Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/bCHjuq-GwNDHZjsTd3pAyP2Si4w.roa
File: bCHjuq-GwNDHZjsTd3pAyP2Si4w.roa (raw, json)
Hash identifier: M+Njn6Jry+REmQlQYvUz0vQnUhP0EbBt8o0lYes6W+o=
Subject key identifier: 6C:21:E3:BA:AF:86:C0:D0:C7:66:3B:13:77:7A:40:C8:FD:92:8B:8C
Certificate issuer: /CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Certificate serial: 0199529365857E4DB710FCF518136AE68DAB
Authority key identifier: DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/bCHjuq-GwNDHZjsTd3pAyP2Si4w.roa
Signing time: Tue 16 Sep 2025 12:50:15 +0000
ROA not before: Tue 16 Sep 2025 12:50:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215013
IP address blocks: 89.223.9.0/24 maxlen: 24
188.72.103.0/24 maxlen: 24
188.72.104.0/24 maxlen: 24
188.72.105.0/24 maxlen: 24
188.72.110.0/24 maxlen: 24
188.72.111.0/24 maxlen: 24
188.72.112.0/24 maxlen: 24
188.72.113.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.mft
rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:52:93:65:85:7e:4d:b7:10:fc:f5:18:13:6a:e6:8d:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Validity
Not Before: Sep 16 12:50:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6c21e3baaf86c0d0c7663b13777a40c8fd928b8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:b4:39:14:17:5e:98:24:9e:97:67:2e:38:a8:
ba:b2:53:b0:3f:8a:91:c1:12:f7:16:29:3a:1e:7e:
97:1e:df:12:33:ac:fa:03:f1:c3:60:1f:a9:cc:75:
8a:d4:7b:7f:b7:b0:46:2e:b5:62:fc:b2:32:bd:82:
3d:da:f2:ec:93:1d:04:90:08:90:e2:d0:67:c3:25:
92:a3:9e:95:06:f1:b5:e0:cd:36:28:5f:b9:f2:5d:
c5:d1:6d:49:4b:3a:1c:a4:4a:8c:66:75:e4:dc:ab:
c9:67:14:51:e8:4c:49:30:8e:d5:09:4b:15:d8:8e:
30:23:be:88:7e:55:49:b2:dd:c5:85:47:9d:8e:f9:
3f:92:20:12:c2:f6:fb:d7:f4:e6:31:5a:b9:93:db:
fc:eb:07:7c:3c:94:e6:cd:67:21:fc:a1:86:3b:b7:
d8:83:80:d1:f3:c1:41:81:00:9b:e1:da:4a:56:c1:
55:63:f2:ae:f3:48:ae:ee:da:bc:ea:ed:56:46:1b:
5d:67:d8:5c:ad:de:25:cb:75:39:e5:c7:3e:a2:9e:
b1:90:13:6f:e4:f1:b7:a9:e6:19:be:8c:95:4d:38:
e2:f9:79:69:bb:47:6f:91:b7:04:17:18:92:1d:a1:
18:4e:62:9e:c7:32:4c:cd:46:93:de:3d:5d:79:6e:
e9:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:21:E3:BA:AF:86:C0:D0:C7:66:3B:13:77:7A:40:C8:FD:92:8B:8C
X509v3 Authority Key Identifier:
keyid:DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/bCHjuq-GwNDHZjsTd3pAyP2Si4w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.223.9.0/24
188.72.103.0-188.72.105.255
188.72.110.0-188.72.113.255
