Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/jV20P4i0v4psPgGy6zXjkv_uoCc.roa
File: jV20P4i0v4psPgGy6zXjkv_uoCc.roa (raw, json)
Hash identifier: LRoq6PhnzYAWBMT+zoK5/SNdijqn8yZf6GzBfp4aJ0o=
Subject key identifier: 8D:5D:B4:3F:88:B4:BF:8A:6C:3E:01:B2:EB:35:E3:92:FF:EE:A0:27
Certificate issuer: /CN=f10d39eddb008d1b89df9741960dbf2044f657fb
Certificate serial: 019980C07D7A055EAD7D860A5452828B48D1
Authority key identifier: F1:0D:39:ED:DB:00:8D:1B:89:DF:97:41:96:0D:BF:20:44:F6:57:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Q057dsAjRuJ35dBlg2_IET2V_s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/jV20P4i0v4psPgGy6zXjkv_uoCc.roa
Signing time: Thu 25 Sep 2025 12:02:02 +0000
ROA not before: Thu 25 Sep 2025 12:02:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39923
IP address blocks: 91.238.219.0/24 maxlen: 24
109.68.0.0/21 maxlen: 21
109.68.160.0/21 maxlen: 21
109.68.160.0/24 maxlen: 24
109.68.161.0/24 maxlen: 24
109.68.162.0/24 maxlen: 24
109.68.163.0/24 maxlen: 24
109.68.164.0/24 maxlen: 24
109.68.165.0/24 maxlen: 24
109.68.166.0/24 maxlen: 24
109.68.167.0/24 maxlen: 24
109.68.240.0/21 maxlen: 21
185.35.164.0/22 maxlen: 22
185.35.164.0/24 maxlen: 24
185.35.165.0/24 maxlen: 24
185.35.166.0/24 maxlen: 24
185.35.167.0/24 maxlen: 24
185.58.96.0/22 maxlen: 22
185.58.96.0/24 maxlen: 24
185.58.97.0/24 maxlen: 24
185.58.98.0/24 maxlen: 24
185.58.99.0/24 maxlen: 24
185.111.204.0/22 maxlen: 22
185.111.204.0/24 maxlen: 24
185.111.205.0/24 maxlen: 24
185.111.206.0/24 maxlen: 24
185.111.207.0/24 maxlen: 24
194.145.127.0/24 maxlen: 24
194.145.152.0/24 maxlen: 24
194.145.155.0/24 maxlen: 24
194.146.23.0/24 maxlen: 24
195.189.202.0/23 maxlen: 23
195.189.202.0/24 maxlen: 24
195.189.203.0/24 maxlen: 24
2a02:2a08::/32 maxlen: 32
2a04:6480::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/8Q057dsAjRuJ35dBlg2_IET2V_s.crl
rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/8Q057dsAjRuJ35dBlg2_IET2V_s.mft
rsync://rpki.ripe.net/repository/DEFAULT/8Q057dsAjRuJ35dBlg2_IET2V_s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:80:c0:7d:7a:05:5e:ad:7d:86:0a:54:52:82:8b:48:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f10d39eddb008d1b89df9741960dbf2044f657fb
Validity
Not Before: Sep 25 12:02:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8d5db43f88b4bf8a6c3e01b2eb35e392ffeea027
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:4f:23:3b:c5:e1:cf:7d:3e:69:ff:d2:ba:c7:
6c:a0:c7:0a:4a:b9:c7:7d:1b:0c:24:ce:8b:76:6f:
b7:a0:31:6f:ff:51:2d:cb:23:25:7b:28:65:c7:21:
ef:f5:0b:8a:78:61:61:2b:00:d5:27:e9:6f:80:c1:
65:41:db:bb:19:22:ee:21:b9:dd:85:32:44:02:d8:
c0:42:7a:ac:dd:05:c7:e1:f5:3d:10:fa:42:eb:b8:
08:2e:e7:6a:5b:f0:2d:0d:40:13:26:53:ff:55:cd:
21:6b:6c:5c:fd:e5:89:a5:20:9e:36:ed:83:14:33:
af:7c:f8:40:9b:5e:8e:e4:b1:31:13:d4:99:bf:6d:
55:ee:ea:3e:3c:cf:30:13:8b:2a:a2:95:33:53:24:
e0:f9:bb:e4:3b:6b:c8:80:41:1a:10:63:e5:80:f9:
1a:12:e7:bc:83:5e:29:81:2e:f8:ca:e1:fd:ef:62:
53:5a:54:48:fd:ef:84:b6:61:8f:8b:d2:e6:03:7c:
5b:f8:10:ff:94:55:73:a7:c7:cf:36:26:a5:2a:a8:
82:2c:51:4d:49:b5:b0:ba:e0:19:23:2f:cc:28:32:
71:0c:ff:f9:bb:8e:f2:ac:5b:d9:06:dc:6e:a7:25:
5c:63:f8:1c:71:ea:76:8d:5e:b7:8b:85:94:20:41:
73:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:5D:B4:3F:88:B4:BF:8A:6C:3E:01:B2:EB:35:E3:92:FF:EE:A0:27
X509v3 Authority Key Identifier:
