
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/KgwBKHljj7pwEemei4izTFatz2I.roa
File: KgwBKHljj7pwEemei4izTFatz2I.roa (raw, json)
Hash identifier: eVDUYtbHqOXwc5M3emIOpC/IOXEvGmty2120RNJjtQI=
Subject key identifier: 2A:0C:01:28:79:63:8F:BA:70:11:E9:9E:8B:88:B3:4C:56:AD:CF:62
Certificate issuer: /CN=dd29c370460bec753010fc7e68365c5770bf45e4
Certificate serial: 0199190073F3CD169355BBBF213E5700F197
Authority key identifier: DD:29:C3:70:46:0B:EC:75:30:10:FC:7E:68:36:5C:57:70:BF:45:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/KgwBKHljj7pwEemei4izTFatz2I.roa
Signing time: Fri 05 Sep 2025 08:31:24 +0000
ROA not before: Fri 05 Sep 2025 08:31:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214274
IP address blocks: 185.243.160.0/24 maxlen: 24
185.243.161.0/24 maxlen: 24
185.243.162.0/24 maxlen: 24
185.243.163.0/24 maxlen: 24
2a09:900::/47 maxlen: 47
2a09:900:2::/47 maxlen: 47
2a09:900:100::/40 maxlen: 40
2a09:900:200::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:19:00:73:f3:cd:16:93:55:bb:bf:21:3e:57:00:f1:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd29c370460bec753010fc7e68365c5770bf45e4
Validity
Not Before: Sep 5 08:31:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a0c012879638fba7011e99e8b88b34c56adcf62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:bb:14:99:f6:a9:2e:13:9e:8b:bd:c4:99:38:
1e:61:c8:d7:d1:1f:42:e9:54:6c:ee:88:71:60:1b:
47:1a:82:2c:90:6b:2d:90:e5:84:b6:36:68:d8:9d:
eb:88:8c:5e:6d:9a:77:1c:ad:ce:72:f8:9d:aa:c1:
d5:99:6b:fc:9c:c0:df:88:5d:c2:bf:85:6c:91:fe:
9a:37:a5:1c:f0:82:b4:db:19:8f:d6:7d:ef:bf:07:
ec:92:a3:8c:bc:64:be:18:16:58:44:ec:47:e8:77:
35:73:3a:33:4a:bf:62:97:af:be:ba:fa:ad:21:fb:
eb:41:66:41:80:53:72:a8:4c:70:71:4c:99:08:8b:
c2:dd:4a:29:6e:2a:c0:89:91:a8:5e:30:14:40:7e:
69:7c:4c:7e:09:ea:e6:fa:6b:c7:0f:02:1a:66:68:
85:fe:ae:e4:66:c6:ef:5e:e3:dc:f9:e2:ab:49:df:
78:24:32:b2:35:28:71:6c:bf:e4:a7:96:18:ff:25:
e9:26:a7:21:02:b1:17:5e:07:86:12:f6:f7:11:2e:
e9:9e:78:eb:7a:a6:e0:60:10:ce:b0:18:e5:82:a8:
3f:e2:d4:f4:54:2f:74:bd:57:46:51:de:30:d0:1a:
9c:98:8f:c4:77:60:b3:e8:dd:67:7c:f4:ef:5b:05:
df:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:0C:01:28:79:63:8F:BA:70:11:E9:9E:8B:88:B3:4C:56:AD:CF:62
X509v3 Authority Key Identifier:
keyid:DD:29:C3:70:46:0B:EC:75:30:10:FC:7E:68:36:5C:57:70:BF:45:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/KgwBKHljj7pwEemei4izTFatz2I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b3019c-66cf-4f98-a856-134c47b94913/1/3SnDcEYL7HUwEPx-aDZcV3C_ReQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.243.160.0/22
IPv6:
2a09:900::/46
