Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/H4zAObpUdJJYO1JtZqVSSun-vrI.roa
File: H4zAObpUdJJYO1JtZqVSSun-vrI.roa (raw, json)
Hash identifier: N1HOofBD1fXpVvugaIfy3jJQqnu1vOEK3uBP3/wOewY=
Subject key identifier: 1F:8C:C0:39:BA:54:74:92:58:3B:52:6D:66:A5:52:4A:E9:FE:BE:B2
Certificate issuer: /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial: 019A2C0C6D92ED96FB5CCE7D976A425CB3C7
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/H4zAObpUdJJYO1JtZqVSSun-vrI.roa
Signing time: Tue 28 Oct 2025 18:20:03 +0000
ROA not before: Tue 28 Oct 2025 18:20:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 62.192.113.0/24 maxlen: 24
92.71.2.0/23 maxlen: 24
92.71.4.0/23 maxlen: 24
92.71.26.0/23 maxlen: 24
92.71.28.0/22 maxlen: 24
92.71.36.0/23 maxlen: 24
92.71.48.0/21 maxlen: 24
92.71.56.0/22 maxlen: 24
92.71.62.0/23 maxlen: 24
135.196.4.0/24 maxlen: 24
135.196.24.0/23 maxlen: 24
135.196.28.0/23 maxlen: 24
135.196.88.0/23 maxlen: 24
135.196.102.0/23 maxlen: 24
135.196.108.0/22 maxlen: 24
135.196.132.0/23 maxlen: 24
135.196.144.0/22 maxlen: 24
135.196.156.0/23 maxlen: 24
135.196.164.0/23 maxlen: 24
135.196.172.0/23 maxlen: 24
135.196.176.0/23 maxlen: 24
135.196.202.0/24 maxlen: 24
135.196.204.0/24 maxlen: 24
195.86.223.0/24 maxlen: 24
213.201.140.0/24 maxlen: 24
213.201.148.0/24 maxlen: 24
213.201.154.0/23 maxlen: 24
213.201.158.0/24 maxlen: 24
213.201.163.0/24 maxlen: 24
213.201.166.0/23 maxlen: 24
213.201.171.0/24 maxlen: 24
213.201.174.0/23 maxlen: 24
213.201.179.0/24 maxlen: 24
213.201.182.0/23 maxlen: 24
213.201.186.0/23 maxlen: 24
213.201.190.0/23 maxlen: 24
213.201.194.0/23 maxlen: 24
213.201.196.0/23 maxlen: 24
213.201.198.0/24 maxlen: 24
213.201.200.0/24 maxlen: 24
213.201.202.0/24 maxlen: 24
213.201.204.0/24 maxlen: 24
213.201.208.0/23 maxlen: 24
213.201.214.0/23 maxlen: 24
213.201.218.0/23 maxlen: 24
213.201.222.0/23 maxlen: 24
213.201.226.0/23 maxlen: 24
213.201.228.0/23 maxlen: 24
213.201.234.0/23 maxlen: 24
213.201.238.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2c:0c:6d:92:ed:96:fb:5c:ce:7d:97:6a:42:5c:b3:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Validity
Not Before: Oct 28 18:20:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1f8cc039ba547492583b526d66a5524ae9febeb2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:31:85:43:e4:44:7a:2a:5e:75:22:9f:dd:b9:
22:8d:a2:1a:d0:e2:b3:38:66:4a:31:d6:5e:de:0c:
ba:b3:34:6e:1e:6d:58:d2:2b:9e:06:28:63:23:e6:
d1:8a:95:57:31:b4:4f:e7:2a:12:3d:af:c9:84:84:
16:b4:77:b2:fc:0a:f7:de:d9:96:ea:97:7e:81:24:
3f:c8:5d:d6:9a:24:83:62:2b:0d:5c:f0:75:29:42:
82:4c:db:6d:97:3a:5d:fb:b8:50:9a:ab:a3:98:dc:
93:d6:c0:a6:4c:10:c7:8c:85:80:b2:c4:b1:3d:35:
13:9a:a4:ed:94:4d:16:ec:ac:ca:f1:2a:d6:64:a9:
b3:6f:6b:10:f9:f3:bb:68:dc:f1:69:6b:c1:bb:38:
b0:56:9d:08:17:da:5b:8f:91:77:ca:06:c7:51:df:
36:ec:c7:dd:32:08:0c:d3:20:95:47:84:05:46:90:
da:34:78:56:8f:31:c9:87:16:bf:35:aa:7a:77:e9:
c2:7f:da:69:17:6d:2f:80:6e:33:ed:4a:58:22:1c:
32:8d:36:2d:8e:df:ae:de:d5:cd:66:64:21:73:55:
7c:e0:32:6e:72:eb:ec:fe:b0:54:e0:44:12:ab:83:
fc:01:c5:de:99:a8:5a:05:28:71:1c:6c:f5:a5:b1:
70:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:8C:C0:39:BA:54:74:92:58:3B:52:6D:66:A5:52:4A:E9:FE:BE:B2
X509v3 Authority Key Identifier:
keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/H4zAObpUdJJYO1JtZqVSSun-vrI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.192.113.0/24