keyid:F1:0D:39:ED:DB:00:8D:1B:89:DF:97:41:96:0D:BF:20:44:F6:57:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Q057dsAjRuJ35dBlg2_IET2V_s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/jV20P4i0v4psPgGy6zXjkv_uoCc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f70e1a-732e-4e6b-b3b5-f562b8974d8b/1/8Q057dsAjRuJ35dBlg2_IET2V_s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.238.219.0/24
109.68.0.0/21
109.68.160.0/21
109.68.240.0/21
185.35.164.0/22
185.58.96.0/22
185.111.204.0/22
194.145.127.0/24
194.145.152.0/24
194.145.155.0/24
194.146.23.0/24
195.189.202.0/23
IPv6:
2a02:2a08::/32
2a04:6480::/29
Signature Algorithm: sha256WithRSAEncryption
08:01:93:0a:46:c4:99:60:aa:3f:f8:d8:9f:2f:61:b0:92:09:
28:f0:54:52:97:76:f8:06:96:47:5c:24:7a:ae:34:18:e4:c5:
00:b8:83:0f:57:ca:ac:dc:66:68:8f:95:33:3d:b1:64:2b:d3:
5c:b4:86:0d:ab:e2:ef:2f:a3:15:54:73:02:69:72:6a:89:60:
02:ce:4c:18:34:cd:6a:90:ef:83:96:ae:c1:73:8f:a7:c9:38:
d3:f7:df:6a:0a:6e:08:41:03:0e:45:be:a8:d2:42:dd:5f:98:
35:f2:ac:b0:fc:7b:dc:f6:20:ed:ff:5d:ad:c3:b3:64:58:bf:
f2:6c:92:81:ae:31:61:68:69:85:6c:ed:d0:fb:e1:22:9d:d0:
87:4b:04:95:18:60:4a:03:2f:56:ac:2d:05:b2:b9:4c:e4:11:
63:90:99:4f:f6:bb:7b:b6:28:75:4f:63:7a:3a:e1:85:21:2f:
b5:00:d2:b4:c8:59:74:b3:9d:71:58:e0:11:30:03:37:15:3b:
c6:2f:59:c4:cc:f7:db:d7:c2:28:24:25:cc:a7:3d:4a:2f:ed:
43:45:42:eb:c7:71:4b:5a:00:10:85:b7:c5:62:7c:bf:e1:0a:
53:e4:4b:ff:a8:f3:87:cd:1c:de:29:38:fc:c4:14:a6:97:f2:
74:39:7d:70
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAZmAwH16BV6tfYYKVFKCi0jRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMGQzOWVkZGIwMDhkMWI4OWRmOTc0MTk2MGRiZjIwNDRm
NjU3ZmIwHhcNMjUwOTI1MTIwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDVkYjQzZjg4YjRiZjhhNmMzZTAxYjJlYjM1ZTM5MmZmZWVhMDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoU8jO8Xhz30+af/SusdsoMcKSrnH
fRsMJM6Ldm+3oDFv/1EtyyMleyhlxyHv9QuKeGFhKwDVJ+lvgMFlQdu7GSLuIbnd
hTJEAtjAQnqs3QXH4fU9EPpC67gILudqW/AtDUATJlP/Vc0ha2xc/eWJpSCeNu2D
FDOvfPhAm16O5LExE9SZv21V7uo+PM8wE4sqopUzUyTg+bvkO2vIgEEaEGPlgPka
Eue8g14pgS74yuH972JTWlRI/e+EtmGPi9LmA3xb+BD/lFVzp8fPNialKqiCLFFN
SbWwuuAZIy/MKDJxDP/5u47yrFvZBtxupyVcY/gccep2jV63i4WUIEFzMwIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFI1dtD+ItL+KbD4Bsus145L/7qAnMB8GA1UdIwQY
MBaAFPENOe3bAI0bid+XQZYNvyBE9lf7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFEwNTdkc0FqUnVKMzVkQmxnMl9JRVQyVl9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mNzBlMWEtNzMyZS00ZTZiLWIzYjUt
ZjU2MmI4OTc0ZDhiLzEvalYyMFA0aTB2NHBzUGdHeTZ6WGprdl91b0NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mNzBlMWEtNzMyZS00ZTZiLWIzYjUtZjU2MmI4OTc0ZDhi
LzEvOFEwNTdkc0FqUnVKMzVkQmxnMl9JRVQyVl9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBOBAIAATBIAwQAW+7bAwQD
bUQAAwQDbUSgAwQDbUTwAwQCuSOkAwQCuTpgAwQCuW/MAwQAwpF/AwQAwpGYAwQA
wpGbAwQAwpIXAwQBw73KMBQEAgACMA4DBQAqAioIAwUDKgRkgDANBgkqhkiG9w0B
AQsFAAOCAQEACAGTCkbEmWCqP/jYny9hsJIJKPBUUpd2+AaWR1wkeq40GOTFALiD
D1fKrNxmaI+VMz2xZCvTXLSGDavi7y+jFVRzAmlyaolgAs5MGDTNapDvg5auwXOP
p8k40/ffagpuCEEDDkW+qNJC3V+YNfKssPx73PYg7f9drcOzZFi/8mySga4xYWhp
hWzt0PvhIp3Qh0sElRhgSgMvVqwtBbK5TOQRY5CZT/a7e7YodU9jejrhhSEvtQDS
tMhZdLOdcVjgETADNxU7xi9ZxMz329fCKCQlzKc9Si/tQ0VC68dxS1oAEIW3xWJ8
v+EKU+RL/6jzh80c3ik4/MQUppfydDl9cA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:04:55 2025 by rpki-client