Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/0hP_n0pnEZN4K6poUlA-xqEv6yE.roa
File: 0hP_n0pnEZN4K6poUlA-xqEv6yE.roa (raw, json)
Hash identifier: F/NswoqCQCtEeweJPN7XVnbp503CyUvfgOPod22wDEM=
Subject key identifier: D2:13:FF:9F:4A:67:11:93:78:2B:AA:68:52:50:3E:C6:A1:2F:EB:21
Certificate issuer: /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial: 019A2F6E834B5124E9F0F6CB2CC3B953A053
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/0hP_n0pnEZN4K6poUlA-xqEv6yE.roa
Signing time: Wed 29 Oct 2025 10:06:03 +0000
ROA not before: Wed 29 Oct 2025 10:06:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34343
IP address blocks: 85.12.56.0/24 maxlen: 24
91.148.192.0/24 maxlen: 24
91.148.224.0/22 maxlen: 24
91.148.228.0/22 maxlen: 24
91.148.236.0/22 maxlen: 24
91.148.236.0/24 maxlen: 24
91.148.237.0/24 maxlen: 24
91.148.238.0/24 maxlen: 24
91.148.239.0/24 maxlen: 24
91.148.240.0/22 maxlen: 24
91.148.244.0/22 maxlen: 24
91.148.248.0/24 maxlen: 24
91.148.249.0/24 maxlen: 24
176.124.71.0/24 maxlen: 24
185.91.29.0/24 maxlen: 24
193.138.220.0/24 maxlen: 24
195.200.84.0/24 maxlen: 24
195.200.85.0/24 maxlen: 24
2a01:788:aaaa::/48 maxlen: 48
2a01:788:aaab::/48 maxlen: 48
2a01:788:aaac::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.mft
rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2f:6e:83:4b:51:24:e9:f0:f6:cb:2c:c3:b9:53:a0:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
Validity
Not Before: Oct 29 10:06:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d213ff9f4a671193782baa6852503ec6a12feb21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:19:d7:18:b1:36:ef:f3:5a:dd:87:c5:b8:cc:
3b:05:72:dd:e4:79:c7:59:b5:bd:dc:d0:51:62:f3:
fb:60:7b:39:a5:dd:bd:f9:2c:45:dc:52:34:a8:4d:
5a:61:ea:07:03:ab:6f:c9:da:4b:8e:e2:f0:18:20:
25:e9:d4:6d:dc:af:4e:63:71:ea:38:2f:3f:4e:38:
f2:0b:ab:87:cd:03:06:5d:d5:bf:49:84:1f:9b:4b:
e3:46:79:42:03:35:26:17:63:04:32:ed:7f:c6:f6:
3a:00:b9:7a:8f:95:4f:33:90:a6:ca:0f:ec:13:7d:
9f:c5:15:20:3b:04:8c:7d:64:41:c8:4f:d8:cc:08:
9b:ec:ff:31:b0:ac:7f:d1:e2:e0:14:52:b8:22:6e:
84:60:96:0a:06:75:76:e8:b4:91:7b:74:87:73:17:
cd:97:16:4e:08:0e:fa:b1:f5:05:02:5f:1b:1a:87:
b1:d1:3d:2d:cc:b0:78:c4:2d:70:e1:55:4c:a3:ca:
af:cd:fd:e1:cf:b7:d5:e4:82:06:97:4a:f6:56:54:
93:af:6b:05:f8:5d:3f:ae:e9:26:60:13:c6:42:26:
e9:c9:ac:5d:b3:58:ea:c4:44:ea:77:84:ac:2c:cf:
6c:47:ac:25:75:a8:2a:8c:17:97:b3:b5:e0:5a:95:
f2:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:13:FF:9F:4A:67:11:93:78:2B:AA:68:52:50:3E:C6:A1:2F:EB:21
X509v3 Authority Key Identifier:
keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/0hP_n0pnEZN4K6poUlA-xqEv6yE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.12.56.0/24
