Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/haMdABaXVysRqHMnxwzwnxPmy3c.roa
File: haMdABaXVysRqHMnxwzwnxPmy3c.roa (raw, json)
Hash identifier: qOyf4cvYsbSBRT8OdzzVWfnIBaN7hD9KoD7F7avNbKY=
Subject key identifier: 85:A3:1D:00:16:97:57:2B:11:A8:73:27:C7:0C:F0:9F:13:E6:CB:77
Certificate issuer: /CN=69226ceb40c671f30acf11fa36b8d7d1c6754704
Certificate serial: 019936C356D1C5D81AD4ED0652F7A6A5DDF7
Authority key identifier: 69:22:6C:EB:40:C6:71:F3:0A:CF:11:FA:36:B8:D7:D1:C6:75:47:04
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/haMdABaXVysRqHMnxwzwnxPmy3c.roa
Signing time: Thu 11 Sep 2025 03:13:15 +0000
ROA not before: Thu 11 Sep 2025 03:13:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 38968
IP address blocks: 89.28.216.0/21 maxlen: 21
89.28.216.0/24 maxlen: 24
89.28.217.0/24 maxlen: 24
89.28.218.0/24 maxlen: 24
89.28.219.0/24 maxlen: 24
89.28.220.0/24 maxlen: 24
89.28.221.0/24 maxlen: 24
89.28.222.0/24 maxlen: 24
89.28.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 20:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:36:c3:56:d1:c5:d8:1a:d4:ed:06:52:f7:a6:a5:dd:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=69226ceb40c671f30acf11fa36b8d7d1c6754704
Validity
Not Before: Sep 11 03:13:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85a31d001697572b11a87327c70cf09f13e6cb77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:ee:ea:f9:53:c9:ea:69:e1:c0:a9:3f:86:0e:
fc:5a:f2:61:e8:5f:73:38:04:ff:18:a1:f2:ea:8a:
8d:60:c6:1c:d9:3a:1d:43:d1:58:81:45:eb:37:a4:
22:42:a5:a7:49:b3:4d:87:ea:e9:c7:ca:77:dc:37:
42:03:f8:bb:c5:fe:8c:35:47:7e:45:7a:21:12:07:
75:a6:ca:a7:8c:33:35:c6:57:df:9f:3c:26:08:25:
f9:27:d8:93:d0:15:0a:01:8e:d2:91:43:16:7d:55:
4c:0b:ba:2f:84:fd:26:51:f3:f0:30:ed:7f:16:7c:
ae:37:d2:63:6f:4a:69:3e:ee:be:0c:f2:7e:b4:71:
af:53:61:ce:71:cf:13:22:e3:e3:ea:ee:e9:c2:c1:
4c:8d:56:2a:2f:35:37:75:53:33:a8:dd:44:af:94:
76:a7:e6:53:ba:17:13:e9:ab:19:7b:fb:16:34:4c:
c9:68:46:a3:9d:27:b6:79:7d:3d:33:e7:6a:1e:ff:
09:22:b2:c5:15:dc:06:fe:25:d6:a1:d5:aa:04:84:
c6:3b:d2:38:bf:b5:26:cd:dc:b6:4d:6a:70:a1:bf:
d8:eb:f5:d0:f0:6b:4f:43:f3:16:36:14:fb:03:08:
d4:4c:58:bb:e5:fd:c6:3d:72:b0:cb:bd:33:af:9a:
44:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:A3:1D:00:16:97:57:2B:11:A8:73:27:C7:0C:F0:9F:13:E6:CB:77
X509v3 Authority Key Identifier:
keyid:69:22:6C:EB:40:C6:71:F3:0A:CF:11:FA:36:B8:D7:D1:C6:75:47:04
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/haMdABaXVysRqHMnxwzwnxPmy3c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/fff1c7-cee1-4fa6-a99b-c9c8ab188853/1/aSJs60DGcfMKzxH6NrjX0cZ1RwQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.28.216.0/21
