Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/927bf1-7999-43e1-b7f5-abe1e37925cf/1/GuyH86XUUME_chhdFNwgWR87nWY.roa
File: GuyH86XUUME_chhdFNwgWR87nWY.roa (raw, json)
Hash identifier: AkV+gL0S5u4NFSo7a7yCWxTWlu4itSTOyYkBPLj5o3E=
Subject key identifier: 1A:EC:87:F3:A5:D4:50:C1:3F:72:18:5D:14:DC:20:59:1F:3B:9D:66
Certificate issuer: /CN=1f539a614e0aa1cfa19fcf8ee0bfaa03463143c3
Certificate serial: 019A0631910C5475E5DBCCA48A1FFE690A3F
Authority key identifier: 1F:53:9A:61:4E:0A:A1:CF:A1:9F:CF:8E:E0:BF:AA:03:46:31:43:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H1OaYU4Koc-hn8-O4L-qA0YxQ8M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/927bf1-7999-43e1-b7f5-abe1e37925cf/1/GuyH86XUUME_chhdFNwgWR87nWY.roa
Signing time: Tue 21 Oct 2025 09:55:03 +0000
ROA not before: Tue 21 Oct 2025 09:55:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49798
IP address blocks: 91.219.132.0/22 maxlen: 22
91.221.4.0/24 maxlen: 24
91.221.5.0/24 maxlen: 24
185.140.28.0/22 maxlen: 22
2a0c:c500::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3e/927bf1-7999-43e1-b7f5-abe1e37925cf/1/H1OaYU4Koc-hn8-O4L-qA0YxQ8M.crl
rsync://rpki.ripe.net/repository/DEFAULT/3e/927bf1-7999-43e1-b7f5-abe1e37925cf/1/H1OaYU4Koc-hn8-O4L-qA0YxQ8M.mft
rsync://rpki.ripe.net/repository/DEFAULT/H1OaYU4Koc-hn8-O4L-qA0YxQ8M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 30 Oct 2025 15:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:06:31:91:0c:54:75:e5:db:cc:a4:8a:1f:fe:69:0a:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f539a614e0aa1cfa19fcf8ee0bfaa03463143c3
Validity
Not Before: Oct 21 09:55:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1aec87f3a5d450c13f72185d14dc20591f3b9d66
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:2b:70:5c:01:4f:2e:91:e2:d3:ea:3d:ca:8e:
aa:f1:28:cf:00:db:9d:d1:69:f3:d4:5f:a2:5a:19:
3f:c5:34:6a:85:0b:4d:8e:ba:02:5b:2c:09:12:06:
bd:8c:cb:09:83:41:f9:24:f7:d7:47:0d:ba:96:71:
15:1c:3e:22:34:8e:49:ba:b8:00:7d:ea:00:b1:f5:
5d:a2:59:d9:67:d2:00:ea:0e:9b:83:a6:df:09:f4:
aa:ca:1e:33:9a:8c:a0:44:a7:fa:9e:af:bb:27:c5:
6f:61:91:4f:10:c6:51:9e:34:03:19:b7:8e:fe:0e:
43:e4:e9:09:08:9f:8d:99:0e:4b:d4:de:b2:47:9a:
24:05:b3:54:48:00:b2:9c:2e:0b:b3:cf:59:6f:96:
a8:15:63:7e:86:b0:78:10:2a:40:25:0b:14:ad:ea:
9d:97:d3:b7:0e:09:53:f3:7a:b9:58:98:8c:bb:72:
f6:66:c4:81:f0:7c:ac:4d:98:8b:e2:d4:23:26:f5:
c9:39:7b:a7:2c:b5:fc:4e:4d:f2:0a:49:29:38:67:
5e:49:6c:17:d4:7e:71:5c:9a:d7:d3:22:5d:0e:ce:
62:d1:6d:90:9f:d0:76:e6:f1:f6:f9:0e:1a:80:b1:
3e:fd:ee:41:33:7f:13:a1:4a:91:17:15:0c:ea:a1:
27:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:EC:87:F3:A5:D4:50:C1:3F:72:18:5D:14:DC:20:59:1F:3B:9D:66
X509v3 Authority Key Identifier:
keyid:1F:53:9A:61:4E:0A:A1:CF:A1:9F:CF:8E:E0:BF:AA:03:46:31:43:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H1OaYU4Koc-hn8-O4L-qA0YxQ8M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/927bf1-7999-43e1-b7f5-abe1e37925cf/1/GuyH86XUUME_chhdFNwgWR87nWY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/927bf1-7999-43e1-b7f5-abe1e37925cf/1/H1OaYU4Koc-hn8-O4L-qA0YxQ8M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.219.132.0/22
91.221.4.0/23
185.140.28.0/22
IPv6:
2a0c:c500::/32
Signature Algorithm: sha256WithRSAEncryption
1f:05:8d:c1:a2:fa:8b:47:7f:76:73:c6:4f:b9:68:a9:53:7b:
b4:b2:6f:eb:a4:58:c2:61:df:43:30:90:e8:0d:16:ff:7a:45:
12:1e:ea:15:fc:35:1e:f6:ed:12:4f:8b:48:bb:39:1b:62:a2:
84:e8:79:79:7d:93:4b:37:0b:07:6a:69:6d:71:15:05:30:5b:
2d:9a:95:f4:a0:ef:cc:b7:08:99:18:84:de:02:c5:da:be:09:
45:e8:93:ee:d6:5f:16:4a:2e:40:10:4c:10:ed:1b:6c:da:51:
da:7c:00:ac:a0:98:4d:88:91:aa:b6:44:ff:39:63:71:f9:0e:
99:51:79:b1:d5:8c:9f:88:6b:60:3a:ae:80:b3:c1:eb:22:da:
bd:95:30:81:16:57:f2:c7:54:17:b7:44:ff:9f:45:fb:83:ce:
e6:30:d0:cf:cd:35:f8:2d:a5:0f:87:fd:b4:d9:23:7d:e1:9a:
51:cb:8a:84:3d:85:83:cd:6d:ff:6c:73:82:27:5d:8d:48:fc:
2e:d1:63:25:87:a5:1c:fd:de:05:ab:dd:30:89:a7:ba:1c:21:
59:7e:f0:7a:e1:62:a1:77:44:64:ea:33:38:96:8f:61:3b:ef:
4f:64:e6:ca:95:40:00:33:d3:13:39:94:42:5b:c4:51:a3:79:
b6:b7:35:cd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZoGMZEMVHXl28ykih/+aQo/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNTM5YTYxNGUwYWExY2ZhMTlmY2Y4ZWUwYmZhYTAzNDYz
MTQzYzMwHhcNMjUxMDIxMDk1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWVjODdmM2E1ZDQ1MGMxM2Y3MjE4NWQxNGRjMjA1OTFmM2I5ZDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0itwXAFPLpHi0+o9yo6q8SjPANud
0Wnz1F+iWhk/xTRqhQtNjroCWywJEga9jMsJg0H5JPfXRw26lnEVHD4iNI5JurgA
feoAsfVdolnZZ9IA6g6bg6bfCfSqyh4zmoygRKf6nq+7J8VvYZFPEMZRnjQDGbeO
/g5D5OkJCJ+NmQ5L1N6yR5okBbNUSACynC4Ls89Zb5aoFWN+hrB4ECpAJQsUreqd
l9O3DglT83q5WJiMu3L2ZsSB8HysTZiL4tQjJvXJOXunLLX8Tk3yCkkpOGdeSWwX
1H5xXJrX0yJdDs5i0W2Qn9B25vH2+Q4agLE+/e5BM38ToUqRFxUM6qEnHwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBrsh/Ol1FDBP3IYXRTcIFkfO51mMB8GA1UdIwQY
MBaAFB9TmmFOCqHPoZ/PjuC/qgNGMUPDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDFPYVlVNEtvYy1objgtTzRMLXFBMFl4UThNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS85MjdiZjEtNzk5OS00M2UxLWI3ZjUt
YWJlMWUzNzkyNWNmLzEvR3V5SDg2WFVVTUVfY2hoZEZOd2dXUjg3bldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS85MjdiZjEtNzk5OS00M2UxLWI3ZjUtYWJlMWUzNzkyNWNm
LzEvSDFPYVlVNEtvYy1objgtTzRMLXFBMFl4UThNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCW9uEAwQB
W90EAwQCuYwcMA0EAgACMAcDBQAqDMUAMA0GCSqGSIb3DQEBCwUAA4IBAQAfBY3B
ovqLR392c8ZPuWipU3u0sm/rpFjCYd9DMJDoDRb/ekUSHuoV/DUe9u0ST4tIuzkb
YqKE6Hl5fZNLNwsHamltcRUFMFstmpX0oO/MtwiZGITeAsXavglF6JPu1l8WSi5A
EEwQ7Rts2lHafACsoJhNiJGqtkT/OWNx+Q6ZUXmx1YyfiGtgOq6As8HrItq9lTCB
Flfyx1QXt0T/n0X7g87mMNDPzTX4LaUPh/202SN94ZpRy4qEPYWDzW3/bHOCJ12N
SPwu0WMlh6Uc/d4Fq90wiae6HCFZfvB64WKhd0Rk6jM4lo9hO+9PZObKlUAAM9MT
OZRCW8RRo3m2tzXN
-----END CERTIFICATE-----
Generated at Wed Oct 29 20:22:24 2025 by rpki-client