Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/vW8nbP0mTPSGV0n46D4WrlPJlkA.roa
File: vW8nbP0mTPSGV0n46D4WrlPJlkA.roa (raw, json)
Hash identifier: FBmE53kvVV07M6urD1OzTmvwStXQDG55TxBqouWfpJ0=
Subject key identifier: BD:6F:27:6C:FD:26:4C:F4:86:57:49:F8:E8:3E:16:AE:53:C9:96:40
Certificate issuer: /CN=966b05c661c76a5bcc48da838eedb6973f153b86
Certificate serial: 019995F60B7858C7F3528B3D214B77E133DA
Authority key identifier: 96:6B:05:C6:61:C7:6A:5B:CC:48:DA:83:8E:ED:B6:97:3F:15:3B:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lmsFxmHHalvMSNqDju22lz8VO4Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/vW8nbP0mTPSGV0n46D4WrlPJlkA.roa
Signing time: Mon 29 Sep 2025 14:52:33 +0000
ROA not before: Mon 29 Sep 2025 14:52:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206316
IP address blocks: 185.219.128.0/22 maxlen: 22
185.219.128.0/24 maxlen: 24
185.219.129.0/24 maxlen: 24
185.219.130.0/24 maxlen: 24
185.219.131.0/24 maxlen: 24
2a0b:e640::/29 maxlen: 29
2a0e:bc00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/lmsFxmHHalvMSNqDju22lz8VO4Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/lmsFxmHHalvMSNqDju22lz8VO4Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/lmsFxmHHalvMSNqDju22lz8VO4Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:95:f6:0b:78:58:c7:f3:52:8b:3d:21:4b:77:e1:33:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=966b05c661c76a5bcc48da838eedb6973f153b86
Validity
Not Before: Sep 29 14:52:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bd6f276cfd264cf4865749f8e83e16ae53c99640
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:c3:ad:d8:33:7e:2f:9a:20:18:96:a9:e2:44:
53:0b:17:b9:d9:94:65:ae:41:bb:aa:c5:10:ab:04:
53:5d:eb:e5:36:cc:c9:a1:04:15:0f:c4:5d:a3:35:
57:14:3f:b3:b9:47:3c:f7:d3:08:b7:76:47:3b:5d:
49:b4:c2:8b:59:b8:bf:7b:67:cf:cf:c7:09:ef:c3:
7a:43:15:16:7a:21:cf:af:2b:66:d2:63:29:7b:80:
bf:d0:1f:6b:04:7e:3f:8c:c3:10:35:ac:b8:19:62:
ec:70:ec:7b:ba:5e:d8:a9:e1:f3:60:1e:64:66:51:
4b:f7:03:de:05:ff:41:f8:21:42:35:34:0f:fd:bf:
cb:b3:11:44:b5:d8:1e:d7:09:ca:95:9d:44:4f:09:
1a:3d:76:42:bf:30:a7:7d:bb:c6:6e:24:ea:3f:0c:
f9:8b:4f:91:52:7d:73:d2:fb:8a:fc:6a:49:69:b1:
46:29:ba:c0:3a:a1:5c:bc:c8:ac:7c:39:45:be:ae:
13:2e:07:f0:24:1d:a9:ff:62:33:ee:07:70:36:67:
90:90:e5:93:a3:ee:ef:4d:5a:97:73:49:6d:61:4f:
3a:19:5e:c0:06:da:e6:b1:d8:e1:3c:71:99:a0:dc:
06:20:31:c2:2b:f3:b7:7a:b4:17:9e:2c:6f:e6:f7:
34:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:6F:27:6C:FD:26:4C:F4:86:57:49:F8:E8:3E:16:AE:53:C9:96:40
X509v3 Authority Key Identifier:
keyid:96:6B:05:C6:61:C7:6A:5B:CC:48:DA:83:8E:ED:B6:97:3F:15:3B:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lmsFxmHHalvMSNqDju22lz8VO4Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/vW8nbP0mTPSGV0n46D4WrlPJlkA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/lmsFxmHHalvMSNqDju22lz8VO4Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.219.128.0/22
