Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/HEZk47Tz0P7xLu1E-YbCfOk87g4.roa
File: HEZk47Tz0P7xLu1E-YbCfOk87g4.roa (raw, json)
Hash identifier: ITNGs0lC09kQd2YEI+tUesIYch6VaIyTGr6WiAe5ZUo=
Subject key identifier: 1C:46:64:E3:B4:F3:D0:FE:F1:2E:ED:44:F9:86:C2:7C:E9:3C:EE:0E
Certificate issuer: /CN=74722f16a87cffd78fd79050568a1b4c959b1224
Certificate serial: 0199D87A0085767D54AA3F002CE3555826E9
Authority key identifier: 74:72:2F:16:A8:7C:FF:D7:8F:D7:90:50:56:8A:1B:4C:95:9B:12:24
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/HEZk47Tz0P7xLu1E-YbCfOk87g4.roa
Signing time: Sun 12 Oct 2025 12:51:38 +0000
ROA not before: Sun 12 Oct 2025 12:51:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202948
IP address blocks: 185.172.116.0/24 maxlen: 24
185.172.117.0/24 maxlen: 24
185.172.119.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:d8:7a:00:85:76:7d:54:aa:3f:00:2c:e3:55:58:26:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=74722f16a87cffd78fd79050568a1b4c959b1224
Validity
Not Before: Oct 12 12:51:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1c4664e3b4f3d0fef12eed44f986c27ce93cee0e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:78:db:30:30:31:55:e3:52:42:34:f9:a4:b6:
d2:b2:b7:4a:06:0e:b9:78:35:3d:6f:51:71:64:07:
3f:19:79:e5:01:f0:97:a9:3a:b7:08:b3:18:8a:69:
16:ee:df:f0:4c:12:c5:12:12:fa:3b:ad:b3:7a:7a:
af:cf:76:14:20:e2:70:cb:81:e4:45:2f:5b:22:a4:
3d:fe:78:98:cc:84:75:44:64:0e:15:ca:9c:6a:29:
84:72:5b:11:da:aa:1f:5c:9f:4b:5d:22:b6:5f:01:
b9:3c:1c:ac:3f:84:80:f9:bb:e5:a2:42:01:78:34:
ed:0f:d2:a2:fd:65:60:8e:9e:ee:61:e4:6c:b8:af:
66:c2:5e:31:9d:c2:28:c8:34:f7:e9:a0:04:af:0f:
4b:8c:f2:56:e7:13:f7:bf:80:51:98:2a:44:36:b2:
98:31:45:f0:76:58:95:09:1f:82:1b:9d:3a:a5:56:
ff:0e:22:02:6b:00:3b:64:dc:ef:90:50:80:11:5e:
a5:85:b8:52:92:5f:b0:d9:85:94:37:24:16:e2:e2:
70:0e:f2:f1:68:e2:01:d1:9c:19:88:4d:89:47:a2:
46:fd:4d:7f:93:d4:a8:29:02:71:a2:7d:50:14:9f:
04:1b:f0:d7:6a:a5:33:32:f8:96:ba:58:bb:78:43:
14:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:46:64:E3:B4:F3:D0:FE:F1:2E:ED:44:F9:86:C2:7C:E9:3C:EE:0E
X509v3 Authority Key Identifier:
keyid:74:72:2F:16:A8:7C:FF:D7:8F:D7:90:50:56:8A:1B:4C:95:9B:12:24
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/HEZk47Tz0P7xLu1E-YbCfOk87g4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.172.116.0/23
185.172.119.0/24
Signature Algorithm: sha256WithRSAEncryption
3e:88:70:fe:37:ce:78:14:f3:13:7d:93:bc:c0:3c:7f:f3:ad:
de:1d:23:ea:e7:d6:dc:bb:9e:2a:87:18:e2:c9:0a:97:d8:01:
43:89:94:5a:fb:25:13:8b:55:a5:77:ed:cc:b6:84:2b:82:5d:
77:37:67:6d:9c:30:c8:ec:89:48:af:74:b9:b2:fe:b4:7c:1e:
12:55:be:2d:7b:45:90:53:e1:58:e0:d8:e3:d3:9c:5f:58:b3:
5b:a4:48:55:5c:35:a4:98:91:ce:eb:34:20:d9:e8:a0:36:3d:
8c:be:6b:2a:4a:5f:2a:bf:8f:d6:bc:86:47:98:cd:46:3e:43:
72:27:5b:5e:0b:56:fd:d0:1a:fa:e0:b4:6d:5c:2c:9b:e6:91:
dc:dd:2e:7d:d8:b5:c8:da:63:b8:0b:bf:72:ca:ea:37:ba:93:
c6:ca:24:68:0f:fd:54:a9:38:2d:17:8b:ce:86:eb:92:05:0e:
5f:12:d5:88:67:85:de:b2:78:4d:ac:3c:ea:76:31:c3:d8:4f:
dd:83:fd:35:31:1e:30:4b:52:71:08:38:6b:d9:75:4f:47:9e:
c5:3c:c5:38:ed:b3:c6:33:33:ad:87:79:9b:23:14:71:03:ea:
13:3c:3c:26:a6:1c:0c:9b:f0:c4:0a:1c:19:13:d2:db:71:cb:
f0:e0:98:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnYegCFdn1Uqj8ALONVWCbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NzIyZjE2YTg3Y2ZmZDc4ZmQ3OTA1MDU2OGExYjRjOTU5
YjEyMjQwHhcNMjUxMDEyMTI1MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzQ2NjRlM2I0ZjNkMGZlZjEyZWVkNDRmOTg2YzI3Y2U5M2NlZTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXjbMDAxVeNSQjT5pLbSsrdKBg65
eDU9b1FxZAc/GXnlAfCXqTq3CLMYimkW7t/wTBLFEhL6O62zenqvz3YUIOJwy4Hk
RS9bIqQ9/niYzIR1RGQOFcqcaimEclsR2qofXJ9LXSK2XwG5PBysP4SA+bvlokIB
eDTtD9Ki/WVgjp7uYeRsuK9mwl4xncIoyDT36aAErw9LjPJW5xP3v4BRmCpENrKY
MUXwdliVCR+CG506pVb/DiICawA7ZNzvkFCAEV6lhbhSkl+w2YWUNyQW4uJwDvLx
aOIB0ZwZiE2JR6JG/U1/k9SoKQJxon1QFJ8EG/DXaqUzMviWuli7eEMUlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBxGZOO089D+8S7tRPmGwnzpPO4OMB8GA1UdIwQY
MBaAFHRyLxaofP/Xj9eQUFaKG0yVmxIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEhJdkZxaDhfOWVQMTVCUVZvb2JUSldiRWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mOWU5YTEtZmU1Mi00NTFhLWExNTQt
MzNmNzNkOWZkZGI1LzEvSEVaazQ3VHowUDd4THUxRS1ZYkNmT2s4N2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mOWU5YTEtZmU1Mi00NTFhLWExNTQtMzNmNzNkOWZkZGI1
LzEvZEhJdkZxaDhfOWVQMTVCUVZvb2JUSldiRWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuax0AwQA
uax3MA0GCSqGSIb3DQEBCwUAA4IBAQA+iHD+N854FPMTfZO8wDx/863eHSPq59bc
u54qhxjiyQqX2AFDiZRa+yUTi1Wld+3MtoQrgl13N2dtnDDI7IlIr3S5sv60fB4S
Vb4te0WQU+FY4Njj05xfWLNbpEhVXDWkmJHO6zQg2eigNj2MvmsqSl8qv4/WvIZH
mM1GPkNyJ1teC1b90Br64LRtXCyb5pHc3S592LXI2mO4C79yyuo3upPGyiRoD/1U
qTgtF4vOhuuSBQ5fEtWIZ4XesnhNrDzqdjHD2E/dg/01MR4wS1JxCDhr2XVPR57F
PMU47bPGMzOth3mbIxRxA+oTPDwmphwMm/DEChwZE9Lbccvw4Jgq
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:48:50 2025 by rpki-client