Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/aa53cf-f988-40eb-8083-51d75568a9e3/1/jtLIKZheIJbw9TwyWl-fpzVLvnE.roa
File: jtLIKZheIJbw9TwyWl-fpzVLvnE.roa (raw, json)
Hash identifier: IhEUym2kurgLTl3Vw4ZlxqTomcA/YLaDzPHSwrVgpmI=
Subject key identifier: 8E:D2:C8:29:98:5E:20:96:F0:F5:3C:32:5A:5F:9F:A7:35:4B:BE:71
Certificate issuer: /CN=7d502e2d24b1f216913088207a268e6626b0ce39
Certificate serial: 019A60B26DEDA035982F6A63AE9808580C67
Authority key identifier: 7D:50:2E:2D:24:B1:F2:16:91:30:88:20:7A:26:8E:66:26:B0:CE:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVAuLSSx8haRMIggeiaOZiawzjk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/aa53cf-f988-40eb-8083-51d75568a9e3/1/jtLIKZheIJbw9TwyWl-fpzVLvnE.roa
Signing time: Fri 07 Nov 2025 23:41:37 +0000
ROA not before: Fri 07 Nov 2025 23:41:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209505
IP address blocks: 185.250.8.0/22 maxlen: 22
185.250.8.0/24 maxlen: 24
185.250.9.0/24 maxlen: 24
185.250.10.0/23 maxlen: 23
2a0b:9400::/30 maxlen: 30
2a0b:9400:1000::/48 maxlen: 48
2a0b:9401::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/49/aa53cf-f988-40eb-8083-51d75568a9e3/1/fVAuLSSx8haRMIggeiaOZiawzjk.crl
rsync://rpki.ripe.net/repository/DEFAULT/49/aa53cf-f988-40eb-8083-51d75568a9e3/1/fVAuLSSx8haRMIggeiaOZiawzjk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fVAuLSSx8haRMIggeiaOZiawzjk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 08:01:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:60:b2:6d:ed:a0:35:98:2f:6a:63:ae:98:08:58:0c:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d502e2d24b1f216913088207a268e6626b0ce39
Validity
Not Before: Nov 7 23:41:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8ed2c829985e2096f0f53c325a5f9fa7354bbe71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:c0:63:10:b3:3f:55:a8:10:35:1f:53:5a:7d:
64:3a:3d:95:40:26:75:04:aa:42:74:4a:66:78:2d:
80:20:1f:6a:e3:f8:30:07:f4:e1:dc:60:3d:03:a8:
04:0e:51:51:e4:99:fb:6d:4b:ad:60:b8:c0:eb:f2:
c2:41:83:d2:76:c8:74:65:22:33:f3:6e:d8:2d:31:
89:9b:a6:5f:94:14:a1:19:82:d0:81:ef:60:3b:fc:
43:8e:40:8f:2c:e1:0d:d0:c0:57:f0:1e:9a:5b:1e:
44:f3:00:83:c9:00:da:08:5b:89:fb:9f:ee:3d:14:
7f:c2:29:6f:4a:cb:e3:07:15:1e:ac:f3:37:6c:9c:
46:c8:42:64:0a:2c:f6:37:b7:81:a6:af:1c:73:97:
a2:28:94:94:ca:02:55:0d:5a:1a:e4:92:18:63:31:
a3:96:26:3f:c2:1c:4b:4f:8e:43:b5:61:53:66:bc:
ee:bf:d7:f4:42:b1:d8:92:47:52:54:03:4a:98:ed:
23:19:03:28:64:32:6d:b2:cc:2d:d1:d3:ac:3c:70:
83:85:85:57:46:99:a3:cd:06:96:fd:6c:d8:e2:68:
e3:00:b1:12:d3:ef:2d:1f:a9:1f:3d:28:7f:f7:7a:
6d:00:83:27:52:ae:20:ec:5d:72:a8:15:70:88:36:
d5:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:D2:C8:29:98:5E:20:96:F0:F5:3C:32:5A:5F:9F:A7:35:4B:BE:71
X509v3 Authority Key Identifier:
keyid:7D:50:2E:2D:24:B1:F2:16:91:30:88:20:7A:26:8E:66:26:B0:CE:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVAuLSSx8haRMIggeiaOZiawzjk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/aa53cf-f988-40eb-8083-51d75568a9e3/1/jtLIKZheIJbw9TwyWl-fpzVLvnE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/aa53cf-f988-40eb-8083-51d75568a9e3/1/fVAuLSSx8haRMIggeiaOZiawzjk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.250.8.0/22
IPv6:
2a0b:9400::/30
Signature Algorithm: sha256WithRSAEncryption
05:75:87:2e:ae:0f:10:cc:f1:e4:6e:b5:2a:30:1f:1b:dc:9d:
ae:82:8b:8c:13:47:d3:45:24:f0:09:62:aa:ef:4d:6b:af:08:
ac:44:5f:39:4a:e2:43:2b:6d:9f:d8:31:0c:30:9d:0d:93:e7:
df:6d:82:cc:b6:d2:30:38:c4:83:fb:17:a7:43:37:c9:ce:e8:
a9:9b:35:89:1a:a9:0d:9c:60:a0:45:67:c6:5a:87:71:df:7d:
bd:5c:32:21:4d:ef:d1:42:91:43:b3:9e:6b:bf:9e:57:6a:da:
df:b9:40:9a:f8:a8:9c:cf:a2:e4:30:2c:cf:5b:3f:16:18:81:
9a:f1:72:d6:5a:5f:f0:79:1c:aa:02:c3:9e:2d:26:3f:99:40:
d6:9a:85:a9:69:45:2e:11:2c:1e:40:51:e2:04:23:1c:47:6d:
47:28:b1:f6:0d:6d:90:ec:2f:cc:21:5b:fd:13:dc:f4:28:35:
8b:be:1c:92:00:92:76:7f:b9:e0:c2:c7:71:47:63:c8:50:3f:
52:ed:ee:0c:50:01:31:84:8e:94:11:03:71:6b:a2:34:b9:c6:
68:32:dc:9e:a9:4d:5d:1b:03:6a:71:95:cd:2d:1c:a4:42:62:
79:82:e1:a0:da:e3:87:ef:96:76:50:c4:20:27:17:fe:91:12:
c8:fc:72:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZpgsm3toDWYL2pjrpgIWAxnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTAyZTJkMjRiMWYyMTY5MTMwODgyMDdhMjY4ZTY2MjZi
MGNlMzkwHhcNMjUxMTA3MjM0MTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWQyYzgyOTk4NWUyMDk2ZjBmNTNjMzI1YTVmOWZhNzM1NGJiZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsBjELM/VagQNR9TWn1kOj2VQCZ1
BKpCdEpmeC2AIB9q4/gwB/Th3GA9A6gEDlFR5Jn7bUutYLjA6/LCQYPSdsh0ZSIz
827YLTGJm6ZflBShGYLQge9gO/xDjkCPLOEN0MBX8B6aWx5E8wCDyQDaCFuJ+5/u
PRR/wilvSsvjBxUerPM3bJxGyEJkCiz2N7eBpq8cc5eiKJSUygJVDVoa5JIYYzGj
liY/whxLT45DtWFTZrzuv9f0QrHYkkdSVANKmO0jGQMoZDJtsswt0dOsPHCDhYVX
RpmjzQaW/WzY4mjjALES0+8tH6kfPSh/93ptAIMnUq4g7F1yqBVwiDbV2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI7SyCmYXiCW8PU8Mlpfn6c1S75xMB8GA1UdIwQY
MBaAFH1QLi0ksfIWkTCIIHomjmYmsM45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZBdUxTU3g4aGFSTUlnZ2VpYU9aaWF3emprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9hYTUzY2YtZjk4OC00MGViLTgwODMt
NTFkNzU1NjhhOWUzLzEvanRMSUtaaGVJSmJ3OVR3eVdsLWZwelZMdm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9hYTUzY2YtZjk4OC00MGViLTgwODMtNTFkNzU1NjhhOWUz
LzEvZlZBdUxTU3g4aGFSTUlnZ2VpYU9aaWF3emprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufoIMA0E
AgACMAcDBQIqC5QAMA0GCSqGSIb3DQEBCwUAA4IBAQAFdYcurg8QzPHkbrUqMB8b
3J2ugouME0fTRSTwCWKq701rrwisRF85SuJDK22f2DEMMJ0Nk+ffbYLMttIwOMSD
+xenQzfJzuipmzWJGqkNnGCgRWfGWodx3329XDIhTe/RQpFDs55rv55XatrfuUCa
+Kicz6LkMCzPWz8WGIGa8XLWWl/weRyqAsOeLSY/mUDWmoWpaUUuESweQFHiBCMc
R21HKLH2DW2Q7C/MIVv9E9z0KDWLvhySAJJ2f7ngwsdxR2PIUD9S7e4MUAExhI6U
EQNxa6I0ucZoMtyeqU1dGwNqcZXNLRykQmJ5guGg2uOH75Z2UMQgJxf+kRLI/HIy
-----END CERTIFICATE-----
Generated at Tue Nov 11 14:21:44 2025 by rpki-client