Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/3VsH5M8xmy0GM7UGE6YfmWbDfcQ.roa
File: 3VsH5M8xmy0GM7UGE6YfmWbDfcQ.roa (raw, json)
Hash identifier: UKL3FXgHNKgcL6OPpuvJ6oAkjzAOfKb2IvMh0S3QyuQ=
Subject key identifier: DD:5B:07:E4:CF:31:9B:2D:06:33:B5:06:13:A6:1F:99:66:C3:7D:C4
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 019A3188D913648FAD4A80C0DE600F990FE2
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/3VsH5M8xmy0GM7UGE6YfmWbDfcQ.roa
Signing time: Wed 29 Oct 2025 19:54:03 +0000
ROA not before: Wed 29 Oct 2025 19:54:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 400992
IP address blocks: 45.159.79.0/24 maxlen: 24
185.121.12.0/24 maxlen: 24
185.121.15.0/24 maxlen: 24
185.232.205.0/24 maxlen: 24
185.236.25.0/24 maxlen: 24
185.236.26.0/24 maxlen: 24
185.236.27.0/24 maxlen: 24
185.245.34.0/24 maxlen: 24
185.245.35.0/24 maxlen: 24
185.250.180.0/24 maxlen: 24
193.17.183.0/24 maxlen: 24
194.48.142.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:31:88:d9:13:64:8f:ad:4a:80:c0:de:60:0f:99:0f:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Oct 29 19:54:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dd5b07e4cf319b2d0633b50613a61f9966c37dc4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:e7:57:16:f9:c9:d0:3a:0f:29:62:8b:00:25:
38:d2:89:1b:c3:21:a3:40:f8:df:7b:3b:e8:44:fe:
ad:2a:42:4b:e4:53:f7:d8:72:80:13:bd:8f:fe:33:
0c:7b:9b:e6:1a:ea:91:14:cf:95:f5:38:9c:db:55:
82:8e:0e:b5:d8:aa:6d:6b:d2:60:85:fe:71:2f:91:
74:0a:79:07:17:64:9c:04:bf:02:7a:c8:5a:dd:27:
81:b6:9e:e7:94:74:f2:1c:b2:1c:53:e8:6c:57:03:
5a:a8:12:9e:74:6f:b8:46:13:ba:3b:a1:62:a7:3b:
22:aa:61:b4:23:f2:ce:05:6c:83:bf:ce:dc:d5:27:
a8:b6:9f:2e:34:e7:50:8c:49:80:2f:a5:1b:a5:c1:
1e:ca:5e:a7:da:30:f7:51:8c:05:21:cb:53:e8:df:
d4:70:3c:ac:6c:aa:37:33:16:ed:27:95:60:f7:f7:
a5:fa:e9:30:a6:4e:fd:9d:1b:36:10:93:a9:86:40:
13:d9:d4:a0:35:0f:6a:bb:1f:66:ee:11:7c:e0:bc:
f0:5f:fc:59:dd:f3:ff:66:aa:fa:e3:ed:dd:5f:fc:
a2:ed:68:5d:7c:fe:88:a8:c8:11:c2:4f:b8:8d:eb:
69:c4:14:9b:52:02:44:4f:9b:5b:dd:cc:1b:45:45:
09:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:5B:07:E4:CF:31:9B:2D:06:33:B5:06:13:A6:1F:99:66:C3:7D:C4
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/3VsH5M8xmy0GM7UGE6YfmWbDfcQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.79.0/24
185.121.12.0/24
185.121.15.0/24
185.232.205.0/24
