Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3jgLsYa1q4Mk7X0uHMgle7EiY7Y.roa
File: 3jgLsYa1q4Mk7X0uHMgle7EiY7Y.roa (raw, json)
Hash identifier: KmKsjgHe19UyfqrawKlE+2SiCpUIX7oLtfjTZ4PQQZY=
Subject key identifier: DE:38:0B:B1:86:B5:AB:83:24:ED:7D:2E:1C:C8:25:7B:B1:22:63:B6
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019A477333A915B3D3E98D98E667C28EA7D1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3jgLsYa1q4Mk7X0uHMgle7EiY7Y.roa
Signing time: Mon 03 Nov 2025 02:02:03 +0000
ROA not before: Mon 03 Nov 2025 02:02:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 87.120.68.0/23 maxlen: 24
87.120.68.0/24 maxlen: 24
87.121.60.0/23 maxlen: 23
87.121.61.0/24 maxlen: 24
93.123.74.0/23 maxlen: 24
94.156.253.0/24 maxlen: 24
185.252.160.0/23 maxlen: 24
212.87.204.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:47:73:33:a9:15:b3:d3:e9:8d:98:e6:67:c2:8e:a7:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Nov 3 02:02:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de380bb186b5ab8324ed7d2e1cc8257bb12263b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:4e:3d:f9:28:43:55:c8:28:69:80:98:ea:3d:
17:c2:da:dc:ee:44:da:13:d8:52:3b:d0:b9:b6:f0:
76:c0:27:0e:d4:2d:78:e7:04:17:ca:ee:49:6a:33:
65:cc:8d:2d:27:c1:4d:02:0f:ad:7d:bd:f4:c4:ef:
76:7a:8a:e3:41:b1:9d:02:f3:96:dd:37:ab:4d:1c:
75:45:c3:f8:9f:f2:d5:e2:dd:af:57:47:37:01:ce:
29:7c:39:65:f6:83:91:77:de:48:9c:67:a4:aa:25:
64:94:27:79:0b:9f:64:d3:ce:fe:bc:db:16:b8:0f:
e7:63:ed:e7:be:7a:44:ff:2d:22:c3:f2:c5:bd:95:
de:43:6c:fd:c2:5a:0f:2f:51:7f:1b:6e:ae:43:11:
6b:8b:2e:ca:85:b6:0f:c9:df:c4:99:ab:26:69:b6:
ea:71:f0:b9:d6:01:f7:93:00:69:53:c7:f8:d5:d2:
d6:e3:06:de:2d:7f:03:61:7c:6a:55:4e:de:4b:7a:
a6:a0:73:5e:2f:18:01:d9:c4:23:5c:e0:a7:00:6e:
1b:8b:eb:93:b4:eb:42:96:50:16:cd:34:16:d9:dd:
0b:99:5c:66:b6:00:86:64:8e:c0:bc:ef:ac:57:f8:
13:e4:b6:c6:dc:1c:72:98:8f:ae:1d:2e:31:07:c3:
b2:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:38:0B:B1:86:B5:AB:83:24:ED:7D:2E:1C:C8:25:7B:B1:22:63:B6
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3jgLsYa1q4Mk7X0uHMgle7EiY7Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.68.0/23
87.121.60.0/23
93.123.74.0/23
94.156.253.0/24
185.252.160.0/23
212.87.204.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:e3:83:39:3c:c6:83:e1:37:b6:07:61:06:b7:a0:d0:f7:0c:
9d:50:79:78:df:22:31:bf:12:b2:eb:47:81:b0:c1:ec:c1:7b:
85:b4:b6:90:94:cc:a2:e8:b7:3a:ca:1a:f3:94:f6:e7:48:b3:
7f:21:c7:2e:a8:47:42:66:ba:87:11:3b:39:5d:f7:7d:99:8e:
1a:74:70:56:88:54:29:c0:6e:aa:15:c1:18:44:44:fb:1e:64:
cf:02:9c:e9:25:21:73:90:cd:78:80:7d:53:1f:c3:e1:24:e9:
e3:e6:80:38:25:10:e1:b5:1d:3c:a1:44:b7:3b:48:51:ee:42:
51:b7:d0:8e:c7:bb:e2:8f:43:29:e2:5a:e5:cf:a1:19:b7:ca:
7b:60:3a:d2:65:8d:9a:c4:20:64:67:26:4d:a7:fa:a3:6c:e9:
ab:d1:f2:23:74:de:fb:1f:87:e9:e6:38:3f:19:df:a4:0d:a2:
da:4b:77:e2:5c:a3:34:90:8d:5d:24:d5:f6:44:e8:9a:f7:e7:
e3:df:c1:58:3f:17:9b:73:93:a8:2e:d7:55:5d:5b:ef:1f:b7:
db:d4:11:12:0f:3f:f7:7b:28:84:37:e1:9b:ff:4b:de:2e:a9:
73:43:60:b6:2b:ab:73:fe:a6:19:cc:3e:5e:f2:fd:07:b6:f4:
16:c9:f0:64
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZpHczOpFbPT6Y2Y5mfCjqfRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUxMTAzMDIwMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTM4MGJiMTg2YjVhYjgzMjRlZDdkMmUxY2M4MjU3YmIxMjI2M2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE49+ShDVcgoaYCY6j0Xwtrc7kTa
E9hSO9C5tvB2wCcO1C145wQXyu5JajNlzI0tJ8FNAg+tfb30xO92eorjQbGdAvOW
3TerTRx1RcP4n/LV4t2vV0c3Ac4pfDll9oORd95InGekqiVklCd5C59k087+vNsW
uA/nY+3nvnpE/y0iw/LFvZXeQ2z9wloPL1F/G26uQxFriy7KhbYPyd/Emasmabbq
cfC51gH3kwBpU8f41dLW4wbeLX8DYXxqVU7eS3qmoHNeLxgB2cQjXOCnAG4bi+uT
tOtCllAWzTQW2d0LmVxmtgCGZI7AvO+sV/gT5LbG3BxymI+uHS4xB8Oy9QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFN44C7GGtauDJO19LhzIJXuxImO2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvM2pnTHNZYTFxNE1rN1gwdUhNZ2xlN0VpWTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBV3hEAwQB
V3k8AwQBXXtKAwQAXpz9AwQBufygAwQA1FfMMA0GCSqGSIb3DQEBCwUAA4IBAQAN
44M5PMaD4Te2B2EGt6DQ9wydUHl43yIxvxKy60eBsMHswXuFtLaQlMyi6Lc6yhrz
lPbnSLN/IccuqEdCZrqHETs5Xfd9mY4adHBWiFQpwG6qFcEYRET7HmTPApzpJSFz
kM14gH1TH8PhJOnj5oA4JRDhtR08oUS3O0hR7kJRt9COx7vij0Mp4lrlz6EZt8p7
YDrSZY2axCBkZyZNp/qjbOmr0fIjdN77H4fp5jg/Gd+kDaLaS3fiXKM0kI1dJNX2
ROia9+fj38FYPxebc5OoLtdVXVvvH7fb1BESDz/3eyiEN+Gb/0veLqlzQ2C2K6tz
/qYZzD5e8v0HtvQWyfBk
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:24:18 2025 by rpki-client