Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8631f5-54a2-486f-b9a5-081a1ae6ebd6/1/QdYCM-qh5Yk3hD7JDcUwBV0zQOE.roa
File: QdYCM-qh5Yk3hD7JDcUwBV0zQOE.roa (raw, json)
Hash identifier: dojllc59NZSm9Mz/NGxjdimG/qqIGOvM1pQ0q5KpNiE=
Subject key identifier: 41:D6:02:33:EA:A1:E5:89:37:84:3E:C9:0D:C5:30:05:5D:33:40:E1
Certificate issuer: /CN=b6fbc63ef5614a7ef95a106188e3d78755c687b9
Certificate serial: 019A1D0561D8E0BB55DE95C4B8F17572DD0A
Authority key identifier: B6:FB:C6:3E:F5:61:4A:7E:F9:5A:10:61:88:E3:D7:87:55:C6:87:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tvvGPvVhSn75WhBhiOPXh1XGh7k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8631f5-54a2-486f-b9a5-081a1ae6ebd6/1/QdYCM-qh5Yk3hD7JDcUwBV0zQOE.roa
Signing time: Sat 25 Oct 2025 20:18:03 +0000
ROA not before: Sat 25 Oct 2025 20:18:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204488
IP address blocks: 185.175.60.0/22 maxlen: 24
185.175.60.0/24 maxlen: 24
185.175.61.0/24 maxlen: 24
185.175.62.0/24 maxlen: 24
185.247.168.0/24 maxlen: 24
185.247.169.0/24 maxlen: 24
185.247.170.0/24 maxlen: 24
185.247.171.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/39/8631f5-54a2-486f-b9a5-081a1ae6ebd6/1/tvvGPvVhSn75WhBhiOPXh1XGh7k.crl
rsync://rpki.ripe.net/repository/DEFAULT/39/8631f5-54a2-486f-b9a5-081a1ae6ebd6/1/tvvGPvVhSn75WhBhiOPXh1XGh7k.mft
rsync://rpki.ripe.net/repository/DEFAULT/tvvGPvVhSn75WhBhiOPXh1XGh7k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 14:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:1d:05:61:d8:e0:bb:55:de:95:c4:b8:f1:75:72:dd:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b6fbc63ef5614a7ef95a106188e3d78755c687b9
Validity
Not Before: Oct 25 20:18:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=41d60233eaa1e58937843ec90dc530055d3340e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:2c:0e:5d:37:3c:da:06:0f:6b:37:9d:ca:c6:
e3:d3:07:d3:5c:a7:09:83:b7:1b:df:70:68:9c:dc:
72:6a:28:05:67:67:7e:3a:cc:af:56:61:36:80:46:
b7:c9:d9:91:ba:02:e2:3d:4e:15:ba:fa:24:6b:57:
b8:42:2d:09:60:77:74:d3:23:0b:fe:04:5d:90:ef:
0c:47:ce:82:97:67:ba:1a:d9:ba:2c:63:dc:dc:48:
f2:bd:be:34:c3:4d:df:1c:5d:c6:a7:8a:3c:d6:ba:
3c:5b:b9:4e:9f:35:03:6a:86:0b:16:e1:65:4b:4e:
7a:2b:3d:7d:8d:b0:e0:9b:99:54:e6:72:c2:75:ad:
b1:04:39:43:13:fb:3a:3c:84:e8:95:58:a5:40:e2:
f4:30:7d:8e:e0:11:70:7f:64:19:42:90:d1:d1:12:
93:45:d0:50:80:a1:5e:3f:aa:28:6b:ca:ab:9b:69:
0d:da:b4:e8:ca:4f:cc:a8:75:b3:87:2c:29:6e:88:
58:00:ef:70:50:f8:9d:ac:00:c0:41:c1:3e:88:ee:
b4:e7:15:4e:86:b1:bf:14:f2:df:1c:c2:fe:18:69:
0b:d5:76:02:ff:e3:86:33:3b:54:10:4b:ff:43:e8:
40:e7:74:22:1f:24:90:95:04:a2:d0:02:4c:19:43:
25:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:D6:02:33:EA:A1:E5:89:37:84:3E:C9:0D:C5:30:05:5D:33:40:E1
X509v3 Authority Key Identifier:
