Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/dSiGJnnvpCQoVjLVzMMP9D5h62U.roa
File: dSiGJnnvpCQoVjLVzMMP9D5h62U.roa (raw, json)
Hash identifier: oZzNodfwK7HG6DxcciY7b+7mwyKWd/1xM4QRfRXlG3c=
Subject key identifier: 75:28:86:26:79:EF:A4:24:28:56:32:D5:CC:C3:0F:F4:3E:61:EB:65
Certificate issuer: /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial: 01997C18CB4C71D099E99A7F0F75AD792CCA
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/dSiGJnnvpCQoVjLVzMMP9D5h62U.roa
Signing time: Wed 24 Sep 2025 14:20:23 +0000
ROA not before: Wed 24 Sep 2025 14:20:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 85.239.145.0/24 maxlen: 24
85.239.152.0/24 maxlen: 24
85.239.154.0/24 maxlen: 24
178.239.116.0/24 maxlen: 24
178.239.117.0/24 maxlen: 24
178.239.118.0/24 maxlen: 24
178.239.119.0/24 maxlen: 24
178.239.120.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7c:18:cb:4c:71:d0:99:e9:9a:7f:0f:75:ad:79:2c:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Validity
Not Before: Sep 24 14:20:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7528862679efa424285632d5ccc30ff43e61eb65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:cf:7e:2e:c8:0f:87:fc:cb:6d:a0:cc:08:84:
ab:93:3d:af:a8:81:66:c0:af:55:21:a8:1b:63:00:
ab:fe:10:41:b4:0f:63:ed:65:07:b8:4a:8f:d2:0f:
e8:ce:c1:c2:c5:cf:cc:9e:fb:5d:22:16:e4:59:90:
54:10:54:8c:a5:bf:90:e9:2f:ba:76:43:41:9d:ca:
ba:62:6b:1d:e2:c0:bc:6e:4b:24:54:61:2f:b9:10:
eb:87:35:67:6b:38:be:98:d1:51:ae:d1:42:99:35:
ce:20:2e:93:b8:71:af:f3:31:1f:b7:e4:3d:d5:f6:
14:df:00:31:12:3d:cc:59:41:4b:35:19:47:71:24:
df:70:2a:b0:dd:db:e4:f4:65:68:22:d3:43:11:78:
2d:3c:bf:a9:d1:bd:a4:ba:68:ad:4b:82:6b:02:33:
bf:22:2a:f6:f8:ff:65:76:12:24:4b:f6:c0:9d:5d:
20:97:05:2c:e8:ed:f0:08:cb:e7:3a:06:97:de:3f:
f1:11:57:4d:5b:94:e8:d8:af:61:b5:3e:5e:9f:da:
31:1b:f1:4e:0c:bd:e7:9d:78:2d:ce:64:6b:69:65:
39:20:c7:b2:33:5c:57:6a:5b:10:5b:cd:ee:e0:29:
57:1d:b5:f2:f6:f3:37:83:0a:05:db:8f:fc:9e:cd:
b1:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:28:86:26:79:EF:A4:24:28:56:32:D5:CC:C3:0F:F4:3E:61:EB:65
X509v3 Authority Key Identifier:
keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/dSiGJnnvpCQoVjLVzMMP9D5h62U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.145.0/24
85.239.152.0/24
85.239.154.0/24
178.239.116.0-178.239.120.255
Signature Algorithm: sha256WithRSAEncryption
33:97:f7:35:37:c1:59:b5:6b:92:37:9c:88:93:6c:85:c8:fe:
25:ca:c0:a6:fc:ea:7e:dc:f1:28:74:be:74:23:4f:28:04:1e:
64:b4:09:54:3e:5d:91:c5:7b:b7:b8:6a:92:88:99:dd:a1:b6:
7d:61:43:96:e7:c1:5a:3e:cf:ed:06:92:74:4a:4d:59:45:6e:
f7:3c:2d:1b:72:4c:24:d1:92:07:a1:0e:ad:44:3e:d6:2c:c4:
96:69:54:1d:c0:b1:ee:92:47:21:d5:f5:32:b1:36:07:ab:0d:
9d:f5:69:d1:f0:9b:a3:50:50:15:67:45:c4:8b:8a:d5:d7:09:
f7:6a:fa:1d:ea:c4:8b:aa:a9:77:a3:13:09:9c:09:9d:1e:75:
9b:52:9d:4c:ad:d3:3c:96:1e:0f:a5:6f:a9:c3:50:9b:15:d4:
5c:4d:72:7e:16:9e:44:4c:6d:84:35:57:c8:4e:e8:18:ef:c4:
bb:7b:78:6a:94:bf:6a:6b:94:91:8c:74:c6:f9:c5:b6:22:9c:
a9:b0:90:d9:ab:15:13:2a:7b:7c:ed:76:51:f7:20:bc:ac:5c:
dc:c8:69:05:0d:a1:c4:f3:c3:5b:b4:8f:cb:e9:51:f4:5d:18:
f2:11:97:94:a5:7a:dc:f0:f7:a2:2e:1a:5c:54:40:b4:5c:72:
2e:c7:fe:9b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZl8GMtMcdCZ6Zp/D3WteSzKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwOTI0MTQyMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTI4ODYyNjc5ZWZhNDI0Mjg1NjMyZDVjY2MzMGZmNDNlNjFlYjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1c9+LsgPh/zLbaDMCISrkz2vqIFm
wK9VIagbYwCr/hBBtA9j7WUHuEqP0g/ozsHCxc/MnvtdIhbkWZBUEFSMpb+Q6S+6
dkNBncq6Ymsd4sC8bkskVGEvuRDrhzVnazi+mNFRrtFCmTXOIC6TuHGv8zEft+Q9
1fYU3wAxEj3MWUFLNRlHcSTfcCqw3dvk9GVoItNDEXgtPL+p0b2kumitS4JrAjO/
Iir2+P9ldhIkS/bAnV0glwUs6O3wCMvnOgaX3j/xEVdNW5To2K9htT5en9oxG/FO
DL3nnXgtzmRraWU5IMeyM1xXalsQW83u4ClXHbXy9vM3gwoF24/8ns2xZwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFHUohiZ576QkKFYy1czDD/Q+YetlMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvZFNpR0pubnZwQ1FvVmpMVnpNTVA5RDVoNjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAVe+RAwQA
Ve+YAwQAVe+aMAwDBAKy73QDBACy73gwDQYJKoZIhvcNAQELBQADggEBADOX9zU3
wVm1a5I3nIiTbIXI/iXKwKb86n7c8Sh0vnQjTygEHmS0CVQ+XZHFe7e4apKImd2h
tn1hQ5bnwVo+z+0GknRKTVlFbvc8LRtyTCTRkgehDq1EPtYsxJZpVB3Ase6SRyHV
9TKxNgerDZ31adHwm6NQUBVnRcSLitXXCfdq+h3qxIuqqXejEwmcCZ0edZtSnUyt
0zyWHg+lb6nDUJsV1FxNcn4WnkRMbYQ1V8hO6BjvxLt7eGqUv2prlJGMdMb5xbYi
nKmwkNmrFRMqe3ztdlH3ILysXNzIaQUNocTzw1u0j8vpUfRdGPIRl5Sletzw96Iu
GlxUQLRcci7H/ps=
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:34:32 2025 by rpki-client