Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Hw_YSikfvPxyjT0Axd5BlNhcASU.roa
File: Hw_YSikfvPxyjT0Axd5BlNhcASU.roa (raw, json)
Hash identifier: r5NiDKMzZzkd/HZAp6j3JOaexr/ITFnq6zXIPbUaL0k=
Subject key identifier: 1F:0F:D8:4A:29:1F:BC:FC:72:8D:3D:00:C5:DE:41:94:D8:5C:01:25
Certificate issuer: /CN=43594e55dc96cb9b980a52aa637e48a8d87389c0
Certificate serial: 019A00464FBC17CCC736C39C1A8A3AA76525
Authority key identifier: 43:59:4E:55:DC:96:CB:9B:98:0A:52:AA:63:7E:48:A8:D8:73:89:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q1lOVdyWy5uYClKqY35IqNhzicA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Hw_YSikfvPxyjT0Axd5BlNhcASU.roa
Signing time: Mon 20 Oct 2025 06:19:59 +0000
ROA not before: Mon 20 Oct 2025 06:19:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35193
IP address blocks: 5.145.120.0/21 maxlen: 21
5.145.120.0/24 maxlen: 24
5.145.121.0/24 maxlen: 24
5.145.122.0/23 maxlen: 23
5.145.124.0/22 maxlen: 22
85.239.160.0/19 maxlen: 19
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Q1lOVdyWy5uYClKqY35IqNhzicA.crl
rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Q1lOVdyWy5uYClKqY35IqNhzicA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Q1lOVdyWy5uYClKqY35IqNhzicA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:00:46:4f:bc:17:cc:c7:36:c3:9c:1a:8a:3a:a7:65:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43594e55dc96cb9b980a52aa637e48a8d87389c0
Validity
Not Before: Oct 20 06:19:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1f0fd84a291fbcfc728d3d00c5de4194d85c0125
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:64:c1:3c:0b:37:85:cd:2c:b7:2a:17:5b:9b:
bf:e6:2b:61:55:e6:21:5c:64:41:33:8d:dc:92:e9:
ec:3e:23:dd:ba:79:2d:49:9f:8d:48:36:19:86:4f:
b9:ec:91:55:7b:4f:f1:fa:48:c1:54:f7:30:a0:b2:
49:9e:06:d3:44:1f:0f:ec:8d:0c:98:2a:a0:d0:16:
5b:cb:ef:4f:66:e5:1f:a2:bf:7f:4a:67:a3:fe:d3:
2e:e7:aa:62:66:17:a2:03:cf:53:8c:b2:7a:b1:8b:
39:93:ce:89:0b:98:c3:f1:7d:c3:ab:cf:84:ac:3a:
82:6f:0c:c7:36:99:4c:a0:39:6e:ef:f5:78:0e:92:
83:78:21:04:ac:a5:a6:54:1d:a0:38:3e:1c:f7:41:
f2:bd:cd:69:b6:90:d7:19:f6:57:e1:c7:77:76:4f:
02:f5:3c:dc:51:f2:03:77:91:1f:5a:b9:55:79:ec:
91:1a:6b:c5:4a:eb:7f:4b:eb:70:5d:20:44:3b:8a:
c9:27:a8:12:23:83:0e:3d:33:c1:be:11:a7:d6:fa:
f3:73:33:08:88:37:33:43:24:d1:74:32:c7:f2:8a:
c1:0b:67:ea:8b:68:e6:45:bb:02:38:db:a9:b8:bb:
ec:ad:b3:a7:b2:b8:3d:43:e2:0a:08:6e:d3:2b:c4:
bf:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:0F:D8:4A:29:1F:BC:FC:72:8D:3D:00:C5:DE:41:94:D8:5C:01:25
X509v3 Authority Key Identifier:
keyid:43:59:4E:55:DC:96:CB:9B:98:0A:52:AA:63:7E:48:A8:D8:73:89:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1lOVdyWy5uYClKqY35IqNhzicA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Hw_YSikfvPxyjT0Axd5BlNhcASU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Q1lOVdyWy5uYClKqY35IqNhzicA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.145.120.0/21
