Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/Gy4BQkIL8-jo1JkeIH41QUjBDjM.roa
File: Gy4BQkIL8-jo1JkeIH41QUjBDjM.roa (raw, json)
Hash identifier: GpUKXk0u0UsVOL/OxmPGoTdxb+oJOueuidELp/hZqyI=
Subject key identifier: 1B:2E:01:42:42:0B:F3:E8:E8:D4:99:1E:20:7E:35:41:48:C1:0E:33
Certificate issuer: /CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Certificate serial: 019A35B2845BE088FCA4181861C0E462EBD4
Authority key identifier: 00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/Gy4BQkIL8-jo1JkeIH41QUjBDjM.roa
Signing time: Thu 30 Oct 2025 15:18:03 +0000
ROA not before: Thu 30 Oct 2025 15:18:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59437
IP address blocks: 85.234.64.0/24 maxlen: 24
85.234.66.0/24 maxlen: 24
85.234.67.0/24 maxlen: 24
85.234.78.0/24 maxlen: 24
85.234.79.0/24 maxlen: 24
85.234.82.0/24 maxlen: 24
85.234.84.0/24 maxlen: 24
85.234.86.0/24 maxlen: 24
85.234.90.0/24 maxlen: 24
85.234.91.0/24 maxlen: 24
85.234.93.0/24 maxlen: 24
85.234.94.0/24 maxlen: 24
92.38.143.0/24 maxlen: 24
93.113.170.0/24 maxlen: 24
93.119.168.0/24 maxlen: 24
93.119.169.0/24 maxlen: 24
109.61.121.0/24 maxlen: 24
2a03:90c0:2b0::/44 maxlen: 44
2a03:90c0:650::/44 maxlen: 64
2a03:90c0:680::/44 maxlen: 44
2a03:90c0:7a0::/44 maxlen: 44
2a03:90c0:7b0::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl
rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.mft
rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 12:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:35:b2:84:5b:e0:88:fc:a4:18:18:61:c0:e4:62:eb:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Validity
Not Before: Oct 30 15:18:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1b2e0142420bf3e8e8d4991e207e354148c10e33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:de:11:c8:cf:cb:bc:10:ea:46:16:8d:c1:6f:
8a:b9:88:99:0a:a2:f1:46:d0:ad:f5:49:1d:59:3f:
c3:67:14:c2:42:82:6c:bb:66:76:87:d3:64:67:bc:
8a:a0:0d:30:cb:15:37:9d:8f:a4:3f:e8:6e:6c:f4:
a1:ef:40:0e:0c:fc:b0:8e:d7:e8:c3:a3:2b:c4:63:
1a:7a:c6:05:90:4d:eb:f2:eb:0c:76:12:3a:5a:9a:
d0:1b:75:ec:b1:70:b2:e3:7b:76:26:b9:5f:29:1b:
38:9a:ce:48:76:c3:d3:a3:e0:f9:eb:02:ae:85:eb:
11:8d:f4:a2:fa:f0:75:39:cc:c3:38:0a:4e:b4:19:
67:63:bc:81:2d:68:20:20:f4:28:f5:92:39:5e:9d:
53:7a:7e:44:62:d1:50:f9:2a:d7:27:48:01:20:a5:
c3:d5:1b:a6:52:18:38:22:c8:a7:b0:9a:ac:7e:dd:
81:0e:23:2a:3f:f6:4d:07:cf:d6:20:e5:c0:69:18:
a9:a2:85:c3:e9:63:80:d0:a0:3f:9a:57:77:8d:7a:
53:d8:c8:90:54:73:4f:79:62:64:d4:01:f4:3d:73:
d6:7e:6c:83:a5:71:e5:67:73:33:b6:ee:ee:b0:b7:
c9:d4:c1:88:2f:5e:83:79:bf:65:a0:39:bb:f8:64:
12:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:2E:01:42:42:0B:F3:E8:E8:D4:99:1E:20:7E:35:41:48:C1:0E:33
X509v3 Authority Key Identifier:
keyid:00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/Gy4BQkIL8-jo1JkeIH41QUjBDjM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.234.64.0/24
