Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/bUHKbn34m9YZfg0LWUckx1_q0Mc.roa
File: bUHKbn34m9YZfg0LWUckx1_q0Mc.roa (raw, json)
Hash identifier: Bh0vmrRSsDhj05TsHSvScRpLwoC6mmV/tmtMQaNdewI=
Subject key identifier: 6D:41:CA:6E:7D:F8:9B:D6:19:7E:0D:0B:59:47:24:C7:5F:EA:D0:C7
Certificate issuer: /CN=2bd2c37284d84426f05e325b6b047ad5cf3fe4f2
Certificate serial: 019918EF0E9F99D11C9DECDB1699363DCE89
Authority key identifier: 2B:D2:C3:72:84:D8:44:26:F0:5E:32:5B:6B:04:7A:D5:CF:3F:E4:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K9LDcoTYRCbwXjJbawR61c8_5PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/bUHKbn34m9YZfg0LWUckx1_q0Mc.roa
Signing time: Fri 05 Sep 2025 08:12:24 +0000
ROA not before: Fri 05 Sep 2025 08:12:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 138915
IP address blocks: 185.23.180.0/24 maxlen: 24
185.23.181.0/24 maxlen: 24
185.23.182.0/24 maxlen: 24
185.23.183.0/24 maxlen: 24
194.110.134.0/24 maxlen: 24
194.110.135.0/24 maxlen: 24
194.110.138.0/24 maxlen: 24
194.110.139.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/K9LDcoTYRCbwXjJbawR61c8_5PI.crl
rsync://rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/K9LDcoTYRCbwXjJbawR61c8_5PI.mft
rsync://rpki.ripe.net/repository/DEFAULT/K9LDcoTYRCbwXjJbawR61c8_5PI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:18:ef:0e:9f:99:d1:1c:9d:ec:db:16:99:36:3d:ce:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2bd2c37284d84426f05e325b6b047ad5cf3fe4f2
Validity
Not Before: Sep 5 08:12:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6d41ca6e7df89bd6197e0d0b594724c75fead0c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:d1:cb:6b:05:fc:75:83:1f:46:03:e2:bb:52:
d2:22:20:a3:87:70:ab:2a:46:e7:f7:bf:65:09:71:
2a:b9:b2:d8:87:fa:9d:a9:39:dd:81:12:51:7f:0a:
42:44:c1:99:22:88:9b:4e:00:00:a7:0e:0d:38:10:
17:1c:99:6f:63:3d:91:cc:c0:23:de:09:92:97:ae:
fd:bb:78:27:c8:a4:b7:fb:76:e9:25:8b:01:b6:5c:
21:dc:39:45:d6:38:d8:1d:10:9e:77:38:5a:67:1d:
d6:82:c2:4c:7d:c1:49:dc:b0:46:c5:84:96:fc:cf:
55:9c:ea:b7:72:b9:ba:b8:dd:e8:6d:3c:5c:9c:25:
9d:9c:01:5e:0a:9c:0a:e1:30:98:54:22:37:8c:83:
6c:4b:bc:38:82:be:de:d9:fe:44:e3:ec:72:7b:b3:
e6:a3:0a:7d:06:4d:ab:19:80:b4:90:71:22:4d:ab:
4f:dd:72:39:ca:07:55:65:2f:f6:70:93:6a:45:43:
fd:b0:d2:20:7a:14:7a:e5:63:ee:65:b7:f5:85:e0:
02:b3:76:09:98:d3:22:3a:da:84:db:89:76:66:bb:
a9:c6:d4:79:84:ef:c2:08:ca:9b:4e:6f:3c:a7:bb:
cf:af:72:f0:8c:16:1d:5e:87:68:a0:68:af:3c:4a:
d7:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:41:CA:6E:7D:F8:9B:D6:19:7E:0D:0B:59:47:24:C7:5F:EA:D0:C7
X509v3 Authority Key Identifier:
keyid:2B:D2:C3:72:84:D8:44:26:F0:5E:32:5B:6B:04:7A:D5:CF:3F:E4:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K9LDcoTYRCbwXjJbawR61c8_5PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/bUHKbn34m9YZfg0LWUckx1_q0Mc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c464d6-0cbd-4efd-98ac-53d9d3a44fcf/1/K9LDcoTYRCbwXjJbawR61c8_5PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.23.180.0/22