Signature Algorithm: sha256WithRSAEncryption
90:a7:1f:14:c1:2a:49:5a:04:98:5b:f9:4f:37:d6:26:ce:92:
49:14:0a:ca:47:43:46:2b:14:21:83:03:44:dc:12:e5:da:cc:
54:a1:7f:61:14:f8:aa:23:0f:ee:db:dd:0d:8b:92:7c:e0:53:
b3:d9:29:6c:f7:40:72:4a:92:13:48:26:f5:66:dc:cb:51:9b:
cd:69:43:8a:43:0d:a0:f6:d9:4a:28:f9:f5:92:f2:83:ad:25:
ae:24:40:db:5a:69:d2:d7:94:53:bd:c2:8c:a9:8d:3c:65:4f:
27:f2:60:de:68:8a:95:c8:7f:a4:7d:f6:4d:e1:13:55:b2:79:
31:0d:7c:be:72:fe:64:7a:e8:a0:91:f4:ad:bb:bb:ce:b3:80:
77:62:b6:b2:8d:4e:68:90:60:30:b4:0b:fe:11:12:17:2e:8d:
b2:fd:bc:a1:7e:18:77:f8:28:2e:2a:4a:d8:c7:98:2f:c8:24:
01:c5:2b:58:d0:ed:49:19:72:63:c9:07:67:0d:43:13:62:63:
b8:0d:31:c5:9c:e4:a7:f4:be:29:c4:f3:67:96:1a:2d:7c:2a:
88:39:8f:d9:94:15:14:09:8d:9f:48:d3:1a:4e:63:f3:0a:6b:
8c:e2:a3:47:81:ae:62:57:1a:c1:10:23:e9:30:77:0e:33:25:
b3:ba:be:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk2w1bRxdga1O0GUvempd33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MjI2Y2ViNDBjNjcxZjMwYWNmMTFmYTM2YjhkN2QxYzY3
NTQ3MDQwHhcNMjUwOTExMDMxMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWEzMWQwMDE2OTc1NzJiMTFhODczMjdjNzBjZjA5ZjEzZTZjYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu7q+VPJ6mnhwKk/hg78WvJh6F9z
OAT/GKHy6oqNYMYc2TodQ9FYgUXrN6QiQqWnSbNNh+rpx8p33DdCA/i7xf6MNUd+
RXohEgd1psqnjDM1xlffnzwmCCX5J9iT0BUKAY7SkUMWfVVMC7ovhP0mUfPwMO1/
FnyuN9Jjb0ppPu6+DPJ+tHGvU2HOcc8TIuPj6u7pwsFMjVYqLzU3dVMzqN1Er5R2
p+ZTuhcT6asZe/sWNEzJaEajnSe2eX09M+dqHv8JIrLFFdwG/iXWodWqBITGO9I4
v7Umzdy2TWpwob/Y6/XQ8GtPQ/MWNhT7AwjUTFi75f3GPXKwy70zr5pEGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWjHQAWl1crEahzJ8cM8J8T5st3MB8GA1UdIwQY
MBaAFGkibOtAxnHzCs8R+ja419HGdUcEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVNKczYwREdjZk1LenhINk5yalgwY1oxUndRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9mZmYxYzctY2VlMS00ZmE2LWE5OWIt
YzljOGFiMTg4ODUzLzEvaGFNZEFCYVhWeXNScUhNbnh3endueFBteTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9mZmYxYzctY2VlMS00ZmE2LWE5OWItYzljOGFiMTg4ODUz
LzEvYVNKczYwREdjZk1LenhINk5yalgwY1oxUndRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWRzYMA0G
CSqGSIb3DQEBCwUAA4IBAQCQpx8UwSpJWgSYW/lPN9YmzpJJFArKR0NGKxQhgwNE
3BLl2sxUoX9hFPiqIw/u290Ni5J84FOz2Sls90BySpITSCb1ZtzLUZvNaUOKQw2g
9tlKKPn1kvKDrSWuJEDbWmnS15RTvcKMqY08ZU8n8mDeaIqVyH+kffZN4RNVsnkx
DXy+cv5keuigkfStu7vOs4B3YrayjU5okGAwtAv+ERIXLo2y/byhfhh3+CguKkrY
x5gvyCQBxStY0O1JGXJjyQdnDUMTYmO4DTHFnOSn9L4pxPNnlhotfCqIOY/ZlBUU
CY2fSNMaTmPzCmuM4qNHga5iVxrBECPpMHcOMyWzur7N
-----END CERTIFICATE-----
Generated at Tue Oct 21 01:52:14 2025 by rpki-client