Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/v8hBMDKY65zo2V6449UJSPRVSUE.roa
File: v8hBMDKY65zo2V6449UJSPRVSUE.roa (raw, json)
Hash identifier: 7bLL/W+lnh1+jDhX4cXB4UWGoYDQrNjyksVTGR4y1rE=
Subject key identifier: BF:C8:41:30:32:98:EB:9C:E8:D9:5E:B8:E3:D5:09:48:F4:55:49:41
Certificate issuer: /CN=6eab53640b0931924b73f760925845150a6ccca5
Certificate serial: 019A2A3E15A7FA6CF6E04452FD1D3A9AE843
Authority key identifier: 6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/v8hBMDKY65zo2V6449UJSPRVSUE.roa
Signing time: Tue 28 Oct 2025 09:55:03 +0000
ROA not before: Tue 28 Oct 2025 09:55:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25447
IP address blocks: 62.93.64.0/19 maxlen: 19
62.93.68.0/24 maxlen: 24
62.93.73.0/24 maxlen: 24
62.93.74.0/24 maxlen: 24
62.93.76.0/24 maxlen: 24
62.93.88.0/24 maxlen: 24
62.93.96.0/20 maxlen: 20
62.93.96.0/21 maxlen: 21
62.93.104.0/21 maxlen: 24
62.93.112.0/22 maxlen: 22
62.93.120.0/21 maxlen: 21
82.192.0.0/19 maxlen: 19
82.192.0.0/23 maxlen: 23
82.192.5.0/24 maxlen: 24
82.192.6.0/24 maxlen: 24
82.192.18.0/24 maxlen: 24
85.13.0.0/18 maxlen: 18
85.13.2.0/24 maxlen: 24
85.13.8.0/24 maxlen: 24
85.13.14.0/24 maxlen: 24
85.13.16.0/24 maxlen: 24
176.61.160.0/19 maxlen: 19
176.61.168.0/21 maxlen: 24
176.61.176.0/21 maxlen: 24
176.61.184.0/21 maxlen: 24
185.51.222.0/23 maxlen: 24
188.117.192.0/18 maxlen: 18
188.117.200.0/22 maxlen: 22
188.117.208.0/22 maxlen: 22
188.117.220.0/22 maxlen: 22
188.117.240.0/20 maxlen: 20
217.16.112.0/20 maxlen: 20
217.16.113.0/24 maxlen: 24
217.16.114.0/24 maxlen: 24
217.16.124.0/24 maxlen: 24
217.16.127.0/24 maxlen: 24
217.199.80.0/20 maxlen: 20
217.199.83.0/24 maxlen: 24
217.199.90.0/24 maxlen: 24
2a03:4e40::/29 maxlen: 29
2a03:4e40::/32 maxlen: 32
2a03:4e47::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.mft
rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 14:12:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:2a:3e:15:a7:fa:6c:f6:e0:44:52:fd:1d:3a:9a:e8:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6eab53640b0931924b73f760925845150a6ccca5
Validity
Not Before: Oct 28 09:55:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bfc841303298eb9ce8d95eb8e3d50948f4554941
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:45:b4:28:00:52:db:22:e2:77:33:c4:dd:44:
38:bf:3f:1b:38:a0:af:a0:37:14:4d:e2:88:7a:19:
21:f7:ea:dd:ce:fc:94:1e:31:39:e7:2b:98:67:ca:
b7:3d:76:f5:f9:08:e5:0d:7a:b2:21:0f:c8:3c:d6:
4b:13:5a:68:ae:bc:48:b5:d3:9b:78:15:18:cb:96:
b5:95:7d:16:ed:1f:83:c6:56:2d:72:ad:d0:f6:c7:
96:1d:6d:d2:33:ad:7d:38:1d:07:9f:d1:cd:9d:f9:
e8:07:06:7a:a5:82:3c:16:2d:42:0c:9d:fd:c6:87:
29:b5:5a:17:55:87:a3:65:fb:08:85:87:e2:6a:38:
34:df:6b:a6:2a:2d:59:c7:5c:5b:a9:9f:16:57:25:
b6:4b:27:68:86:d3:65:63:6d:d4:18:fb:e4:ee:4a:
37:ef:b1:0b:0d:5d:20:02:7c:f1:0a:bf:12:bb:72:
5a:ba:7b:e2:ad:c9:97:f2:02:71:77:b0:1c:2e:b3:
a8:de:04:b6:07:af:94:35:50:2f:9c:18:60:03:83:
f0:87:13:29:e3:da:a6:7f:88:7a:96:4c:e0:56:e8:
75:45:3a:28:5e:0a:21:5d:51:7e:51:bd:5d:10:10:
b9:87:5d:ed:31:be:ef:2c:5c:c1:d8:79:54:54:61:
75:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:C8:41:30:32:98:EB:9C:E8:D9:5E:B8:E3:D5:09:48:F4:55:49:41
X509v3 Authority Key Identifier:
keyid:6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/v8hBMDKY65zo2V6449UJSPRVSUE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.93.64.0-62.93.115.255
62.93.120.0/21
82.192.0.0/19
85.13.0.0/18
176.61.160.0/19
185.51.222.0/23
188.117.192.0/18
217.16.112.0/20
217.199.80.0/20
IPv6:
2a03:4e40::/29
Signature Algorithm: sha256WithRSAEncryption
1c:06:83:45:2a:87:c8:9e:ef:4b:14:00:ea:f7:a7:c7:ba:88:
07:0d:e6:78:ec:b9:47:01:75:ad:61:8c:00:28:34:23:ef:3a:
9a:67:72:91:6e:16:4c:18:a6:83:73:9b:55:be:06:79:2c:72:
20:22:fc:16:55:49:71:4e:5e:cd:00:d0:91:94:dc:de:23:08:
1d:55:b3:72:a8:b1:2c:39:74:1f:66:50:0e:50:bf:c6:c2:ab:
22:e4:54:58:4a:97:09:8b:da:b9:66:00:85:d1:bf:45:2b:8d:
07:6f:af:a0:c6:b6:3c:9b:6f:57:6c:98:8f:74:7f:94:12:3c:
90:a7:c2:4f:37:9d:c2:1d:c1:a1:93:e3:da:36:0c:9c:c1:0f:
af:da:f9:10:24:b3:cc:7e:78:24:2c:ee:fd:e3:df:65:e3:dd:
98:12:d0:f1:20:1a:e9:69:16:7c:d7:a4:39:04:f4:0e:5c:ff:
bb:39:4b:bc:ef:76:60:c2:42:8b:01:72:01:3f:43:72:9f:6a:
3a:76:4a:2e:8f:b3:05:a6:82:d0:94:be:22:e5:6c:a9:dc:cb:
a1:32:d3:6b:eb:fc:a4:6e:2b:56:99:a1:3c:1c:01:d6:cd:6d:
b5:95:dc:40:27:a0:a4:af:7c:20:31:4d:9d:76:26:ed:96:74:
dd:e5:ef:ed
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZoqPhWn+mz24ERS/R06muhDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYWI1MzY0MGIwOTMxOTI0YjczZjc2MDkyNTg0NTE1MGE2
Y2NjYTUwHhcNMjUxMDI4MDk1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmM4NDEzMDMyOThlYjljZThkOTVlYjhlM2Q1MDk0OGY0NTU0OTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkW0KABS2yLidzPE3UQ4vz8bOKCv
oDcUTeKIehkh9+rdzvyUHjE55yuYZ8q3PXb1+QjlDXqyIQ/IPNZLE1porrxItdOb
eBUYy5a1lX0W7R+DxlYtcq3Q9seWHW3SM619OB0Hn9HNnfnoBwZ6pYI8Fi1CDJ39
xocptVoXVYejZfsIhYfiajg032umKi1Zx1xbqZ8WVyW2SydohtNlY23UGPvk7ko3
77ELDV0gAnzxCr8Su3JaunvircmX8gJxd7AcLrOo3gS2B6+UNVAvnBhgA4PwhxMp
49qmf4h6lkzgVuh1RTooXgohXVF+Ub1dEBC5h13tMb7vLFzB2HlUVGF1rwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFL/IQTAymOuc6NleuOPVCUj0VUlBMB8GA1UdIwQY
MBaAFG6rU2QLCTGSS3P3YJJYRRUKbMylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAt
NTMwNDYzMjM5NTFmLzEvdjhoQk1ES1k2NXpvMlY2NDQ5VUpTUFJWU1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAtNTMwNDYzMjM5NTFm
LzEvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+MAwDBAY+XUAD
BAI+XXADBAM+XXgDBAVSwAADBAZVDQADBAWwPaADBAG5M94DBAa8dcADBATZEHAD
BATZx1AwDQQCAAIwBwMFAyoDTkAwDQYJKoZIhvcNAQELBQADggEBABwGg0Uqh8ie
70sUAOr3p8e6iAcN5njsuUcBda1hjAAoNCPvOppncpFuFkwYpoNzm1W+BnksciAi
/BZVSXFOXs0A0JGU3N4jCB1Vs3KosSw5dB9mUA5Qv8bCqyLkVFhKlwmL2rlmAIXR
v0UrjQdvr6DGtjybb1dsmI90f5QSPJCnwk83ncIdwaGT49o2DJzBD6/a+RAks8x+
eCQs7v3j32Xj3ZgS0PEgGulpFnzXpDkE9A5c/7s5S7zvdmDCQosBcgE/Q3Kfajp2
Si6PswWmgtCUviLlbKncy6Ey02vr/KRuK1aZoTwcAdbNbbWV3EAnoKSvfCAxTZ12
Ju2WdN3l7+0=
-----END CERTIFICATE-----
Generated at Tue Oct 28 22:45:56 2025 by rpki-client