Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/bRY87MFOFRXK_3ijOZHxEiuxCSU.roa
File: bRY87MFOFRXK_3ijOZHxEiuxCSU.roa (raw, json)
Hash identifier: ZoNRVUnVuV1tqZ3OI46I3nsh2LZo1vS0lIAk/gHkBmI=
Subject key identifier: 6D:16:3C:EC:C1:4E:15:15:CA:FF:78:A3:39:91:F1:12:2B:B1:09:25
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 0197F9056179B955CA7A209CBCADD05268A4
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/bRY87MFOFRXK_3ijOZHxEiuxCSU.roa
Signing time: Fri 11 Jul 2025 10:26:08 +0000
ROA not before: Fri 11 Jul 2025 10:26:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35728
IP address blocks: 85.140.44.0/22 maxlen: 22
85.140.44.0/24 maxlen: 24
85.140.45.0/24 maxlen: 24
85.140.46.0/24 maxlen: 24
85.140.47.0/24 maxlen: 24
85.234.32.0/19 maxlen: 19
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 00:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f9:05:61:79:b9:55:ca:7a:20:9c:bc:ad:d0:52:68:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Jul 11 10:26:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6d163cecc14e1515caff78a33991f1122bb10925
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:b9:25:fc:86:4d:37:c7:28:06:9d:1b:79:2c:
09:83:d5:1f:3f:1d:80:40:50:5e:6f:51:6b:3d:16:
5e:24:88:83:d3:06:ee:bc:a7:7c:9b:2d:e4:61:02:
3f:66:aa:bf:1a:7f:b8:ba:3f:18:21:4c:75:01:de:
cd:b4:7a:2f:fd:c7:41:1f:2b:66:a2:9c:d8:4d:b0:
91:e2:30:a4:db:6a:ec:a2:79:5d:83:04:45:8f:dc:
54:b4:3f:6f:66:cd:45:63:39:ce:e0:c7:05:1f:b2:
7d:bb:08:5a:a8:56:75:a0:0e:a0:ac:ca:bb:32:a5:
a4:f0:0d:08:64:91:9d:2e:6c:53:d0:8f:13:92:cc:
9f:ab:c9:fa:67:be:58:64:0c:1c:2f:a4:b7:71:68:
3f:ca:bd:f4:bf:51:35:a2:fa:af:00:fe:af:aa:74:
09:a3:e1:d5:16:a2:8e:b2:5b:08:80:1f:9d:d0:38:
f8:f5:d4:2b:ae:29:bf:68:3f:43:0d:be:34:90:e4:
0a:db:e7:cb:a6:9d:79:e2:71:cb:5b:09:1b:80:70:
ef:14:15:fc:72:5c:44:a0:fd:fb:24:85:76:74:02:
1c:8d:a3:30:ec:d6:4f:4e:47:34:80:9e:b5:03:42:
83:9c:47:51:47:d9:5c:01:f5:b8:1b:c2:7a:10:08:
ba:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:16:3C:EC:C1:4E:15:15:CA:FF:78:A3:39:91:F1:12:2B:B1:09:25
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/bRY87MFOFRXK_3ijOZHxEiuxCSU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.140.44.0/22
85.234.32.0/19
Signature Algorithm: sha256WithRSAEncryption
67:99:b6:af:ad:00:1b:6c:f3:02:2b:44:ec:f5:95:22:9f:6d:
8e:55:2b:75:ed:09:2c:92:b6:81:ad:4b:bc:19:13:ea:ab:bc:
ae:27:84:fd:10:00:36:90:a6:32:f4:a1:8d:c0:73:58:27:83:
f7:08:b3:cc:c4:cf:59:86:dc:a6:99:49:be:b0:7f:e1:37:f2:
c5:22:28:a1:9a:05:e9:f2:a9:77:bf:e9:22:cf:40:f0:e3:fc:
67:da:4b:60:c8:90:63:ad:3c:15:3b:cd:83:1d:a7:63:ca:d8:
08:69:9e:98:f1:ee:1b:22:f9:4f:10:c0:a6:b2:c2:65:fb:2a:
12:fc:24:fe:36:a9:53:ed:f4:b8:1c:84:83:91:0c:b8:86:6b:
4e:e3:da:f8:36:da:56:ba:7b:f1:eb:2c:3d:2e:2d:3b:c6:c4:
ce:95:15:6a:ad:38:85:54:e4:39:cc:0b:ee:bc:9f:f7:e0:37:
74:64:94:64:16:87:2c:f4:15:2f:d9:c3:b4:9a:89:51:f4:f3:
ab:3a:74:34:54:85:0d:79:cc:e3:0f:c1:bd:03:98:b2:e2:6e:
cb:94:27:c0:cd:d2:56:ea:3b:a6:b5:26:77:02:cb:32:2f:f3:
ca:a8:5a:aa:e6:6a:9f:ba:c4:b4:3a:a6:c8:4c:71:a3:ec:4a:
c9:e7:a9:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZf5BWF5uVXKeiCcvK3QUmikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwNzExMTAyNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDE2M2NlY2MxNGUxNTE1Y2FmZjc4YTMzOTkxZjExMjJiYjEwOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7kl/IZNN8coBp0beSwJg9UfPx2A
QFBeb1FrPRZeJIiD0wbuvKd8my3kYQI/Zqq/Gn+4uj8YIUx1Ad7NtHov/cdBHytm
opzYTbCR4jCk22rsonldgwRFj9xUtD9vZs1FYznO4McFH7J9uwhaqFZ1oA6grMq7
MqWk8A0IZJGdLmxT0I8Tksyfq8n6Z75YZAwcL6S3cWg/yr30v1E1ovqvAP6vqnQJ
o+HVFqKOslsIgB+d0Dj49dQrrim/aD9DDb40kOQK2+fLpp154nHLWwkbgHDvFBX8
clxEoP37JIV2dAIcjaMw7NZPTkc0gJ61A0KDnEdRR9lcAfW4G8J6EAi6sQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG0WPOzBThUVyv94ozmR8RIrsQklMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvYlJZODdNRk9GUlhLXzNpak9aSHhFaXV4Q1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVYwsAwQF
VeogMA0GCSqGSIb3DQEBCwUAA4IBAQBnmbavrQAbbPMCK0Ts9ZUin22OVSt17Qks
kraBrUu8GRPqq7yuJ4T9EAA2kKYy9KGNwHNYJ4P3CLPMxM9ZhtymmUm+sH/hN/LF
IiihmgXp8ql3v+kiz0Dw4/xn2ktgyJBjrTwVO82DHadjytgIaZ6Y8e4bIvlPEMCm
ssJl+yoS/CT+NqlT7fS4HISDkQy4hmtO49r4NtpWunvx6yw9Li07xsTOlRVqrTiF
VOQ5zAvuvJ/34Dd0ZJRkFocs9BUv2cO0molR9POrOnQ0VIUNeczjD8G9A5iy4m7L
lCfAzdJW6jumtSZ3AssyL/PKqFqq5mqfusS0OqbITHGj7ErJ56mG
-----END CERTIFICATE-----
Generated at Sun Jul 27 07:14:48 2025 by rpki-client