Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/139b38-5b24-407d-b17e-4ca35430dca3/1/EdGxyzJhjLRGTiLiEhh2um8kO1M.roa
File: EdGxyzJhjLRGTiLiEhh2um8kO1M.roa (raw, json)
Hash identifier: b/dInnyOZqyh5R7OUhwOIhatYHAF/06vb/nqosHRFis=
Subject key identifier: 11:D1:B1:CB:32:61:8C:B4:46:4E:22:E2:12:18:76:BA:6F:24:3B:53
Certificate issuer: /CN=80a333d13dc915f4fbfb61b25a4877e9138e7f1d
Certificate serial: 019A39D1348680D63CDAB8FAC7126DA6E078
Authority key identifier: 80:A3:33:D1:3D:C9:15:F4:FB:FB:61:B2:5A:48:77:E9:13:8E:7F:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gKMz0T3JFfT7-2GyWkh36ROOfx0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/139b38-5b24-407d-b17e-4ca35430dca3/1/EdGxyzJhjLRGTiLiEhh2um8kO1M.roa
Signing time: Fri 31 Oct 2025 10:30:03 +0000
ROA not before: Fri 31 Oct 2025 10:30:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209123
IP address blocks: 2.58.88.0/22 maxlen: 24
2.58.88.0/24 maxlen: 24
2.58.89.0/24 maxlen: 24
2.58.90.0/24 maxlen: 24
2.58.91.0/24 maxlen: 24
2a09:e340::/29 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/82/139b38-5b24-407d-b17e-4ca35430dca3/1/gKMz0T3JFfT7-2GyWkh36ROOfx0.crl
rsync://rpki.ripe.net/repository/DEFAULT/82/139b38-5b24-407d-b17e-4ca35430dca3/1/gKMz0T3JFfT7-2GyWkh36ROOfx0.mft
rsync://rpki.ripe.net/repository/DEFAULT/gKMz0T3JFfT7-2GyWkh36ROOfx0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:39:d1:34:86:80:d6:3c:da:b8:fa:c7:12:6d:a6:e0:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=80a333d13dc915f4fbfb61b25a4877e9138e7f1d
Validity
Not Before: Oct 31 10:30:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=11d1b1cb32618cb4464e22e2121876ba6f243b53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:e9:e9:68:9d:9f:00:84:39:81:70:86:aa:f1:
da:11:79:bf:b3:a9:87:a2:91:46:e7:19:42:be:41:
78:ea:23:7a:1f:36:b9:73:75:8b:fb:2c:f4:97:4b:
d4:bb:40:3a:b1:51:04:a4:41:af:3b:0a:35:15:26:
ea:12:eb:f1:9e:36:1c:90:62:1d:f2:97:86:9a:fe:
d8:4e:c5:ce:0d:09:e2:06:f0:c0:2a:76:1c:d2:ef:
9c:9e:0c:e2:c9:b6:2f:09:aa:53:5f:02:b2:f9:08:
37:ea:ef:dc:f2:ad:df:80:fc:40:9f:22:c3:09:31:
40:65:d9:ce:04:3b:db:62:e4:16:67:52:9d:7e:4a:
48:a0:e9:88:10:50:75:f8:8e:67:7a:f7:cb:aa:67:
2c:6a:35:e7:6d:6a:f1:d7:fb:50:14:4c:c3:52:db:
69:c1:99:41:ed:5a:78:13:20:59:c3:48:07:92:21:
15:15:99:96:a6:f1:17:8a:55:62:47:0d:83:70:ef:
8d:6d:a2:8f:f6:35:fc:33:fb:86:d0:a0:4c:62:04:
83:8c:84:63:4d:8f:f7:71:85:52:c5:6d:f0:8f:98:
bc:4b:c7:b7:5b:8c:00:c5:d8:3e:10:ae:41:17:02:
6b:31:96:a2:77:0c:05:43:b7:b7:ca:5a:0d:5b:84:
dc:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:D1:B1:CB:32:61:8C:B4:46:4E:22:E2:12:18:76:BA:6F:24:3B:53
X509v3 Authority Key Identifier:
keyid:80:A3:33:D1:3D:C9:15:F4:FB:FB:61:B2:5A:48:77:E9:13:8E:7F:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gKMz0T3JFfT7-2GyWkh36ROOfx0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/139b38-5b24-407d-b17e-4ca35430dca3/1/EdGxyzJhjLRGTiLiEhh2um8kO1M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/139b38-5b24-407d-b17e-4ca35430dca3/1/gKMz0T3JFfT7-2GyWkh36ROOfx0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.88.0/22
IPv6:
2a09:e340::/29
Signature Algorithm: sha256WithRSAEncryption
28:69:7b:37:f1:51:a0:c3:db:e6:0b:1e:b8:13:77:c7:37:f5:
b5:82:6a:a0:6b:50:36:c6:24:35:89:c3:8e:cd:35:f9:45:64:
33:b4:90:33:f7:b5:a4:e1:b3:02:7a:e4:66:3f:4c:4b:ad:6b:
3c:54:5a:a8:49:dd:94:38:1f:77:0d:db:fe:16:49:92:07:7f:
fb:37:85:38:ba:7c:f7:74:41:96:34:63:16:8f:7b:0e:c0:9c:
70:ae:6a:34:23:35:30:bf:b9:d4:08:5a:19:d5:a8:24:f3:8b:
6a:33:ec:9d:c8:36:0d:d5:61:13:e3:0e:51:2e:e8:92:2a:c2:
1b:d8:f7:c9:9f:bb:aa:eb:ea:55:8b:92:6e:d6:95:48:94:69:
cb:2a:e4:e9:17:1f:e2:ca:42:be:d1:e9:cc:5d:aa:9a:3e:c5:
c6:41:0a:18:a7:52:79:7a:53:86:c9:2a:5e:b2:dd:2d:a7:7b:
19:d8:a1:46:b7:f7:f9:d5:4f:e5:85:25:e6:9c:e8:ab:57:e8:
c7:96:be:c1:bc:f4:cd:fc:7e:28:71:55:b6:43:d1:ea:ad:c7:
b9:cb:37:2b:f1:7e:f1:6c:a3:b9:ad:b3:6d:26:9e:5b:c1:ae:
73:10:7b:88:f1:ef:c9:ae:ff:dd:b9:29:03:a0:9a:de:6e:00:
1c:e5:81:90
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZo50TSGgNY82rj6xxJtpuB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYTMzM2QxM2RjOTE1ZjRmYmZiNjFiMjVhNDg3N2U5MTM4
ZTdmMWQwHhcNMjUxMDMxMTAzMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWQxYjFjYjMyNjE4Y2I0NDY0ZTIyZTIxMjE4NzZiYTZmMjQzYjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+npaJ2fAIQ5gXCGqvHaEXm/s6mH
opFG5xlCvkF46iN6Hza5c3WL+yz0l0vUu0A6sVEEpEGvOwo1FSbqEuvxnjYckGId
8peGmv7YTsXODQniBvDAKnYc0u+cngziybYvCapTXwKy+Qg36u/c8q3fgPxAnyLD
CTFAZdnOBDvbYuQWZ1KdfkpIoOmIEFB1+I5nevfLqmcsajXnbWrx1/tQFEzDUttp
wZlB7Vp4EyBZw0gHkiEVFZmWpvEXilViRw2DcO+NbaKP9jX8M/uG0KBMYgSDjIRj
TY/3cYVSxW3wj5i8S8e3W4wAxdg+EK5BFwJrMZaidwwFQ7e3yloNW4Tc1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBHRscsyYYy0Rk4i4hIYdrpvJDtTMB8GA1UdIwQY
MBaAFICjM9E9yRX0+/thslpId+kTjn8dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0tNejBUM0pGZlQ3LTJHeVdraDM2Uk9PZngwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8xMzliMzgtNWIyNC00MDdkLWIxN2Ut
NGNhMzU0MzBkY2EzLzEvRWRHeHl6SmhqTFJHVGlMaUVoaDJ1bThrTzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8xMzliMzgtNWIyNC00MDdkLWIxN2UtNGNhMzU0MzBkY2Ez
LzEvZ0tNejBUM0pGZlQ3LTJHeVdraDM2Uk9PZngwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCAjpYMA0E
AgACMAcDBQMqCeNAMA0GCSqGSIb3DQEBCwUAA4IBAQAoaXs38VGgw9vmCx64E3fH
N/W1gmqga1A2xiQ1icOOzTX5RWQztJAz97Wk4bMCeuRmP0xLrWs8VFqoSd2UOB93
Ddv+FkmSB3/7N4U4unz3dEGWNGMWj3sOwJxwrmo0IzUwv7nUCFoZ1agk84tqM+yd
yDYN1WET4w5RLuiSKsIb2PfJn7uq6+pVi5Ju1pVIlGnLKuTpFx/iykK+0enMXaqa
PsXGQQoYp1J5elOGySpest0tp3sZ2KFGt/f51U/lhSXmnOirV+jHlr7BvPTN/H4o
cVW2Q9Hqrce5yzcr8X7xbKO5rbNtJp5bwa5zEHuI8e/Jrv/duSkDoJrebgAc5YGQ
-----END CERTIFICATE-----
Generated at Wed Nov 5 09:24:51 2025 by rpki-client