Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/a60iVy3V694kEXVRbcapPAyTBc4.roa
File: a60iVy3V694kEXVRbcapPAyTBc4.roa (raw, json)
Hash identifier: fOxK5UNYXfzUdyvClHZIjQI/kafNMjfAxFqLMGowPPg=
Subject key identifier: 6B:AD:22:57:2D:D5:EB:DE:24:11:75:51:6D:C6:A9:3C:0C:93:05:CE
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019980A7C5F80AA5E2C4AA193A66B8A6B106
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/a60iVy3V694kEXVRbcapPAyTBc4.roa
Signing time: Thu 25 Sep 2025 11:35:02 +0000
ROA not before: Thu 25 Sep 2025 11:35:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.4.0/24 maxlen: 24
193.124.7.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.87.59.0/24 maxlen: 24
194.87.75.0/24 maxlen: 24
194.87.119.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.179.0/24 maxlen: 24
194.87.192.0/22 maxlen: 22
194.87.192.0/24 maxlen: 24
194.87.193.0/24 maxlen: 24
194.87.194.0/24 maxlen: 24
194.87.195.0/24 maxlen: 24
194.87.228.0/24 maxlen: 24
194.135.24.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.29.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.241.0/24 maxlen: 24
212.193.0.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 06:01:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:80:a7:c5:f8:0a:a5:e2:c4:aa:19:3a:66:b8:a6:b1:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Sep 25 11:35:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6bad22572dd5ebde241175516dc6a93c0c9305ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:84:a6:bf:9f:29:28:d5:4b:72:78:aa:27:d0:
35:f8:12:db:47:88:cc:a8:79:c0:56:42:3d:93:7e:
80:d6:d6:98:74:c0:13:7c:d3:70:82:17:dd:a3:ae:
03:38:00:94:d4:2c:2a:82:71:b2:75:32:95:f0:a9:
d2:ba:1c:77:65:a0:12:7a:6a:f4:74:1f:aa:0b:11:
62:6b:f7:4a:b1:ed:2b:21:17:c7:3f:81:15:e5:b4:
9d:85:5d:23:50:4f:0e:ff:71:99:0e:9b:1b:b6:5e:
d4:ac:e0:49:57:04:2a:18:07:9d:14:18:37:95:71:
07:30:38:a5:81:8a:a0:82:02:82:e7:1a:a7:f0:51:
35:06:f0:66:61:41:75:30:17:20:83:c5:84:93:68:
22:6c:24:e0:83:48:ef:6a:09:67:b4:8e:86:22:19:
d2:21:e5:b2:8e:02:65:0d:40:84:d2:c4:65:fa:8e:
78:d7:4c:d6:c1:ad:5e:91:83:fd:df:5a:91:32:fb:
9f:08:87:d1:4e:97:8f:7d:cb:fa:5c:d6:aa:bb:b6:
da:fb:7f:22:bf:60:98:b0:d7:5c:ae:89:5c:99:5d:
5d:e2:58:dc:f1:c4:f3:f3:50:6e:62:48:c3:4e:47:
ba:62:48:52:27:c1:20:c7:ff:b2:57:6a:5d:be:3f:
7d:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:AD:22:57:2D:D5:EB:DE:24:11:75:51:6D:C6:A9:3C:0C:93:05:CE
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/a60iVy3V694kEXVRbcapPAyTBc4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.4.0/24
193.124.7.0/24
194.58.155.0/24
194.87.53.0/24
194.87.59.0/24
