Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/d8e096-4310-42b9-bd20-b5602d3da8a6/1/1R6uhc2wPnqKxnOesvRg3wWNwhk.roa
File: 1R6uhc2wPnqKxnOesvRg3wWNwhk.roa (raw, json)
Hash identifier: Vk3vRGCge4uXoZ+eQOPQfiJoFgTM6J3DonWOQ6myT5g=
Subject key identifier: D5:1E:AE:85:CD:B0:3E:7A:8A:C6:73:9E:B2:F4:60:DF:05:8D:C2:19
Certificate issuer: /CN=6e60883aae491e5fb773a9264019ff4f888d5ca5
Certificate serial: 019A254929C392180BD8F78667E73945B6EE
Authority key identifier: 6E:60:88:3A:AE:49:1E:5F:B7:73:A9:26:40:19:FF:4F:88:8D:5C:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bmCIOq5JHl-3c6kmQBn_T4iNXKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1b/d8e096-4310-42b9-bd20-b5602d3da8a6/1/1R6uhc2wPnqKxnOesvRg3wWNwhk.roa
Signing time: Mon 27 Oct 2025 10:49:03 +0000
ROA not before: Mon 27 Oct 2025 10:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44143
IP address blocks: 37.19.104.0/21 maxlen: 21
37.19.104.0/22 maxlen: 22
37.19.107.0/24 maxlen: 24
37.19.108.0/23 maxlen: 23
37.19.110.0/24 maxlen: 24
77.243.16.0/20 maxlen: 20
77.243.16.0/21 maxlen: 21
77.243.16.0/24 maxlen: 24
77.243.19.0/24 maxlen: 24
77.243.20.0/22 maxlen: 22
77.243.20.0/23 maxlen: 23
77.243.20.0/24 maxlen: 24
77.243.22.0/24 maxlen: 24
77.243.23.0/24 maxlen: 24
77.243.24.0/22 maxlen: 22
77.243.28.0/22 maxlen: 22
77.243.28.0/24 maxlen: 24
77.243.29.0/24 maxlen: 24
77.243.30.0/24 maxlen: 24
77.243.31.0/24 maxlen: 24
95.86.4.0/22 maxlen: 22
95.86.8.0/22 maxlen: 22
95.86.48.0/21 maxlen: 21
95.86.60.0/22 maxlen: 22
185.37.24.0/22 maxlen: 22
185.37.24.0/24 maxlen: 24
185.37.25.0/24 maxlen: 24
185.37.26.0/24 maxlen: 24
185.37.27.0/24 maxlen: 24
188.120.96.0/20 maxlen: 20
188.120.96.0/21 maxlen: 21
188.120.96.0/24 maxlen: 24
188.120.97.0/24 maxlen: 24
188.120.98.0/24 maxlen: 24
188.120.99.0/24 maxlen: 24
188.120.100.0/24 maxlen: 24
188.120.101.0/24 maxlen: 24
188.120.102.0/24 maxlen: 24
188.120.103.0/24 maxlen: 24
188.120.104.0/21 maxlen: 21
188.120.112.0/21 maxlen: 21
188.120.112.0/22 maxlen: 22
188.120.113.0/24 maxlen: 24
188.120.114.0/24 maxlen: 24
188.120.115.0/24 maxlen: 24
188.120.116.0/22 maxlen: 22
188.120.116.0/24 maxlen: 24
188.120.117.0/24 maxlen: 24
188.120.118.0/24 maxlen: 24
188.120.119.0/24 maxlen: 24
198.143.176.0/21 maxlen: 21
2a00:61c0::/29 maxlen: 29
2a00:61c0::/32 maxlen: 32
2a00:61c1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1b/d8e096-4310-42b9-bd20-b5602d3da8a6/1/bmCIOq5JHl-3c6kmQBn_T4iNXKU.crl
