Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/eGtm056yGQQg5bwWBW43RWWJI-o.roa
File: eGtm056yGQQg5bwWBW43RWWJI-o.roa (raw, json)
Hash identifier: zk7QR1QAvdxGxg/qd+ZTmDsXohO4v1GDABqIS9ZMrPw=
Subject key identifier: 78:6B:66:D3:9E:B2:19:04:20:E5:BC:16:05:6E:37:45:65:89:23:EA
Certificate issuer: /CN=cfb75191978866f1fc97f523c7dda40a88f7e777
Certificate serial: 019A359AB6C19BA9A4B22EE31320DF888DE8
Authority key identifier: CF:B7:51:91:97:88:66:F1:FC:97:F5:23:C7:DD:A4:0A:88:F7:E7:77
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z7dRkZeIZvH8l_Ujx92kCoj353c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/eGtm056yGQQg5bwWBW43RWWJI-o.roa
Signing time: Thu 30 Oct 2025 14:52:03 +0000
ROA not before: Thu 30 Oct 2025 14:52:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13150
IP address blocks: 85.255.16.0/24 maxlen: 24
85.255.17.0/24 maxlen: 24
85.255.19.0/24 maxlen: 24
85.255.20.0/24 maxlen: 24
85.255.21.0/24 maxlen: 24
85.255.22.0/24 maxlen: 24
85.255.23.0/24 maxlen: 24
85.255.24.0/24 maxlen: 24
85.255.25.0/24 maxlen: 24
85.255.26.0/24 maxlen: 24
85.255.27.0/24 maxlen: 24
85.255.28.0/24 maxlen: 24
85.255.29.0/24 maxlen: 24
85.255.30.0/24 maxlen: 24
85.255.31.0/24 maxlen: 24
159.117.224.0/24 maxlen: 24
159.117.225.0/24 maxlen: 24
159.117.226.0/24 maxlen: 24
159.117.227.0/24 maxlen: 24
159.117.229.0/24 maxlen: 24
159.117.230.0/24 maxlen: 24
159.117.232.0/24 maxlen: 24
185.114.120.0/24 maxlen: 24
185.114.121.0/24 maxlen: 24
185.114.122.0/24 maxlen: 24
185.114.123.0/24 maxlen: 24
209.206.0.0/24 maxlen: 24
209.206.1.0/24 maxlen: 24
209.206.2.0/24 maxlen: 24
209.206.3.0/24 maxlen: 24
209.206.4.0/24 maxlen: 24
209.206.5.0/24 maxlen: 24
209.206.6.0/24 maxlen: 24
209.206.7.0/24 maxlen: 24
209.206.8.0/24 maxlen: 24
209.206.9.0/24 maxlen: 24
209.206.10.0/24 maxlen: 24
209.206.11.0/24 maxlen: 24
209.206.12.0/24 maxlen: 24
209.206.13.0/24 maxlen: 24
209.206.14.0/24 maxlen: 24
209.206.15.0/24 maxlen: 24
209.206.16.0/24 maxlen: 24
209.206.17.0/24 maxlen: 24
209.206.18.0/24 maxlen: 24
209.206.19.0/24 maxlen: 24
209.206.20.0/24 maxlen: 24
209.206.21.0/24 maxlen: 24
209.206.22.0/24 maxlen: 24
209.206.23.0/24 maxlen: 24
209.206.24.0/24 maxlen: 24
209.206.25.0/24 maxlen: 24
209.206.26.0/24 maxlen: 24
209.206.27.0/24 maxlen: 24
209.206.28.0/24 maxlen: 24
209.206.29.0/24 maxlen: 24
209.206.30.0/24 maxlen: 24
209.206.31.0/24 maxlen: 24
216.252.177.0/24 maxlen: 24
216.252.178.0/24 maxlen: 24
216.252.179.0/24 maxlen: 24
216.252.180.0/24 maxlen: 24
