Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/fdace9-8212-4ce1-a999-5208d9854364/1/G9oTd4bBpmlm3pZMn3YyyXAVIyI.roa
File: G9oTd4bBpmlm3pZMn3YyyXAVIyI.roa (raw, json)
Hash identifier: XC2pyO3ZNZCKadVf4J0EDWPKrfSqScmOhmM8oMNNkCI=
Subject key identifier: 1B:DA:13:77:86:C1:A6:69:66:DE:96:4C:9F:76:32:C9:70:15:23:22
Certificate issuer: /CN=d8114a92206f0a19f7339da0b89669c4a5fe52b9
Certificate serial: 019889D5276CC39742A6B43AFBF4DA7D8E36
Authority key identifier: D8:11:4A:92:20:6F:0A:19:F7:33:9D:A0:B8:96:69:C4:A5:FE:52:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2BFKkiBvChn3M52guJZpxKX-Urk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/fdace9-8212-4ce1-a999-5208d9854364/1/G9oTd4bBpmlm3pZMn3YyyXAVIyI.roa
Signing time: Fri 08 Aug 2025 13:18:24 +0000
ROA not before: Fri 08 Aug 2025 13:18:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30766
IP address blocks: 91.132.220.0/22 maxlen: 22
185.101.172.0/22 maxlen: 22
192.109.71.0/24 maxlen: 24
192.109.74.0/24 maxlen: 24
192.109.77.0/24 maxlen: 24
192.109.79.0/24 maxlen: 24
213.232.100.0/22 maxlen: 22
217.113.176.0/20 maxlen: 20
2a05:e2c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/29/fdace9-8212-4ce1-a999-5208d9854364/1/2BFKkiBvChn3M52guJZpxKX-Urk.crl
rsync://rpki.ripe.net/repository/DEFAULT/29/fdace9-8212-4ce1-a999-5208d9854364/1/2BFKkiBvChn3M52guJZpxKX-Urk.mft
rsync://rpki.ripe.net/repository/DEFAULT/2BFKkiBvChn3M52guJZpxKX-Urk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 05:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:89:d5:27:6c:c3:97:42:a6:b4:3a:fb:f4:da:7d:8e:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8114a92206f0a19f7339da0b89669c4a5fe52b9
Validity
Not Before: Aug 8 13:18:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1bda137786c1a66966de964c9f7632c970152322
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:23:8b:62:6a:f5:c8:36:a3:e7:2c:76:09:7c:
81:c1:4c:85:3c:df:5a:27:22:40:77:b4:58:3b:a4:
ba:71:6f:17:3f:20:d4:d7:a7:d2:45:26:f6:73:87:
e6:fc:6f:fa:73:0d:78:52:47:71:fc:f8:8d:ca:f8:
3c:23:8e:bb:66:61:9d:96:2b:5d:d5:22:76:54:b4:
f1:d3:d4:11:a9:c3:77:a6:7f:72:fe:53:b2:db:95:
39:6e:ad:5b:3b:d8:f7:8c:40:33:44:25:00:ec:fd:
eb:5c:7a:c2:b2:ef:eb:aa:f4:2b:0b:ef:5e:52:af:
6c:41:71:27:ba:cc:27:8c:ba:c3:49:38:a5:56:92:
f4:35:5c:14:01:c4:3a:3b:1b:03:8a:f0:85:3c:65:
db:18:90:e7:59:09:8f:bc:20:6c:3a:73:af:a0:74:
d5:fb:a6:93:5c:3c:1f:05:87:f7:28:80:5f:2a:da:
f6:90:dc:43:a1:03:60:b7:9a:ac:1d:11:10:2e:60:
a4:fe:1d:b2:fe:4e:bd:93:51:97:d0:f8:e3:da:e0:
c6:20:33:86:92:73:e1:ae:9f:10:4e:b6:c7:9e:ef:
2f:69:d1:e0:7e:c4:f0:82:34:54:45:6e:06:a8:15:
78:f7:56:ca:9e:20:a4:d9:e5:8a:e5:4c:92:cb:b1:
ae:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:DA:13:77:86:C1:A6:69:66:DE:96:4C:9F:76:32:C9:70:15:23:22
X509v3 Authority Key Identifier:
keyid:D8:11:4A:92:20:6F:0A:19:F7:33:9D:A0:B8:96:69:C4:A5:FE:52:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2BFKkiBvChn3M52guJZpxKX-Urk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/fdace9-8212-4ce1-a999-5208d9854364/1/G9oTd4bBpmlm3pZMn3YyyXAVIyI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/fdace9-8212-4ce1-a999-5208d9854364/1/2BFKkiBvChn3M52guJZpxKX-Urk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.132.220.0/22
185.101.172.0/22
192.109.71.0/24
192.109.74.0/24
192.109.77.0/24
192.109.79.0/24
213.232.100.0/22
217.113.176.0/20
IPv6:
2a05:e2c0::/29
Signature Algorithm: sha256WithRSAEncryption
3e:ee:cf:c8:d5:f2:09:90:35:03:dd:cf:58:cd:7e:bd:be:d7:
dd:18:90:90:c2:26:6e:99:e9:eb:cf:f3:0b:05:e5:47:cf:41:
5c:b1:2f:f1:ee:ba:16:cf:a0:92:dd:a0:ab:97:01:88:85:8c:
88:f7:d3:40:29:5b:5d:7c:4b:08:3d:d3:89:ea:c3:4f:2e:3b:
f4:cd:22:6e:c1:67:6f:3e:16:05:f2:da:9d:03:9c:a3:97:60:
bf:f1:46:ee:2e:58:44:24:88:e8:e7:0e:60:b9:8e:c9:cd:40:
6c:a1:93:ea:66:3e:d9:23:da:87:4e:f7:73:fd:83:9a:8f:58:
bb:c0:48:78:79:72:19:9b:98:7a:15:47:37:31:c1:3d:46:02:
30:4f:02:51:61:ad:26:9c:58:66:0e:ff:b4:24:ca:ef:5e:6c:
a4:d8:ff:50:e4:fa:dc:6c:3c:a6:3c:ef:ed:c8:c8:4a:84:a6:
2a:44:c0:a6:7c:99:bb:50:21:fb:f3:d5:9a:4e:b1:41:79:2a:
b6:c3:15:ee:2e:b0:32:86:91:7d:60:95:69:e1:ea:79:b4:3b:
ce:79:45:7f:3f:24:7e:69:ed:40:cd:40:fa:d1:60:31:da:f8:
8c:d4:b3:4d:21:98:97:fc:d6:e9:46:09:9d:8a:75:b8:8d:b0:
b8:e0:cf:8b
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZiJ1Sdsw5dCprQ6+/TafY42MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MTE0YTkyMjA2ZjBhMTlmNzMzOWRhMGI4OTY2OWM0YTVm
ZTUyYjkwHhcNMjUwODA4MTMxODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmRhMTM3Nzg2YzFhNjY5NjZkZTk2NGM5Zjc2MzJjOTcwMTUyMzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5yOLYmr1yDaj5yx2CXyBwUyFPN9a
JyJAd7RYO6S6cW8XPyDU16fSRSb2c4fm/G/6cw14Ukdx/PiNyvg8I467ZmGdlitd
1SJ2VLTx09QRqcN3pn9y/lOy25U5bq1bO9j3jEAzRCUA7P3rXHrCsu/rqvQrC+9e
Uq9sQXEnuswnjLrDSTilVpL0NVwUAcQ6OxsDivCFPGXbGJDnWQmPvCBsOnOvoHTV
+6aTXDwfBYf3KIBfKtr2kNxDoQNgt5qsHREQLmCk/h2y/k69k1GX0Pjj2uDGIDOG
knPhrp8QTrbHnu8vadHgfsTwgjRURW4GqBV491bKniCk2eWK5UySy7GuhwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFBvaE3eGwaZpZt6WTJ92MslwFSMiMB8GA1UdIwQY
MBaAFNgRSpIgbwoZ9zOdoLiWacSl/lK5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkJGS2tpQnZDaG4zTTUyZ3VKWnB4S1gtVXJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9mZGFjZTktODIxMi00Y2UxLWE5OTkt
NTIwOGQ5ODU0MzY0LzEvRzlvVGQ0YkJwbWxtM3BaTW4zWXl5WEFWSXlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9mZGFjZTktODIxMi00Y2UxLWE5OTktNTIwOGQ5ODU0MzY0
LzEvMkJGS2tpQnZDaG4zTTUyZ3VKWnB4S1gtVXJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCW4TcAwQC
uWWsAwQAwG1HAwQAwG1KAwQAwG1NAwQAwG1PAwQC1ehkAwQE2XGwMA0EAgACMAcD
BQMqBeLAMA0GCSqGSIb3DQEBCwUAA4IBAQA+7s/I1fIJkDUD3c9YzX69vtfdGJCQ
wiZumenrz/MLBeVHz0FcsS/x7roWz6CS3aCrlwGIhYyI99NAKVtdfEsIPdOJ6sNP
Ljv0zSJuwWdvPhYF8tqdA5yjl2C/8UbuLlhEJIjo5w5guY7JzUBsoZPqZj7ZI9qH
Tvdz/YOaj1i7wEh4eXIZm5h6FUc3McE9RgIwTwJRYa0mnFhmDv+0JMrvXmyk2P9Q
5PrcbDymPO/tyMhKhKYqRMCmfJm7UCH789WaTrFBeSq2wxXuLrAyhpF9YJVp4ep5
tDvOeUV/PyR+ae1AzUD60WAx2viM1LNNIZiX/NbpRgmdinW4jbC44M+L
-----END CERTIFICATE-----
Generated at Sat Aug 9 14:18:12 2025 by rpki-client