Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/hRN9-wiS61xemcnu2IzA0-iM9GY.roa
File: hRN9-wiS61xemcnu2IzA0-iM9GY.roa (raw, json)
Hash identifier: 3iVa28JdgJ+v6CoS2A5zsaGzlJ7m8oreOdh8XsM7vXo=
Subject key identifier: 85:13:7D:FB:08:92:EB:5C:5E:99:C9:EE:D8:8C:C0:D3:E8:8C:F4:66
Certificate issuer: /CN=1d671cf79fcf66d29fec0d77a66a7d0ea1bb759b
Certificate serial: 0199EDBD2186EFCC074047072E33236F0526
Authority key identifier: 1D:67:1C:F7:9F:CF:66:D2:9F:EC:0D:77:A6:6A:7D:0E:A1:BB:75:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HWcc95_PZtKf7A13pmp9DqG7dZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/hRN9-wiS61xemcnu2IzA0-iM9GY.roa
Signing time: Thu 16 Oct 2025 15:56:58 +0000
ROA not before: Thu 16 Oct 2025 15:56:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 61401
IP address blocks: 85.155.252.0/24 maxlen: 24
85.155.253.0/24 maxlen: 24
85.155.254.0/24 maxlen: 24
85.155.255.0/24 maxlen: 24
194.54.147.0/24 maxlen: 24
2a12:c840::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/HWcc95_PZtKf7A13pmp9DqG7dZs.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/HWcc95_PZtKf7A13pmp9DqG7dZs.mft
rsync://rpki.ripe.net/repository/DEFAULT/HWcc95_PZtKf7A13pmp9DqG7dZs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ed:bd:21:86:ef:cc:07:40:47:07:2e:33:23:6f:05:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d671cf79fcf66d29fec0d77a66a7d0ea1bb759b
Validity
Not Before: Oct 16 15:56:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85137dfb0892eb5c5e99c9eed88cc0d3e88cf466
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:f3:36:b6:ae:dc:41:8f:36:f0:c7:54:76:42:
b0:ac:98:a7:46:30:76:8e:c1:e2:37:39:10:a9:0c:
13:86:3b:73:11:6b:37:77:1f:94:a6:57:d9:2e:88:
82:45:f3:58:a2:d6:ff:d8:02:00:6b:2a:e8:54:db:
6d:14:2f:8f:b3:3e:f8:76:5a:b6:6d:f5:94:4f:be:
c1:4b:64:09:1f:4d:f1:1d:9a:90:8e:e8:aa:dd:b5:
42:74:96:e4:09:17:ec:4e:a8:35:4a:f2:80:9f:fc:
0a:e3:cf:8c:b0:81:a3:59:2f:34:61:94:b0:00:11:
d4:6d:05:51:b0:c4:4a:46:96:46:b2:14:8e:67:2d:
0d:ac:de:97:bc:1d:4c:92:26:bc:80:8b:30:9a:55:
4a:08:0c:9c:22:1e:bf:dd:93:a4:10:62:cb:34:57:
cd:44:4c:69:f6:89:8d:67:c7:ef:08:b9:a1:1d:5f:
07:5e:71:b4:96:ec:f2:08:fe:9d:c4:e6:a7:01:fa:
4e:a2:2b:24:cf:17:0a:8f:96:84:60:7d:d1:d8:7c:
bb:7d:78:08:cc:99:a9:79:01:a8:4a:ff:0b:9d:e0:
d9:20:63:b6:da:2e:6a:cb:97:83:08:28:be:67:81:
fc:a5:58:7f:a8:a9:f6:c3:82:66:2c:9e:40:f4:bd:
9f:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:13:7D:FB:08:92:EB:5C:5E:99:C9:EE:D8:8C:C0:D3:E8:8C:F4:66
X509v3 Authority Key Identifier:
keyid:1D:67:1C:F7:9F:CF:66:D2:9F:EC:0D:77:A6:6A:7D:0E:A1:BB:75:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HWcc95_PZtKf7A13pmp9DqG7dZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/hRN9-wiS61xemcnu2IzA0-iM9GY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/15ab28-268d-49b9-ba4f-96fe22605323/1/HWcc95_PZtKf7A13pmp9DqG7dZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.155.252.0/22