Signature Algorithm: sha256WithRSAEncryption
76:29:21:e6:13:26:ed:85:4b:93:67:a9:6c:59:c3:65:ab:cc:
55:16:5a:cc:a4:a2:34:34:7c:4b:e2:aa:a7:c3:37:ce:63:8f:
af:da:bf:00:91:56:f8:45:c8:ce:ff:26:32:de:bf:59:37:3a:
dc:ee:71:19:16:30:22:00:02:3f:b4:04:79:38:43:71:5a:68:
10:5e:32:d9:45:68:fb:31:e4:37:92:64:cd:93:2a:87:f8:8c:
06:2e:f8:49:6a:9b:ec:89:bd:e3:93:7c:1e:b8:c1:bb:9a:a5:
81:a5:fa:19:15:5b:d2:0c:8d:b2:9d:fb:64:b0:f6:e7:c1:7b:
80:f3:a4:2b:54:77:55:af:cb:df:6f:d8:72:3b:05:ee:01:77:
13:ec:c6:24:fe:68:eb:3b:c1:9f:b4:60:ef:71:75:c3:a4:97:
6c:bc:5f:86:f9:2d:9a:73:93:44:3d:1e:ab:b5:92:89:cf:6d:
fe:ae:54:e6:80:b2:59:52:e0:22:d2:1a:63:d8:60:1d:d1:94:
c2:79:08:97:bc:ff:26:8d:d6:c5:cf:e9:8a:46:ed:07:33:23:
61:dc:ad:35:0a:5f:73:35:d7:f2:8f:35:66:b2:16:e6:77:22:
92:1b:66:91:19:a3:4a:90:8c:d2:3c:b7:c7:b0:50:ef:e8:d0:
2f:3f:04:cb
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZlSk2WFfk23EPz1GBNq5o2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODZlM2U5MjhjN2YwYzlkYjY5NTE1ZmYzYWExZjY3OGNl
ZTQzYzAwHhcNMjUwOTE2MTI1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzIxZTNiYWFmODZjMGQwYzc2NjNiMTM3NzdhNDBjOGZkOTI4YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7bQ5FBdemCSel2cuOKi6slOwP4qR
wRL3Fik6Hn6XHt8SM6z6A/HDYB+pzHWK1Ht/t7BGLrVi/LIyvYI92vLskx0EkAiQ
4tBnwyWSo56VBvG14M02KF+58l3F0W1JSzocpEqMZnXk3KvJZxRR6ExJMI7VCUsV
2I4wI76IflVJst3FhUedjvk/kiASwvb71/TmMVq5k9v86wd8PJTmzWch/KGGO7fY
g4DR88FBgQCb4dpKVsFVY/Ku80iu7tq86u1WRhtdZ9hcrd4ly3U55cc+op6xkBNv
5PG3qeYZvoyVTTji+Xlpu0dvkbcEFxiSHaEYTmKexzJMzUaT3j1deW7pwQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFGwh47qvhsDQx2Y7E3d6QMj9kouMMB8GA1UdIwQY
MBaAFNyG4+kox/DJ22lRX/OqH2eM7kPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjIt
OWM4ZTU5YzI3NzFjLzEvYkNIanVxLUd3TkRIWmpzVGQzcEF5UDJTaTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjItOWM4ZTU5YzI3NzFj
LzEvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQAWd8JMAwD
BAC8SGcDBAG8SGgwDAMEAbxIbgMEAbxIcDANBgkqhkiG9w0BAQsFAAOCAQEAdikh
5hMm7YVLk2epbFnDZavMVRZazKSiNDR8S+Kqp8M3zmOPr9q/AJFW+EXIzv8mMt6/
WTc63O5xGRYwIgACP7QEeThDcVpoEF4y2UVo+zHkN5JkzZMqh/iMBi74SWqb7Im9
45N8HrjBu5qlgaX6GRVb0gyNsp37ZLD258F7gPOkK1R3Va/L32/YcjsF7gF3E+zG
JP5o6zvBn7Rg73F1w6SXbLxfhvktmnOTRD0eq7WSic9t/q5U5oCyWVLgItIaY9hg
HdGUwnkIl7z/Jo3Wxc/pikbtBzMjYdytNQpfczXX8o81ZrIW5ncikhtmkRmjSpCM
0jy3x7BQ7+jQLz8Eyw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:09:50 2025 by rpki-client