Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/632463-c2dc-4cb8-bc4f-2df99d8123b7/1/h4IDWh5GVC7RbE5zSCDWjjHj0_w.roa
File: h4IDWh5GVC7RbE5zSCDWjjHj0_w.roa (raw, json)
Hash identifier: mtJ3QHHj/MXmx1AqDIJUZFeqCYJYqfmAn/WwFLDw0/Q=
Subject key identifier: 87:82:03:5A:1E:46:54:2E:D1:6C:4E:73:48:20:D6:8E:31:E3:D3:FC
Certificate issuer: /CN=e95cc178cdf5ad9279939e5768ae8883ffbf35eb
Certificate serial: 019A0B5E4984E96A7140940615500FC02C55
Authority key identifier: E9:5C:C1:78:CD:F5:AD:92:79:93:9E:57:68:AE:88:83:FF:BF:35:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6VzBeM31rZJ5k55XaK6Ig_-_Nes.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/632463-c2dc-4cb8-bc4f-2df99d8123b7/1/h4IDWh5GVC7RbE5zSCDWjjHj0_w.roa
Signing time: Wed 22 Oct 2025 10:01:59 +0000
ROA not before: Wed 22 Oct 2025 10:01:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34557
IP address blocks: 85.9.128.0/18 maxlen: 18
85.9.128.0/24 maxlen: 24
85.9.129.0/24 maxlen: 24
85.9.130.0/24 maxlen: 24
85.9.131.0/24 maxlen: 24
85.9.132.0/24 maxlen: 24
85.9.133.0/24 maxlen: 24
85.9.137.0/24 maxlen: 24
85.9.140.0/24 maxlen: 24
85.9.141.0/24 maxlen: 24
85.9.142.0/24 maxlen: 24
85.9.144.0/24 maxlen: 24
85.9.145.0/24 maxlen: 24
85.9.147.0/24 maxlen: 24
85.9.148.0/24 maxlen: 24
85.9.149.0/24 maxlen: 24
85.9.152.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/632463-c2dc-4cb8-bc4f-2df99d8123b7/1/6VzBeM31rZJ5k55XaK6Ig_-_Nes.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/632463-c2dc-4cb8-bc4f-2df99d8123b7/1/6VzBeM31rZJ5k55XaK6Ig_-_Nes.mft
rsync://rpki.ripe.net/repository/DEFAULT/6VzBeM31rZJ5k55XaK6Ig_-_Nes.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 13:00:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0b:5e:49:84:e9:6a:71:40:94:06:15:50:0f:c0:2c:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e95cc178cdf5ad9279939e5768ae8883ffbf35eb
Validity
Not Before: Oct 22 10:01:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8782035a1e46542ed16c4e734820d68e31e3d3fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:25:5c:5e:c1:a5:93:85:ff:de:60:f7:cc:15:
08:65:55:11:bb:e6:da:97:9a:46:0f:db:f8:07:6d:
94:07:5d:f5:2e:15:b3:bd:2b:11:a6:d7:34:67:ed:
5a:4f:62:51:3c:4b:92:ee:8c:79:e8:a8:f0:37:24:
19:b6:91:28:9c:08:81:24:18:38:cc:11:b1:2a:24:
c7:df:6b:e6:43:17:bc:1a:e7:21:99:4d:ca:b1:fe:
af:41:6a:3b:0a:1f:96:4c:33:91:b4:c4:71:72:42:
ea:c2:5a:86:ae:13:34:9a:f8:83:7a:a6:95:90:22:
67:91:70:23:58:8c:9f:32:bf:f9:21:f6:b4:57:b6:
47:ac:bf:94:34:81:3b:d5:cc:ba:1c:84:5f:f5:9e:
99:6b:e3:0d:e6:10:00:bd:a3:83:15:46:4d:a9:bb:
d3:ae:52:bc:64:49:5a:36:79:50:76:ad:6a:0b:8a:
e6:44:6c:40:81:25:4d:00:9e:69:51:b2:39:fd:26:
dc:78:5d:77:da:a7:4e:03:dd:1e:1e:c6:00:32:57:
80:23:7a:0b:0f:4b:fc:13:39:94:de:d2:87:2a:0a:
de:b8:98:4c:84:56:22:af:b4:36:45:b9:c6:a4:50:
28:c8:65:0a:d0:bb:7b:09:35:35:f6:c1:d8:a7:b0:
91:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:82:03:5A:1E:46:54:2E:D1:6C:4E:73:48:20:D6:8E:31:E3:D3:FC
X509v3 Authority Key Identifier:
keyid:E9:5C:C1:78:CD:F5:AD:92:79:93:9E:57:68:AE:88:83:FF:BF:35:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6VzBeM31rZJ5k55XaK6Ig_-_Nes.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/632463-c2dc-4cb8-bc4f-2df99d8123b7/1/h4IDWh5GVC7RbE5zSCDWjjHj0_w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/632463-c2dc-4cb8-bc4f-2df99d8123b7/1/6VzBeM31rZJ5k55XaK6Ig_-_Nes.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.9.128.0/18
Signature Algorithm: sha256WithRSAEncryption
a4:64:9c:fc:7b:2d:10:65:d3:47:d6:91:fb:76:25:ed:b0:cd:
d5:ae:6f:09:2b:97:9b:52:18:89:2d:38:a0:a1:35:26:d5:da:
b0:8e:ae:3d:83:4e:19:57:ef:da:d4:4c:f9:67:30:0d:80:14:
74:e6:b4:a5:b9:8b:b5:23:37:2f:a2:1d:2e:33:eb:8a:5e:c7:
c4:18:02:06:d9:f1:ea:b7:7d:5a:7a:b4:91:0d:b9:2a:3c:d2:
1b:bf:6f:80:ba:63:84:2e:8f:31:00:c0:f6:48:28:45:63:8c:
0a:53:70:38:56:05:dc:e8:25:59:74:19:2e:97:fb:34:0b:47:
49:23:fd:22:90:5e:5d:f7:94:07:f9:a8:b0:c3:77:26:9f:da:
b0:9d:a5:e9:83:66:19:c1:9f:b8:e4:c1:b3:7a:cc:63:0f:8e:
7b:8b:1a:1a:27:f1:06:73:d6:18:ea:d8:ac:14:50:7e:d5:f6:
47:62:ee:22:4e:5b:43:c6:fe:4c:9b:ca:59:b7:e9:75:5d:55:
da:12:29:c1:a7:e0:27:de:16:64:62:25:9f:3a:b8:82:f7:14:
78:ac:68:a9:60:26:11:69:44:87:2c:88:4e:39:bb:72:6e:80:
f4:ab:fc:f6:5f:b8:d6:2e:83:81:00:e8:f2:22:02:fb:5f:f1:
62:5f:5a:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoLXkmE6WpxQJQGFVAPwCxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NWNjMTc4Y2RmNWFkOTI3OTkzOWU1NzY4YWU4ODgzZmZi
ZjM1ZWIwHhcNMjUxMDIyMTAwMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzgyMDM1YTFlNDY1NDJlZDE2YzRlNzM0ODIwZDY4ZTMxZTNkM2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyVcXsGlk4X/3mD3zBUIZVURu+ba
l5pGD9v4B22UB131LhWzvSsRptc0Z+1aT2JRPEuS7ox56KjwNyQZtpEonAiBJBg4
zBGxKiTH32vmQxe8GuchmU3Ksf6vQWo7Ch+WTDORtMRxckLqwlqGrhM0mviDeqaV
kCJnkXAjWIyfMr/5Ifa0V7ZHrL+UNIE71cy6HIRf9Z6Za+MN5hAAvaODFUZNqbvT
rlK8ZElaNnlQdq1qC4rmRGxAgSVNAJ5pUbI5/SbceF132qdOA90eHsYAMleAI3oL
D0v8EzmU3tKHKgreuJhMhFYir7Q2RbnGpFAoyGUK0Lt7CTU19sHYp7CR/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeCA1oeRlQu0WxOc0gg1o4x49P8MB8GA1UdIwQY
MBaAFOlcwXjN9a2SeZOeV2iuiIP/vzXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlZ6QmVNMzFyWko1azU1WGFLNklnXy1fTmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MzI0NjMtYzJkYy00Y2I4LWJjNGYt
MmRmOTlkODEyM2I3LzEvaDRJRFdoNUdWQzdSYkU1elNDRFdqakhqMF93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MzI0NjMtYzJkYy00Y2I4LWJjNGYtMmRmOTlkODEyM2I3
LzEvNlZ6QmVNMzFyWko1azU1WGFLNklnXy1fTmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGVQmAMA0G
CSqGSIb3DQEBCwUAA4IBAQCkZJz8ey0QZdNH1pH7diXtsM3Vrm8JK5ebUhiJLTig
oTUm1dqwjq49g04ZV+/a1Ez5ZzANgBR05rSluYu1Izcvoh0uM+uKXsfEGAIG2fHq
t31aerSRDbkqPNIbv2+AumOELo8xAMD2SChFY4wKU3A4VgXc6CVZdBkul/s0C0dJ
I/0ikF5d95QH+aiww3cmn9qwnaXpg2YZwZ+45MGzesxjD457ixoaJ/EGc9YY6tis
FFB+1fZHYu4iTltDxv5Mm8pZt+l1XVXaEinBp+An3hZkYiWfOriC9xR4rGipYCYR
aUSHLIhOObtyboD0q/z2X7jWLoOBAOjyIgL7X/FiX1o1
-----END CERTIFICATE-----
Generated at Tue Nov 4 23:04:34 2025 by rpki-client