Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/e8ebd6-561d-42af-bb36-5201a23d7a49/1/Z038aIKVZFkliOLrONmNXUN2Hdg.roa
File: Z038aIKVZFkliOLrONmNXUN2Hdg.roa (raw, json)
Hash identifier: s807DAxekCk/MvXWajffM24Fq3Cec41ZsJWJ0yNVDbs=
Subject key identifier: 67:4D:FC:68:82:95:64:59:25:88:E2:EB:38:D9:8D:5D:43:76:1D:D8
Certificate issuer: /CN=24f51bbdf01088d34c6baaeef86bda25a9f02196
Certificate serial: 019A48AB649D39E6A0D959D40B833B2E1D43
Authority key identifier: 24:F5:1B:BD:F0:10:88:D3:4C:6B:AA:EE:F8:6B:DA:25:A9:F0:21:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JPUbvfAQiNNMa6ru-GvaJanwIZY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9f/e8ebd6-561d-42af-bb36-5201a23d7a49/1/Z038aIKVZFkliOLrONmNXUN2Hdg.roa
Signing time: Mon 03 Nov 2025 07:43:03 +0000
ROA not before: Mon 03 Nov 2025 07:43:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 262287
IP address blocks: 85.198.32.0/24 maxlen: 24
85.198.33.0/24 maxlen: 24
85.198.37.0/24 maxlen: 24
85.198.40.0/24 maxlen: 24
85.198.44.0/24 maxlen: 24
85.198.45.0/24 maxlen: 24
85.198.47.0/24 maxlen: 24
91.123.8.0/24 maxlen: 24
91.123.10.0/24 maxlen: 24
91.123.11.0/24 maxlen: 24
190.106.183.0/24 maxlen: 24
206.195.140.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9f/e8ebd6-561d-42af-bb36-5201a23d7a49/1/JPUbvfAQiNNMa6ru-GvaJanwIZY.crl
rsync://rpki.ripe.net/repository/DEFAULT/9f/e8ebd6-561d-42af-bb36-5201a23d7a49/1/JPUbvfAQiNNMa6ru-GvaJanwIZY.mft
rsync://rpki.ripe.net/repository/DEFAULT/JPUbvfAQiNNMa6ru-GvaJanwIZY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:48:ab:64:9d:39:e6:a0:d9:59:d4:0b:83:3b:2e:1d:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=24f51bbdf01088d34c6baaeef86bda25a9f02196
Validity
Not Before: Nov 3 07:43:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=674dfc68829564592588e2eb38d98d5d43761dd8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:ab:f1:25:2e:c3:1a:9c:b0:e8:6b:82:77:ba:
1b:90:3c:81:74:3c:84:08:c2:f9:cf:e3:93:f4:c3:
1b:bf:9a:0f:4a:40:83:c3:36:76:9a:ca:68:37:3f:
db:fa:6f:16:7f:bf:9f:27:16:35:a7:87:b0:86:64:
e3:4e:a7:5a:6b:d0:bb:91:2e:7a:38:e8:86:b1:1e:
83:3e:ca:ae:e8:f3:05:bf:37:79:f7:3e:38:3b:77:
c8:3d:d5:54:f6:e2:37:62:44:a6:56:84:18:8d:d4:
b5:39:1a:f0:99:65:2e:cd:ff:d9:65:28:c6:49:f6:
d3:65:3d:14:bb:a3:9a:4e:db:20:db:46:ce:6e:9d:
5d:c0:61:11:8d:d8:ac:bf:2f:c0:d9:6d:83:ee:a3:
1f:e1:d8:1b:55:74:69:c6:91:a3:0e:56:2a:36:81:
2a:b0:9a:0e:63:55:85:fa:04:55:be:f2:cf:73:ae:
6e:22:ba:38:ff:c2:96:fa:e1:85:4f:36:57:09:f5:
37:3c:41:38:8e:ae:62:36:6e:59:5e:71:8b:37:89:
b9:45:c1:00:45:e7:f4:18:41:bf:8b:38:4f:ec:16:
f5:96:da:f6:3b:41:7b:18:7a:9d:3c:78:ad:37:6e:
c7:0d:68:b7:64:d8:62:07:0c:20:7e:db:f3:d0:dd:
07:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:4D:FC:68:82:95:64:59:25:88:E2:EB:38:D9:8D:5D:43:76:1D:D8
X509v3 Authority Key Identifier:
keyid:24:F5:1B:BD:F0:10:88:D3:4C:6B:AA:EE:F8:6B:DA:25:A9:F0:21:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JPUbvfAQiNNMa6ru-GvaJanwIZY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/e8ebd6-561d-42af-bb36-5201a23d7a49/1/Z038aIKVZFkliOLrONmNXUN2Hdg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/e8ebd6-561d-42af-bb36-5201a23d7a49/1/JPUbvfAQiNNMa6ru-GvaJanwIZY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.198.32.0/23
85.198.37.0/24
85.198.40.0/24
85.198.44.0/23
85.198.47.0/24
91.123.8.0/24
91.123.10.0/23
190.106.183.0/24
206.195.140.0/24
Signature Algorithm: sha256WithRSAEncryption
d0:16:81:67:62:a5:9e:61:92:d6:c8:c2:0a:a0:2a:88:79:12:
30:7e:3e:ef:90:ad:a0:76:f1:c0:12:1e:f6:85:b5:db:12:72:
ac:18:90:c8:9c:90:e4:27:f4:86:31:9b:89:53:68:22:cb:d2:
8a:dd:fb:a5:44:92:ca:49:13:3e:55:68:7d:65:53:77:b2:82:
93:1f:82:e8:eb:e9:2f:32:89:10:92:d3:3c:0f:a2:73:38:00:
68:92:a1:47:9b:fb:9c:63:34:7f:30:01:0b:2b:3e:5d:b2:42:
e3:be:32:e1:4f:e2:0c:1c:f9:1d:94:d6:2b:36:e8:71:47:53:
e9:a3:36:0d:0e:0b:79:55:e3:42:c1:1e:4b:04:11:eb:58:66:
c1:2c:17:c2:66:04:98:31:12:a1:8c:e9:e1:f7:b9:25:d6:b2:
25:bf:cb:da:85:ff:f0:17:63:c1:e3:85:5f:2b:7e:27:2c:f2:
6a:ae:b8:96:04:72:a5:81:bc:c2:03:5b:b2:c0:de:40:4f:fd:
d0:d6:70:f7:3b:9b:df:df:9b:f7:30:f9:9f:96:78:b0:67:c3:
27:94:f8:9d:b4:1c:49:bf:f6:ed:15:bd:21:90:79:2a:9b:12:
a6:aa:24:5c:e4:91:77:56:f6:1f:80:01:50:a3:60:23:29:95:
81:86:cc:1b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZpIq2SdOeag2VnUC4M7Lh1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZjUxYmJkZjAxMDg4ZDM0YzZiYWFlZWY4NmJkYTI1YTlm
MDIxOTYwHhcNMjUxMTAzMDc0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzRkZmM2ODgyOTU2NDU5MjU4OGUyZWIzOGQ5OGQ1ZDQzNzYxZGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjavxJS7DGpyw6GuCd7obkDyBdDyE
CML5z+OT9MMbv5oPSkCDwzZ2mspoNz/b+m8Wf7+fJxY1p4ewhmTjTqdaa9C7kS56
OOiGsR6DPsqu6PMFvzd59z44O3fIPdVU9uI3YkSmVoQYjdS1ORrwmWUuzf/ZZSjG
SfbTZT0Uu6OaTtsg20bObp1dwGERjdisvy/A2W2D7qMf4dgbVXRpxpGjDlYqNoEq
sJoOY1WF+gRVvvLPc65uIro4/8KW+uGFTzZXCfU3PEE4jq5iNm5ZXnGLN4m5RcEA
Ref0GEG/izhP7Bb1ltr2O0F7GHqdPHitN27HDWi3ZNhiBwwgftvz0N0H0wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGdN/GiClWRZJYji6zjZjV1Ddh3YMB8GA1UdIwQY
MBaAFCT1G73wEIjTTGuq7vhr2iWp8CGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlBVYnZmQVFpTk5NYTZydS1HdmFKYW53SVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9lOGViZDYtNTYxZC00MmFmLWJiMzYt
NTIwMWEyM2Q3YTQ5LzEvWjAzOGFJS1ZaRmtsaU9Mck9ObU5YVU4ySGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9lOGViZDYtNTYxZC00MmFmLWJiMzYtNTIwMWEyM2Q3YTQ5
LzEvSlBVYnZmQVFpTk5NYTZydS1HdmFKYW53SVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBVcYgAwQA
VcYlAwQAVcYoAwQBVcYsAwQAVcYvAwQAW3sIAwQBW3sKAwQAvmq3AwQAzsOMMA0G
CSqGSIb3DQEBCwUAA4IBAQDQFoFnYqWeYZLWyMIKoCqIeRIwfj7vkK2gdvHAEh72
hbXbEnKsGJDInJDkJ/SGMZuJU2giy9KK3fulRJLKSRM+VWh9ZVN3soKTH4Lo6+kv
MokQktM8D6JzOABokqFHm/ucYzR/MAELKz5dskLjvjLhT+IMHPkdlNYrNuhxR1Pp
ozYNDgt5VeNCwR5LBBHrWGbBLBfCZgSYMRKhjOnh97kl1rIlv8vahf/wF2PB44Vf
K34nLPJqrriWBHKlgbzCA1uywN5AT/3Q1nD3O5vf35v3MPmflniwZ8MnlPidtBxJ
v/btFb0hkHkqmxKmqiRc5JF3VvYfgAFQo2AjKZWBhswb
-----END CERTIFICATE-----
Generated at Tue Nov 4 08:01:26 2025 by rpki-client