IPv6:
2a0b:e640::/29
2a0e:bc00::/29
Signature Algorithm: sha256WithRSAEncryption
05:1a:b3:a8:bc:81:d6:94:a9:ad:48:91:76:be:87:bf:f6:55:
3f:ed:11:a8:b8:66:ac:01:0f:3b:fe:18:4d:1d:48:17:c6:ea:
87:0e:50:3d:4b:05:db:db:59:89:0b:63:1b:b7:91:e2:4d:82:
29:ae:90:db:db:8f:ed:1a:f0:4e:dc:a6:63:7a:ce:f2:6e:9e:
a0:52:83:b0:eb:3c:65:78:f8:7a:77:af:b5:e4:e8:e9:6e:84:
af:ce:64:d5:de:c7:e8:0a:9b:a4:57:6d:3c:a8:58:0b:da:5f:
b5:f3:cf:d2:d7:0c:7a:1b:e6:41:a3:5a:ce:7a:99:c0:12:cb:
3a:80:ca:ae:c9:da:9d:4c:a2:14:61:48:1b:cd:f9:da:63:b8:
06:35:d9:27:bd:ec:95:f1:41:43:94:71:66:90:17:3c:f0:61:
33:ad:cd:ff:53:eb:5c:ec:3b:be:ad:cf:57:aa:f8:d4:23:c4:
8c:08:c4:cf:8c:5f:9a:9f:fa:b3:1e:bf:dd:7c:0f:cd:23:a9:
36:25:20:7e:76:a0:68:a7:94:85:e0:3c:94:95:6f:f4:be:62:
5c:80:3d:92:f2:0f:c9:2b:c8:6c:dd:29:ed:20:d1:50:50:59:
59:05:ed:57:4d:ee:3d:e7:05:b7:6e:26:d7:73:68:a5:8d:92:
e4:85:1c:3f
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZmV9gt4WMfzUos9IUt34TPaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NmIwNWM2NjFjNzZhNWJjYzQ4ZGE4MzhlZWRiNjk3M2Yx
NTNiODYwHhcNMjUwOTI5MTQ1MjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDZmMjc2Y2ZkMjY0Y2Y0ODY1NzQ5ZjhlODNlMTZhZTUzYzk5NjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMOt2DN+L5ogGJap4kRTCxe52ZRl
rkG7qsUQqwRTXevlNszJoQQVD8RdozVXFD+zuUc899MIt3ZHO11JtMKLWbi/e2fP
z8cJ78N6QxUWeiHPrytm0mMpe4C/0B9rBH4/jMMQNay4GWLscOx7ul7YqeHzYB5k
ZlFL9wPeBf9B+CFCNTQP/b/LsxFEtdge1wnKlZ1ETwkaPXZCvzCnfbvGbiTqPwz5
i0+RUn1z0vuK/GpJabFGKbrAOqFcvMisfDlFvq4TLgfwJB2p/2Iz7gdwNmeQkOWT
o+7vTVqXc0ltYU86GV7ABtrmsdjhPHGZoNwGIDHCK/O3erQXnixv5vc0HwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFL1vJ2z9Jkz0hldJ+Og+Fq5TyZZAMB8GA1UdIwQY
MBaAFJZrBcZhx2pbzEjag47ttpc/FTuGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG1zRnhtSEhhbHZNU05xRGp1MjJsejhWTzRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ODkxZGYtOTcxZS00ZTYwLThjYmMt
ZTNjMmYzMmNmM2I3LzEvdlc4bmJQMG1UUFNHVjBuNDZENFdybFBKbGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ODkxZGYtOTcxZS00ZTYwLThjYmMtZTNjMmYzMmNmM2I3
LzEvbG1zRnhtSEhhbHZNU05xRGp1MjJsejhWTzRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCuduAMBQE
AgACMA4DBQMqC+ZAAwUDKg68ADANBgkqhkiG9w0BAQsFAAOCAQEABRqzqLyB1pSp
rUiRdr6Hv/ZVP+0RqLhmrAEPO/4YTR1IF8bqhw5QPUsF29tZiQtjG7eR4k2CKa6Q
29uP7RrwTtymY3rO8m6eoFKDsOs8ZXj4enevteTo6W6Er85k1d7H6AqbpFdtPKhY
C9pftfPP0tcMehvmQaNaznqZwBLLOoDKrsnanUyiFGFIG8352mO4BjXZJ73slfFB
Q5RxZpAXPPBhM63N/1PrXOw7vq3PV6r41CPEjAjEz4xfmp/6sx6/3XwPzSOpNiUg
fnagaKeUheA8lJVv9L5iXIA9kvIPySvIbN0p7SDRUFBZWQXtV03uPecFt24m13No
pY2S5IUcPw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:03 2025 by rpki-client