keyid:B6:FB:C6:3E:F5:61:4A:7E:F9:5A:10:61:88:E3:D7:87:55:C6:87:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvvGPvVhSn75WhBhiOPXh1XGh7k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8631f5-54a2-486f-b9a5-081a1ae6ebd6/1/QdYCM-qh5Yk3hD7JDcUwBV0zQOE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8631f5-54a2-486f-b9a5-081a1ae6ebd6/1/tvvGPvVhSn75WhBhiOPXh1XGh7k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.175.60.0/22
185.247.168.0/22
Signature Algorithm: sha256WithRSAEncryption
96:6a:72:0b:13:60:6f:10:4f:53:08:b4:4d:3b:ed:ae:1c:36:
17:0b:70:2d:62:8f:c0:af:d6:e7:2e:36:8d:dd:80:1f:28:50:
7a:f1:fc:6a:1b:17:88:e3:04:3d:2f:ef:af:16:f1:27:71:a1:
3b:e0:90:a1:92:4e:26:37:7d:a5:60:7e:e4:df:01:d8:ad:00:
cb:33:5e:9c:55:d2:56:26:b1:7a:a6:fb:fa:16:e7:f8:bb:ef:
09:2f:dc:a4:8e:9b:62:4b:32:fb:4e:e9:46:b9:23:95:f0:75:
c5:fd:4d:bd:7e:11:53:1e:73:2e:a0:64:6a:eb:81:db:b3:e2:
29:0e:96:ea:d1:4e:69:1d:d9:73:5a:f8:2a:13:1b:01:25:36:
3f:8d:44:10:aa:66:87:76:c4:ee:f6:1a:20:55:89:d2:90:19:
a9:64:25:23:53:15:1b:f0:8f:d3:ea:eb:e6:78:db:7c:a3:f8:
07:72:5f:a8:6a:84:b8:45:52:91:4a:fe:8b:9a:ee:f2:9c:4a:
63:18:19:47:25:01:bf:ea:89:3a:a2:5e:fb:08:b9:db:1b:7b:
1d:40:d2:f1:6e:7e:10:bf:3d:0d:2f:c6:85:a5:16:9e:57:96:
77:4f:32:95:fa:d4:e5:3e:4f:08:39:4a:3f:67:67:71:c5:f8:
2f:ad:27:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZodBWHY4LtV3pXEuPF1ct0KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZmJjNjNlZjU2MTRhN2VmOTVhMTA2MTg4ZTNkNzg3NTVj
Njg3YjkwHhcNMjUxMDI1MjAxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQ2MDIzM2VhYTFlNTg5Mzc4NDNlYzkwZGM1MzAwNTVkMzM0MGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCwOXTc82gYPazedysbj0wfTXKcJ
g7cb33BonNxyaigFZ2d+OsyvVmE2gEa3ydmRugLiPU4Vuvoka1e4Qi0JYHd00yML
/gRdkO8MR86Cl2e6Gtm6LGPc3Ejyvb40w03fHF3Gp4o81ro8W7lOnzUDaoYLFuFl
S056Kz19jbDgm5lU5nLCda2xBDlDE/s6PITolVilQOL0MH2O4BFwf2QZQpDR0RKT
RdBQgKFeP6ooa8qrm2kN2rToyk/MqHWzhywpbohYAO9wUPidrADAQcE+iO605xVO
hrG/FPLfHML+GGkL1XYC/+OGMztUEEv/Q+hA53QiHySQlQSi0AJMGUMllwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEHWAjPqoeWJN4Q+yQ3FMAVdM0DhMB8GA1UdIwQY
MBaAFLb7xj71YUp++VoQYYjj14dVxoe5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZ2R1B2VmhTbjc1V2hCaGlPUFhoMVhHaDdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84NjMxZjUtNTRhMi00ODZmLWI5YTUt
MDgxYTFhZTZlYmQ2LzEvUWRZQ00tcWg1WWszaEQ3SkRjVXdCVjB6UU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84NjMxZjUtNTRhMi00ODZmLWI5YTUtMDgxYTFhZTZlYmQ2
LzEvdHZ2R1B2VmhTbjc1V2hCaGlPUFhoMVhHaDdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCua88AwQC
ufeoMA0GCSqGSIb3DQEBCwUAA4IBAQCWanILE2BvEE9TCLRNO+2uHDYXC3AtYo/A
r9bnLjaN3YAfKFB68fxqGxeI4wQ9L++vFvEncaE74JChkk4mN32lYH7k3wHYrQDL
M16cVdJWJrF6pvv6Fuf4u+8JL9ykjptiSzL7TulGuSOV8HXF/U29fhFTHnMuoGRq
64Hbs+IpDpbq0U5pHdlzWvgqExsBJTY/jUQQqmaHdsTu9hogVYnSkBmpZCUjUxUb
8I/T6uvmeNt8o/gHcl+oaoS4RVKRSv6Lmu7ynEpjGBlHJQG/6ok6ol77CLnbG3sd
QNLxbn4Qvz0NL8aFpRaeV5Z3TzKV+tTlPk8IOUo/Z2dxxfgvrSfP
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:02:35 2025 by rpki-client