85.239.160.0/19
Signature Algorithm: sha256WithRSAEncryption
3d:ed:11:8b:a7:50:18:89:9c:ce:35:a9:32:02:bd:2e:6f:2c:
8f:11:d0:ff:9d:38:ee:7e:a0:d2:ef:53:67:c4:60:f3:5c:26:
c6:bd:3f:04:52:08:7a:ef:58:d8:48:48:46:bc:5e:62:ab:58:
e6:18:f4:3c:86:cc:cf:ec:c3:45:6f:44:73:3a:c5:7c:95:ab:
bd:bd:f3:80:26:a0:13:74:1f:91:f7:1a:2f:2d:5b:39:c5:6d:
77:47:dc:cb:89:0e:08:8d:67:6d:3b:2d:48:2f:4d:44:a0:63:
77:66:06:2e:c8:20:7a:17:f3:0e:88:93:2f:38:48:18:a7:8e:
4b:71:b6:f6:ed:ea:b4:8c:51:09:49:c0:7a:b1:87:6c:c5:ce:
a7:fc:2b:b7:ee:a2:24:73:6b:e4:7a:56:dd:8b:7b:59:c4:30:
01:95:19:8a:f3:aa:40:61:e7:19:70:9e:ee:53:2a:e4:e1:0b:
01:40:4c:be:78:72:08:fa:96:c2:75:88:d2:0c:ec:4a:fe:ef:
32:6e:fb:63:e0:52:28:3c:3a:6a:10:c5:f3:5b:08:2f:b3:31:
cf:fa:71:b1:a5:e9:38:dd:51:c3:25:15:14:12:01:0f:a7:dd:
66:3c:ee:0a:62:17:43:ca:a0:5d:8a:40:31:13:ef:d3:84:aa:
44:dc:e3:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoARk+8F8zHNsOcGoo6p2UlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTk0ZTU1ZGM5NmNiOWI5ODBhNTJhYTYzN2U0OGE4ZDg3
Mzg5YzAwHhcNMjUxMDIwMDYxOTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjBmZDg0YTI5MWZiY2ZjNzI4ZDNkMDBjNWRlNDE5NGQ4NWMwMTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGTBPAs3hc0styoXW5u/5ithVeYh
XGRBM43ckunsPiPdunktSZ+NSDYZhk+57JFVe0/x+kjBVPcwoLJJngbTRB8P7I0M
mCqg0BZby+9PZuUfor9/Smej/tMu56piZheiA89TjLJ6sYs5k86JC5jD8X3Dq8+E
rDqCbwzHNplMoDlu7/V4DpKDeCEErKWmVB2gOD4c90Hyvc1ptpDXGfZX4cd3dk8C
9TzcUfIDd5EfWrlVeeyRGmvFSut/S+twXSBEO4rJJ6gSI4MOPTPBvhGn1vrzczMI
iDczQyTRdDLH8orBC2fqi2jmRbsCONupuLvsrbOnsrg9Q+IKCG7TK8S/twIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB8P2EopH7z8co09AMXeQZTYXAElMB8GA1UdIwQY
MBaAFENZTlXclsubmApSqmN+SKjYc4nAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFsT1ZkeVd5NXVZQ2xLcVkzNUlxTmh6aWNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84NWUxMjUtODVkNi00M2YwLTk4YmYt
ZDhmYTBlZGEzYWJlLzEvSHdfWVNpa2Z2UHh5alQwQXhkNUJsTmhjQVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84NWUxMjUtODVkNi00M2YwLTk4YmYtZDhmYTBlZGEzYWJl
LzEvUTFsT1ZkeVd5NXVZQ2xLcVkzNUlxTmh6aWNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBZF4AwQF
Ve+gMA0GCSqGSIb3DQEBCwUAA4IBAQA97RGLp1AYiZzONakyAr0ubyyPEdD/nTju
fqDS71NnxGDzXCbGvT8EUgh671jYSEhGvF5iq1jmGPQ8hszP7MNFb0RzOsV8lau9
vfOAJqATdB+R9xovLVs5xW13R9zLiQ4IjWdtOy1IL01EoGN3ZgYuyCB6F/MOiJMv
OEgYp45Lcbb27eq0jFEJScB6sYdsxc6n/Cu37qIkc2vkelbdi3tZxDABlRmK86pA
YecZcJ7uUyrk4QsBQEy+eHII+pbCdYjSDOxK/u8ybvtj4FIoPDpqEMXzWwgvszHP
+nGxpek43VHDJRUUEgEPp91mPO4KYhdDyqBdikAxE+/ThKpE3OOz
-----END CERTIFICATE-----
Generated at Tue Nov 11 17:11:07 2025 by rpki-client