185.236.25.0-185.236.27.255
185.245.34.0/23
185.250.180.0/24
193.17.183.0/24
194.48.142.0/24
Signature Algorithm: sha256WithRSAEncryption
44:01:33:3d:ef:ad:65:70:47:5d:62:ff:7d:92:20:33:0a:d1:
fa:e5:f3:7e:12:8b:5a:70:cd:6f:ea:f6:26:26:ed:80:40:46:
11:05:10:b1:7f:c3:31:bb:7d:46:1d:a9:c1:2c:5d:26:54:df:
fc:db:83:d8:e4:d9:4d:f1:9b:02:ce:7f:06:03:5d:6d:da:7a:
e5:31:d7:d8:d6:3d:d4:f1:73:d1:b8:ab:a2:85:0a:be:d5:7f:
44:5d:37:39:63:e9:fc:30:1d:99:31:3f:67:4f:c6:ef:53:83:
f4:29:13:ad:f3:eb:75:85:3f:6f:b0:be:b2:b4:b2:1e:8e:e6:
a3:4b:ba:38:23:5d:eb:d9:e7:07:35:ac:14:a1:e6:89:1b:1c:
90:83:60:8d:e6:e4:d2:6f:29:4e:37:19:10:d6:e2:35:5e:75:
db:2a:6f:ef:4c:83:f4:ea:3e:f4:a8:38:79:29:43:0e:39:78:
c3:e0:c5:63:6b:4e:ce:d8:95:6f:22:18:66:d2:39:d3:49:e4:
5b:f4:8b:70:28:01:57:90:b6:d2:80:9b:10:8e:f1:09:10:0f:
42:b1:cb:58:4b:38:e7:ce:b6:d8:10:9c:dc:e9:fd:b0:12:f2:
92:a6:43:80:2a:f3:b5:7d:2b:5e:4a:b4:8c:06:f9:cc:0c:88:
ca:96:d8:38
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZoxiNkTZI+tSoDA3mAPmQ/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUxMDI5MTk1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDViMDdlNGNmMzE5YjJkMDYzM2I1MDYxM2E2MWY5OTY2YzM3ZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+dXFvnJ0DoPKWKLACU40okbwyGj
QPjfezvoRP6tKkJL5FP32HKAE72P/jMMe5vmGuqRFM+V9Tic21WCjg612Kpta9Jg
hf5xL5F0CnkHF2ScBL8Cesha3SeBtp7nlHTyHLIcU+hsVwNaqBKedG+4RhO6O6Fi
pzsiqmG0I/LOBWyDv87c1Seotp8uNOdQjEmAL6UbpcEeyl6n2jD3UYwFIctT6N/U
cDysbKo3MxbtJ5Vg9/el+ukwpk79nRs2EJOphkAT2dSgNQ9qux9m7hF84LzwX/xZ
3fP/Zqr64+3dX/yi7WhdfP6IqMgRwk+4jetpxBSbUgJET5tb3cwbRUUJLQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFN1bB+TPMZstBjO1BhOmH5lmw33EMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvM1ZzSDVNOHhteTBHTTdVR0U2WWZtV2JEZmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQALZ9PAwQA
uXkMAwQAuXkPAwQAuejNMAwDBAC57BkDBAK57BgDBAG59SIDBAC5+rQDBADBEbcD
BADCMI4wDQYJKoZIhvcNAQELBQADggEBAEQBMz3vrWVwR11i/32SIDMK0frl834S
i1pwzW/q9iYm7YBARhEFELF/wzG7fUYdqcEsXSZU3/zbg9jk2U3xmwLOfwYDXW3a
euUx19jWPdTxc9G4q6KFCr7Vf0RdNzlj6fwwHZkxP2dPxu9Tg/QpE63z63WFP2+w
vrK0sh6O5qNLujgjXevZ5wc1rBSh5okbHJCDYI3m5NJvKU43GRDW4jVeddsqb+9M
g/TqPvSoOHkpQw45eMPgxWNrTs7YlW8iGGbSOdNJ5Fv0i3AoAVeQttKAmxCO8QkQ
D0Kxy1hLOOfOttgQnNzp/bAS8pKmQ4Aq87V9K15KtIwG+cwMiMqW2Dg=
-----END CERTIFICATE-----
Generated at Wed Nov 5 02:58:04 2025 by rpki-client