91.148.192.0/24
91.148.224.0/21
91.148.236.0-91.148.249.255
176.124.71.0/24
185.91.29.0/24
193.138.220.0/24
195.200.84.0/23
IPv6:
2a01:788:aaaa::-2a01:788:aaac:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
71:ae:ab:7e:05:bf:df:cb:5e:4e:3e:a4:00:80:ae:91:c9:f5:
29:45:07:6a:00:8e:c7:0c:72:fd:ac:ca:ae:5f:1c:39:a7:da:
54:1e:57:5d:2c:64:ed:12:69:43:a5:3d:b3:d1:5a:51:f8:9a:
45:9c:71:b1:51:65:b4:15:e9:7b:b3:45:27:7a:cf:ad:4e:49:
0a:f1:9f:7c:0a:ed:3c:e2:da:56:44:af:60:b3:ec:59:be:c8:
2a:e1:4d:ee:b3:20:db:e5:57:d5:c8:51:e6:af:d0:e5:72:d0:
c5:3e:98:8f:9b:fb:6f:63:55:c2:8c:0a:ad:32:5c:30:73:b0:
e2:61:52:80:3c:8e:83:02:9d:8f:a1:8f:f8:dd:43:ca:2e:72:
ab:47:bd:05:21:b8:b2:71:ef:bc:6f:f5:08:1b:cc:3d:e0:f1:
5d:39:bc:f0:18:d9:ee:1e:f1:cf:0e:67:63:b8:26:3a:16:da:
a8:c1:34:92:81:0c:d6:36:52:ab:54:89:a9:02:3e:e8:70:06:
03:bc:c7:73:04:62:18:1b:76:f8:65:69:d5:ec:aa:ee:3b:db:
8e:86:fc:ea:5e:91:c5:e7:e9:bc:c6:b1:bb:51:86:be:b3:6a:
2f:50:76:da:b9:d4:90:d3:2b:18:6b:7e:c1:04:e0:df:8b:8f:
87:04:48:39
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZovboNLUSTp8PbLLMO5U6BTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDhjZjE0NmI0YzczZDI3NDA5NmQ3MDU3MDhkMjRiNzI5
MzI5ZjgwHhcNMjUxMDI5MTAwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjEzZmY5ZjRhNjcxMTkzNzgyYmFhNjg1MjUwM2VjNmExMmZlYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRnXGLE27/Na3YfFuMw7BXLd5HnH
WbW93NBRYvP7YHs5pd29+SxF3FI0qE1aYeoHA6tvydpLjuLwGCAl6dRt3K9OY3Hq
OC8/TjjyC6uHzQMGXdW/SYQfm0vjRnlCAzUmF2MEMu1/xvY6ALl6j5VPM5Cmyg/s
E32fxRUgOwSMfWRByE/YzAib7P8xsKx/0eLgFFK4Im6EYJYKBnV26LSRe3SHcxfN
lxZOCA76sfUFAl8bGoex0T0tzLB4xC1w4VVMo8qvzf3hz7fV5IIGl0r2VlSTr2sF
+F0/rukmYBPGQibpyaxds1jqxETqd4SsLM9sR6wldagqjBeXs7XgWpXybQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFNIT/59KZxGTeCuqaFJQPsahL+shMB8GA1UdIwQY
MBaAFEtIzxRrTHPSdAltcFcI0ktykyn4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMt
NjRhNmEwNWI5OTA1LzEvMGhQX24wcG5FWk40SzZwb1VsQS14cUV2NnlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMtNjRhNmEwNWI5OTA1
LzEvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDA+BAIAATA4AwQAVQw4AwQA
W5TAAwQDW5TgMAwDBAJblOwDBAFblPgDBACwfEcDBAC5Wx0DBADBitwDBAHDyFQw
GgQCAAIwFDASAwcBKgEHiKqqAwcAKgEHiKqsMA0GCSqGSIb3DQEBCwUAA4IBAQBx
rqt+Bb/fy15OPqQAgK6RyfUpRQdqAI7HDHL9rMquXxw5p9pUHlddLGTtEmlDpT2z
0VpR+JpFnHGxUWW0Fel7s0Unes+tTkkK8Z98Cu084tpWRK9gs+xZvsgq4U3usyDb
5VfVyFHmr9DlctDFPpiPm/tvY1XCjAqtMlwwc7DiYVKAPI6DAp2PoY/43UPKLnKr
R70FIbiyce+8b/UIG8w94PFdObzwGNnuHvHPDmdjuCY6FtqowTSSgQzWNlKrVImp
Aj7ocAYDvMdzBGIYG3b4ZWnV7KruO9uOhvzqXpHF5+m8xrG7UYa+s2ovUHbaudSQ
0ysYa37BBODfi4+HBEg5
-----END CERTIFICATE-----
Generated at Wed Nov 5 08:17:15 2025 by rpki-client