Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/h_jTHer5Aq23wlLkPIW1wlKNXPE.roa
File: h_jTHer5Aq23wlLkPIW1wlKNXPE.roa (raw, json)
Hash identifier: nVtfZn1IYIFfisIxpB4xff8+atfWV/QRp+DmC3kUKFE=
Subject key identifier: 87:F8:D3:1D:EA:F9:02:AD:B7:C2:52:E4:3C:85:B5:C2:52:8D:5C:F1
Certificate issuer: /CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
Certificate serial: 019A26983F363E1CEA9F1E2BBC5F5BDC1569
Authority key identifier: DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/h_jTHer5Aq23wlLkPIW1wlKNXPE.roa
Signing time: Mon 27 Oct 2025 16:55:03 +0000
ROA not before: Mon 27 Oct 2025 16:55:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 136787
IP address blocks: 31.130.242.0/24 maxlen: 24
31.130.243.0/24 maxlen: 24
178.212.58.0/24 maxlen: 24
178.212.59.0/24 maxlen: 24
185.191.60.0/24 maxlen: 24
185.191.61.0/24 maxlen: 24
185.191.62.0/24 maxlen: 24
185.191.63.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.mft
rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 13:01:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:26:98:3f:36:3e:1c:ea:9f:1e:2b:bc:5f:5b:dc:15:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
Validity
Not Before: Oct 27 16:55:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=87f8d31deaf902adb7c252e43c85b5c2528d5cf1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:cd:96:c1:65:82:b6:82:99:2f:f8:ef:51:ba:
23:31:1e:d0:e8:00:77:53:b8:9c:4f:31:8b:f5:92:
26:77:45:bc:75:1d:f9:93:0f:e2:54:4d:e6:3e:53:
2e:14:de:73:4b:a4:ae:83:90:42:06:d7:c0:a2:ac:
0d:af:9f:cf:23:05:42:cc:3d:00:47:59:15:c6:53:
d5:fd:13:cb:71:fd:e3:0f:6f:c2:4a:27:97:89:ea:
1b:0b:2d:22:73:23:93:d4:4f:27:45:ff:a6:4f:66:
55:70:7c:96:b5:69:86:a5:bd:b2:32:22:c7:c4:4e:
d1:4f:a8:c1:37:96:d1:ec:5e:9c:27:c2:dc:18:6e:
dd:10:c8:fb:f3:45:f2:23:97:ed:17:7c:30:9b:7f:
f2:ec:78:3a:fa:09:10:cc:a0:2f:a1:4f:4e:56:09:
5a:49:df:c9:1d:ee:9c:4d:66:e2:db:02:b7:1e:63:
ef:2d:44:a2:36:a5:df:d7:8c:68:b0:dc:37:50:3b:
21:5a:8c:22:46:2e:9c:71:ec:69:df:bb:0c:92:19:
66:85:ee:a6:78:42:b2:81:ae:4a:c7:8a:b0:c6:b4:
9c:36:22:46:64:7a:76:95:4f:72:ab:f1:39:9c:62:
c4:e5:80:0b:5d:2f:fd:b0:0c:04:8e:c8:a9:74:63:
ac:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:F8:D3:1D:EA:F9:02:AD:B7:C2:52:E4:3C:85:B5:C2:52:8D:5C:F1
X509v3 Authority Key Identifier:
keyid:DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/h_jTHer5Aq23wlLkPIW1wlKNXPE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.130.242.0/23
