Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZaV8OY_dabV_eCw2jY7KCJp-COY.roa
File: ZaV8OY_dabV_eCw2jY7KCJp-COY.roa (raw, json)
Hash identifier: MntvmuFYB+4tPT0DCG2Hk3b2L/JCSPUJls2/5ndfwyA=
Subject key identifier: 65:A5:7C:39:8F:DD:69:B5:7F:78:2C:36:8D:8E:CA:08:9A:7E:08:E6
Certificate issuer: /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial: 019A4949C8451969A8C11708D74E5AEC7E97
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZaV8OY_dabV_eCw2jY7KCJp-COY.roa
Signing time: Mon 03 Nov 2025 10:36:03 +0000
ROA not before: Mon 03 Nov 2025 10:36:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44486
IP address blocks: 5.83.145.0/24 maxlen: 24
77.90.3.0/24 maxlen: 24
77.90.28.0/24 maxlen: 24
89.144.33.0/24 maxlen: 24
89.144.42.0/24 maxlen: 24
94.103.173.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:49:49:c8:45:19:69:a8:c1:17:08:d7:4e:5a:ec:7e:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
Validity
Not Before: Nov 3 10:36:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=65a57c398fdd69b57f782c368d8eca089a7e08e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:5b:67:d0:d2:b2:dc:cc:9b:ae:7f:b1:f1:e4:
cd:08:9d:df:86:83:88:c9:23:ec:cf:4e:54:45:ed:
1b:c3:41:b6:34:46:de:34:fb:d7:64:7c:c7:98:a4:
fd:aa:86:fb:bf:1b:f9:d7:13:db:aa:e3:4d:c2:99:
01:95:0c:9c:91:54:d8:c5:a2:a4:c3:a3:53:06:da:
96:d6:af:ad:b9:32:e4:91:8b:e1:21:7f:6e:88:5c:
60:9b:c5:06:e3:38:09:d3:85:92:a2:d2:c2:42:20:
9a:d7:b7:6c:43:0f:c6:a5:77:2f:c7:39:e5:8e:c2:
8a:30:2f:cb:c4:d2:16:9f:a5:16:8f:30:63:a7:dd:
48:0c:98:a3:5e:b3:e0:8a:bc:56:b7:4a:70:34:16:
27:37:08:56:8f:3f:58:62:77:40:0c:6e:77:eb:f4:
f5:a4:f2:ff:4a:e5:26:97:54:51:5f:cc:97:66:b2:
2a:b6:cb:a8:fe:69:5c:17:e8:74:c3:ad:36:75:eb:
e8:f5:02:e6:65:e8:e0:7d:f1:7a:39:6e:e8:fe:70:
49:12:36:b7:06:ef:30:3c:d6:66:d7:7f:11:65:0e:
7b:be:a4:bb:4b:fe:4b:75:a8:df:74:82:d2:27:99:
3e:7f:90:ad:38:63:e4:76:91:54:fe:28:f6:e9:d0:
96:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:A5:7C:39:8F:DD:69:B5:7F:78:2C:36:8D:8E:CA:08:9A:7E:08:E6
X509v3 Authority Key Identifier:
keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZaV8OY_dabV_eCw2jY7KCJp-COY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.83.145.0/24
77.90.3.0/24
77.90.28.0/24
89.144.33.0/24
89.144.42.0/24
94.103.173.0/24
Signature Algorithm: sha256WithRSAEncryption
82:88:e1:ef:c6:59:17:9e:72:6a:6d:7d:d6:e4:92:22:df:e2:
13:a4:f2:58:ad:46:68:17:0e:67:1b:4b:ee:c8:b0:30:34:b0:
82:cb:cf:10:d3:2b:cd:83:3d:7a:f1:11:6d:ec:99:11:23:58:
e0:1a:25:85:f3:77:0d:92:e0:9a:51:d6:15:e7:65:0a:65:f3:
54:be:7b:3d:1d:61:f9:73:38:a8:74:97:09:81:c5:d5:94:34:
6f:4b:54:92:63:94:a7:4c:b0:eb:a0:7a:5a:2a:c2:e5:a7:43:
64:44:67:3f:dc:99:04:f2:e2:4a:f4:e9:8a:8c:ec:7a:55:0c:
d2:95:f1:a8:11:3e:d1:f7:b6:7f:65:f9:23:d2:a5:2c:b3:04:
1d:02:bd:50:55:48:0e:01:67:13:b2:ec:47:96:1a:7f:ad:32:
d3:3b:c3:bb:1a:21:80:90:3a:62:8e:3d:72:cc:4c:70:b5:d5:
9e:56:2b:39:2e:0b:29:86:b6:b6:23:68:ae:80:7f:fc:67:6d:
5b:79:88:26:8e:ce:84:86:21:3a:1d:a5:d2:cf:89:5f:71:92:
f6:6d:55:a1:84:53:53:7f:e3:52:8c:64:39:aa:bd:dc:b0:51:
7f:06:78:38:8c:e1:e6:1b:d7:16:d1:bd:6e:03:8e:46:a8:e2:
c7:31:20:49
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZpJSchFGWmowRcI105a7H6XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMTAzMTAzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWE1N2MzOThmZGQ2OWI1N2Y3ODJjMzY4ZDhlY2EwODlhN2UwOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ftn0NKy3Mybrn+x8eTNCJ3fhoOI
ySPsz05URe0bw0G2NEbeNPvXZHzHmKT9qob7vxv51xPbquNNwpkBlQyckVTYxaKk
w6NTBtqW1q+tuTLkkYvhIX9uiFxgm8UG4zgJ04WSotLCQiCa17dsQw/GpXcvxznl
jsKKMC/LxNIWn6UWjzBjp91IDJijXrPgirxWt0pwNBYnNwhWjz9YYndADG536/T1
pPL/SuUml1RRX8yXZrIqtsuo/mlcF+h0w602devo9QLmZejgffF6OW7o/nBJEja3
Bu8wPNZm138RZQ57vqS7S/5LdajfdILSJ5k+f5CtOGPkdpFU/ij26dCWlQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFGWlfDmP3Wm1f3gsNo2OygiafgjmMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWmFWOE9ZX2RhYlZfZUN3MmpZN0tDSnAtQ09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQABVORAwQA
TVoDAwQATVocAwQAWZAhAwQAWZAqAwQAXmetMA0GCSqGSIb3DQEBCwUAA4IBAQCC
iOHvxlkXnnJqbX3W5JIi3+ITpPJYrUZoFw5nG0vuyLAwNLCCy88Q0yvNgz168RFt
7JkRI1jgGiWF83cNkuCaUdYV52UKZfNUvns9HWH5cziodJcJgcXVlDRvS1SSY5Sn
TLDroHpaKsLlp0NkRGc/3JkE8uJK9OmKjOx6VQzSlfGoET7R97Z/Zfkj0qUsswQd
Ar1QVUgOAWcTsuxHlhp/rTLTO8O7GiGAkDpijj1yzExwtdWeVis5Lgsphra2I2iu
gH/8Z21beYgmjs6EhiE6HaXSz4lfcZL2bVWhhFNTf+NSjGQ5qr3csFF/Bng4jOHm
G9cW0b1uA45GqOLHMSBJ
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:29:00 2025 by rpki-client