Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/59VNL7dQbZFmm2AJXFZqzAtkfl8.roa
File: 59VNL7dQbZFmm2AJXFZqzAtkfl8.roa (raw, json)
Hash identifier: p9FKGUjQIc96y5oPMqPml+M+S9V4gJIpDfcIYz2/WEw=
Subject key identifier: E7:D5:4D:2F:B7:50:6D:91:66:9B:60:09:5C:56:6A:CC:0B:64:7E:5F
Certificate issuer: /CN=1e74df4ad48ff211a0635b37f037977819cd4276
Certificate serial: 019A59C50E7F41CAF50FBAC2640368266111
Authority key identifier: 1E:74:DF:4A:D4:8F:F2:11:A0:63:5B:37:F0:37:97:78:19:CD:42:76
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HnTfStSP8hGgY1s38DeXeBnNQnY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/59VNL7dQbZFmm2AJXFZqzAtkfl8.roa
Signing time: Thu 06 Nov 2025 15:24:37 +0000
ROA not before: Thu 06 Nov 2025 15:24:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35359
IP address blocks: 85.119.40.0/21 maxlen: 21
85.119.40.0/24 maxlen: 24
85.119.41.0/24 maxlen: 24
85.119.42.0/24 maxlen: 24
85.119.43.0/24 maxlen: 24
85.119.44.0/24 maxlen: 24
85.119.45.0/24 maxlen: 24
85.119.46.0/24 maxlen: 24
85.119.47.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/HnTfStSP8hGgY1s38DeXeBnNQnY.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/HnTfStSP8hGgY1s38DeXeBnNQnY.mft
rsync://rpki.ripe.net/repository/DEFAULT/HnTfStSP8hGgY1s38DeXeBnNQnY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:59:c5:0e:7f:41:ca:f5:0f:ba:c2:64:03:68:26:61:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e74df4ad48ff211a0635b37f037977819cd4276
Validity
Not Before: Nov 6 15:24:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e7d54d2fb7506d91669b60095c566acc0b647e5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:91:f0:32:0e:d4:14:ca:b5:50:6c:59:86:9e:
bd:eb:e7:26:64:69:10:06:f6:d5:8c:d5:1f:91:9b:
b1:2c:c1:4a:56:b4:8e:1e:74:9e:3c:fa:21:2b:b2:
39:0e:b0:85:98:f9:fc:a6:13:f6:7a:3d:46:c0:79:
b8:d1:37:9f:e3:9f:68:06:0b:84:7a:7f:8e:4a:4f:
a8:58:13:ea:09:c0:7e:cb:c4:56:78:d7:ca:93:f3:
3a:e1:d2:01:18:64:1d:8e:ac:f0:e4:95:f2:e5:8b:
a8:d7:94:09:69:d8:3d:8a:fd:c2:b9:ee:7f:14:a3:
f6:1d:f6:94:ca:e3:06:f1:a4:6e:40:ec:72:1e:33:
28:17:22:60:f2:b2:23:12:5d:c6:f2:d3:b9:bc:55:
97:15:0d:b7:dd:a4:7c:db:e2:25:92:0f:84:cf:d0:
4d:90:cd:84:e1:1b:78:fa:35:6e:8c:43:e6:f3:54:
c5:2c:c6:da:07:38:15:a0:b3:92:f0:31:93:09:d2:
8f:15:4f:06:85:5c:8f:c3:e6:ff:57:78:7c:2c:45:
7a:4f:ea:1b:20:96:61:80:15:8a:88:39:85:21:45:
88:ba:8a:d0:1d:f9:49:5d:c5:20:45:45:1c:45:4f:
b7:be:3d:86:09:e2:89:1c:83:7c:54:48:cb:45:bd:
d2:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:D5:4D:2F:B7:50:6D:91:66:9B:60:09:5C:56:6A:CC:0B:64:7E:5F
X509v3 Authority Key Identifier:
keyid:1E:74:DF:4A:D4:8F:F2:11:A0:63:5B:37:F0:37:97:78:19:CD:42:76
