Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/up0oav0rMtPMOzsYSRDujbJ3KTk.roa
File: up0oav0rMtPMOzsYSRDujbJ3KTk.roa (raw, json)
Hash identifier: Rkvar+Ei1oJWKXR7rGewiiIwzRWDihGhTVyjbmAYcXg=
Subject key identifier: BA:9D:28:6A:FD:2B:32:D3:CC:3B:3B:18:49:10:EE:8D:B2:77:29:39
Certificate issuer: /CN=642c7a4e9f02b2f4e664d7d0d72a52e51261de54
Certificate serial: 0199577A959BF52B423E2F2B9A30FE881B71
Authority key identifier: 64:2C:7A:4E:9F:02:B2:F4:E6:64:D7:D0:D7:2A:52:E5:12:61:DE:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/up0oav0rMtPMOzsYSRDujbJ3KTk.roa
Signing time: Wed 17 Sep 2025 11:41:15 +0000
ROA not before: Wed 17 Sep 2025 11:41:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57473
IP address blocks: 185.115.136.0/22 maxlen: 22
185.115.136.0/24 maxlen: 24
194.60.250.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 17:01:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:57:7a:95:9b:f5:2b:42:3e:2f:2b:9a:30:fe:88:1b:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=642c7a4e9f02b2f4e664d7d0d72a52e51261de54
Validity
Not Before: Sep 17 11:41:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ba9d286afd2b32d3cc3b3b184910ee8db2772939
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:c6:8c:47:4e:d8:6c:c1:54:cf:ad:99:e5:82:
cc:e4:a8:25:c7:81:33:30:78:a7:6e:1d:e1:4e:35:
69:9c:74:21:98:a0:ed:65:af:1a:3c:24:70:87:6f:
4a:2d:17:d1:1d:2d:b4:9f:86:83:c7:6c:86:be:48:
1d:0c:1c:67:72:8f:43:1c:15:54:7a:7e:d4:a0:4d:
d2:5f:40:4c:0c:52:da:7f:38:a1:9a:8a:7e:c0:cf:
fe:66:e7:88:b9:43:cd:f0:e1:cd:40:e6:fe:22:fc:
9e:cd:0c:cc:62:a9:c6:7a:2c:ac:04:75:9d:e3:bc:
19:3e:a8:95:f1:a6:fe:61:f0:5c:04:76:3f:8e:2d:
be:16:27:b0:99:90:2e:e1:ff:fd:70:c4:4d:13:be:
92:f0:5f:3c:b1:53:a9:37:61:c7:a8:fe:e6:f4:1d:
a2:37:8f:a5:39:d6:85:70:88:6f:98:d4:3a:2a:0a:
63:41:c1:50:ec:13:0e:53:58:8b:a7:0e:1b:7a:44:
bb:11:c1:4a:77:51:8e:45:7e:b7:50:b2:ba:57:06:
19:8d:bf:a3:8e:22:ae:75:e0:de:e9:3f:df:06:7f:
f5:0a:b8:53:d4:e6:f9:01:5d:a9:e7:ca:fe:1a:41:
1b:7f:74:c3:92:3a:76:80:69:8c:a6:e3:43:a7:e3:
ec:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:9D:28:6A:FD:2B:32:D3:CC:3B:3B:18:49:10:EE:8D:B2:77:29:39
X509v3 Authority Key Identifier:
keyid:64:2C:7A:4E:9F:02:B2:F4:E6:64:D7:D0:D7:2A:52:E5:12:61:DE:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/up0oav0rMtPMOzsYSRDujbJ3KTk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.115.136.0/22
194.60.250.0/24
Signature Algorithm: sha256WithRSAEncryption
