Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/d28fd4-c368-46b3-a17d-43187e29b0e3/1/IchVUh-bStMtsgJvy34zsTbwcBI.roa
File: IchVUh-bStMtsgJvy34zsTbwcBI.roa (raw, json)
Hash identifier: jyAhzg+4uTjXM/tPUldAepJ0O1YeEpK4SQDBYAmWHGg=
Subject key identifier: 21:C8:55:52:1F:9B:4A:D3:2D:B2:02:6F:CB:7E:33:B1:36:F0:70:12
Certificate issuer: /CN=8b0c8d35dd66657bffc90b6ac41600ffa623d5b8
Certificate serial: 019A48C7C57457A71C437C40E41044C63174
Authority key identifier: 8B:0C:8D:35:DD:66:65:7B:FF:C9:0B:6A:C4:16:00:FF:A6:23:D5:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iwyNNd1mZXv_yQtqxBYA_6Yj1bg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/d28fd4-c368-46b3-a17d-43187e29b0e3/1/IchVUh-bStMtsgJvy34zsTbwcBI.roa
Signing time: Mon 03 Nov 2025 08:14:03 +0000
ROA not before: Mon 03 Nov 2025 08:14:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31673
IP address blocks: 185.121.92.0/22 maxlen: 24
185.121.92.0/24 maxlen: 24
185.121.93.0/24 maxlen: 24
185.121.94.0/24 maxlen: 24
185.121.95.0/24 maxlen: 24
2a03:8300::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/05/d28fd4-c368-46b3-a17d-43187e29b0e3/1/iwyNNd1mZXv_yQtqxBYA_6Yj1bg.crl
rsync://rpki.ripe.net/repository/DEFAULT/05/d28fd4-c368-46b3-a17d-43187e29b0e3/1/iwyNNd1mZXv_yQtqxBYA_6Yj1bg.mft
rsync://rpki.ripe.net/repository/DEFAULT/iwyNNd1mZXv_yQtqxBYA_6Yj1bg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:48:c7:c5:74:57:a7:1c:43:7c:40:e4:10:44:c6:31:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b0c8d35dd66657bffc90b6ac41600ffa623d5b8
Validity
Not Before: Nov 3 08:14:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=21c855521f9b4ad32db2026fcb7e33b136f07012
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:07:64:f3:03:65:bd:40:50:59:22:85:29:89:
65:d9:89:fa:9c:ab:21:b5:6c:86:78:01:09:95:73:
5d:fc:67:71:e2:73:b2:05:f9:ad:a8:a7:8a:51:66:
1a:7e:55:97:14:75:2c:01:ce:f4:a7:ce:0d:d1:f6:
c0:2a:b0:48:22:ea:02:6b:10:86:5e:98:fc:9c:ba:
c4:ee:fe:86:5a:21:31:99:74:03:35:81:78:fc:6d:
30:8b:e0:98:d2:65:57:a3:1f:3e:9c:c4:96:34:ce:
cb:00:00:bd:34:79:b9:29:68:f9:eb:91:9f:35:81:
5e:63:4e:a2:8f:65:54:5f:5c:14:6f:7d:90:66:c6:
02:8b:00:f8:9e:55:1c:49:ca:86:8b:15:25:b6:f0:
01:03:8d:2f:bd:12:62:d6:b6:cc:28:56:ea:79:bc:
41:c6:cb:92:bd:ab:77:2a:5b:47:6a:7e:12:96:93:
32:9d:aa:4c:a8:70:5b:b5:b2:b2:76:aa:b7:a6:d2:
0e:6d:ff:a1:f3:df:cc:17:68:99:b5:1d:21:7a:20:
66:7e:fc:9f:7a:35:a7:0f:69:9e:b0:95:10:e3:dd:
f6:b1:16:69:1a:97:21:2e:3d:87:49:ab:cc:51:26:
7d:42:02:7e:ab:d8:9c:ec:6b:e3:c2:35:92:d4:1a:
01:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:C8:55:52:1F:9B:4A:D3:2D:B2:02:6F:CB:7E:33:B1:36:F0:70:12
X509v3 Authority Key Identifier:
keyid:8B:0C:8D:35:DD:66:65:7B:FF:C9:0B:6A:C4:16:00:FF:A6:23:D5:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iwyNNd1mZXv_yQtqxBYA_6Yj1bg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/d28fd4-c368-46b3-a17d-43187e29b0e3/1/IchVUh-bStMtsgJvy34zsTbwcBI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/d28fd4-c368-46b3-a17d-43187e29b0e3/1/iwyNNd1mZXv_yQtqxBYA_6Yj1bg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.121.92.0/22
IPv6:
2a03:8300::/32
Signature Algorithm: sha256WithRSAEncryption
23:0a:83:cb:b7:91:8f:be:a4:94:8e:8a:68:96:27:c2:3c:ec:
b4:c4:7b:70:fe:58:f3:b3:bd:0f:cc:f0:e6:ee:17:50:f8:50:
3a:ab:3e:de:46:9e:bf:14:d7:8c:41:53:e5:c8:d6:aa:5c:fb:
22:b4:11:48:d7:07:b6:85:22:47:90:b6:b8:0a:11:fd:2c:ab:
cb:18:99:7c:cb:97:60:8b:58:fa:f7:9b:11:84:7b:1f:ac:a7:
93:54:f4:a6:80:19:b3:eb:ce:11:3b:80:7d:46:00:c2:c0:81:
3f:f5:f3:83:12:4b:94:eb:5a:db:df:ca:1b:30:9e:67:1c:d1:
98:b4:ef:e1:09:d5:c3:22:9a:69:b6:7b:d5:94:1a:2d:70:06:
5a:26:bb:f7:43:d0:39:0f:8e:55:4a:0e:92:ca:da:e5:b8:e6:
ec:e0:87:61:f5:d4:9f:e5:4c:31:a3:b2:32:b0:ef:1b:21:e3:
2a:08:c9:d7:8f:ef:46:2e:b4:10:f5:07:70:d8:68:78:d7:db:
4b:ea:d9:ec:26:9d:b0:8c:bb:a3:32:3e:47:28:40:01:f4:5e:
a4:19:f0:b1:f3:f8:7c:7f:b3:ca:6f:53:a5:ad:79:f5:6a:b9:
bb:2a:3c:e1:17:ba:9e:90:b8:cd:36:1d:f1:4d:36:0c:2f:bb:
80:2b:af:c5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZpIx8V0V6ccQ3xA5BBExjF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMGM4ZDM1ZGQ2NjY1N2JmZmM5MGI2YWM0MTYwMGZmYTYy
M2Q1YjgwHhcNMjUxMTAzMDgxNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWM4NTU1MjFmOWI0YWQzMmRiMjAyNmZjYjdlMzNiMTM2ZjA3MDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwdk8wNlvUBQWSKFKYll2Yn6nKsh
tWyGeAEJlXNd/Gdx4nOyBfmtqKeKUWYaflWXFHUsAc70p84N0fbAKrBIIuoCaxCG
Xpj8nLrE7v6GWiExmXQDNYF4/G0wi+CY0mVXox8+nMSWNM7LAAC9NHm5KWj565Gf
NYFeY06ij2VUX1wUb32QZsYCiwD4nlUcScqGixUltvABA40vvRJi1rbMKFbqebxB
xsuSvat3KltHan4SlpMynapMqHBbtbKydqq3ptIObf+h89/MF2iZtR0heiBmfvyf
ejWnD2mesJUQ4932sRZpGpchLj2HSavMUSZ9QgJ+q9ic7GvjwjWS1BoBawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCHIVVIfm0rTLbICb8t+M7E28HASMB8GA1UdIwQY
MBaAFIsMjTXdZmV7/8kLasQWAP+mI9W4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXd5Tk5kMW1aWHZfeVF0cXhCWUFfNllqMWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9kMjhmZDQtYzM2OC00NmIzLWExN2Qt
NDMxODdlMjliMGUzLzEvSWNoVlVoLWJTdE10c2dKdnkzNHpzVGJ3Y0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9kMjhmZDQtYzM2OC00NmIzLWExN2QtNDMxODdlMjliMGUz
LzEvaXd5Tk5kMW1aWHZfeVF0cXhCWUFfNllqMWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXlcMA0E
AgACMAcDBQAqA4MAMA0GCSqGSIb3DQEBCwUAA4IBAQAjCoPLt5GPvqSUjopolifC
POy0xHtw/ljzs70PzPDm7hdQ+FA6qz7eRp6/FNeMQVPlyNaqXPsitBFI1we2hSJH
kLa4ChH9LKvLGJl8y5dgi1j695sRhHsfrKeTVPSmgBmz684RO4B9RgDCwIE/9fOD
EkuU61rb38obMJ5nHNGYtO/hCdXDIppptnvVlBotcAZaJrv3Q9A5D45VSg6Sytrl
uObs4Idh9dSf5Uwxo7IysO8bIeMqCMnXj+9GLrQQ9Qdw2Gh419tL6tnsJp2wjLuj
Mj5HKEAB9F6kGfCx8/h8f7PKb1OlrXn1arm7KjzhF7qekLjNNh3xTTYML7uAK6/F
-----END CERTIFICATE-----
Generated at Tue Nov 4 23:05:14 2025 by rpki-client