194.54.147.0/24
IPv6:
2a12:c840::/29
Signature Algorithm: sha256WithRSAEncryption
0d:6c:74:05:79:1c:aa:84:59:d0:b6:a8:c1:5c:3c:0f:da:38:
ea:39:bf:5e:e3:b1:b7:42:41:b4:c7:8b:44:c1:7d:88:e9:0f:
03:54:a9:3a:0d:15:dd:17:6d:e3:9a:75:2c:c7:c0:55:5d:37:
3a:d7:49:73:bb:cd:97:8f:16:e5:a4:0e:3a:e2:71:b2:99:04:
48:76:a8:e3:96:e4:d5:65:72:48:89:98:52:e4:8d:42:f1:da:
2d:2d:67:3a:f9:a2:2e:3c:89:e2:0d:4b:5f:2d:61:f6:ac:9b:
f1:d1:fa:a0:42:7f:c5:3b:c3:92:a9:fe:82:93:7a:e7:cc:53:
5d:78:84:10:56:35:eb:39:02:4d:c1:ad:dc:f3:a2:9d:38:f8:
bd:f8:e5:f8:fa:8b:9e:a7:4e:62:f0:e4:5c:b8:2b:da:14:49:
56:4f:f2:da:67:c1:4a:e0:ba:eb:b3:bb:09:e6:16:88:e1:02:
03:1e:06:f7:09:bd:0b:b3:8c:bd:25:e6:6e:23:51:cd:ae:26:
5e:3f:8c:c1:1e:f8:d5:63:6c:c7:56:d5:25:49:9a:02:56:82:
77:77:2e:dc:b8:ec:a4:01:72:4c:32:0f:5a:8c:66:c4:d4:03:
e6:4f:8a:bc:ad:f8:71:18:6c:52:30:9f:70:4b:a1:22:21:63:
02:58:25:4f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZntvSGG78wHQEcHLjMjbwUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNjcxY2Y3OWZjZjY2ZDI5ZmVjMGQ3N2E2NmE3ZDBlYTFi
Yjc1OWIwHhcNMjUxMDE2MTU1NjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTEzN2RmYjA4OTJlYjVjNWU5OWM5ZWVkODhjYzBkM2U4OGNmNDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovM2tq7cQY828MdUdkKwrJinRjB2
jsHiNzkQqQwThjtzEWs3dx+UplfZLoiCRfNYotb/2AIAayroVNttFC+Psz74dlq2
bfWUT77BS2QJH03xHZqQjuiq3bVCdJbkCRfsTqg1SvKAn/wK48+MsIGjWS80YZSw
ABHUbQVRsMRKRpZGshSOZy0NrN6XvB1Mkia8gIswmlVKCAycIh6/3ZOkEGLLNFfN
RExp9omNZ8fvCLmhHV8HXnG0luzyCP6dxOanAfpOoiskzxcKj5aEYH3R2Hy7fXgI
zJmpeQGoSv8LneDZIGO22i5qy5eDCCi+Z4H8pVh/qKn2w4JmLJ5A9L2fUwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIUTffsIkutcXpnJ7tiMwNPojPRmMB8GA1UdIwQY
MBaAFB1nHPefz2bSn+wNd6ZqfQ6hu3WbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFdjYzk1X1BadEtmN0ExM3BtcDlEcUc3ZFpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xNWFiMjgtMjY4ZC00OWI5LWJhNGYt
OTZmZTIyNjA1MzIzLzEvaFJOOS13aVM2MXhlbWNudTJJekEwLWlNOUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xNWFiMjgtMjY4ZC00OWI5LWJhNGYtOTZmZTIyNjA1MzIz
LzEvSFdjYzk1X1BadEtmN0ExM3BtcDlEcUc3ZFpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCVZv8AwQA
wjaTMA0EAgACMAcDBQMqEshAMA0GCSqGSIb3DQEBCwUAA4IBAQANbHQFeRyqhFnQ
tqjBXDwP2jjqOb9e47G3QkG0x4tEwX2I6Q8DVKk6DRXdF23jmnUsx8BVXTc610lz
u82XjxblpA464nGymQRIdqjjluTVZXJIiZhS5I1C8dotLWc6+aIuPIniDUtfLWH2
rJvx0fqgQn/FO8OSqf6Ck3rnzFNdeIQQVjXrOQJNwa3c86KdOPi9+OX4+ouep05i
8ORcuCvaFElWT/LaZ8FK4Lrrs7sJ5haI4QIDHgb3Cb0Ls4y9JeZuI1HNriZeP4zB
HvjVY2zHVtUlSZoCVoJ3dy7cuOykAXJMMg9ajGbE1APmT4q8rfhxGGxSMJ9wS6Ei
IWMCWCVP
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:16:10 2025 by rpki-client