178.212.58.0/23
185.191.60.0/22
Signature Algorithm: sha256WithRSAEncryption
4d:c4:8e:e1:dc:be:2b:47:4a:8c:3e:64:97:de:7d:c9:bd:94:
a0:cf:20:ae:f6:1a:da:09:5f:86:c0:33:74:b7:b8:12:65:35:
7b:32:13:13:67:43:cb:84:46:98:4b:92:5d:f4:fe:62:93:e5:
ce:17:27:d2:bb:72:d2:e7:77:7b:a7:49:fa:95:1e:d5:b3:b6:
a1:ec:a9:15:6e:c5:95:79:0a:c8:cc:0d:8e:f3:f4:d8:97:46:
04:a6:59:6c:9f:16:8d:8a:44:ae:a0:f4:a2:0a:5e:3e:29:71:
75:dc:a6:af:6f:e1:23:d8:3e:d7:b8:b6:88:2c:2a:bd:e9:63:
a3:dd:b1:d5:a3:1f:be:af:2e:34:a0:c0:80:cf:89:6b:80:fb:
67:05:f3:d9:35:36:01:4d:87:36:bc:80:90:20:16:85:5b:cb:
a9:7a:f2:c3:7e:db:b7:60:71:30:5c:8c:1e:15:ba:84:4d:cf:
08:c8:e7:de:e0:a8:2e:d0:05:bd:0c:58:f1:5b:c4:38:ee:db:
15:6f:79:2a:ac:bb:fe:1a:73:02:35:0c:b1:7b:9e:3e:b5:c7:
04:26:46:ec:c5:3c:59:16:5f:4e:88:53:07:b5:89:dd:d1:75:
6f:06:37:dd:ea:0c:bd:e3:7b:da:31:fb:ba:3a:7a:f2:2e:e5:
bf:c2:c7:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZommD82Phzqnx4rvF9b3BVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYmU2ZTBhZGFlOGJiNDc4MzkzYWFiMTc1YjYzODY0NGM3
NGNjYjcwHhcNMjUxMDI3MTY1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Y4ZDMxZGVhZjkwMmFkYjdjMjUyZTQzYzg1YjVjMjUyOGQ1Y2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy82WwWWCtoKZL/jvUbojMR7Q6AB3
U7icTzGL9ZImd0W8dR35kw/iVE3mPlMuFN5zS6Sug5BCBtfAoqwNr5/PIwVCzD0A
R1kVxlPV/RPLcf3jD2/CSieXieobCy0icyOT1E8nRf+mT2ZVcHyWtWmGpb2yMiLH
xE7RT6jBN5bR7F6cJ8LcGG7dEMj780XyI5ftF3wwm3/y7Hg6+gkQzKAvoU9OVgla
Sd/JHe6cTWbi2wK3HmPvLUSiNqXf14xosNw3UDshWowiRi6ccexp37sMkhlmhe6m
eEKyga5Kx4qwxrScNiJGZHp2lU9yq/E5nGLE5YALXS/9sAwEjsipdGOscwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIf40x3q+QKtt8JS5DyFtcJSjVzxMB8GA1UdIwQY
MBaAFN2+bgra6LtHg5OqsXW2OGRMdMy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjkt
NmJhYTNiNTQ4ZDIzLzEvaF9qVEhlcjVBcTIzd2xMa1BJVzF3bEtOWFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjktNmJhYTNiNTQ4ZDIz
LzEvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBH4LyAwQB
stQ6AwQCub88MA0GCSqGSIb3DQEBCwUAA4IBAQBNxI7h3L4rR0qMPmSX3n3JvZSg
zyCu9hraCV+GwDN0t7gSZTV7MhMTZ0PLhEaYS5Jd9P5ik+XOFyfSu3LS53d7p0n6
lR7Vs7ah7KkVbsWVeQrIzA2O8/TYl0YEpllsnxaNikSuoPSiCl4+KXF13Kavb+Ej
2D7XuLaILCq96WOj3bHVox++ry40oMCAz4lrgPtnBfPZNTYBTYc2vICQIBaFW8up
evLDftu3YHEwXIweFbqETc8IyOfe4Kgu0AW9DFjxW8Q47tsVb3kqrLv+GnMCNQyx
e54+tccEJkbsxTxZFl9OiFMHtYnd0XVvBjfd6gy943vaMfu6OnryLuW/wsdu
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:54:23 2025 by rpki-client