216.252.181.0/24 maxlen: 24
216.252.182.0/24 maxlen: 24
216.252.183.0/24 maxlen: 24
216.252.184.0/24 maxlen: 24
216.252.185.0/24 maxlen: 24
216.252.186.0/24 maxlen: 24
216.252.187.0/24 maxlen: 24
216.252.189.0/24 maxlen: 24
216.252.190.0/24 maxlen: 24
216.252.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/z7dRkZeIZvH8l_Ujx92kCoj353c.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/z7dRkZeIZvH8l_Ujx92kCoj353c.mft
rsync://rpki.ripe.net/repository/DEFAULT/z7dRkZeIZvH8l_Ujx92kCoj353c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:35:9a:b6:c1:9b:a9:a4:b2:2e:e3:13:20:df:88:8d:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfb75191978866f1fc97f523c7dda40a88f7e777
Validity
Not Before: Oct 30 14:52:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=786b66d39eb2190420e5bc16056e3745658923ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:fc:b0:22:a3:58:f5:c0:40:69:cb:5f:61:21:
45:28:7d:83:a4:58:cf:b0:f8:44:9b:50:5d:e3:f1:
28:85:95:40:1b:4c:bc:7e:40:f3:a3:c6:22:8c:75:
58:90:57:39:2f:e4:5a:d9:c8:8c:56:18:d6:a5:fc:
6c:79:e9:46:49:15:3f:44:91:94:2b:a5:22:54:94:
bf:7d:49:c5:76:2b:a7:62:fa:24:20:00:9d:5f:eb:
26:9c:07:00:72:bf:e1:51:f9:06:16:31:1e:97:6e:
41:74:4f:a3:d2:50:58:e4:67:b9:91:57:68:3a:a5:
6c:d7:2e:e7:83:e4:be:21:2a:25:0c:d6:b7:26:dc:
4d:9e:31:49:e3:6c:60:c3:1a:0f:ec:6a:ff:76:3a:
9e:6f:bb:3b:5a:23:e5:c8:40:e9:77:af:de:1c:62:
cd:09:5c:07:bc:e7:af:81:d6:96:76:86:bb:aa:97:
b8:cb:70:32:ad:ba:20:39:e0:25:75:9b:bd:cb:32:
2a:d8:24:87:51:7f:22:3c:59:06:72:58:1f:23:a3:
f7:b6:b4:e3:ec:ab:91:81:a0:8f:a7:e1:aa:80:4e:
94:24:b9:37:40:4c:03:9b:f6:39:ae:d7:52:91:29:
1e:3d:d9:d9:27:55:c0:5e:36:b5:ac:c3:d7:38:64:
5f:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:6B:66:D3:9E:B2:19:04:20:E5:BC:16:05:6E:37:45:65:89:23:EA
X509v3 Authority Key Identifier:
keyid:CF:B7:51:91:97:88:66:F1:FC:97:F5:23:C7:DD:A4:0A:88:F7:E7:77
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z7dRkZeIZvH8l_Ujx92kCoj353c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/eGtm056yGQQg5bwWBW43RWWJI-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/z7dRkZeIZvH8l_Ujx92kCoj353c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.255.16.0/23
85.255.19.0-85.255.31.255
159.117.224.0/22
159.117.229.0-159.117.230.255
159.117.232.0/24
185.114.120.0/22
209.206.0.0/19
216.252.177.0-216.252.187.255
216.252.189.0-216.252.191.255
Signature Algorithm: sha256WithRSAEncryption
c1:83:a3:f3:58:d9:eb:1c:be:fb:52:99:ee:c7:fe:2c:e9:53:
e9:dc:49:ff:e6:d9:d4:2c:36:5c:60:66:a3:b7:c2:e0:bb:ec:
5c:1d:b4:a8:c3:5f:5c:6e:15:94:8b:aa:9a:69:03:32:fb:c6:
99:a7:fb:bd:e8:91:3c:c8:2e:c6:06:03:5e:a4:f8:a9:1d:b9:
16:b8:b2:ca:11:3e:98:a3:4b:bc:da:bc:37:39:2d:68:11:e2:
c1:85:2d:cf:0c:90:f2:0c:b5:cc:7a:4d:90:49:1c:3a:21:f2:
fa:5d:95:0e:45:4f:3d:f9:28:36:27:c5:32:9e:72:38:84:47:
2d:50:8e:c2:97:8d:c0:1e:d8:c8:c4:f7:dc:e1:16:28:eb:8d:
4f:2d:dc:c4:8f:43:8c:ba:de:9f:a1:96:fc:2c:d1:a0:3e:dd:
35:ae:8e:35:81:af:ce:b3:95:64:a3:32:9c:57:44:28:73:d9:
1e:9b:c0:85:75:e5:5c:84:51:aa:7a:16:4c:69:86:94:2e:7b:
cc:38:67:04:19:d8:b3:34:50:ce:dc:b8:ab:bc:6b:82:b2:90:
c2:3a:b5:a7:8f:75:31:6f:91:c1:89:c4:1d:ed:74:8d:52:0d:
d6:ca:b1:59:de:a8:14:f8:20:6c:b3:eb:d9:fe:14:60:6e:31:
91:08:2d:7b
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZo1mrbBm6mksi7jEyDfiI3oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYjc1MTkxOTc4ODY2ZjFmYzk3ZjUyM2M3ZGRhNDBhODhm
N2U3NzcwHhcNMjUxMDMwMTQ1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODZiNjZkMzllYjIxOTA0MjBlNWJjMTYwNTZlMzc0NTY1ODkyM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/ywIqNY9cBAactfYSFFKH2DpFjP
sPhEm1Bd4/EohZVAG0y8fkDzo8YijHVYkFc5L+Ra2ciMVhjWpfxseelGSRU/RJGU
K6UiVJS/fUnFdiunYvokIACdX+smnAcAcr/hUfkGFjEel25BdE+j0lBY5Ge5kVdo
OqVs1y7ng+S+ISolDNa3JtxNnjFJ42xgwxoP7Gr/djqeb7s7WiPlyEDpd6/eHGLN
CVwHvOevgdaWdoa7qpe4y3AyrbogOeAldZu9yzIq2CSHUX8iPFkGclgfI6P3trTj
7KuRgaCPp+GqgE6UJLk3QEwDm/Y5rtdSkSkePdnZJ1XAXja1rMPXOGRfBQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFHhrZtOeshkEIOW8FgVuN0VliSPqMB8GA1UdIwQY
MBaAFM+3UZGXiGbx/Jf1I8fdpAqI9+d3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejdkUmtaZUladkg4bF9Vang5MmtDb2ozNTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9iOTU3NWItYjdjMS00YzVjLTlkYWIt
YzE5OWM3YjRjYWMyLzEvZUd0bTA1NnlHUVFnNWJ3V0JXNDNSV1dKSS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9iOTU3NWItYjdjMS00YzVjLTlkYWItYzE5OWM3YjRjYWMy
LzEvejdkUmtaZUladkg4bF9Vang5MmtDb2ozNTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQBVf8QMAwD
BABV/xMDBAVV/wADBAKfdeAwDAMEAJ915QMEAJ915gMEAJ916AMEArlyeAMEBdHO
ADAMAwQA2PyxAwQC2Py4MAwDBADY/L0DBAbY/IAwDQYJKoZIhvcNAQELBQADggEB
AMGDo/NY2escvvtSme7H/izpU+ncSf/m2dQsNlxgZqO3wuC77FwdtKjDX1xuFZSL
qpppAzL7xpmn+73okTzILsYGA16k+KkduRa4ssoRPpijS7zavDc5LWgR4sGFLc8M
kPIMtcx6TZBJHDoh8vpdlQ5FTz35KDYnxTKecjiERy1QjsKXjcAe2MjE99zhFijr
jU8t3MSPQ4y63p+hlvws0aA+3TWujjWBr86zlWSjMpxXRChz2R6bwIV15VyEUap6
FkxphpQue8w4ZwQZ2LM0UM7cuKu8a4KykMI6taePdTFvkcGJxB3tdI1SDdbKsVne
qBT4IGyz69n+FGBuMZEILXs=
-----END CERTIFICATE-----
Generated at Tue Nov 4 15:04:24 2025 by rpki-client