Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/zTZUM3UQwh-W8nZJ0MD2pHB0k54.roa
File: zTZUM3UQwh-W8nZJ0MD2pHB0k54.roa (raw, json)
Hash identifier: OcrNvvkfIJW2SyTHHtjd7YNeLsd1+GGqn6vdhdgaGaA=
Subject key identifier: CD:36:54:33:75:10:C2:1F:96:F2:76:49:D0:C0:F6:A4:70:74:93:9E
Certificate issuer: /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial: 019A5391EAD2AAD7FA9327919D42FC2C49F0
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/zTZUM3UQwh-W8nZJ0MD2pHB0k54.roa
Signing time: Wed 05 Nov 2025 10:31:03 +0000
ROA not before: Wed 05 Nov 2025 10:31:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44477
IP address blocks: 85.142.222.0/24 maxlen: 24
85.142.231.0/24 maxlen: 24
85.142.234.0/23 maxlen: 24
85.142.236.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 07 Nov 2025 13:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:53:91:ea:d2:aa:d7:fa:93:27:91:9d:42:fc:2c:49:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Validity
Not Before: Nov 5 10:31:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cd3654337510c21f96f27649d0c0f6a47074939e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:76:28:cf:b4:d3:43:5d:53:33:af:1d:b7:7b:
af:c8:38:88:f3:96:52:ee:5f:6a:8a:e9:94:c7:7f:
d3:91:d8:19:52:aa:e9:e3:c4:78:4c:f8:3b:e1:f6:
cc:cb:e0:0b:0e:7b:d2:22:29:c9:4c:dd:ef:f2:51:
ca:93:d3:c9:ec:e9:5b:30:d0:e1:6f:8e:ad:d1:3e:
87:10:15:af:9b:fc:3c:48:04:43:80:53:36:1b:a2:
46:66:68:d5:f2:5f:da:3d:c4:c6:e2:06:86:fd:96:
6b:95:51:ba:34:67:0f:1b:ff:18:5d:61:4b:c3:4a:
00:29:7a:5d:7a:3f:f2:9f:37:30:a3:a5:fb:88:6e:
2e:c6:3b:4e:c7:ef:41:58:ee:58:38:14:30:88:e2:
fb:c5:c1:cc:8c:7b:af:db:66:e2:1c:ec:e4:8a:0c:
07:bb:57:ae:b0:1b:dc:ae:ef:42:50:84:fa:1d:d8:
0f:5b:96:b5:ad:a2:7a:fc:bd:e2:59:96:40:5c:ea:
57:1c:f2:dc:ae:89:10:ba:b3:ec:da:56:0e:0f:17:
d6:06:e2:a1:b5:9b:83:f4:3d:e5:eb:97:c3:16:15:
17:5a:03:9f:76:b7:bd:7f:ee:ad:9f:17:9a:2c:96:
ed:dd:66:ba:7c:7e:8e:06:0a:82:15:ce:75:b5:9b:
3c:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:36:54:33:75:10:C2:1F:96:F2:76:49:D0:C0:F6:A4:70:74:93:9E
X509v3 Authority Key Identifier:
keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/zTZUM3UQwh-W8nZJ0MD2pHB0k54.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.142.222.0/24
85.142.231.0/24
85.142.234.0-85.142.239.255
Signature Algorithm: sha256WithRSAEncryption
79:f6:fa:69:3b:c2:1d:9d:39:b7:09:64:30:1e:85:0b:e4:75:
b3:d4:3f:d8:7f:c8:6f:38:21:19:10:23:99:90:25:f7:3f:d5:
48:71:f8:82:6b:52:bd:13:82:ab:ae:15:0e:db:64:4e:80:0a:
a8:18:66:4a:5d:f1:20:3f:d9:05:fe:9d:6e:69:64:86:c9:78:
1e:83:54:3a:e7:9d:d9:96:bb:41:0d:58:f6:d8:83:f6:e0:75:
00:df:f4:09:04:8e:7d:d1:a2:9c:37:11:33:15:b5:10:b5:a1:
4b:f1:69:f2:12:dc:55:6b:fd:35:5e:30:ae:39:ea:36:ce:82:
d9:1b:ab:7d:07:84:66:2f:6f:2a:35:3a:e0:9c:e3:28:da:af:
4e:0d:e4:cb:06:7f:25:73:e9:27:b9:50:03:64:d6:0a:67:b6:
0c:2e:0a:95:89:a5:f8:1f:37:af:c0:83:c4:9a:ee:63:b8:90:
88:78:1f:cf:2d:c4:8c:c0:cc:cc:0e:6b:d9:e8:5a:bc:f1:a0:
2e:49:8c:8a:d4:02:b4:67:5a:1a:ed:c5:04:57:2a:80:42:74:
00:03:49:05:14:50:8a:51:1f:7a:d6:96:e1:1c:1d:53:65:b1:
4b:d1:3b:f8:2e:1e:1d:eb:cf:e2:d0:25:35:10:64:12:47:d2:
66:fe:f3:d6
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZpTkerSqtf6kyeRnUL8LEnwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUxMTA1MTAzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDM2NTQzMzc1MTBjMjFmOTZmMjc2NDlkMGMwZjZhNDcwNzQ5MzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33Yoz7TTQ11TM68dt3uvyDiI85ZS
7l9qiumUx3/TkdgZUqrp48R4TPg74fbMy+ALDnvSIinJTN3v8lHKk9PJ7OlbMNDh
b46t0T6HEBWvm/w8SARDgFM2G6JGZmjV8l/aPcTG4gaG/ZZrlVG6NGcPG/8YXWFL
w0oAKXpdej/ynzcwo6X7iG4uxjtOx+9BWO5YOBQwiOL7xcHMjHuv22biHOzkigwH
u1eusBvcru9CUIT6HdgPW5a1raJ6/L3iWZZAXOpXHPLcrokQurPs2lYODxfWBuKh
tZuD9D3l65fDFhUXWgOfdre9f+6tnxeaLJbt3Wa6fH6OBgqCFc51tZs8bQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFM02VDN1EMIflvJ2SdDA9qRwdJOeMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvelRaVU0zVVF3aC1XOG5aSjBNRDJwSEIwazU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAVY7eAwQA
VY7nMAwDBAFVjuoDBARVjuAwDQYJKoZIhvcNAQELBQADggEBAHn2+mk7wh2dObcJ
ZDAehQvkdbPUP9h/yG84IRkQI5mQJfc/1Uhx+IJrUr0TgquuFQ7bZE6ACqgYZkpd
8SA/2QX+nW5pZIbJeB6DVDrnndmWu0ENWPbYg/bgdQDf9AkEjn3Ropw3ETMVtRC1
oUvxafIS3FVr/TVeMK456jbOgtkbq30HhGYvbyo1OuCc4yjar04N5MsGfyVz6Se5
UANk1gpntgwuCpWJpfgfN6/Ag8Sa7mO4kIh4H88txIzAzMwOa9noWrzxoC5JjIrU
ArRnWhrtxQRXKoBCdAADSQUUUIpRH3rWluEcHVNlsUvRO/guHh3rz+LQJTUQZBJH
0mb+89Y=
-----END CERTIFICATE-----
Generated at Thu Nov 6 21:33:41 2025 by rpki-client