:a6:
56:d5:11:97:bb:2a:02:12:7e:74:26:63:79:1b:16:55:2f:29:
cb:84:af:7a:bf:2d:83:a5:85:32:18:12:00:e0:75:48:d9:ad:
be:92:07:a2:23:80:04:97:5a:58:26:dc:28:ef:48:7a:90:7a:
56:e0:f8:2b:66:5f:8a:8c:21:fb:6f:00:ae:d9:6d:f1:c6:2d:
57:4e:20:f2:2c:51:0c:24:8c:b0:a9:f4:27:1f:01:09:68:cd:
1c:2a:78:26:3f:88:3f:30:63:94:49:36:f5:89:51:7f:56:75:
89:01:f2:eb:15:36:97:a0:38:80:b8:b2:bc:97:69:72:47:c9:
66:f9:ec:70:c3:b9:8b:45:ab:48:9f:a4:2c:e9:27:f6:5b:05:
7f:b8:d1:6b:d3:ab:82:bf:39:b7:b6:19:e1:7a:8b:7f:8e:6d:
b5:2a:e2:41
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZj0w5r9jW1xR8Gdx4U56gn0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmM2Q4OWE4MWZjMjk5ZjM5YzA5MmU0ZjZkMDE3M2E5YTlj
ZmJjNjUwHhcNMjUwODI5MDczODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQ5MzNlNDE5MWM2MDcyOTMxNGQzZWQxY2NjMDlhMzZkNTcyODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBxgfnL2wmUfRssa/z0VqESUYCHA
erNrt1INpWCLsyp7YrgEV58Ut+Dr+7aqR703CSECM6Wzw5snAr0e/cbobTgl8MKC
ly8YikEeI/wYuFqIi5azEbYyvQPbBKDBuhqfVNF0B2N5WIW6Sv3rPi1zA3l/Xa7Z
duBD8eGNh55k9SCNne28ukfAm2A7sbjYbcj+vHTOZH5ZQjQx2NJSDRb+V4sQMwcS
48dok7lVAKFiRJgDsVKlxgEKrqnUdz5XgoPZnwD9wD2mo47xn3VunR3ge/rUGn5o
z+axDHA6DIJzPQ3leqBn0LvZkAwWK+wRo2UquXE1XtvHGISpcxgJKtkjUwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFNJM+QZHGBykxTT7RzMCaNtVyh1MB8GA1UdIwQY
MBaAFG89iagfwpnznAkuT20Bc6mpz7xlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAt
MzA5YjdiOTYwZDE0LzEvVTBrejVCa2NZSEtURk5QdEhNd0pvMjFYS0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAtMzA5YjdiOTYwZDE0
LzEvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQDLhwgAwQC
lei4AwQBlei+MAwDBAKV6PQDBAKV6PgDBAGcQzgDBAK5L+gDBAK5nyADBATZRqAw
DQQCAAIwBwMFAyoCFnAwDQYJKoZIhvcNAQELBQADggEBALhc6SvHdrpU1KJE5csm
Bq2n3LOI9tsHTcRZfQNYFDo9z3JLVvZsoPXFSBxuGRz32ViEA5LeneVisBeBT5dI
FfAtwewvQNpSeD6syERBylNgO+PywXaSJyFVplbVEZe7KgISfnQmY3kbFlUvKcuE
r3q/LYOlhTIYEgDgdUjZrb6SB6IjgASXWlgm3CjvSHqQelbg+CtmX4qMIftvAK7Z
bfHGLVdOIPIsUQwkjLCp9CcfAQlozRwqeCY/iD8wY5RJNvWJUX9WdYkB8usVNpeg
OIC4sryXaXJHyWb57HDDuYtFq0ifpCzpJ/ZbBX+40WvTq4K/Obe2GeF6i3+ObbUq
4kE=
-----END CERTIFICATE-----
Generated at Mon Oct 20 00:04:32 2025 by rpki-client