194.110.134.0/23
194.110.138.0/23
Signature Algorithm: sha256WithRSAEncryption
50:ec:3e:36:3d:58:af:e4:b4:84:71:ea:eb:85:6f:7d:d6:aa:
b9:9d:6b:0d:9a:0d:5f:81:4a:f4:9b:b4:58:68:f9:a0:b2:82:
7c:1b:35:ef:2a:52:08:b4:09:e3:eb:46:18:df:7d:41:be:57:
a4:27:f6:ef:4a:b6:8b:f1:d0:e5:6e:41:14:47:4f:9e:7a:91:
7a:c5:2c:f2:c7:35:12:1d:36:8d:a9:f0:57:48:93:b9:df:11:
9c:a1:09:2f:56:2e:75:92:e7:9a:8f:4f:fc:ff:88:51:ea:57:
f1:ad:df:ee:58:d0:c5:cb:26:11:8d:05:2c:79:1d:c9:dd:86:
87:10:a4:31:ec:15:42:92:a4:c4:3e:92:cf:57:ec:53:21:f7:
e2:49:e0:e2:b6:b1:7e:7f:75:e9:9f:26:0c:e4:5e:df:65:0e:
a6:d7:ce:d3:48:75:86:79:dd:83:75:3d:bf:c7:9b:75:9c:f7:
31:6f:1c:4a:29:dc:9b:16:a1:82:2b:f1:a1:4c:dc:34:44:61:
1f:b1:f3:c2:a3:c1:d8:cc:a7:f5:bc:5e:c0:17:57:d5:4b:2a:
e1:74:d5:3c:bd:e9:c2:ee:7e:cc:49:0d:f0:9c:5f:32:84:1e:
76:ab:3c:3c:50:eb:a5:1a:46:c0:2f:a7:41:9b:ae:73:a7:0f:
ed:48:88:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkY7w6fmdEcnezbFpk2Pc6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiZDJjMzcyODRkODQ0MjZmMDVlMzI1YjZiMDQ3YWQ1Y2Yz
ZmU0ZjIwHhcNMjUwOTA1MDgxMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDQxY2E2ZTdkZjg5YmQ2MTk3ZTBkMGI1OTQ3MjRjNzVmZWFkMGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3dHLawX8dYMfRgPiu1LSIiCjh3Cr
Kkbn979lCXEqubLYh/qdqTndgRJRfwpCRMGZIoibTgAApw4NOBAXHJlvYz2RzMAj
3gmSl679u3gnyKS3+3bpJYsBtlwh3DlF1jjYHRCedzhaZx3WgsJMfcFJ3LBGxYSW
/M9VnOq3crm6uN3obTxcnCWdnAFeCpwK4TCYVCI3jINsS7w4gr7e2f5E4+xye7Pm
owp9Bk2rGYC0kHEiTatP3XI5ygdVZS/2cJNqRUP9sNIgehR65WPuZbf1heACs3YJ
mNMiOtqE24l2ZrupxtR5hO/CCMqbTm88p7vPr3LwjBYdXodooGivPErXsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG1Bym59+JvWGX4NC1lHJMdf6tDHMB8GA1UdIwQY
MBaAFCvSw3KE2EQm8F4yW2sEetXPP+TyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzlMRGNvVFlSQ2J3WGpKYmF3UjYxYzhfNVBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jNDY0ZDYtMGNiZC00ZWZkLTk4YWMt
NTNkOWQzYTQ0ZmNmLzEvYlVIS2JuMzRtOVlaZmcwTFdVY2t4MV9xME1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jNDY0ZDYtMGNiZC00ZWZkLTk4YWMtNTNkOWQzYTQ0ZmNm
LzEvSzlMRGNvVFlSQ2J3WGpKYmF3UjYxYzhfNVBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuRe0AwQB
wm6GAwQBwm6KMA0GCSqGSIb3DQEBCwUAA4IBAQBQ7D42PViv5LSEcerrhW991qq5
nWsNmg1fgUr0m7RYaPmgsoJ8GzXvKlIItAnj60YY331BvlekJ/bvSraL8dDlbkEU
R0+eepF6xSzyxzUSHTaNqfBXSJO53xGcoQkvVi51kueaj0/8/4hR6lfxrd/uWNDF
yyYRjQUseR3J3YaHEKQx7BVCkqTEPpLPV+xTIffiSeDitrF+f3XpnyYM5F7fZQ6m
187TSHWGed2DdT2/x5t1nPcxbxxKKdybFqGCK/GhTNw0RGEfsfPCo8HYzKf1vF7A
F1fVSyrhdNU8venC7n7MSQ3wnF8yhB52qzw8UOulGkbAL6dBm65zpw/tSIhw
-----END CERTIFICATE-----
Generated at Sun Oct 19 16:10:28 2025 by rpki-client