Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/zxDNDP2egOEw0V5sLdAu4oMRnWM.roa
File: zxDNDP2egOEw0V5sLdAu4oMRnWM.roa (raw, json)
Hash identifier: Z7I636aPHGk4v1Bv5Do5INwvmeV4wKlVVV6TGQXF1pE=
Subject key identifier: CF:10:CD:0C:FD:9E:80:E1:30:D1:5E:6C:2D:D0:2E:E2:83:11:9D:63
Certificate issuer: /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial: 0199E8E0034A9E0D17BC0BF497F2D29CEB8B
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/zxDNDP2egOEw0V5sLdAu4oMRnWM.roa
Signing time: Wed 15 Oct 2025 17:16:58 +0000
ROA not before: Wed 15 Oct 2025 17:16:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 85.115.208.0/23 maxlen: 24
85.115.210.0/23 maxlen: 24
213.145.68.0/23 maxlen: 23
213.145.70.0/23 maxlen: 24
213.145.72.0/21 maxlen: 24
213.145.74.0/24 maxlen: 24
213.145.82.0/24 maxlen: 24
213.145.84.0/23 maxlen: 23
213.145.86.0/23 maxlen: 23
213.145.88.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e8:e0:03:4a:9e:0d:17:bc:0b:f4:97:f2:d2:9c:eb:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Validity
Not Before: Oct 15 17:16:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cf10cd0cfd9e80e130d15e6c2dd02ee283119d63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:b2:ed:e1:ac:c8:84:b4:3f:58:ff:ee:e4:29:
77:2e:2b:f0:82:5e:29:8c:df:17:32:37:42:cc:38:
bb:05:a1:9a:1b:6d:ff:d0:5d:53:13:0b:d2:25:21:
8f:5a:9c:69:65:4a:94:27:dc:f2:7d:05:5f:87:93:
88:06:ed:e2:28:44:58:9f:77:63:99:3f:49:98:95:
de:1e:7f:79:e1:07:fa:f6:a2:08:e6:89:63:32:e3:
cc:be:dd:16:0f:17:ec:3b:c0:6f:bb:1a:f0:79:e2:
ac:0c:b7:6d:3b:f5:af:00:33:97:69:e1:99:f4:98:
bb:94:83:c7:34:25:0c:fb:d9:ac:6c:fb:ee:50:6e:
da:e1:e0:34:fa:bb:f0:a1:3b:d4:45:8c:3e:e4:92:
5f:7c:78:2a:99:3c:18:ab:1b:8e:76:e9:40:a6:de:
16:5c:da:6f:6f:9b:b4:21:e1:45:8a:e3:7f:52:40:
f0:7f:09:27:61:3e:b8:2c:f2:9b:19:cb:13:1b:aa:
c0:60:e2:ec:e1:aa:df:fd:6f:3b:23:40:38:98:9f:
83:4b:0c:5b:7f:3f:91:e6:a7:6a:97:36:58:ed:ab:
17:0c:da:66:dc:d3:4b:3c:7a:9a:fd:b9:4e:b1:19:
5d:6c:3b:98:02:9c:d8:f8:e5:f3:29:56:3e:fa:ee:
af:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:10:CD:0C:FD:9E:80:E1:30:D1:5E:6C:2D:D0:2E:E2:83:11:9D:63
X509v3 Authority Key Identifier:
keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/zxDNDP2egOEw0V5sLdAu4oMRnWM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.115.208.0/22
213.145.68.0-213.145.79.255
213.145.82.0/24
213.145.84.0-213.145.89.255
Signature Algorithm: sha256WithRSAEncryption
a7:d2:3e:b7:d7:60:c6:67:04:3d:83:b0:9d:47:26:77:1a:ae:
41:c5:29:c7:89:bb:ee:c0:5a:53:b3:f4:8d:77:b0:45:98:7f:
61:5a:6a:ea:fe:af:6e:f7:35:61:64:01:11:cd:b9:69:6d:40:
b9:31:79:13:b5:6b:da:5f:52:93:e7:73:26:45:c7:68:8d:6e:
6a:86:e0:ba:c7:bb:4c:9c:14:4a:fd:78:18:1b:f5:6c:85:44:
c3:75:19:75:31:12:97:0c:16:6f:70:df:a4:02:5e:3f:4e:f7:
af:58:31:58:84:da:c8:c6:0f:cb:d3:ec:49:c0:ba:b0:20:7a:
8d:59:02:99:18:c7:a5:ae:ac:5e:8c:6f:8f:c5:74:9e:86:7f:
6d:f5:32:7a:41:99:a9:4f:14:bb:5c:82:92:82:85:7d:5d:98:
b7:42:63:18:21:0f:a8:57:44:b2:7e:3c:04:03:a7:92:f9:fe:
51:8d:04:7a:09:0e:4f:33:dc:66:8e:a2:cb:09:9e:fe:a9:bc:
8b:82:53:c0:42:7d:cc:d9:48:fc:aa:f6:35:7f:d5:f1:60:1c:
a7:2f:d2:d8:e9:76:d7:e6:97:72:63:54:54:85:53:71:5e:1f:
fa:20:95:86:39:f2:35:d8:22:33:4b:b8:8d:2f:26:a7:6e:33:
60:7b:e3:ec
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZno4ANKng0XvAv0l/LSnOuLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUxMDE1MTcxNjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjEwY2QwY2ZkOWU4MGUxMzBkMTVlNmMyZGQwMmVlMjgzMTE5ZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7Lt4azIhLQ/WP/u5Cl3Livwgl4p
jN8XMjdCzDi7BaGaG23/0F1TEwvSJSGPWpxpZUqUJ9zyfQVfh5OIBu3iKERYn3dj
mT9JmJXeHn954Qf69qII5oljMuPMvt0WDxfsO8BvuxrweeKsDLdtO/WvADOXaeGZ
9Ji7lIPHNCUM+9msbPvuUG7a4eA0+rvwoTvURYw+5JJffHgqmTwYqxuOdulApt4W
XNpvb5u0IeFFiuN/UkDwfwknYT64LPKbGcsTG6rAYOLs4arf/W87I0A4mJ+DSwxb
fz+R5qdqlzZY7asXDNpm3NNLPHqa/blOsRldbDuYApzY+OXzKVY++u6vIQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFM8QzQz9noDhMNFebC3QLuKDEZ1jMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvenhETkRQMmVnT0V3MFY1c0xkQXU0b01SbldNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCVXPQMAwD
BALVkUQDBATVkUADBADVkVIwDAMEAtWRVAMEAdWRWDANBgkqhkiG9w0BAQsFAAOC
AQEAp9I+t9dgxmcEPYOwnUcmdxquQcUpx4m77sBaU7P0jXewRZh/YVpq6v6vbvc1
YWQBEc25aW1AuTF5E7Vr2l9Sk+dzJkXHaI1uaobguse7TJwUSv14GBv1bIVEw3UZ
dTESlwwWb3DfpAJeP073r1gxWITayMYPy9PsScC6sCB6jVkCmRjHpa6sXoxvj8V0
noZ/bfUyekGZqU8Uu1yCkoKFfV2Yt0JjGCEPqFdEsn48BAOnkvn+UY0EegkOTzPc
Zo6iywme/qm8i4JTwEJ9zNlI/Kr2NX/V8WAcpy/S2Ol21+aXcmNUVIVTcV4f+iCV
hjnyNdgiM0u4jS8mp24zYHvj7A==
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:23 2025 by rpki-client