04:33:48:82:28:72:3b:f1:fa:44:cd:c1:63:74:44:15:8f:5b:
5d:d1:bf:cf:e4:f5:78:a5:72:f2:2b:0a:de:81:34:4b:80:2d:
c3:15:4d:c4:8a:07:ba:36:39:16:8a:c1:c0:4e:23:ef:4a:e0:
e9:9f:2f:56:81:8d:8c:78:b6:41:90:55:bd:14:86:93:8a:ee:
75:03:74:14:77:22:83:ef:1c:a0:6c:72:13:a6:67:a2:4d:4b:
e9:be:b7:0b:d1:74:44:fe:a2:5e:92:d6:04:1e:62:d9:83:af:
ca:82:64:d9:3c:aa:3a:63:e8:77:b1:ed:08:e5:42:b7:1b:0a:
21:c3:07:75:40:a6:b8:d6:f3:d8:ec:e7:20:78:09:18:02:d9:
86:09:06:7e:f3:34:09:ee:85:2a:ad:c8:5c:84:a6:ba:02:2d:
24:32:a8:67:6f:85:21:df:a0:a9:14:9c:0d:49:7d:f8:2f:da:
0e:ba:65:9f:7c:c1:dc:4c:3c:cd:09:6c:aa:b6:c6:17:58:23:
83:b4:42:05:d1:b8:7f:29:0a:45:79:82:39:3c:5b:16:f0:0d:
14:95:85:82:f6:fe:76:c5:1d:a9:dc:ed:a5:69:d0:d5:14:e6:
47:9d:66:bd:99:05:cb:80:7c:e3:09:d0:bc:53:ec:95:d2:f2:
c6:d8:ab:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlXepWb9StCPi8rmjD+iBtxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MmM3YTRlOWYwMmIyZjRlNjY0ZDdkMGQ3MmE1MmU1MTI2
MWRlNTQwHhcNMjUwOTE3MTE0MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTlkMjg2YWZkMmIzMmQzY2MzYjNiMTg0OTEwZWU4ZGIyNzcyOTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycaMR07YbMFUz62Z5YLM5Kglx4Ez
MHinbh3hTjVpnHQhmKDtZa8aPCRwh29KLRfRHS20n4aDx2yGvkgdDBxnco9DHBVU
en7UoE3SX0BMDFLafzihmop+wM/+ZueIuUPN8OHNQOb+IvyezQzMYqnGeiysBHWd
47wZPqiV8ab+YfBcBHY/ji2+FiewmZAu4f/9cMRNE76S8F88sVOpN2HHqP7m9B2i
N4+lOdaFcIhvmNQ6KgpjQcFQ7BMOU1iLpw4bekS7EcFKd1GORX63ULK6VwYZjb+j
jiKudeDe6T/fBn/1CrhT1Ob5AV2p58r+GkEbf3TDkjp2gGmMpuNDp+PsHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLqdKGr9KzLTzDs7GEkQ7o2ydyk5MB8GA1UdIwQY
MBaAFGQsek6fArL05mTX0NcqUuUSYd5UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkN4NlRwOENzdlRtWk5mUTF5cFM1UkpoM2xRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85OTFmZDgtMmQ4NS00Y2Y5LTkwMzYt
NWUwMmM0NjUzZTUwLzEvdXAwb2F2MHJNdFBNT3pzWVNSRHVqYkozS1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85OTFmZDgtMmQ4NS00Y2Y5LTkwMzYtNWUwMmM0NjUzZTUw
LzEvWkN4NlRwOENzdlRtWk5mUTF5cFM1UkpoM2xRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXOIAwQA
wjz6MA0GCSqGSIb3DQEBCwUAA4IBAQAEM0iCKHI78fpEzcFjdEQVj1td0b/P5PV4
pXLyKwregTRLgC3DFU3Eige6NjkWisHATiPvSuDpny9WgY2MeLZBkFW9FIaTiu51
A3QUdyKD7xygbHITpmeiTUvpvrcL0XRE/qJektYEHmLZg6/KgmTZPKo6Y+h3se0I
5UK3Gwohwwd1QKa41vPY7OcgeAkYAtmGCQZ+8zQJ7oUqrchchKa6Ai0kMqhnb4Uh
36CpFJwNSX34L9oOumWffMHcTDzNCWyqtsYXWCODtEIF0bh/KQpFeYI5PFsW8A0U
lYWC9v52xR2p3O2ladDVFOZHnWa9mQXLgHzjCdC8U+yV0vLG2KsC
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:47:43 2025 by rpki-client