92.71.2.0-92.71.5.255
92.71.26.0-92.71.31.255
92.71.36.0/23
92.71.48.0-92.71.59.255
92.71.62.0/23
135.196.4.0/24
135.196.24.0/23
135.196.28.0/23
135.196.88.0/23
135.196.102.0/23
135.196.108.0/22
135.196.132.0/23
135.196.144.0/22
135.196.156.0/23
135.196.164.0/23
135.196.172.0/23
135.196.176.0/23
135.196.202.0/24
135.196.204.0/24
195.86.223.0/24
213.201.140.0/24
213.201.148.0/24
213.201.154.0/23
213.201.158.0/24
213.201.163.0/24
213.201.166.0/23
213.201.171.0/24
213.201.174.0/23
213.201.179.0/24
213.201.182.0/23
213.201.186.0/23
213.201.190.0/23
213.201.194.0-213.201.198.255
213.201.200.0/24
213.201.202.0/24
213.201.204.0/24
213.201.208.0/23
213.201.214.0/23
213.201.218.0/23
213.201.222.0/23
213.201.226.0-213.201.229.255
213.201.234.0/23
213.201.238.0/23
Signature Algorithm: sha256WithRSAEncryption
62:13:e5:31:68:c4:20:dd:c3:cb:0a:bf:69:d8:05:87:8e:c6:
07:56:f0:02:61:6e:6f:35:28:f2:4c:57:76:3e:02:5f:98:f4:
1f:c9:4f:f1:a7:be:d3:56:05:0c:16:8f:5c:02:23:4e:23:fe:
15:8e:40:1a:f1:52:a5:31:4b:8d:e7:30:fc:46:b4:d7:9b:0c:
7b:83:7b:98:4a:83:84:b5:a1:f5:e2:2b:a7:a8:6e:3a:9b:cb:
fb:dc:23:95:09:2e:47:a3:44:b3:06:56:9d:98:1c:49:61:c5:
8c:93:1f:dc:ed:ac:50:09:75:32:c5:44:f9:30:17:06:14:41:
fa:0a:7d:8a:34:54:28:60:ea:b5:01:06:34:48:50:06:12:44:
2a:b0:03:6b:e6:9c:1a:6c:ea:34:45:88:61:1b:80:73:f2:47:
bd:fb:45:a8:fd:98:81:d1:6e:9e:07:0b:d8:28:fb:90:93:09:
5a:cd:04:4c:7b:13:23:3d:2f:11:53:53:3a:37:45:8e:9b:e6:
86:e1:41:86:18:1b:3a:e4:20:bd:fc:1a:6b:a2:b1:57:a6:42:
94:03:f3:72:f3:b4:24:2f:e4:6c:c9:de:91:b3:1c:85:21:61:
43:7c:61:80:35:23:db:e6:5c:b0:50:0c:98:a5:4b:bd:9c:56:
81:2f:b3:b7
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgISAZosDG2S7Zb7XM59l2pCXLPHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDI4MTgyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhjYzAzOWJhNTQ3NDkyNTgzYjUyNmQ2NmE1NTI0YWU5ZmViZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjGFQ+REeipedSKf3bkijaIa0OKz
OGZKMdZe3gy6szRuHm1Y0iueBihjI+bRipVXMbRP5yoSPa/JhIQWtHey/Ar33tmW
6pd+gSQ/yF3WmiSDYisNXPB1KUKCTNttlzpd+7hQmqujmNyT1sCmTBDHjIWAssSx
PTUTmqTtlE0W7KzK8SrWZKmzb2sQ+fO7aNzxaWvBuziwVp0IF9pbj5F3ygbHUd82
7MfdMggM0yCVR4QFRpDaNHhWjzHJhxa/Nap6d+nCf9ppF20vgG4z7UpYIhwyjTYt
jt+u3tXNZmQhc1V84DJucuvs/rBU4EQSq4P8AcXemahaBShxHGz1pbFwCwIDAQAB
o4IDPTCCAzkwHQYDVR0OBBYEFB+MwDm6VHSSWDtSbWalUkrp/r6yMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvSDR6QU9icFVkSkpZTzFKdFpxVlNTdW4tdnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBUQYIKwYBBQUHAQcBAf8EggFAMIIBPDCCATgEAgABMIIB
MAMEAD7AcTAMAwQBXEcCAwQBXEcEMAwDBAFcRxoDBAVcRwADBAFcRyQwDAMEBFxH
MAMEAlxHOAMEAVxHPgMEAIfEBAMEAYfEGAMEAYfEHAMEAYfEWAMEAYfEZgMEAofE
bAMEAYfEhAMEAofEkAMEAYfEnAMEAYfEpAMEAYfErAMEAYfEsAMEAIfEygMEAIfE
zAMEAMNW3wMEANXJjAMEANXJlAMEAdXJmgMEANXJngMEANXJowMEAdXJpgMEANXJ
qwMEAdXJrgMEANXJswMEAdXJtgMEAdXJugMEAdXJvjAMAwQB1cnCAwQA1cnGAwQA
1cnIAwQA1cnKAwQA1cnMAwQB1cnQAwQB1cnWAwQB1cnaAwQB1cneMAwDBAHVyeID
BAHVyeQDBAHVyeoDBAHVye4wDQYJKoZIhvcNAQELBQADggEBAGIT5TFoxCDdw8sK
v2nYBYeOxgdW8AJhbm81KPJMV3Y+Al+Y9B/JT/GnvtNWBQwWj1wCI04j/hWOQBrx
UqUxS43nMPxGtNebDHuDe5hKg4S1ofXiK6eobjqby/vcI5UJLkejRLMGVp2YHElh
xYyTH9ztrFAJdTLFRPkwFwYUQfoKfYo0VChg6rUBBjRIUAYSRCqwA2vmnBps6jRF
iGEbgHPyR737Raj9mIHRbp4HC9go+5CTCVrNBEx7EyM9LxFTUzo3RY6b5obhQYYY
GzrkIL38GmuisVemQpQD83LztCQv5GzJ3pGzHIUhYUN8YYA1I9vmXLBQDJilS72c
VoEvs7c=
-----END CERTIFICATE-----
Generated at Wed Nov 5 10:33:03 2025 by rpki-client