rsync://rpki.ripe.net/repository/DEFAULT/1b/d8e096-4310-42b9-bd20-b5602d3da8a6/1/bmCIOq5JHl-3c6kmQBn_T4iNXKU.mft
rsync://rpki.ripe.net/repository/DEFAULT/bmCIOq5JHl-3c6kmQBn_T4iNXKU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:25:49:29:c3:92:18:0b:d8:f7:86:67:e7:39:45:b6:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6e60883aae491e5fb773a9264019ff4f888d5ca5
Validity
Not Before: Oct 27 10:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d51eae85cdb03e7a8ac6739eb2f460df058dc219
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:71:db:05:5f:26:0d:df:b2:9f:74:c7:7a:14:
b4:f6:0f:ea:38:13:94:76:ba:d9:99:d6:15:b1:eb:
77:0e:30:39:24:6b:2e:11:6f:6a:ba:6c:7f:94:48:
0a:67:0c:18:81:c6:5a:7c:0b:2e:a9:a9:7b:b2:6e:
85:03:3c:c1:35:33:80:2f:a1:33:86:a4:14:da:77:
57:22:bf:60:37:66:25:13:6c:72:2c:c5:d2:d9:43:
c6:18:4e:eb:1f:63:cb:39:e6:15:c5:97:60:2b:80:
26:02:95:44:bd:e5:63:dd:ec:10:aa:a8:4c:a0:c7:
d1:10:37:d6:b0:ee:57:a3:17:c4:22:d0:c2:59:53:
cb:bc:a7:3e:af:de:2c:60:17:b3:17:43:9d:a1:0f:
f4:62:fe:ff:02:bf:ad:14:df:94:0f:81:8e:a1:a6:
3c:89:52:38:79:d2:8a:1a:83:32:3f:e7:1a:51:0a:
7c:41:39:f6:c4:10:ba:f1:7b:76:e7:65:1c:4e:d4:
a7:1b:63:96:6a:4b:ca:f8:d6:3e:9d:f4:04:86:1d:
dd:81:eb:7b:6d:72:3e:1e:57:19:de:0f:ef:85:95:
5e:0e:d8:1f:45:85:79:f5:61:a3:50:aa:f5:aa:28:
a6:fd:48:73:e7:42:43:b0:af:23:ae:35:bd:95:07:
a5:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:1E:AE:85:CD:B0:3E:7A:8A:C6:73:9E:B2:F4:60:DF:05:8D:C2:19
X509v3 Authority Key Identifier:
keyid:6E:60:88:3A:AE:49:1E:5F:B7:73:A9:26:40:19:FF:4F:88:8D:5C:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bmCIOq5JHl-3c6kmQBn_T4iNXKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/d8e096-4310-42b9-bd20-b5602d3da8a6/1/1R6uhc2wPnqKxnOesvRg3wWNwhk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/d8e096-4310-42b9-bd20-b5602d3da8a6/1/bmCIOq5JHl-3c6kmQBn_T4iNXKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.19.104.0/21
77.243.16.0/20
95.86.4.0-95.86.11.255
95.86.48.0/21
95.86.60.0/22
185.37.24.0/22
188.120.96.0-188.120.119.255
198.143.176.0/21
IPv6:
2a00:61c0::/29
Signature Algorithm: sha256WithRSAEncryption
84:5d:69:2c:24:db:07:e8:8c:99:40:4d:ad:78:5c:60:af:39:
63:30:96:22:c9:21:08:22:c6:60:ba:27:1f:6d:f7:71:6c:4d:
fe:ca:e0:21:5e:fa:8c:8c:05:f1:a7:0d:6e:8d:de:3a:0f:af:
d3:71:74:71:fa:5a:62:56:98:ee:0e:1d:01:87:3d:ee:e0:3d:
d6:ac:30:1b:8b:80:48:73:3d:49:72:f4:15:eb:b4:5d:10:82:
12:9f:6d:3f:11:48:a5:be:e4:99:14:a1:52:44:49:94:64:c4:
ce:6e:9a:b7:10:a3:c2:ae:61:d6:e5:a7:42:48:20:22:c8:3e:
74:a9:60:d9:59:af:9c:98:1b:1d:63:a4:92:d6:00:6c:9a:38:
44:0f:25:f2:d1:2b:e8:ef:4a:4f:91:1b:8a:c0:2c:af:20:6e:
94:e2:2f:38:47:73:6e:b2:5b:0a:50:a5:de:04:78:70:4f:ad:
6e:8f:6e:89:15:57:83:ba:9c:02:59:33:5f:60:10:1b:e1:97:
bd:22:4e:1c:6a:6d:d6:93:a4:e3:57:b1:36:97:09:e6:67:8c:
3f:34:af:2c:1f:de:34:cb:45:60:84:ca:ef:d9:ab:e4:bb:90:
7f:93:37:64:5d:8a:e2:c5:51:c4:0b:ba:d9:95:f7:24:03:fe:
e8:90:d7:b5
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAZolSSnDkhgL2PeGZ+c5RbbuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNjA4ODNhYWU0OTFlNWZiNzczYTkyNjQwMTlmZjRmODg4
ZDVjYTUwHhcNMjUxMDI3MTA0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTFlYWU4NWNkYjAzZTdhOGFjNjczOWViMmY0NjBkZjA1OGRjMjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHHbBV8mDd+yn3THehS09g/qOBOU
drrZmdYVset3DjA5JGsuEW9qumx/lEgKZwwYgcZafAsuqal7sm6FAzzBNTOAL6Ez
hqQU2ndXIr9gN2YlE2xyLMXS2UPGGE7rH2PLOeYVxZdgK4AmApVEveVj3ewQqqhM
oMfREDfWsO5XoxfEItDCWVPLvKc+r94sYBezF0OdoQ/0Yv7/Ar+tFN+UD4GOoaY8
iVI4edKKGoMyP+caUQp8QTn2xBC68Xt252UcTtSnG2OWakvK+NY+nfQEhh3dget7
bXI+HlcZ3g/vhZVeDtgfRYV59WGjUKr1qiim/Uhz50JDsK8jrjW9lQelEwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFNUeroXNsD56isZznrL0YN8FjcIZMB8GA1UdIwQY
MBaAFG5giDquSR5ft3OpJkAZ/0+IjVylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm1DSU9xNUpIbC0zYzZrbVFCbl9UNGlOWEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9kOGUwOTYtNDMxMC00MmI5LWJkMjAt
YjU2MDJkM2RhOGE2LzEvMVI2dWhjMndQbnFLeG5PZXN2Umczd1dOd2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9kOGUwOTYtNDMxMC00MmI5LWJkMjAtYjU2MDJkM2RhOGE2
LzEvYm1DSU9xNUpIbC0zYzZrbVFCbl9UNGlOWEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQDJRNoAwQE
TfMQMAwDBAJfVgQDBAJfVggDBANfVjADBAJfVjwDBAK5JRgwDAMEBbx4YAMEA7x4
cAMEA8aPsDANBAIAAjAHAwUDKgBhwDANBgkqhkiG9w0BAQsFAAOCAQEAhF1pLCTb
B+iMmUBNrXhcYK85YzCWIskhCCLGYLonH233cWxN/srgIV76jIwF8acNbo3eOg+v
03F0cfpaYlaY7g4dAYc97uA91qwwG4uASHM9SXL0Feu0XRCCEp9tPxFIpb7kmRSh
UkRJlGTEzm6atxCjwq5h1uWnQkggIsg+dKlg2VmvnJgbHWOkktYAbJo4RA8l8tEr
6O9KT5EbisAsryBulOIvOEdzbrJbClCl3gR4cE+tbo9uiRVXg7qcAlkzX2AQG+GX
vSJOHGpt1pOk41exNpcJ5meMPzSvLB/eNMtFYITK79mr5LuQf5M3ZF2K4sVRxAu6
2ZX3JAP+6JDXtQ==
-----END CERTIFICATE-----
Generated at Wed Nov 5 06:38:59 2025 by rpki-client