Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/0YC7qm9CG4pOwh0oTWm4ITQDSnY.roa
File: 0YC7qm9CG4pOwh0oTWm4ITQDSnY.roa (raw, json)
Hash identifier: EWDr7Bs0H7fnIeWZl0W4PNh2O69SVcVeiWaRqk/8B3k=
Subject key identifier: D1:80:BB:AA:6F:42:1B:8A:4E:C2:1D:28:4D:69:B8:21:34:03:4A:76
Certificate issuer: /CN=ab30921d28c78ede81842f712e6cf72bde5a6080
Certificate serial: 019A399A469B05024DAF4BDF03A696EC9707
Authority key identifier: AB:30:92:1D:28:C7:8E:DE:81:84:2F:71:2E:6C:F7:2B:DE:5A:60:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qzCSHSjHjt6BhC9xLmz3K95aYIA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/0YC7qm9CG4pOwh0oTWm4ITQDSnY.roa
Signing time: Fri 31 Oct 2025 09:30:03 +0000
ROA not before: Fri 31 Oct 2025 09:30:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34960
IP address blocks: 5.149.0.0/21 maxlen: 21
5.149.0.0/24 maxlen: 24
5.149.1.0/24 maxlen: 24
5.149.2.0/24 maxlen: 24
5.149.3.0/24 maxlen: 24
5.149.4.0/24 maxlen: 24
5.149.5.0/24 maxlen: 24
5.149.6.0/24 maxlen: 24
5.149.7.0/24 maxlen: 24
185.120.92.0/24 maxlen: 24
185.120.93.0/24 maxlen: 24
185.122.48.0/24 maxlen: 24
194.126.144.0/23 maxlen: 23
194.126.144.0/24 maxlen: 24
194.126.145.0/24 maxlen: 24
2a01:48c0::/32 maxlen: 32
2a01:48c0::/40 maxlen: 40
2a01:48c0:100::/40 maxlen: 40
2a01:48c0:200::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/qzCSHSjHjt6BhC9xLmz3K95aYIA.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/qzCSHSjHjt6BhC9xLmz3K95aYIA.mft
rsync://rpki.ripe.net/repository/DEFAULT/qzCSHSjHjt6BhC9xLmz3K95aYIA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:39:9a:46:9b:05:02:4d:af:4b:df:03:a6:96:ec:97:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab30921d28c78ede81842f712e6cf72bde5a6080
Validity
Not Before: Oct 31 09:30:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d180bbaa6f421b8a4ec21d284d69b82134034a76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:a9:27:09:54:0c:f5:15:9a:79:c4:0d:20:4c:
14:bc:83:0c:14:ba:47:02:b6:3b:bc:b0:0b:db:5d:
55:a2:e2:0a:a0:b7:a5:b4:5d:ef:74:c3:7f:12:97:
61:89:b5:25:ba:f8:30:a2:c2:66:0f:4a:fc:11:9f:
0e:e0:37:eb:0a:c6:ca:33:58:7e:45:a5:8c:14:c5:
9d:bb:cf:12:ec:cc:60:10:8b:15:43:13:cd:d6:46:
c5:da:8e:41:93:8d:6c:9a:ac:b7:0c:db:7d:45:7c:
af:05:ac:00:d0:c1:03:86:a5:b7:9e:cd:34:16:79:
c3:ce:82:ce:73:f4:93:ab:89:19:4e:fd:96:d9:27:
5b:e6:a3:60:9f:69:b6:52:ab:fb:8e:be:9f:31:b1:
eb:bb:80:94:3a:c8:a5:8f:7c:21:bd:2e:ac:24:73:
42:96:0d:fb:b1:a2:b7:2b:80:94:72:88:3c:9b:c4:
42:79:a9:9d:6f:38:a2:94:b5:fd:4a:17:44:45:92:
e9:2c:9f:c0:90:8b:9d:fc:74:39:21:51:d9:89:61:
89:6f:58:86:4b:97:a4:63:48:b0:49:4b:47:bf:aa:
cf:0a:48:2f:7c:86:65:06:4b:45:b3:28:fd:4e:89:
04:ef:47:3c:89:f5:e9:9e:1e:e8:72:a3:8d:97:eb:
83:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:80:BB:AA:6F:42:1B:8A:4E:C2:1D:28:4D:69:B8:21:34:03:4A:76
X509v3 Authority Key Identifier:
keyid:AB:30:92:1D:28:C7:8E:DE:81:84:2F:71:2E:6C:F7:2B:DE:5A:60:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qzCSHSjHjt6BhC9xLmz3K95aYIA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/0YC7qm9CG4pOwh0oTWm4ITQDSnY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3cd7ff-20d2-4cec-aeca-354399724b1e/1/qzCSHSjHjt6BhC9xLmz3K95aYIA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.149.0.0/21
185.120.92.0/23
185.122.48.0/24
194.126.144.0/23
IPv6:
2a01:48c0::/32
Signature Algorithm: sha256WithRSAEncryption
e1:29:60:33:35:11:87:89:45:5f:f0:47:7f:12:5b:36:97:ff:
cc:8d:f6:d1:78:e7:5d:b4:e0:76:26:a0:e2:fc:5c:81:ff:5f:
ce:33:00:30:b6:04:a6:28:80:b8:5c:0c:13:81:ab:d4:d7:73:
55:7a:1c:e2:fd:44:12:a6:56:55:35:bd:11:5d:bd:e9:88:de:
a7:1f:a4:31:76:db:e7:d4:69:91:05:07:0f:5f:b3:f2:f0:23:
e2:74:8b:60:e4:3d:79:78:ae:9b:de:c0:9c:5e:42:db:b8:43:
e1:5d:c1:4f:5f:c8:09:5a:48:63:59:03:9f:cb:20:f0:d4:c9:
0a:a2:b4:d8:4e:81:f1:16:3e:7b:b8:d1:4e:40:48:5b:37:80:
dc:d9:ca:1d:84:b7:e7:9f:45:19:7a:31:61:97:0d:47:48:5b:
45:44:85:b3:5a:2f:4f:dd:b2:ea:0b:ee:96:51:cb:e9:c0:e8:
2f:c7:9c:30:3d:bc:b3:bc:92:3d:6f:10:5a:75:ab:6b:69:58:
0e:61:b0:26:f8:6a:7f:96:33:00:2d:e9:2e:cc:5a:74:56:9c:
aa:9e:71:da:42:c5:2f:7d:82:a2:2c:fa:8d:27:cc:b2:c4:b4:
f2:91:d4:34:b5:8c:a1:a4:eb:2c:8d:4f:df:23:cf:92:2f:5c:
3d:7a:f3:69
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZo5mkabBQJNr0vfA6aW7JcHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMzA5MjFkMjhjNzhlZGU4MTg0MmY3MTJlNmNmNzJiZGU1
YTYwODAwHhcNMjUxMDMxMDkzMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTgwYmJhYTZmNDIxYjhhNGVjMjFkMjg0ZDY5YjgyMTM0MDM0YTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKknCVQM9RWaecQNIEwUvIMMFLpH
ArY7vLAL211VouIKoLeltF3vdMN/EpdhibUluvgwosJmD0r8EZ8O4DfrCsbKM1h+
RaWMFMWdu88S7MxgEIsVQxPN1kbF2o5Bk41smqy3DNt9RXyvBawA0MEDhqW3ns00
FnnDzoLOc/STq4kZTv2W2Sdb5qNgn2m2Uqv7jr6fMbHru4CUOsilj3whvS6sJHNC
lg37saK3K4CUcog8m8RCeamdbziilLX9ShdERZLpLJ/AkIud/HQ5IVHZiWGJb1iG
S5ekY0iwSUtHv6rPCkgvfIZlBktFsyj9TokE70c8ifXpnh7ocqONl+uD0QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFNGAu6pvQhuKTsIdKE1puCE0A0p2MB8GA1UdIwQY
MBaAFKswkh0ox47egYQvcS5s9yveWmCAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXpDU0hTakhqdDZCaEM5eExtejNLOTVhWUlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zY2Q3ZmYtMjBkMi00Y2VjLWFlY2Et
MzU0Mzk5NzI0YjFlLzEvMFlDN3FtOUNHNHBPd2gwb1RXbTRJVFFEU25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zY2Q3ZmYtMjBkMi00Y2VjLWFlY2EtMzU0Mzk5NzI0YjFl
LzEvcXpDU0hTakhqdDZCaEM5eExtejNLOTVhWUlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDBZUAAwQB
uXhcAwQAuXowAwQBwn6QMA0EAgACMAcDBQAqAUjAMA0GCSqGSIb3DQEBCwUAA4IB
AQDhKWAzNRGHiUVf8Ed/Els2l//MjfbReOddtOB2JqDi/FyB/1/OMwAwtgSmKIC4
XAwTgavU13NVehzi/UQSplZVNb0RXb3piN6nH6Qxdtvn1GmRBQcPX7Py8CPidItg
5D15eK6b3sCcXkLbuEPhXcFPX8gJWkhjWQOfyyDw1MkKorTYToHxFj57uNFOQEhb
N4Dc2codhLfnn0UZejFhlw1HSFtFRIWzWi9P3bLqC+6WUcvpwOgvx5wwPbyzvJI9
bxBadatraVgOYbAm+Gp/ljMALekuzFp0VpyqnnHaQsUvfYKiLPqNJ8yyxLTykdQ0
tYyhpOssjU/fI8+SL1w9evNp
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:04:11 2025 by rpki-client