Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0c2320-ba95-4531-8c81-22295df12b27/1/8E85CKuNqBtAq_mQnEGUCCO3R10.roa
File: 8E85CKuNqBtAq_mQnEGUCCO3R10.roa (raw, json)
Hash identifier: CgmtiE0mp6q+6KobblRjrSYw7pd0zVbtE+o0y7MhUQQ=
Subject key identifier: F0:4F:39:08:AB:8D:A8:1B:40:AB:F9:90:9C:41:94:08:23:B7:47:5D
Certificate issuer: /CN=5de613682552010298f3a694a00d7c5906060b95
Certificate serial: 019B7C1241174BC117DCEBB66741934074CF
Authority key identifier: 5D:E6:13:68:25:52:01:02:98:F3:A6:94:A0:0D:7C:59:06:06:0B:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XeYTaCVSAQKY86aUoA18WQYGC5U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/0c2320-ba95-4531-8c81-22295df12b27/1/8E85CKuNqBtAq_mQnEGUCCO3R10.roa
Signing time: Fri 02 Jan 2026 00:18:49 +0000
ROA not before: Fri 02 Jan 2026 00:18:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202414
IP address blocks: 185.1.129.0/24 maxlen: 24
194.54.136.0/23 maxlen: 24
194.54.138.0/23 maxlen: 24
2a0c:c9c0::/29 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/0c2320-ba95-4531-8c81-22295df12b27/1/XeYTaCVSAQKY86aUoA18WQYGC5U.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/0c2320-ba95-4531-8c81-22295df12b27/1/XeYTaCVSAQKY86aUoA18WQYGC5U.mft
rsync://rpki.ripe.net/repository/DEFAULT/XeYTaCVSAQKY86aUoA18WQYGC5U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:12:41:17:4b:c1:17:dc:eb:b6:67:41:93:40:74:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5de613682552010298f3a694a00d7c5906060b95
Validity
Not Before: Jan 2 00:18:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f04f3908ab8da81b40abf9909c41940823b7475d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:c1:b4:39:5f:d2:8a:e9:9f:e0:48:e6:7d:09:
3a:9b:30:f3:30:e9:cc:52:a1:56:86:69:10:0c:91:
27:79:e0:34:6a:84:67:3c:91:1c:6e:86:7a:30:90:
5c:2b:df:f4:e6:0a:9a:69:33:2e:15:d3:80:9c:c7:
14:c8:be:84:ff:5e:6c:24:c3:9a:58:27:49:ef:ef:
0b:30:68:60:6e:06:bf:65:c8:8b:13:c9:02:90:6b:
e0:27:20:bb:90:f1:ff:d4:39:69:84:41:a0:22:97:
ba:4d:87:46:a9:2e:27:ea:49:f8:73:e1:94:af:5c:
91:bb:e0:38:b7:46:4b:90:49:0e:1d:19:b9:69:59:
98:9c:76:26:aa:59:5a:c6:54:c4:3c:56:02:db:6b:
73:82:1a:1a:47:5f:83:bb:c0:ad:d6:63:31:0a:43:
fa:4b:d7:c3:ee:e9:96:d6:05:7b:67:a7:fe:1d:c8:
b4:cf:09:c3:17:e7:f2:af:66:ef:9d:77:14:85:c5:
95:47:a9:82:d9:ff:33:4c:38:23:3a:e9:c8:2a:11:
b9:eb:1f:b5:31:76:55:0a:ec:79:37:fa:d5:43:d5:
9f:8f:2b:9b:9a:9b:4c:1d:62:3f:28:50:25:7f:75:
ba:2c:e0:ca:da:19:ec:85:5e:0c:77:b4:09:b9:e9:
32:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:4F:39:08:AB:8D:A8:1B:40:AB:F9:90:9C:41:94:08:23:B7:47:5D
X509v3 Authority Key Identifier:
keyid:5D:E6:13:68:25:52:01:02:98:F3:A6:94:A0:0D:7C:59:06:06:0B:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XeYTaCVSAQKY86aUoA18WQYGC5U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c2320-ba95-4531-8c81-22295df12b27/1/8E85CKuNqBtAq_mQnEGUCCO3R10.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c2320-ba95-4531-8c81-22295df12b27/1/XeYTaCVSAQKY86aUoA18WQYGC5U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.1.129.0/24
194.54.136.0/22
IPv6:
2a0c:c9c0::/29
Signature Algorithm: sha256WithRSAEncryption
90:3c:07:34:be:c2:2d:81:b8:c6:a8:fd:a2:55:94:61:a5:ce:
53:f0:f6:b0:f2:6b:fc:f1:cb:02:3d:b8:d2:32:fa:8e:48:7c:
2a:35:a2:bd:3c:4b:82:af:dc:06:0e:0a:60:2c:53:b4:86:f6:
b7:70:8a:3a:26:8a:7d:bd:3f:97:8f:80:8b:e3:29:5d:b9:b8:
2a:31:b7:eb:74:64:cb:27:f9:94:d0:b0:15:35:33:6f:96:d7:
13:68:c9:87:0c:d8:37:98:76:0f:16:9c:dc:a2:f3:8f:c9:2e:
04:72:57:9a:0d:f7:35:77:ea:a9:86:58:28:7d:e4:05:0e:5d:
dd:70:55:e5:32:7e:fd:5b:4f:d1:32:f1:d5:40:76:d5:a7:57:
16:ee:b7:ea:b0:c1:be:25:69:02:8f:70:a9:10:6d:3e:9d:d9:
a6:17:eb:38:83:7f:8d:bb:a7:92:00:a2:28:16:f1:75:e2:f4:
37:f5:23:f9:d4:a3:1e:6f:b5:a9:d3:70:d7:09:61:0d:0d:e7:
3a:7a:12:39:6d:3a:95:07:31:37:fe:e5:c6:29:3f:7d:fc:aa:
d2:88:83:78:4c:0e:92:f9:3c:a0:0d:3c:b1:af:d2:26:2b:09:
ba:1d:5e:4a:19:72:47:55:f6:89:f2:9e:74:51:ea:79:74:14:
c8:9f:1a:d5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt8EkEXS8EX3Ou2Z0GTQHTPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZTYxMzY4MjU1MjAxMDI5OGYzYTY5NGEwMGQ3YzU5MDYw
NjBiOTUwHhcNMjYwMTAyMDAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDRmMzkwOGFiOGRhODFiNDBhYmY5OTA5YzQxOTQwODIzYjc0NzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38G0OV/Siumf4EjmfQk6mzDzMOnM
UqFWhmkQDJEneeA0aoRnPJEcboZ6MJBcK9/05gqaaTMuFdOAnMcUyL6E/15sJMOa
WCdJ7+8LMGhgbga/ZciLE8kCkGvgJyC7kPH/1DlphEGgIpe6TYdGqS4n6kn4c+GU
r1yRu+A4t0ZLkEkOHRm5aVmYnHYmqllaxlTEPFYC22tzghoaR1+Du8Ct1mMxCkP6
S9fD7umW1gV7Z6f+Hci0zwnDF+fyr2bvnXcUhcWVR6mC2f8zTDgjOunIKhG56x+1
MXZVCux5N/rVQ9WfjyubmptMHWI/KFAlf3W6LODK2hnshV4Md7QJuekyZwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPBPOQirjagbQKv5kJxBlAgjt0ddMB8GA1UdIwQY
MBaAFF3mE2glUgECmPOmlKANfFkGBguVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGVZVGFDVlNBUUtZODZhVW9BMThXUVlHQzVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wYzIzMjAtYmE5NS00NTMxLThjODEt
MjIyOTVkZjEyYjI3LzEvOEU4NUNLdU5xQnRBcV9tUW5FR1VDQ08zUjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wYzIzMjAtYmE5NS00NTMxLThjODEtMjIyOTVkZjEyYjI3
LzEvWGVZVGFDVlNBUUtZODZhVW9BMThXUVlHQzVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuQGBAwQC
wjaIMA0EAgACMAcDBQMqDMnAMA0GCSqGSIb3DQEBCwUAA4IBAQCQPAc0vsItgbjG
qP2iVZRhpc5T8Paw8mv88csCPbjSMvqOSHwqNaK9PEuCr9wGDgpgLFO0hva3cIo6
Jop9vT+Xj4CL4yldubgqMbfrdGTLJ/mU0LAVNTNvltcTaMmHDNg3mHYPFpzcovOP
yS4EcleaDfc1d+qphlgofeQFDl3dcFXlMn79W0/RMvHVQHbVp1cW7rfqsMG+JWkC
j3CpEG0+ndmmF+s4g3+Nu6eSAKIoFvF14vQ39SP51KMeb7Wp03DXCWENDec6ehI5
bTqVBzE3/uXGKT99/KrSiIN4TA6S+TygDTyxr9ImKwm6HV5KGXJHVfaJ8p50Uep5
dBTInxrV
-----END CERTIFICATE-----
Generated at Mon Mar 2 18:44:35 2026 by rpki-client