Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/wkmZylqxxXWVtenrDLJQYBwyrSY.roa
File: wkmZylqxxXWVtenrDLJQYBwyrSY.roa (raw, json)
Hash identifier: IVeMhDFjf1RRbJN7w1L5wMkoATUDCBoIrubaPXv+Pqs=
Subject key identifier: C2:49:99:CA:5A:B1:C5:75:95:B5:E9:EB:0C:B2:50:60:1C:32:AD:26
Certificate issuer: /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial: 019A0FF989E5813672EF20D08CAAA5678A13
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/wkmZylqxxXWVtenrDLJQYBwyrSY.roa
Signing time: Thu 23 Oct 2025 07:30:03 +0000
ROA not before: Thu 23 Oct 2025 07:30:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 194.231.132.0/22 maxlen: 22
194.231.136.0/22 maxlen: 22
194.231.152.0/22 maxlen: 22
194.231.192.0/22 maxlen: 22
194.231.196.0/22 maxlen: 22
194.231.200.0/22 maxlen: 22
194.231.204.0/22 maxlen: 22
194.231.208.0/22 maxlen: 22
194.231.212.0/22 maxlen: 22
194.231.220.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 26 Oct 2025 08:33:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0f:f9:89:e5:81:36:72:ef:20:d0:8c:aa:a5:67:8a:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Validity
Not Before: Oct 23 07:30:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c24999ca5ab1c57595b5e9eb0cb250601c32ad26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:f7:e0:4b:a9:a8:cf:c2:80:2a:02:53:56:b7:
d7:05:f3:aa:b7:da:ed:c3:c1:70:5a:24:3e:41:e4:
bf:82:6f:30:0e:9f:9e:86:e6:1b:41:c2:36:d4:59:
1c:4a:79:f6:15:2c:fd:88:68:28:7f:41:ee:c1:e6:
f5:62:82:25:4e:03:da:a0:30:33:03:6a:30:60:a5:
4b:c8:a1:2c:10:57:3d:2e:d1:d4:e1:6e:20:d8:31:
56:db:99:5c:ab:5a:1f:7a:89:89:30:31:53:25:44:
2d:a5:10:5e:02:3e:cf:23:7a:2f:00:3b:0b:f4:7b:
65:3a:00:46:16:a7:f5:88:c7:5d:17:66:f2:2b:d0:
a9:ad:65:5d:19:3f:46:80:ae:4d:09:36:19:6a:97:
73:e9:2f:d2:c6:c0:cb:85:06:99:a2:4d:3e:27:f1:
f9:52:d5:fd:f1:89:1d:79:53:e7:66:56:c8:4a:aa:
0d:8f:14:f0:89:ba:3e:1a:59:74:64:be:1d:7a:f0:
35:bf:7e:7f:02:ea:49:ab:0b:2c:7f:50:1b:1a:d8:
ff:be:2b:d4:b1:ed:f4:e8:ef:a6:f8:57:5f:b4:c6:
05:86:63:83:84:2b:c7:a3:61:31:b4:2e:9d:7e:33:
8e:5a:ed:c2:96:4c:aa:e2:07:0e:f6:2d:b0:0d:8b:
75:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:49:99:CA:5A:B1:C5:75:95:B5:E9:EB:0C:B2:50:60:1C:32:AD:26
X509v3 Authority Key Identifier:
keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/wkmZylqxxXWVtenrDLJQYBwyrSY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.231.132.0-194.231.139.255
194.231.152.0/22
194.231.192.0-194.231.215.255
194.231.220.0/22
Signature Algorithm: sha256WithRSAEncryption
1c:12:97:e6:0c:8e:e6:5d:df:f9:c1:b0:85:06:17:ce:af:b8:
d2:89:e5:5a:67:8b:d2:ef:82:5e:cf:61:ad:14:38:f8:77:8d:
f8:dd:59:1a:32:db:1e:3b:0b:bf:d4:ea:75:a7:9a:c9:5b:3a:
39:30:2d:70:f6:a4:51:5c:e2:30:67:bf:ac:7a:f3:91:da:be:
77:94:2d:98:9d:47:ed:c8:f0:d9:ff:57:e8:1f:99:30:43:50:
fc:e8:0d:37:b7:6e:0c:66:0f:d7:3c:84:85:bd:41:62:5d:e3:
0e:50:25:17:4a:37:42:f3:91:d4:83:ad:c6:3f:f2:6c:e0:8b:
14:0c:d9:26:81:7f:8b:ff:5c:c1:df:48:d1:80:d7:4f:e6:22:
9b:9c:48:cb:7c:f2:55:e4:e5:3f:3c:2e:7d:dd:2b:df:95:45:
aa:06:9b:70:10:25:19:3b:1e:66:37:6b:1a:1f:60:c5:7a:d8:
02:8c:9d:68:af:0e:77:aa:dc:42:4e:ae:c4:ad:08:cb:d3:bb:
bf:76:7b:b1:56:ac:a3:b1:76:06:6c:55:61:a9:82:68:67:47:
49:33:bb:44:49:73:49:dc:6e:e4:40:75:6f:34:78:6a:21:db:
de:71:9f:72:cf:90:24:3b:0d:7e:1a:e9:ab:44:aa:b6:57:55:
99:51:1a:b6
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZoP+YnlgTZy7yDQjKqlZ4oTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUxMDIzMDczMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjQ5OTljYTVhYjFjNTc1OTViNWU5ZWIwY2IyNTA2MDFjMzJhZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5PfgS6moz8KAKgJTVrfXBfOqt9rt
w8FwWiQ+QeS/gm8wDp+ehuYbQcI21FkcSnn2FSz9iGgof0Huweb1YoIlTgPaoDAz
A2owYKVLyKEsEFc9LtHU4W4g2DFW25lcq1ofeomJMDFTJUQtpRBeAj7PI3ovADsL
9HtlOgBGFqf1iMddF2byK9CprWVdGT9GgK5NCTYZapdz6S/SxsDLhQaZok0+J/H5
UtX98YkdeVPnZlbISqoNjxTwibo+Gll0ZL4devA1v35/AupJqwssf1AbGtj/vivU
se306O+m+FdftMYFhmODhCvHo2ExtC6dfjOOWu3Clkyq4gcO9i2wDYt13wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFMJJmcpascV1lbXp6wyyUGAcMq0mMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvd2ttWnlscXh4WFdWdGVuckRMSlFZQnd5clNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBALC54QD
BALC54gDBALC55gwDAMEBsLnwAMEA8Ln0AMEAsLn3DANBgkqhkiG9w0BAQsFAAOC
AQEAHBKX5gyO5l3f+cGwhQYXzq+40onlWmeL0u+CXs9hrRQ4+HeN+N1ZGjLbHjsL
v9TqdaeayVs6OTAtcPakUVziMGe/rHrzkdq+d5QtmJ1H7cjw2f9X6B+ZMENQ/OgN
N7duDGYP1zyEhb1BYl3jDlAlF0o3QvOR1IOtxj/ybOCLFAzZJoF/i/9cwd9I0YDX
T+Yim5xIy3zyVeTlPzwufd0r35VFqgabcBAlGTseZjdrGh9gxXrYAoydaK8Od6rc
Qk6uxK0Iy9O7v3Z7sVaso7F2BmxVYamCaGdHSTO7RElzSdxu5EB1bzR4aiHb3nGf
cs+QJDsNfhrpq0SqtldVmVEatg==
-----END CERTIFICATE-----
Generated at Sat Oct 25 15:16:58 2025 by rpki-client