2a09:900:100::-2a09:900:2ff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
67:37:00:32:f6:a0:3d:ee:78:b1:27:c6:7a:73:b3:bd:5e:25:
3f:8a:8c:52:f8:03:ec:e4:eb:78:6f:c6:ec:9e:3c:84:25:51:
bf:aa:7f:cb:52:31:22:4b:11:f1:78:95:f7:c9:72:82:07:5a:
26:c1:c1:e6:e8:3c:68:16:0c:a5:64:76:55:c3:a9:d5:4e:00:
c7:5b:b5:05:b6:19:c4:55:c9:76:28:4d:f4:ed:b7:30:8d:cf:
a4:6e:b2:ca:47:9d:22:53:23:ce:5b:12:e0:e9:f3:bb:96:79:
e2:97:00:17:cf:6d:68:cc:cf:da:74:43:79:19:1e:6f:3c:de:
a0:a0:b4:78:e8:f7:98:d7:02:60:e5:57:26:f2:f9:83:76:27:
c0:b2:bf:c1:33:5d:9d:9b:a2:53:59:ef:73:48:59:d0:c1:0a:
5b:23:e9:78:ec:ac:4b:c3:2b:51:e0:05:fc:b8:dc:43:9f:d0:
f1:41:39:a1:aa:d6:59:55:e5:3c:eb:ec:9f:18:e5:be:14:00:
91:1f:07:fe:56:4c:db:fb:82:58:e7:5d:1b:09:43:ad:7c:01:
7d:61:58:11:15:58:59:2a:f8:d5:33:3c:88:d7:83:73:a2:c6:
da:54:3d:e9:a0:08:cd:a7:77:ac:d8:17:db:b5:5f:65:2b:16:
cc:77:68:36
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZkZAHPzzRaTVbu/IT5XAPGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMjljMzcwNDYwYmVjNzUzMDEwZmM3ZTY4MzY1YzU3NzBi
ZjQ1ZTQwHhcNMjUwOTA1MDgzMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTBjMDEyODc5NjM4ZmJhNzAxMWU5OWU4Yjg4YjM0YzU2YWRjZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrsUmfapLhOei73EmTgeYcjX0R9C
6VRs7ohxYBtHGoIskGstkOWEtjZo2J3riIxebZp3HK3OcvidqsHVmWv8nMDfiF3C
v4Vskf6aN6Uc8IK02xmP1n3vvwfskqOMvGS+GBZYROxH6Hc1czozSr9il6++uvqt
IfvrQWZBgFNyqExwcUyZCIvC3UopbirAiZGoXjAUQH5pfEx+Cerm+mvHDwIaZmiF
/q7kZsbvXuPc+eKrSd94JDKyNShxbL/kp5YY/yXpJqchArEXXgeGEvb3ES7pnnjr
eqbgYBDOsBjlgqg/4tT0VC90vVdGUd4w0BqcmI/Ed2Cz6N1nfPTvWwXfcQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFCoMASh5Y4+6cBHpnouIs0xWrc9iMB8GA1UdIwQY
MBaAFN0pw3BGC+x1MBD8fmg2XFdwv0XkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1NuRGNFWUw3SFV3RVB4LWFEWmNWM0NfUmVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9iMzAxOWMtNjZjZi00Zjk4LWE4NTYt
MTM0YzQ3Yjk0OTEzLzEvS2d3QktIbGpqN3B3RWVtZWk0aXpURmF0ejJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9iMzAxOWMtNjZjZi00Zjk4LWE4NTYtMTM0YzQ3Yjk0OTEz
LzEvM1NuRGNFWUw3SFV3RVB4LWFEWmNWM0NfUmVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAMBAIAATAGAwQCufOgMCEE
AgACMBsDBwIqCQkAAAAwEAMGACoJCQABAwYAKgkJAAIwDQYJKoZIhvcNAQELBQAD
ggEBAGc3ADL2oD3ueLEnxnpzs71eJT+KjFL4A+zk63hvxuyePIQlUb+qf8tSMSJL
EfF4lffJcoIHWibBweboPGgWDKVkdlXDqdVOAMdbtQW2GcRVyXYoTfTttzCNz6Ru
sspHnSJTI85bEuDp87uWeeKXABfPbWjMz9p0Q3kZHm883qCgtHjo95jXAmDlVyby
+YN2J8Cyv8EzXZ2bolNZ73NIWdDBClsj6XjsrEvDK1HgBfy43EOf0PFBOaGq1llV
5Tzr7J8Y5b4UAJEfB/5WTNv7gljnXRsJQ618AX1hWBEVWFkq+NUzPIjXg3OixtpU
PemgCM2nd6zYF9u1X2UrFsx3aDY=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:05 2025 by rpki-client