Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0JYQZfHeGzFsUpKAkYdWQvPGPkU.roa
File: 0JYQZfHeGzFsUpKAkYdWQvPGPkU.roa (raw, json)
Hash identifier: ZWy0XtLoMWjeKfDbaBLNqvWjkNRQs/ZLbhOnQPZWHRQ=
Subject key identifier: D0:96:10:65:F1:DE:1B:31:6C:52:92:80:91:87:56:42:F3:C6:3E:45
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 0198C2CFF385494CC86841BD5F4686FBF136
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0JYQZfHeGzFsUpKAkYdWQvPGPkU.roa
Signing time: Tue 19 Aug 2025 14:51:04 +0000
ROA not before: Tue 19 Aug 2025 14:51:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 185.209.74.0/24 maxlen: 24
185.214.108.0/24 maxlen: 24
185.223.155.0/24 maxlen: 24
185.225.1.0/24 maxlen: 24
185.225.3.0/24 maxlen: 24
185.234.22.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c2:cf:f3:85:49:4c:c8:68:41:bd:5f:46:86:fb:f1:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Aug 19 14:51:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d0961065f1de1b316c52928091875642f3c63e45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:df:4e:be:cd:07:e2:55:86:11:4c:ab:5e:f5:
44:e0:c5:39:01:40:a3:e1:6a:0a:e2:aa:6b:ef:f2:
a2:87:a2:13:6d:c6:05:4e:5c:39:96:16:1d:ea:32:
db:c1:10:24:3c:f7:46:6a:30:23:55:62:83:f4:79:
ff:9a:0f:bc:ef:81:d1:bc:dd:bb:42:b5:06:eb:c8:
7e:28:16:f7:4e:94:e7:a0:9e:fb:f8:3d:6b:4e:d6:
a2:29:21:83:0e:13:9b:89:3b:57:7a:40:ed:49:48:
3b:05:75:e9:87:72:f6:07:76:8a:c8:60:b4:68:13:
c7:ab:f7:0b:64:ec:31:22:11:52:9d:a0:52:6d:e7:
af:80:ec:d4:37:57:5a:74:da:c0:f8:6c:80:0b:47:
e3:5a:18:47:8d:4c:dd:79:12:a7:2d:9b:10:d9:3f:
71:0d:a5:e5:f2:d2:6c:80:c9:9d:8d:cd:2f:c2:24:
a0:3b:73:9e:7b:dd:50:85:a8:e2:e2:39:79:39:e4:
7d:bc:92:6f:8d:b3:f1:c9:7d:72:2f:d9:a4:25:7f:
2e:ea:68:47:ff:bf:c0:a9:35:65:3c:69:c0:fe:66:
9f:16:d8:d1:ed:da:83:1c:0a:83:2a:fa:b2:9c:49:
6b:f9:20:c0:fe:d3:04:9b:70:ea:07:bb:74:af:7d:
25:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:96:10:65:F1:DE:1B:31:6C:52:92:80:91:87:56:42:F3:C6:3E:45
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0JYQZfHeGzFsUpKAkYdWQvPGPkU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.209.74.0/24
185.214.108.0/24
185.223.155.0/24
185.225.1.0/24
185.225.3.0/24
185.234.22.0/24
Signature Algorithm: sha256WithRSAEncryption
a3:cf:80:e6:97:b5:1f:92:ee:5d:2f:ee:9f:8b:88:bf:79:81:
3f:8f:da:bd:df:e9:30:ce:c6:69:04:4d:5a:ab:c2:a1:5a:08:
a9:57:3a:3b:ff:cc:71:21:9e:b4:19:1f:49:ce:43:a4:11:24:
5a:86:b5:4e:2a:21:ef:3c:40:b7:fb:8b:ac:77:4c:e2:77:78:
4c:9b:57:a6:7c:33:63:c1:da:c6:ae:47:e3:0e:e4:ac:62:4d:
10:99:a9:f3:c8:3b:75:1e:7a:29:af:19:2d:8a:c3:0a:2a:5a:
16:f3:4a:df:66:0b:01:cc:94:49:c1:a4:7c:c1:fc:ad:24:cc:
98:a4:8f:7b:f2:5d:d5:16:08:99:88:07:3e:16:0e:87:3e:d4:
3d:69:0b:93:55:a4:d2:5a:70:21:c8:df:f3:0d:84:d0:2c:d1:
03:5e:e4:f2:2a:a4:fb:e9:9b:d8:fd:e6:84:3f:d3:88:5b:c9:
2d:99:27:cf:54:46:8c:a3:d1:af:50:8d:ca:62:60:73:72:84:
ed:a7:cf:6d:b3:7b:2d:e3:ae:8b:d0:26:18:ff:48:b9:c7:b4:
5d:a6:d4:f3:1a:ad:0f:b9:bc:a9:24:05:2b:ce:57:3b:a7:11:
21:69:11:f3:9b:ee:38:62:fe:71:ce:eb:23:7d:09:77:8e:00:
3f:48:6b:b7
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZjCz/OFSUzIaEG9X0aG+/E2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwODE5MTQ1MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDk2MTA2NWYxZGUxYjMxNmM1MjkyODA5MTg3NTY0MmYzYzYzZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2d9Ovs0H4lWGEUyrXvVE4MU5AUCj
4WoK4qpr7/Kih6ITbcYFTlw5lhYd6jLbwRAkPPdGajAjVWKD9Hn/mg+874HRvN27
QrUG68h+KBb3TpTnoJ77+D1rTtaiKSGDDhObiTtXekDtSUg7BXXph3L2B3aKyGC0
aBPHq/cLZOwxIhFSnaBSbeevgOzUN1dadNrA+GyAC0fjWhhHjUzdeRKnLZsQ2T9x
DaXl8tJsgMmdjc0vwiSgO3Oee91Qhaji4jl5OeR9vJJvjbPxyX1yL9mkJX8u6mhH
/7/AqTVlPGnA/mafFtjR7dqDHAqDKvqynElr+SDA/tMEm3DqB7t0r30ljwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNCWEGXx3hsxbFKSgJGHVkLzxj5FMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMEpZUVpmSGVHekZzVXBLQWtZZFdRdlBHUGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAudFKAwQA
udZsAwQAud+bAwQAueEBAwQAueEDAwQAueoWMA0GCSqGSIb3DQEBCwUAA4IBAQCj
z4Dml7Ufku5dL+6fi4i/eYE/j9q93+kwzsZpBE1aq8KhWgipVzo7/8xxIZ60GR9J
zkOkESRahrVOKiHvPEC3+4usd0zid3hMm1emfDNjwdrGrkfjDuSsYk0QmanzyDt1
HnoprxktisMKKloW80rfZgsBzJRJwaR8wfytJMyYpI978l3VFgiZiAc+Fg6HPtQ9
aQuTVaTSWnAhyN/zDYTQLNEDXuTyKqT76ZvY/eaEP9OIW8ktmSfPVEaMo9GvUI3K
YmBzcoTtp89ts3st466L0CYY/0i5x7RdptTzGq0PubypJAUrzlc7pxEhaRHzm+44
Yv5xzusjfQl3jgA/SGu3
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:31:28 2025 by rpki-client