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HnTfStSP8hGgY1s38DeXeBnNQnY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/59VNL7dQbZFmm2AJXFZqzAtkfl8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/010e95-49b7-4edd-8d0d-395d4eec831e/1/HnTfStSP8hGgY1s38DeXeBnNQnY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.119.40.0/21
Signature Algorithm: sha256WithRSAEncryption
8e:70:f8:a4:fd:ca:f6:2e:65:bf:a4:cb:17:dd:7c:ab:a2:98:
33:b6:73:ee:5e:85:ce:f9:62:d8:c3:89:3b:21:13:45:83:e4:
e8:71:5b:45:a7:ee:49:26:9a:2d:bb:4c:1c:ca:35:d7:2a:be:
37:e2:11:35:4c:f5:09:51:59:bd:4e:7f:b9:f9:63:28:38:d4:
3d:fd:b5:35:31:8a:25:37:29:2c:d8:4d:99:3f:73:ed:78:95:
c2:ee:cc:a5:12:f9:c2:b5:3c:1d:d4:99:83:22:14:f1:11:a3:
e7:3b:62:f3:5a:2b:db:00:35:29:75:cd:e0:f7:a6:38:52:ff:
a4:5d:9b:ee:8e:2c:dd:37:9f:63:2a:66:d5:57:e7:9b:74:da:
59:50:97:16:80:bd:64:26:63:4f:2d:53:0a:d5:df:52:f0:d7:
86:f9:97:55:b7:5f:ec:18:c1:82:2b:9a:ee:0f:f8:75:b4:68:
0d:0a:11:ed:11:2b:8d:90:cc:5f:ab:99:fc:4e:19:85:89:0e:
ec:16:6f:cc:9e:3d:f9:c6:fe:c4:b2:6a:51:e6:65:30:1e:ad:
99:85:77:53:c0:c7:9b:15:2a:e5:56:88:15:ab:9d:17:25:d0:
c0:df:e7:27:45:ad:cf:c1:fc:c0:da:99:2b:bb:07:ef:08:a4:
b5:5c:8b:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpZxQ5/Qcr1D7rCZANoJmERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNzRkZjRhZDQ4ZmYyMTFhMDYzNWIzN2YwMzc5Nzc4MTlj
ZDQyNzYwHhcNMjUxMTA2MTUyNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2Q1NGQyZmI3NTA2ZDkxNjY5YjYwMDk1YzU2NmFjYzBiNjQ3ZTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpHwMg7UFMq1UGxZhp696+cmZGkQ
BvbVjNUfkZuxLMFKVrSOHnSePPohK7I5DrCFmPn8phP2ej1GwHm40Tef459oBguE
en+OSk+oWBPqCcB+y8RWeNfKk/M64dIBGGQdjqzw5JXy5Yuo15QJadg9iv3Cue5/
FKP2HfaUyuMG8aRuQOxyHjMoFyJg8rIjEl3G8tO5vFWXFQ233aR82+Ilkg+Ez9BN
kM2E4Rt4+jVujEPm81TFLMbaBzgVoLOS8DGTCdKPFU8GhVyPw+b/V3h8LEV6T+ob
IJZhgBWKiDmFIUWIuorQHflJXcUgRUUcRU+3vj2GCeKJHIN8VEjLRb3SUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfVTS+3UG2RZptgCVxWaswLZH5fMB8GA1UdIwQY
MBaAFB5030rUj/IRoGNbN/A3l3gZzUJ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG5UZlN0U1A4aEdnWTFzMzhEZVhlQm5OUW5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8wMTBlOTUtNDliNy00ZWRkLThkMGQt
Mzk1ZDRlZWM4MzFlLzEvNTlWTkw3ZFFiWkZtbTJBSlhGWnF6QXRrZmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8wMTBlOTUtNDliNy00ZWRkLThkMGQtMzk1ZDRlZWM4MzFl
LzEvSG5UZlN0U1A4aEdnWTFzMzhEZVhlQm5OUW5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVXcoMA0G
CSqGSIb3DQEBCwUAA4IBAQCOcPik/cr2LmW/pMsX3XyropgztnPuXoXO+WLYw4k7
IRNFg+TocVtFp+5JJpotu0wcyjXXKr434hE1TPUJUVm9Tn+5+WMoONQ9/bU1MYol
Nyks2E2ZP3PteJXC7sylEvnCtTwd1JmDIhTxEaPnO2LzWivbADUpdc3g96Y4Uv+k
XZvujizdN59jKmbVV+ebdNpZUJcWgL1kJmNPLVMK1d9S8NeG+ZdVt1/sGMGCK5ru
D/h1tGgNChHtESuNkMxfq5n8ThmFiQ7sFm/Mnj35xv7EsmpR5mUwHq2ZhXdTwMeb
FSrlVogVq50XJdDA3+cnRa3PwfzA2pkruwfvCKS1XIvH
-----END CERTIFICATE-----
Generated at Tue Nov 11 16:49:18 2025 by rpki-client