Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/5Fh8wLq-vAfdSqECF1o7u7so-j4.roa
File: 5Fh8wLq-vAfdSqECF1o7u7so-j4.roa (raw, json)
Hash identifier: ZlARtLuw+Q8e0b7Jolz8g+1kXlsunG6VLot0JEG5Rcc=
Subject key identifier: E4:58:7C:C0:BA:BE:BC:07:DD:4A:A1:02:17:5A:3B:BB:BB:28:FA:3E
Certificate issuer: /CN=1074db96402ff5cf187564560ea8f13eeeb5ffeb
Certificate serial: 019A17F24022214B66615F56F5875D753233
Authority key identifier: 10:74:DB:96:40:2F:F5:CF:18:75:64:56:0E:A8:F1:3E:EE:B5:FF:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/5Fh8wLq-vAfdSqECF1o7u7so-j4.roa
Signing time: Fri 24 Oct 2025 20:39:03 +0000
ROA not before: Fri 24 Oct 2025 20:39:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8685
IP address blocks: 81.21.160.0/20 maxlen: 24
82.151.128.0/19 maxlen: 24
94.102.64.0/20 maxlen: 24
185.58.244.0/22 maxlen: 24
212.2.192.0/19 maxlen: 24
212.58.0.0/19 maxlen: 24
213.155.96.0/19 maxlen: 24
2a02:480::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.mft
rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:17:f2:40:22:21:4b:66:61:5f:56:f5:87:5d:75:32:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1074db96402ff5cf187564560ea8f13eeeb5ffeb
Validity
Not Before: Oct 24 20:39:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e4587cc0babebc07dd4aa102175a3bbbbb28fa3e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:20:e2:75:a3:d6:13:91:85:13:ca:e6:81:28:
ca:26:6c:1b:d6:bf:25:4a:fc:26:64:72:c7:a7:3e:
a1:b2:0a:0c:e0:6c:50:5a:d9:d6:bd:47:05:32:e7:
70:67:8b:20:04:4d:0f:45:c9:d0:84:76:a1:39:73:
f5:13:32:ce:f7:61:a1:0f:6d:ef:ca:a4:18:fd:ac:
c9:72:f4:76:11:ab:b2:49:7c:d0:ee:10:dc:f8:85:
f7:27:db:43:50:9c:3a:28:5a:c6:c0:36:08:7f:82:
4b:11:91:b0:b8:67:b3:be:84:2d:28:02:72:f7:d1:
89:ee:4e:1b:55:82:25:4e:33:2b:9a:f2:b5:e1:cf:
fc:31:b3:0b:e7:11:19:e6:b2:25:a3:e0:d9:3d:c1:
e1:67:c5:00:ad:b7:89:dc:3c:08:65:df:3f:f0:5d:
fd:a9:db:d7:ef:b4:7f:a7:d7:c2:80:f0:8b:72:b6:
b1:f9:47:18:c6:3b:a0:2b:25:9d:3a:ff:2f:8c:c4:
55:d5:d3:ac:b2:9a:cc:65:cc:bd:cb:c7:0e:16:f2:
1f:1b:b0:39:e3:d1:c8:07:ef:2b:8c:f3:c8:51:5b:
36:14:7d:0b:c1:70:0b:07:5f:c0:7f:ff:ef:8b:94:
53:6d:41:dc:11:e4:b2:f9:64:0e:1d:0e:b5:c7:ee:
5f:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:58:7C:C0:BA:BE:BC:07:DD:4A:A1:02:17:5A:3B:BB:BB:28:FA:3E
X509v3 Authority Key Identifier:
keyid:10:74:DB:96:40:2F:F5:CF:18:75:64:56:0E:A8:F1:3E:EE:B5:FF:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/5Fh8wLq-vAfdSqECF1o7u7so-j4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.160.0/20
82.151.128.0/19
94.102.64.0/20
185.58.244.0/22
212.2.192.0/19
212.58.0.0/19
213.155.96.0/19
IPv6:
2a02:480::/32
