Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/bJq6ETjit8XTjbk2oJhGlWom8cM.roa
File: bJq6ETjit8XTjbk2oJhGlWom8cM.roa (raw, json)
Hash identifier: zn7CY4jZHhhwSZI7xV7Y9Ja2NslHPnbSuuGmdSXZLlU=
Subject key identifier: 6C:9A:BA:11:38:E2:B7:C5:D3:8D:B9:36:A0:98:46:95:6A:26:F1:C3
Certificate issuer: /CN=064dcd0ee7014efb2e3b554fbb706384ef11d051
Certificate serial: 019A34C2A70577A8279DE2676F29B19A109D
Authority key identifier: 06:4D:CD:0E:E7:01:4E:FB:2E:3B:55:4F:BB:70:63:84:EF:11:D0:51
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Bk3NDucBTvsuO1VPu3BjhO8R0FE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/bJq6ETjit8XTjbk2oJhGlWom8cM.roa
Signing time: Thu 30 Oct 2025 10:56:03 +0000
ROA not before: Thu 30 Oct 2025 10:56:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209830
IP address blocks: 193.135.120.0/22 maxlen: 22
193.135.123.0/24 maxlen: 24
193.141.23.0/24 maxlen: 24
193.141.24.0/24 maxlen: 24
2a09:fb00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/Bk3NDucBTvsuO1VPu3BjhO8R0FE.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/Bk3NDucBTvsuO1VPu3BjhO8R0FE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Bk3NDucBTvsuO1VPu3BjhO8R0FE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:34:c2:a7:05:77:a8:27:9d:e2:67:6f:29:b1:9a:10:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=064dcd0ee7014efb2e3b554fbb706384ef11d051
Validity
Not Before: Oct 30 10:56:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6c9aba1138e2b7c5d38db936a09846956a26f1c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:f5:b1:f6:5a:a3:4d:f1:72:05:39:53:8f:0f:
f0:34:82:a9:ce:10:22:5d:67:bb:8e:d8:76:09:17:
95:78:8c:3c:c2:dd:f4:47:80:b2:12:0b:e2:01:e9:
d9:f0:4f:8c:bf:80:38:ab:9e:a6:1a:8f:63:e1:34:
6f:67:fd:84:06:04:cd:0b:99:ff:60:9c:ad:a3:7b:
8c:e5:e3:20:d6:e5:8d:17:69:8e:b4:87:42:34:ee:
a1:1a:cd:30:0c:d5:c2:6c:a7:3d:cb:f0:16:b7:ba:
72:1d:03:f0:82:ab:8c:e9:e7:72:ca:9d:06:9c:52:
95:02:eb:fc:d9:74:98:67:47:2d:09:6f:5b:de:c0:
a1:3b:bc:b8:94:0d:91:55:da:83:c4:34:8b:63:cb:
9c:e7:43:3d:6c:cc:ba:da:73:6c:4c:b0:83:3d:f9:
b9:ee:38:8f:71:27:62:67:7d:2c:8f:ff:d5:5e:34:
b4:ad:a2:a1:92:e0:01:21:d4:b1:07:bd:ff:4e:f6:
15:7b:54:0e:2b:a7:88:1f:75:de:7f:a5:63:22:bc:
1a:f0:fb:c8:90:50:2d:d5:3c:0d:43:3f:d6:bc:92:
5f:73:53:f2:28:73:30:2d:0e:83:41:6b:fd:33:04:
e9:0d:c2:bc:11:77:ee:25:57:40:50:03:60:8b:6d:
14:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:9A:BA:11:38:E2:B7:C5:D3:8D:B9:36:A0:98:46:95:6A:26:F1:C3
X509v3 Authority Key Identifier:
keyid:06:4D:CD:0E:E7:01:4E:FB:2E:3B:55:4F:BB:70:63:84:EF:11:D0:51
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bk3NDucBTvsuO1VPu3BjhO8R0FE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/bJq6ETjit8XTjbk2oJhGlWom8cM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/dcb08c-5515-445c-ad99-fb4740fda250/1/Bk3NDucBTvsuO1VPu3BjhO8R0FE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.135.120.0/22
