Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/0YnoXFsLC3L8LFSSyo3TEM6ihxM.roa
File: 0YnoXFsLC3L8LFSSyo3TEM6ihxM.roa (raw, json)
Hash identifier: 1mt7G/fO9VBU7/suzQGIUYMupKdv6yImTUBwyXrv1sk=
Subject key identifier: D1:89:E8:5C:5B:0B:0B:72:FC:2C:54:92:CA:8D:D3:10:CE:A2:87:13
Certificate issuer: /CN=ecfb00381e733dc6e41d06db9ec8ddd311281bdd
Certificate serial: 01999EF508CE300C81839FF4F8FF4D41E492
Authority key identifier: EC:FB:00:38:1E:73:3D:C6:E4:1D:06:DB:9E:C8:DD:D3:11:28:1B:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7PsAOB5zPcbkHQbbnsjd0xEoG90.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/0YnoXFsLC3L8LFSSyo3TEM6ihxM.roa
Signing time: Wed 01 Oct 2025 08:48:02 +0000
ROA not before: Wed 01 Oct 2025 08:48:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205681
IP address blocks: 85.158.120.0/21 maxlen: 21
85.158.120.0/24 maxlen: 24
85.158.123.0/24 maxlen: 24
85.158.124.0/24 maxlen: 24
85.158.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/7PsAOB5zPcbkHQbbnsjd0xEoG90.crl
rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/7PsAOB5zPcbkHQbbnsjd0xEoG90.mft
rsync://rpki.ripe.net/repository/DEFAULT/7PsAOB5zPcbkHQbbnsjd0xEoG90.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9e:f5:08:ce:30:0c:81:83:9f:f4:f8:ff:4d:41:e4:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ecfb00381e733dc6e41d06db9ec8ddd311281bdd
Validity
Not Before: Oct 1 08:48:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d189e85c5b0b0b72fc2c5492ca8dd310cea28713
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:4d:e0:60:d0:8e:18:2f:4f:75:ca:39:3a:7a:
b4:c2:0d:ed:dc:cf:d7:c3:b9:c4:fa:6d:da:df:6c:
d5:6c:05:c8:12:fc:dc:2e:94:39:c5:e7:49:23:e7:
67:fe:04:54:c4:d4:74:d7:8f:57:1b:83:ed:6a:d8:
5d:53:68:b4:cc:9c:c6:2b:a0:c1:72:22:19:37:ee:
df:3e:4b:46:10:40:dd:fe:1d:b0:a4:f6:4d:6c:11:
15:23:97:b6:ef:af:a1:da:e3:10:1e:fd:07:5d:69:
e4:70:a0:3d:ca:bd:79:a8:58:17:da:4c:c2:de:8f:
29:b8:44:a2:c6:4d:6f:18:29:7c:52:3d:c5:0b:26:
f4:d7:4a:cb:b0:80:08:9d:60:6d:f2:d6:32:a4:49:
86:aa:af:44:36:d7:27:8a:c2:ff:40:12:c4:b5:d2:
56:bf:07:11:f7:83:b0:a4:99:e2:18:5f:d2:a3:c3:
5c:88:13:ad:5c:26:ba:3c:48:c7:1d:c1:71:29:c0:
8b:d0:f3:17:65:be:48:41:5c:c9:63:2b:17:5a:af:
d1:21:36:cc:4d:c3:f7:21:bc:78:28:ee:a8:a6:79:
3a:18:cf:e7:5c:a2:e7:84:7e:a6:0e:2e:12:16:e5:
23:9b:3b:d1:1e:44:de:13:7f:33:e3:e9:13:39:5d:
bb:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:89:E8:5C:5B:0B:0B:72:FC:2C:54:92:CA:8D:D3:10:CE:A2:87:13
X509v3 Authority Key Identifier:
keyid:EC:FB:00:38:1E:73:3D:C6:E4:1D:06:DB:9E:C8:DD:D3:11:28:1B:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PsAOB5zPcbkHQbbnsjd0xEoG90.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/0YnoXFsLC3L8LFSSyo3TEM6ihxM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/7PsAOB5zPcbkHQbbnsjd0xEoG90.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.158.120.0/21
