Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/fc96a4-36d1-4c3d-850b-3cd417aee9ce/1/dG-am26B1M3XAXEgM6-msbO-92s.roa
File: dG-am26B1M3XAXEgM6-msbO-92s.roa (raw, json)
Hash identifier: sgrhjyzOPPpjctuaWq0Rfchq08X1+S1hm2vde7AlZ8o=
Subject key identifier: 74:6F:9A:9B:6E:81:D4:CD:D7:01:71:20:33:AF:A6:B1:B3:BE:F7:6B
Certificate issuer: /CN=580dddb511603e41c2b7abba3d249d5ef5ed4d11
Certificate serial: 019A12169CD67459409934D9807BA39C4B79
Authority key identifier: 58:0D:DD:B5:11:60:3E:41:C2:B7:AB:BA:3D:24:9D:5E:F5:ED:4D:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WA3dtRFgPkHCt6u6PSSdXvXtTRE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/fc96a4-36d1-4c3d-850b-3cd417aee9ce/1/dG-am26B1M3XAXEgM6-msbO-92s.roa
Signing time: Thu 23 Oct 2025 17:21:03 +0000
ROA not before: Thu 23 Oct 2025 17:21:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201119
IP address blocks: 185.195.144.0/24 maxlen: 24
185.195.145.0/24 maxlen: 24
185.195.146.0/24 maxlen: 24
185.195.147.0/24 maxlen: 24
2a0a:5bc0:1:ffa2::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/82/fc96a4-36d1-4c3d-850b-3cd417aee9ce/1/WA3dtRFgPkHCt6u6PSSdXvXtTRE.crl
rsync://rpki.ripe.net/repository/DEFAULT/82/fc96a4-36d1-4c3d-850b-3cd417aee9ce/1/WA3dtRFgPkHCt6u6PSSdXvXtTRE.mft
rsync://rpki.ripe.net/repository/DEFAULT/WA3dtRFgPkHCt6u6PSSdXvXtTRE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 08:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:12:16:9c:d6:74:59:40:99:34:d9:80:7b:a3:9c:4b:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=580dddb511603e41c2b7abba3d249d5ef5ed4d11
Validity
Not Before: Oct 23 17:21:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=746f9a9b6e81d4cdd701712033afa6b1b3bef76b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:6d:e2:aa:63:8c:04:e3:cb:b9:91:39:c0:aa:
1c:6e:61:1f:88:7d:66:bb:85:00:1b:ad:a8:c7:c0:
06:3d:b2:c4:19:72:a1:91:fd:1a:88:9d:03:01:3b:
71:4b:64:51:b8:78:ab:04:33:29:f7:8d:e2:91:e8:
8b:28:ca:29:8a:a3:18:20:a4:dd:05:8b:64:d1:28:
99:11:fe:e4:f4:27:66:c3:a2:38:f6:c3:e1:6a:29:
bc:7f:9a:c5:98:83:eb:9e:45:66:0d:67:d1:46:56:
17:30:e5:b3:91:25:eb:1b:f6:e1:6e:40:28:90:7e:
e2:8e:f8:01:81:f5:37:ff:79:94:20:6f:f8:19:c8:
fc:f4:23:6d:3c:a3:6e:3c:67:da:a7:9a:38:05:01:
79:44:4f:5d:ac:dc:38:7f:8a:10:b3:6d:e4:80:59:
74:dc:54:8e:65:7b:9e:e9:df:2f:81:86:06:e1:30:
2b:e3:1f:c7:a5:0f:bc:34:52:3c:f4:f7:87:42:25:
94:f4:a5:eb:ac:4e:a9:f6:68:70:ce:b4:71:aa:a9:
5f:4a:4c:df:62:36:90:59:4f:90:4c:f0:8a:57:bf:
63:72:46:a1:ee:c4:3e:1a:10:89:33:cc:79:27:f7:
00:9f:61:1e:0e:c4:e1:d0:95:dc:1d:7b:94:fa:09:
f2:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:6F:9A:9B:6E:81:D4:CD:D7:01:71:20:33:AF:A6:B1:B3:BE:F7:6B
X509v3 Authority Key Identifier:
keyid:58:0D:DD:B5:11:60:3E:41:C2:B7:AB:BA:3D:24:9D:5E:F5:ED:4D:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WA3dtRFgPkHCt6u6PSSdXvXtTRE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/fc96a4-36d1-4c3d-850b-3cd417aee9ce/1/dG-am26B1M3XAXEgM6-msbO-92s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/fc96a4-36d1-4c3d-850b-3cd417aee9ce/1/WA3dtRFgPkHCt6u6PSSdXvXtTRE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.195.144.0/22
IPv6:
2a0a:5bc0:1:ffa2::/64
Signature Algorithm: sha256WithRSAEncryption
7c:d7:b5:ee:e4:89:84:f3:a3:34:74:57:f3:31:e6:8b:0e:ec:
52:ed:c0:6c:c7:52:40:57:87:44:5c:23:09:25:fb:87:cd:05:
69:78:54:d5:db:cf:de:c9:15:88:b6:9f:30:e1:74:43:35:c1:
e1:79:0f:6d:42:77:61:aa:ef:cb:b6:6b:81:ee:e6:d8:6d:f5:
3a:b4:16:db:3b:86:22:d5:c5:11:ba:f6:25:1f:64:fb:17:bd:
15:bf:9e:9e:a5:85:9a:63:92:80:20:0a:07:30:fc:e1:90:bb:
96:2a:9f:65:10:ce:56:22:c0:be:1e:04:8b:a7:03:8d:92:5c:
18:65:e7:12:62:fa:02:95:e6:46:97:2e:bd:95:5f:71:1d:72:
d3:77:ac:28:0e:d3:e4:50:f1:ba:f3:78:de:4e:4d:d3:ca:5e:
78:89:be:c9:fd:12:c7:4a:9d:4a:30:2b:a9:13:72:74:bd:03:
fa:a8:c9:3c:fd:7e:d2:a7:b9:4f:48:35:e4:3d:e1:97:e0:5d:
de:11:9c:ca:88:9c:dd:cb:da:3c:39:ce:da:fd:1a:50:50:63:
dd:3e:36:33:49:60:af:cb:f2:7b:7b:be:d3:af:0b:86:53:08:
f8:44:dc:c2:4f:96:a9:fb:0e:56:e1:8a:ed:ee:d2:2a:4b:1e:
70:fd:7a:64
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZoSFpzWdFlAmTTZgHujnEt5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MGRkZGI1MTE2MDNlNDFjMmI3YWJiYTNkMjQ5ZDVlZjVl
ZDRkMTEwHhcNMjUxMDIzMTcyMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDZmOWE5YjZlODFkNGNkZDcwMTcxMjAzM2FmYTZiMWIzYmVmNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW3iqmOMBOPLuZE5wKocbmEfiH1m
u4UAG62ox8AGPbLEGXKhkf0aiJ0DATtxS2RRuHirBDMp943ikeiLKMopiqMYIKTd
BYtk0SiZEf7k9Cdmw6I49sPhaim8f5rFmIPrnkVmDWfRRlYXMOWzkSXrG/bhbkAo
kH7ijvgBgfU3/3mUIG/4Gcj89CNtPKNuPGfap5o4BQF5RE9drNw4f4oQs23kgFl0
3FSOZXue6d8vgYYG4TAr4x/HpQ+8NFI89PeHQiWU9KXrrE6p9mhwzrRxqqlfSkzf
YjaQWU+QTPCKV79jckah7sQ+GhCJM8x5J/cAn2EeDsTh0JXcHXuU+gnymQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFHRvmptugdTN1wFxIDOvprGzvvdrMB8GA1UdIwQY
MBaAFFgN3bURYD5Bwreruj0knV717U0RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0EzZHRSRmdQa0hDdDZ1NlBTU2RYdlh0VFJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9mYzk2YTQtMzZkMS00YzNkLTg1MGIt
M2NkNDE3YWVlOWNlLzEvZEctYW0yNkIxTTNYQVhFZ002LW1zYk8tOTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9mYzk2YTQtMzZkMS00YzNkLTg1MGItM2NkNDE3YWVlOWNl
LzEvV0EzZHRSRmdQa0hDdDZ1NlBTU2RYdlh0VFJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAMBAIAATAGAwQCucOQMBEE
AgACMAsDCQAqClvAAAH/ojANBgkqhkiG9w0BAQsFAAOCAQEAfNe17uSJhPOjNHRX
8zHmiw7sUu3AbMdSQFeHRFwjCSX7h80FaXhU1dvP3skViLafMOF0QzXB4XkPbUJ3
Yarvy7Zrge7m2G31OrQW2zuGItXFEbr2JR9k+xe9Fb+enqWFmmOSgCAKBzD84ZC7
liqfZRDOViLAvh4Ei6cDjZJcGGXnEmL6ApXmRpcuvZVfcR1y03esKA7T5FDxuvN4
3k5N08peeIm+yf0Sx0qdSjArqRNydL0D+qjJPP1+0qe5T0g15D3hl+Bd3hGcyoic
3cvaPDnO2v0aUFBj3T42M0lgr8vye3u+068LhlMI+ETcwk+WqfsOVuGK7e7SKkse
cP16ZA==
-----END CERTIFICATE-----
Generated at Mon Oct 27 12:28:41 2025 by rpki-client