85.234.66.0/23
85.234.78.0/23
85.234.82.0/24
85.234.84.0/24
85.234.86.0/24
85.234.90.0/23
85.234.93.0-85.234.94.255
92.38.143.0/24
93.113.170.0/24
93.119.168.0/23
109.61.121.0/24
IPv6:
2a03:90c0:2b0::/44
2a03:90c0:650::/44
2a03:90c0:680::/44
2a03:90c0:7a0::/43
Signature Algorithm: sha256WithRSAEncryption
0b:be:d1:13:93:85:f7:cc:16:ef:43:6f:f7:b4:7a:a4:29:94:
8b:3d:f4:dd:06:41:c0:ab:d5:71:8d:1c:6e:0c:f3:09:2e:42:
fd:32:aa:68:84:f8:10:b6:61:60:c7:54:e6:ee:63:b3:28:19:
84:e2:27:a8:2e:0a:a7:3b:a3:b5:cd:ae:44:80:26:16:6e:13:
eb:19:b0:57:d8:2a:04:f8:f8:93:15:2c:0b:e0:68:9e:74:e6:
d9:ca:58:66:2a:dc:c5:cc:8f:35:6c:5f:3e:f3:f1:c8:aa:7b:
55:5b:47:30:5b:38:44:11:73:e7:6d:9e:1f:ec:aa:39:71:bb:
0c:a1:9f:0f:a3:ad:74:44:f6:17:23:92:33:5a:d5:32:0c:bf:
3d:1b:98:cb:07:4f:37:60:e6:cc:42:bf:0e:8a:b7:6d:b4:8d:
8a:eb:eb:e5:31:ea:76:32:8a:31:dd:d9:8d:80:42:02:c7:f4:
95:34:8a:82:af:c1:86:6f:11:53:d4:57:77:18:9e:98:68:62:
fc:e0:e6:2b:24:e9:2c:fb:bb:eb:3e:03:fc:14:90:46:75:b4:
29:25:27:b2:14:42:6e:d2:8b:b5:43:a9:69:32:24:74:b8:3f:
ba:6d:52:6f:02:8a:62:20:ea:cc:7d:b4:48:88:b5:9b:b2:25:
aa:14:7a:99
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgISAZo1soRb4Ij8pBgYYcDkYuvUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTRmNmE3NzM2OGI3Y2VjZmU2NzIyMGI0MzY1NzZiMWUw
MDhhZWMwHhcNMjUxMDMwMTUxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjJlMDE0MjQyMGJmM2U4ZThkNDk5MWUyMDdlMzU0MTQ4YzEwZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd4RyM/LvBDqRhaNwW+KuYiZCqLx
RtCt9UkdWT/DZxTCQoJsu2Z2h9NkZ7yKoA0wyxU3nY+kP+hubPSh70AODPywjtfo
w6MrxGMaesYFkE3r8usMdhI6WprQG3XssXCy43t2JrlfKRs4ms5IdsPTo+D56wKu
hesRjfSi+vB1OczDOApOtBlnY7yBLWggIPQo9ZI5Xp1Ten5EYtFQ+SrXJ0gBIKXD
1RumUhg4IsinsJqsft2BDiMqP/ZNB8/WIOXAaRipooXD6WOA0KA/mld3jXpT2MiQ
VHNPeWJk1AH0PXPWfmyDpXHlZ3Mztu7usLfJ1MGIL16Deb9loDm7+GQSIwIDAQAB
o4ICgjCCAn4wHQYDVR0OBBYEFBsuAUJCC/Po6NSZHiB+NUFIwQ4zMB8GA1UdIwQY
MBaAFADk9qdzaLfOz+ZyILQ2V2seAIrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMt
YjA3ZDg0MTZhZTRhLzEvR3k0QlFrSUw4LWpvMUprZUlINDFRVWpCRGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMtYjA3ZDg0MTZhZTRh
LzEvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGXBggrBgEFBQcBBwEB/wSBhzCBhDBWBAIAATBQAwQAVepA
AwQBVepCAwQBVepOAwQAVepSAwQAVepUAwQAVepWAwQBVepaMAwDBABV6l0DBABV
6l4DBABcJo8DBABdcaoDBAFdd6gDBABtPXkwKgQCAAIwJAMHBCoDkMACsAMHBCoD
kMAGUAMHBCoDkMAGgAMHBSoDkMAHoDANBgkqhkiG9w0BAQsFAAOCAQEAC77RE5OF
98wW70Nv97R6pCmUiz303QZBwKvVcY0cbgzzCS5C/TKqaIT4ELZhYMdU5u5jsygZ
hOInqC4Kpzujtc2uRIAmFm4T6xmwV9gqBPj4kxUsC+BonnTm2cpYZircxcyPNWxf
PvPxyKp7VVtHMFs4RBFz522eH+yqOXG7DKGfD6OtdET2FyOSM1rVMgy/PRuYywdP
N2DmzEK/Doq3bbSNiuvr5THqdjKKMd3ZjYBCAsf0lTSKgq/Bhm8RU9RXdxiemGhi
/ODmKyTpLPu76z4D/BSQRnW0KSUnshRCbtKLtUOpaTIkdLg/um1SbwKKYiDqzH20
SIi1m7IlqhR6mQ==
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:31:49 2025 by rpki-client