193.141.23.0-193.141.24.255
IPv6:
2a09:fb00::/29
Signature Algorithm: sha256WithRSAEncryption
b0:3c:9c:df:5c:01:57:1b:c5:85:a9:30:76:38:1c:4e:f6:fa:
54:34:3c:8c:e5:8b:b1:ad:b1:56:13:c2:ea:10:df:79:f9:d7:
71:bf:62:d4:08:cb:5b:8f:a0:e6:4d:18:41:db:bd:08:8c:fb:
03:68:9d:76:ee:d5:06:17:db:af:ac:78:8c:c3:07:37:de:6d:
26:d1:fe:f4:e1:91:19:4c:59:78:5a:21:6f:13:54:f6:a0:49:
8e:ae:08:e0:e0:29:7d:e1:89:92:b7:6c:2c:b4:bf:6e:52:96:
3c:6b:9f:b1:de:c0:9d:be:00:8f:55:df:0d:6b:55:5d:0c:fd:
9a:56:89:23:71:49:21:29:8e:e5:ab:3c:f8:a3:15:15:0d:df:
f6:58:21:e7:c3:a7:5b:80:dd:18:51:82:cf:fa:58:10:1a:3f:
4a:1d:25:fd:f1:f4:30:49:fa:05:98:d5:4c:6d:11:15:9c:e0:
16:f4:c4:51:82:62:62:6f:34:4f:0f:a0:23:ee:a2:04:00:41:
a9:3f:5a:1a:b0:d5:21:b8:15:d6:7e:ad:f7:44:17:4c:db:58:
ac:43:45:d8:1e:5d:79:79:e5:7f:38:ed:0c:58:e6:58:28:b7:
05:45:31:eb:2b:bb:d0:5a:af:5a:5d:7f:7a:fe:82:51:c7:d0:
af:2f:47:03
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZo0wqcFd6gnneJnbymxmhCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NGRjZDBlZTcwMTRlZmIyZTNiNTU0ZmJiNzA2Mzg0ZWYx
MWQwNTEwHhcNMjUxMDMwMTA1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzlhYmExMTM4ZTJiN2M1ZDM4ZGI5MzZhMDk4NDY5NTZhMjZmMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfWx9lqjTfFyBTlTjw/wNIKpzhAi
XWe7jth2CReVeIw8wt30R4CyEgviAenZ8E+Mv4A4q56mGo9j4TRvZ/2EBgTNC5n/
YJyto3uM5eMg1uWNF2mOtIdCNO6hGs0wDNXCbKc9y/AWt7pyHQPwgquM6edyyp0G
nFKVAuv82XSYZ0ctCW9b3sChO7y4lA2RVdqDxDSLY8uc50M9bMy62nNsTLCDPfm5
7jiPcSdiZ30sj//VXjS0raKhkuABIdSxB73/TvYVe1QOK6eIH3Xef6VjIrwa8PvI
kFAt1TwNQz/WvJJfc1PyKHMwLQ6DQWv9MwTpDcK8EXfuJVdAUANgi20UswIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFGyauhE44rfF0425NqCYRpVqJvHDMB8GA1UdIwQY
MBaAFAZNzQ7nAU77LjtVT7twY4TvEdBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmszTkR1Y0JUdnN1TzFWUHUzQmpoTzhSMEZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9kY2IwOGMtNTUxNS00NDVjLWFkOTkt
ZmI0NzQwZmRhMjUwLzEvYkpxNkVUaml0OFhUamJrMm9KaEdsV29tOGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9kY2IwOGMtNTUxNS00NDVjLWFkOTktZmI0NzQwZmRhMjUw
LzEvQmszTkR1Y0JUdnN1TzFWUHUzQmpoTzhSMEZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQCwYd4MAwD
BADBjRcDBADBjRgwDQQCAAIwBwMFAyoJ+wAwDQYJKoZIhvcNAQELBQADggEBALA8
nN9cAVcbxYWpMHY4HE72+lQ0PIzli7GtsVYTwuoQ33n513G/YtQIy1uPoOZNGEHb
vQiM+wNonXbu1QYX26+seIzDBzfebSbR/vThkRlMWXhaIW8TVPagSY6uCODgKX3h
iZK3bCy0v25Sljxrn7HewJ2+AI9V3w1rVV0M/ZpWiSNxSSEpjuWrPPijFRUN3/ZY
IefDp1uA3RhRgs/6WBAaP0odJf3x9DBJ+gWY1UxtERWc4Bb0xFGCYmJvNE8PoCPu
ogQAQak/Whqw1SG4FdZ+rfdEF0zbWKxDRdgeXXl55X847QxY5lgotwVFMesru9Ba
r1pdf3r+glHH0K8vRwM=
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:23:59 2025 by rpki-client