Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/jsBiiqO96elZk6qxdgccAdoHxog.roa
File: jsBiiqO96elZk6qxdgccAdoHxog.roa (raw, json)
Hash identifier: IYCq5ah82YcQ+R6bceH6l39v/S6ihNf9xft3aBIDiOw=
Subject key identifier: 8E:C0:62:8A:A3:BD:E9:E9:59:93:AA:B1:76:07:1C:01:DA:07:C6:88
Certificate issuer: /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial: 019A17FA7CF5EAB4E942DA587003E5D9C1A0
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/jsBiiqO96elZk6qxdgccAdoHxog.roa
Signing time: Fri 24 Oct 2025 20:48:03 +0000
ROA not before: Fri 24 Oct 2025 20:48:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48449
IP address blocks: 185.160.194.0/24 maxlen: 24
185.160.195.0/24 maxlen: 24
185.169.220.0/24 maxlen: 24
185.169.221.0/24 maxlen: 24
185.169.222.0/24 maxlen: 24
185.169.223.0/24 maxlen: 24
2a14:80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:17:fa:7c:f5:ea:b4:e9:42:da:58:70:03:e5:d9:c1:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
Validity
Not Before: Oct 24 20:48:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8ec0628aa3bde9e95993aab176071c01da07c688
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:bb:d0:23:c1:d5:3d:05:4f:85:98:af:a2:cc:
32:bd:de:64:08:99:4f:0c:79:52:76:bf:3a:cd:1f:
41:36:45:5e:22:eb:f3:d0:3e:0b:e1:97:5b:0d:ff:
d7:5d:15:f3:ec:12:2b:87:1f:53:71:8a:7e:c8:f9:
ef:b9:37:2d:62:fc:e7:d3:19:7b:5f:d5:7e:ca:5c:
9d:42:5b:c6:43:e9:62:a0:d5:07:63:0a:b1:a1:f4:
6e:0d:86:68:6c:45:db:e6:d0:07:44:bb:4e:b6:81:
2e:8b:b8:be:62:9a:49:0c:1d:82:c1:1d:86:81:4f:
c0:99:7e:b9:70:90:28:30:a3:9c:e1:30:59:7a:b4:
25:f6:0a:4d:6f:3e:f4:c7:e9:7e:26:6c:dc:48:6b:
34:9a:4a:09:0b:ee:68:52:e7:c7:c5:cf:2f:fc:3d:
b1:e2:44:c3:55:78:8a:42:8b:ba:24:07:8d:95:de:
7b:d3:61:b6:c8:0b:84:70:d0:1a:57:07:7e:c9:bb:
38:e3:f5:fa:c1:f8:1e:58:3b:a8:4b:b2:78:c8:9c:
63:30:b6:26:01:40:06:aa:bf:a6:39:35:c4:b3:ef:
78:10:53:7e:27:66:5a:97:16:b0:33:33:ad:6d:50:
c7:78:74:6b:17:5a:49:45:42:73:e4:aa:44:56:9e:
bb:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:C0:62:8A:A3:BD:E9:E9:59:93:AA:B1:76:07:1C:01:DA:07:C6:88
X509v3 Authority Key Identifier:
keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/jsBiiqO96elZk6qxdgccAdoHxog.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.160.194.0/23
185.169.220.0/22
IPv6:
2a14:80::/48
Signature Algorithm: sha256WithRSAEncryption
9b:67:60:9a:3f:af:80:4e:df:77:97:36:2a:6d:dc:73:05:98:
b1:0e:3e:40:11:72:2c:8d:a5:c0:85:7d:ab:36:11:87:9d:1d:
03:53:49:6e:9a:3b:86:cf:d1:c6:79:33:96:b6:64:65:cd:de:
48:71:ba:3c:6c:89:b9:a0:db:16:13:5f:66:f1:95:52:c1:e2:
22:42:bf:26:fc:e1:a8:fb:f6:0e:82:96:c1:10:1e:16:99:d0:
66:cd:7e:6e:88:07:e0:c8:25:8b:e5:b3:00:fa:d9:f2:93:39:
5e:a8:1d:64:2c:b9:a8:d0:fa:50:7e:bb:52:c3:6f:5f:8a:b9:
a2:c3:00:fe:03:d6:05:f6:06:59:eb:62:b7:6f:c9:22:d1:96:
f2:de:1e:4f:7e:c5:b9:92:82:86:da:05:9b:c3:20:a6:e9:85:
f0:9c:a0:97:a1:a9:b7:02:52:84:4a:e5:89:1d:43:fd:15:cd:
d8:d4:59:d3:93:2a:ae:c5:5c:d9:a2:af:03:ed:a0:a5:c9:30:
44:23:82:82:60:51:7c:40:89:a6:cc:42:2d:17:c3:7b:32:08:
6d:a6:28:cb:3e:f7:3c:d6:00:2c:4a:21:11:2a:1a:e1:79:39:
c6:8d:49:a3:22:5b:07:2a:39:11:e4:c0:c2:6c:72:e8:3b:cf:
a3:9a:aa:b7
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZoX+nz16rTpQtpYcAPl2cGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjUxMDI0MjA0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWMwNjI4YWEzYmRlOWU5NTk5M2FhYjE3NjA3MWMwMWRhMDdjNjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7vQI8HVPQVPhZivoswyvd5kCJlP
DHlSdr86zR9BNkVeIuvz0D4L4ZdbDf/XXRXz7BIrhx9TcYp+yPnvuTctYvzn0xl7
X9V+ylydQlvGQ+lioNUHYwqxofRuDYZobEXb5tAHRLtOtoEui7i+YppJDB2CwR2G
gU/AmX65cJAoMKOc4TBZerQl9gpNbz70x+l+JmzcSGs0mkoJC+5oUufHxc8v/D2x
4kTDVXiKQou6JAeNld5702G2yAuEcNAaVwd+ybs44/X6wfgeWDuoS7J4yJxjMLYm
AUAGqr+mOTXEs+94EFN+J2ZalxawMzOtbVDHeHRrF1pJRUJz5KpEVp678QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFI7AYoqjvenpWZOqsXYHHAHaB8aIMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvanNCaWlxTzk2ZWxaazZxeGRnY2NBZG9IeG9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBuaDCAwQC
uancMA8EAgACMAkDBwAqFACAAAAwDQYJKoZIhvcNAQELBQADggEBAJtnYJo/r4BO
33eXNipt3HMFmLEOPkARciyNpcCFfas2EYedHQNTSW6aO4bP0cZ5M5a2ZGXN3khx
ujxsibmg2xYTX2bxlVLB4iJCvyb84aj79g6ClsEQHhaZ0GbNfm6IB+DIJYvlswD6
2fKTOV6oHWQsuajQ+lB+u1LDb1+KuaLDAP4D1gX2BlnrYrdvySLRlvLeHk9+xbmS
gobaBZvDIKbphfCcoJehqbcCUoRK5YkdQ/0VzdjUWdOTKq7FXNmirwPtoKXJMEQj
goJgUXxAiabMQi0Xw3syCG2mKMs+9zzWACxKIREqGuF5OcaNSaMiWwcqORHkwMJs
cug7z6Oaqrc=
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:31:06 2025 by rpki-client