Signature Algorithm: sha256WithRSAEncryption
11:cf:ac:d5:14:92:54:93:0d:a3:4a:d0:93:ca:31:2e:be:e9:
46:e3:83:91:bc:33:25:28:af:93:71:8a:08:29:ab:cc:fc:57:
d0:0e:60:34:c2:fc:29:a0:75:b2:bc:3f:ba:6e:26:15:5e:9e:
a8:c2:56:c4:bc:f6:d7:2e:f3:cb:19:ee:8b:a7:c6:a2:27:6b:
fa:a3:3f:6a:5a:d4:a5:5c:fb:56:d1:12:00:dd:b1:e2:54:b6:
d9:c8:e7:31:ba:5b:41:52:ab:78:69:e7:0f:9b:71:6e:e8:bb:
73:f0:af:09:1e:f5:91:f9:c6:2a:59:7a:b7:96:61:5d:ff:b8:
13:b4:ea:de:36:65:b4:f6:46:3e:ea:08:b3:78:6c:4a:80:b3:
07:85:d8:51:6f:a7:89:5f:7b:be:1a:d7:7c:6e:cc:33:68:e6:
1b:4d:d4:7a:6b:c5:e6:a1:5f:9a:4f:e1:bc:0a:15:e6:ef:63:
44:ad:66:92:50:4e:aa:ce:d6:53:16:f0:b1:81:24:6c:69:ba:
0e:e5:c6:f9:49:ab:2d:b1:48:20:7c:d5:d2:74:3d:5c:a8:4b:
05:57:3d:52:f9:8f:d4:5c:49:fa:01:48:58:83:c1:dd:2a:b3:
f8:f3:4b:ac:60:f4:f4:b9:ad:4d:f1:2d:4e:22:75:8e:95:aa:
fa:9c:f1:c9
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZoX8kAiIUtmYV9W9YdddTIzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzRkYjk2NDAyZmY1Y2YxODc1NjQ1NjBlYThmMTNlZWVi
NWZmZWIwHhcNMjUxMDI0MjAzOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDU4N2NjMGJhYmViYzA3ZGQ0YWExMDIxNzVhM2JiYmJiMjhmYTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiDidaPWE5GFE8rmgSjKJmwb1r8l
SvwmZHLHpz6hsgoM4GxQWtnWvUcFMudwZ4sgBE0PRcnQhHahOXP1EzLO92GhD23v
yqQY/azJcvR2EauySXzQ7hDc+IX3J9tDUJw6KFrGwDYIf4JLEZGwuGezvoQtKAJy
99GJ7k4bVYIlTjMrmvK14c/8MbML5xEZ5rIlo+DZPcHhZ8UArbeJ3DwIZd8/8F39
qdvX77R/p9fCgPCLcrax+UcYxjugKyWdOv8vjMRV1dOssprMZcy9y8cOFvIfG7A5
49HIB+8rjPPIUVs2FH0LwXALB1/Af//vi5RTbUHcEeSy+WQOHQ61x+5fvwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFORYfMC6vrwH3UqhAhdaO7u7KPo+MB8GA1UdIwQY
MBaAFBB025ZAL/XPGHVkVg6o8T7utf/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhUYmxrQXY5YzhZZFdSV0RxanhQdTYxXy1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8xZTFkNjktMGJmZC00MGFmLTg4YjEt
YWI0MGI1OGEyODkyLzEvNUZoOHdMcS12QWZkU3FFQ0Yxbzd1N3NvLWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8xZTFkNjktMGJmZC00MGFmLTg4YjEtYWI0MGI1OGEyODky
LzEvRUhUYmxrQXY5YzhZZFdSV0RxanhQdTYxXy1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEURWgAwQF
UpeAAwQEXmZAAwQCuTr0AwQF1ALAAwQF1DoAAwQF1ZtgMA0EAgACMAcDBQAqAgSA
MA0GCSqGSIb3DQEBCwUAA4IBAQARz6zVFJJUkw2jStCTyjEuvulG44ORvDMlKK+T
cYoIKavM/FfQDmA0wvwpoHWyvD+6biYVXp6owlbEvPbXLvPLGe6Lp8aiJ2v6oz9q
WtSlXPtW0RIA3bHiVLbZyOcxultBUqt4aecPm3Fu6Ltz8K8JHvWR+cYqWXq3lmFd
/7gTtOreNmW09kY+6gizeGxKgLMHhdhRb6eJX3u+Gtd8bswzaOYbTdR6a8XmoV+a
T+G8ChXm72NErWaSUE6qztZTFvCxgSRsaboO5cb5SastsUggfNXSdD1cqEsFVz1S
+Y/UXEn6AUhYg8HdKrP480usYPT0ua1N8S1OInWOlar6nPHJ
-----END CERTIFICATE-----
Generated at Wed Nov 5 06:39:59 2025 by rpki-client