194.87.75.0/24
194.87.119.0/24
194.87.169.0/24
194.87.179.0/24
194.87.192.0/22
194.87.228.0/24
194.135.24.0/24
195.133.24.0/23
195.133.29.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.241.0/24
212.193.0.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
6d:c8:82:aa:84:97:4b:ca:d5:77:30:0f:64:fb:e7:df:49:0d:
12:26:fb:ae:ed:84:c8:08:dd:5f:fb:77:d1:00:ab:4f:74:1e:
aa:2e:b3:c6:1d:da:8e:2e:f4:12:6f:af:21:69:20:d6:e8:42:
1a:76:94:c3:45:80:95:ff:7d:22:cc:4a:a3:c2:1a:f1:0c:e8:
5e:a7:fd:f1:8e:5d:b0:80:ae:9c:3a:ca:e5:bb:f4:cf:0c:4e:
f6:76:07:d6:22:94:66:04:7a:99:11:a4:a3:2a:be:e0:cd:51:
aa:9d:84:17:ed:e5:51:08:e6:1b:0d:bf:c8:28:45:5e:d5:5e:
3d:e2:c0:ed:c0:b9:77:71:d2:5c:7e:bb:43:cf:79:19:7e:55:
d0:63:b4:db:93:00:44:84:d3:92:0e:eb:e5:8f:49:f5:9f:ca:
7f:c0:e2:fe:43:87:e1:fd:54:6e:1a:61:aa:4b:8f:90:ef:2b:
ed:92:16:78:7c:88:c9:42:86:66:ff:4b:d4:b5:a2:aa:23:19:
a4:c4:a7:42:0a:b2:d5:62:45:5e:9b:79:38:ff:ee:4d:74:ad:
52:74:a3:63:05:d9:2c:96:8d:8c:80:a5:d0:45:b8:ee:5d:b5:
88:25:9f:ee:33:53:62:08:ef:41:ea:35:69:9a:57:93:80:dc:
1a:69:0c:04
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAZmAp8X4CqXixKoZOma4prEGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwOTI1MTEzNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmFkMjI1NzJkZDVlYmRlMjQxMTc1NTE2ZGM2YTkzYzBjOTMwNWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44Smv58pKNVLcniqJ9A1+BLbR4jM
qHnAVkI9k36A1taYdMATfNNwghfdo64DOACU1CwqgnGydTKV8KnSuhx3ZaASemr0
dB+qCxFia/dKse0rIRfHP4EV5bSdhV0jUE8O/3GZDpsbtl7UrOBJVwQqGAedFBg3
lXEHMDilgYqgggKC5xqn8FE1BvBmYUF1MBcgg8WEk2gibCTgg0jvaglntI6GIhnS
IeWyjgJlDUCE0sRl+o5410zWwa1ekYP931qRMvufCIfRTpePfcv6XNaqu7ba+38i
v2CYsNdcrolcmV1d4ljc8cTz81BuYkjDTke6YkhSJ8Egx/+yV2pdvj99YQIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFGutIlct1eveJBF1UW3GqTwMkwXOMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYTYwaVZ5M1Y2OTRrRVhWUmJjYXBQQXlUQmM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljB+BAIAATB4AwQAwXwE
AwQAwXwHAwQAwjqbAwQAwlc1AwQAwlc7AwQAwldLAwQAwld3AwQAwlepAwQAwlez
AwQCwlfAAwQAwlfkAwQAwocYAwQBw4UYAwQAw4UdAwQBw4UoAwQBw4UyAwQBw4Vc
AwQA1MDxAwQA1MEAAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG
9w0BAQsFAAOCAQEAbciCqoSXS8rVdzAPZPvn30kNEib7ru2EyAjdX/t30QCrT3Qe
qi6zxh3aji70Em+vIWkg1uhCGnaUw0WAlf99IsxKo8Ia8QzoXqf98Y5dsICunDrK
5bv0zwxO9nYH1iKUZgR6mRGkoyq+4M1Rqp2EF+3lUQjmGw2/yChFXtVePeLA7cC5
d3HSXH67Q895GX5V0GO025MARITTkg7r5Y9J9Z/Kf8Di/kOH4f1UbhphqkuPkO8r
7ZIWeHyIyUKGZv9L1LWiqiMZpMSnQgqy1WJFXpt5OP/uTXStUnSjYwXZLJaNjICl
0EW47l21iCWf7jNTYgjvQeo1aZpXk4DcGmkMBA==
-----END CERTIFICATE-----
Generated at Wed Oct 8 13:57:47 2025 by rpki-client