Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/87Q37cevYH6QZuxliRF2iKJ-YIc.roa
File: 87Q37cevYH6QZuxliRF2iKJ-YIc.roa (raw, json)
Hash identifier: q9PgfWoNHaQDwxHjKovtDNRi94Xuf3L0zOWm+Nfu0po=
Subject key identifier: F3:B4:37:ED:C7:AF:60:7E:90:66:EC:65:89:11:76:88:A2:7E:60:87
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 019A15F18D61210E2E9C516D022D8D32FE53
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/87Q37cevYH6QZuxliRF2iKJ-YIc.roa
Signing time: Fri 24 Oct 2025 11:19:03 +0000
ROA not before: Fri 24 Oct 2025 11:19:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 185.199.158.0/24 maxlen: 24
185.210.235.0/24 maxlen: 24
185.214.108.0/24 maxlen: 24
185.218.20.0/24 maxlen: 24
185.223.155.0/24 maxlen: 24
185.234.22.0/24 maxlen: 24
185.246.112.0/24 maxlen: 24
194.124.69.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 26 Oct 2025 19:59:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:15:f1:8d:61:21:0e:2e:9c:51:6d:02:2d:8d:32:fe:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Oct 24 11:19:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f3b437edc7af607e9066ec6589117688a27e6087
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:89:b2:b4:74:aa:72:31:d3:c8:c7:1c:fb:1e:
c8:39:e7:c4:1f:68:40:36:55:95:63:e4:8b:f5:08:
61:f5:a8:7c:34:f1:09:ec:13:63:3b:e8:2b:2d:4d:
71:f5:21:df:95:33:14:80:f0:9e:67:49:03:37:fe:
34:1f:1c:ad:2d:a9:62:2a:56:f9:b0:64:18:e3:38:
56:f5:59:f6:0c:fc:25:24:8b:7f:0a:4d:02:c6:d1:
e8:53:5e:ea:db:a3:b9:10:16:36:49:5a:61:4f:1c:
6f:b7:9c:7d:15:f5:36:fb:b1:f2:12:a3:1c:0e:6f:
a8:aa:02:66:60:de:ea:cd:b6:5a:66:44:eb:63:93:
17:51:33:12:64:b9:24:95:74:3b:3c:e0:3b:ff:bf:
cd:5a:9f:71:ab:5c:db:50:82:29:0e:6b:46:d7:fb:
43:31:83:77:fe:98:46:0b:ba:6f:ae:62:20:5a:db:
bb:93:4b:65:83:36:12:80:82:be:ef:48:36:c4:50:
90:88:3d:c7:50:71:ce:ee:f0:7d:0d:c2:b8:63:2f:
fb:67:32:bb:40:73:2c:d6:80:81:16:1d:c2:3f:f7:
a8:9a:ab:3a:a4:89:57:09:13:d1:9b:22:49:6f:b0:
a9:63:b2:53:c2:65:19:1c:3d:fc:a7:a9:86:18:8c:
5c:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:B4:37:ED:C7:AF:60:7E:90:66:EC:65:89:11:76:88:A2:7E:60:87
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/87Q37cevYH6QZuxliRF2iKJ-YIc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.199.158.0/24
185.210.235.0/24
185.214.108.0/24
185.218.20.0/24
185.223.155.0/24
185.234.22.0/24
185.246.112.0/24
194.124.69.0/24
Signature Algorithm: sha256WithRSAEncryption
16:0d:36:54:fa:7b:c8:28:17:3c:fd:32:89:12:73:70:7d:cd:
76:e8:90:75:78:c5:0f:d0:7c:25:3b:85:c0:e9:0c:d7:07:e6:
b9:6e:eb:c2:f4:60:bd:9b:0f:82:08:f6:e3:6b:1d:8e:53:00:
89:2f:4b:ee:12:3d:48:79:85:8a:c1:3a:65:c2:1b:32:13:2b:
67:21:af:c1:bf:df:42:c4:76:f7:43:21:9e:24:b4:6e:93:c7:
69:51:a9:7d:43:c1:c3:d5:ca:d6:17:73:4a:e2:0c:ca:ad:b8:
b2:dc:d3:c1:66:0f:60:3e:00:d9:80:3c:84:9d:10:8c:31:7c:
95:3c:04:f9:bb:c9:96:e6:98:30:c2:c3:b6:fc:21:db:f0:e4:
8d:ac:a0:a0:20:60:f7:98:4c:e8:db:51:1d:45:4c:05:38:55:
33:9e:ef:24:43:e7:9d:08:f8:de:d0:aa:2f:ca:31:34:73:90:
ea:90:80:ef:0e:94:10:be:bc:3c:da:e4:b7:43:0f:58:a4:9d:
2e:8a:f0:db:e7:4a:c1:0a:a2:22:55:9b:b3:72:d6:49:96:ac:
ca:40:e8:a2:91:17:9c:a3:2d:14:b4:c3:eb:9a:5c:0a:59:8c:
6f:ef:9c:6f:90:fb:77:d5:6b:c5:9c:b2:53:06:08:1d:84:42:
81:6e:d2:ab
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZoV8Y1hIQ4unFFtAi2NMv5TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUxMDI0MTExOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2I0MzdlZGM3YWY2MDdlOTA2NmVjNjU4OTExNzY4OGEyN2U2MDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYmytHSqcjHTyMcc+x7IOefEH2hA
NlWVY+SL9Qhh9ah8NPEJ7BNjO+grLU1x9SHflTMUgPCeZ0kDN/40HxytLaliKlb5
sGQY4zhW9Vn2DPwlJIt/Ck0CxtHoU17q26O5EBY2SVphTxxvt5x9FfU2+7HyEqMc
Dm+oqgJmYN7qzbZaZkTrY5MXUTMSZLkklXQ7POA7/7/NWp9xq1zbUIIpDmtG1/tD
MYN3/phGC7pvrmIgWtu7k0tlgzYSgIK+70g2xFCQiD3HUHHO7vB9DcK4Yy/7ZzK7
QHMs1oCBFh3CP/eomqs6pIlXCRPRmyJJb7CpY7JTwmUZHD38p6mGGIxcFQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFPO0N+3Hr2B+kGbsZYkRdoiifmCHMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvODdRMzdjZXZZSDZRWnV4bGlSRjJpS0otWUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAuceeAwQA
udLrAwQAudZsAwQAudoUAwQAud+bAwQAueoWAwQAufZwAwQAwnxFMA0GCSqGSIb3
DQEBCwUAA4IBAQAWDTZU+nvIKBc8/TKJEnNwfc126JB1eMUP0HwlO4XA6QzXB+a5
buvC9GC9mw+CCPbjax2OUwCJL0vuEj1IeYWKwTplwhsyEytnIa/Bv99CxHb3QyGe
JLRuk8dpUal9Q8HD1crWF3NK4gzKrbiy3NPBZg9gPgDZgDyEnRCMMXyVPAT5u8mW
5pgwwsO2/CHb8OSNrKCgIGD3mEzo21EdRUwFOFUznu8kQ+edCPje0KovyjE0c5Dq
kIDvDpQQvrw82uS3Qw9YpJ0uivDb50rBCqIiVZuzctZJlqzKQOiikRecoy0UtMPr
mlwKWYxv75xvkPt31WvFnLJTBggdhEKBbtKr
-----END CERTIFICATE-----
Generated at Sun Oct 26 04:15:32 2025 by rpki-client