Signature Algorithm: sha256WithRSAEncryption
6e:79:5e:63:ea:a0:c7:18:2d:05:eb:d9:d2:9c:92:9e:d2:a7:
5b:e4:fa:f0:b4:14:0a:ad:20:c0:9e:a7:99:83:9a:db:01:5c:
93:c3:10:b3:7e:82:70:7d:13:61:46:ad:00:f6:48:84:b1:ab:
57:32:6c:ad:61:d2:59:bf:98:75:49:2b:e2:a5:fc:c1:d7:e3:
d9:f4:9f:47:88:3b:a9:75:f2:8d:9c:92:b0:8a:38:6f:c2:f0:
8f:39:5a:87:67:64:b2:e6:0d:b9:29:a5:71:b8:8a:72:b3:ed:
9f:8b:2e:22:f2:a4:7d:4c:bf:74:6b:b3:16:19:ca:c8:c2:b4:
8e:db:a3:97:1e:ea:6d:91:c8:a2:e8:6b:d7:76:b6:a8:85:a6:
59:19:fa:7a:52:9d:bc:52:36:c3:c8:4f:0c:23:07:dc:f3:90:
97:19:20:93:45:ee:f8:ab:5f:14:88:ca:ea:9d:60:b5:e7:e7:
04:05:e9:ed:dd:e2:de:96:8e:d1:27:08:3f:ba:a3:c6:a3:ac:
84:30:fe:2f:ac:0b:da:17:10:3f:60:9c:c9:57:c6:bc:2f:94:
8c:5e:8f:70:80:6d:f0:c7:4c:3d:9d:a3:79:20:38:d1:71:c3:
85:ae:46:dc:dd:3a:0a:93:e3:e1:8c:84:66:a7:fe:f1:c5:bf:
70:bf:1e:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZme9QjOMAyBg5/0+P9NQeSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZmIwMDM4MWU3MzNkYzZlNDFkMDZkYjllYzhkZGQzMTEy
ODFiZGQwHhcNMjUxMDAxMDg0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTg5ZTg1YzViMGIwYjcyZmMyYzU0OTJjYThkZDMxMGNlYTI4NzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy03gYNCOGC9Pdco5Onq0wg3t3M/X
w7nE+m3a32zVbAXIEvzcLpQ5xedJI+dn/gRUxNR0149XG4PtathdU2i0zJzGK6DB
ciIZN+7fPktGEEDd/h2wpPZNbBEVI5e276+h2uMQHv0HXWnkcKA9yr15qFgX2kzC
3o8puESixk1vGCl8Uj3FCyb010rLsIAInWBt8tYypEmGqq9ENtcnisL/QBLEtdJW
vwcR94OwpJniGF/So8NciBOtXCa6PEjHHcFxKcCL0PMXZb5IQVzJYysXWq/RITbM
TcP3Ibx4KO6opnk6GM/nXKLnhH6mDi4SFuUjmzvRHkTeE38z4+kTOV27EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGJ6FxbCwty/CxUksqN0xDOoocTMB8GA1UdIwQY
MBaAFOz7ADgecz3G5B0G257I3dMRKBvdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BzQU9CNXpQY2JrSFFiYm5zamQweEVvRzkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8wYTdlYWUtNzM5Yy00MmVhLTk0MGEt
NTgzNjZlOThhOWU2LzEvMFlub1hGc0xDM0w4TEZTU3lvM1RFTTZpaHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8wYTdlYWUtNzM5Yy00MmVhLTk0MGEtNTgzNjZlOThhOWU2
LzEvN1BzQU9CNXpQY2JrSFFiYm5zamQweEVvRzkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVZ54MA0G
CSqGSIb3DQEBCwUAA4IBAQBueV5j6qDHGC0F69nSnJKe0qdb5PrwtBQKrSDAnqeZ
g5rbAVyTwxCzfoJwfRNhRq0A9kiEsatXMmytYdJZv5h1SSvipfzB1+PZ9J9HiDup
dfKNnJKwijhvwvCPOVqHZ2Sy5g25KaVxuIpys+2fiy4i8qR9TL90a7MWGcrIwrSO
26OXHuptkcii6GvXdraohaZZGfp6Up28UjbDyE8MIwfc85CXGSCTRe74q18UiMrq
nWC15+cEBent3eLelo7RJwg/uqPGo6yEMP4vrAvaFxA/YJzJV8a8L5SMXo9wgG3w
x0w9naN5IDjRccOFrkbc3ToKk+PhjIRmp/7xxb9wvx6S
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:31:06 2025 by rpki-client