Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/HjzoahI6pyoFvP1ahRTakCdHZL4.roa
File: HjzoahI6pyoFvP1ahRTakCdHZL4.roa (raw, json)
Hash identifier: gQHNv9As0iCn+ZAtcLVQ3zoAJ3Ne/2k5eR6SdkKMktQ=
Subject key identifier: 1E:3C:E8:6A:12:3A:A7:2A:05:BC:FD:5A:85:14:DA:90:27:47:64:BE
Certificate issuer: /CN=f4f7ab4587e69022e5e2bc24107b501d031c3720
Certificate serial: 019840C6767773F88796D76BCA80FC5639A1
Authority key identifier: F4:F7:AB:45:87:E6:90:22:E5:E2:BC:24:10:7B:50:1D:03:1C:37:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9PerRYfmkCLl4rwkEHtQHQMcNyA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/HjzoahI6pyoFvP1ahRTakCdHZL4.roa
Signing time: Fri 25 Jul 2025 08:50:04 +0000
ROA not before: Fri 25 Jul 2025 08:50:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203397
IP address blocks: 91.226.84.0/22 maxlen: 24
91.226.84.0/24 maxlen: 24
91.226.85.0/24 maxlen: 24
91.226.86.0/24 maxlen: 24
91.226.87.0/24 maxlen: 24
109.202.232.0/22 maxlen: 24
109.202.232.0/24 maxlen: 24
109.202.233.0/24 maxlen: 24
109.202.234.0/24 maxlen: 24
109.202.235.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/9PerRYfmkCLl4rwkEHtQHQMcNyA.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/9PerRYfmkCLl4rwkEHtQHQMcNyA.mft
rsync://rpki.ripe.net/repository/DEFAULT/9PerRYfmkCLl4rwkEHtQHQMcNyA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 05:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:40:c6:76:77:73:f8:87:96:d7:6b:ca:80:fc:56:39:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f4f7ab4587e69022e5e2bc24107b501d031c3720
Validity
Not Before: Jul 25 08:50:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1e3ce86a123aa72a05bcfd5a8514da90274764be
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:67:50:9c:a0:9b:2f:63:d6:59:43:6a:49:d1:
a2:d2:da:e7:46:64:d3:51:9f:ed:55:3e:9c:47:8c:
c4:ad:f6:43:34:24:88:d3:e8:d8:d4:c8:35:24:16:
dc:5d:68:db:fb:5a:6d:e4:97:59:1e:45:50:d2:72:
80:da:03:67:33:0a:1c:cc:72:78:2b:be:01:00:12:
b5:15:5f:85:b5:77:f0:5c:c9:ba:8d:43:b0:dd:43:
55:8f:8b:11:21:f5:ce:c7:12:51:66:f3:f9:b3:0e:
7a:89:95:a3:7f:99:cd:23:9b:2a:84:b8:f5:07:51:
1f:d4:49:9a:01:de:ae:f3:c1:f1:1e:80:cc:e8:38:
29:31:8f:08:22:b4:61:89:ac:41:bd:44:03:57:ef:
f3:69:52:2b:03:38:a1:6c:27:f0:18:ee:73:a3:c7:
ac:e6:d0:f2:bd:de:37:f6:92:60:b0:d1:87:f0:04:
71:10:2b:d1:f7:eb:bd:ec:db:20:7d:4f:53:42:56:
48:d2:e0:a0:2a:5a:ec:63:74:41:19:b4:0b:92:6b:
56:75:6d:19:a5:da:7b:c5:e1:95:fa:cb:ac:e6:df:
f5:62:8b:7d:32:9e:f4:8e:32:e7:05:77:99:08:bf:
60:8b:fe:26:c0:3c:14:3e:3f:0a:02:01:9c:10:3c:
19:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:3C:E8:6A:12:3A:A7:2A:05:BC:FD:5A:85:14:DA:90:27:47:64:BE
X509v3 Authority Key Identifier:
keyid:F4:F7:AB:45:87:E6:90:22:E5:E2:BC:24:10:7B:50:1D:03:1C:37:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9PerRYfmkCLl4rwkEHtQHQMcNyA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/HjzoahI6pyoFvP1ahRTakCdHZL4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/9PerRYfmkCLl4rwkEHtQHQMcNyA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.226.84.0/22
109.202.232.0/22
Signature Algorithm: sha256WithRSAEncryption
36:91:3d:f2:45:42:1c:6a:dd:45:b7:ad:63:8a:52:62:24:8e:
70:41:d5:df:da:15:49:82:83:96:f3:5e:a0:8b:97:98:28:b5:
cd:29:d7:e9:9a:75:18:c0:d7:ed:57:c4:18:e3:67:e0:94:53:
19:8d:7e:96:25:a3:9f:af:19:3d:38:b0:81:30:4c:0b:9c:73:
c6:27:d0:ab:80:9f:15:e1:ef:5d:0c:c6:5c:4a:6a:a5:c7:0e:
f4:26:ff:da:06:52:0f:b1:ff:ed:b7:a8:40:53:4e:b5:25:bb:
82:3e:a0:c2:25:b0:86:ae:90:43:e7:36:11:b8:4c:3c:37:30:
9b:9f:e0:28:3b:e8:18:e7:01:61:ea:59:5a:8c:70:47:38:db:
81:c1:f0:3b:3d:d5:9a:28:bd:4d:d7:00:38:15:35:19:03:30:
b1:d1:05:3d:05:23:bd:a7:58:55:16:bb:48:3f:d9:59:95:d6:
2a:46:92:0b:44:06:f6:53:e8:68:9f:3c:07:d8:da:72:f4:c6:
cb:60:77:8b:7d:5e:b8:fe:04:c8:39:4e:26:96:02:16:05:69:
a5:c4:8b:43:5d:c6:fa:0e:ae:7e:61:61:d6:aa:ed:e9:ab:bf:
54:9f:f2:7c:7d:0b:c6:ae:64:7f:11:ff:e7:42:7c:4e:7d:db:
78:04:90:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhAxnZ3c/iHltdryoD8VjmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZjdhYjQ1ODdlNjkwMjJlNWUyYmMyNDEwN2I1MDFkMDMx
YzM3MjAwHhcNMjUwNzI1MDg1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTNjZTg2YTEyM2FhNzJhMDViY2ZkNWE4NTE0ZGE5MDI3NDc2NGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGdQnKCbL2PWWUNqSdGi0trnRmTT
UZ/tVT6cR4zErfZDNCSI0+jY1Mg1JBbcXWjb+1pt5JdZHkVQ0nKA2gNnMwoczHJ4
K74BABK1FV+FtXfwXMm6jUOw3UNVj4sRIfXOxxJRZvP5sw56iZWjf5nNI5sqhLj1
B1Ef1EmaAd6u88HxHoDM6DgpMY8IIrRhiaxBvUQDV+/zaVIrAzihbCfwGO5zo8es
5tDyvd439pJgsNGH8ARxECvR9+u97NsgfU9TQlZI0uCgKlrsY3RBGbQLkmtWdW0Z
pdp7xeGV+sus5t/1Yot9Mp70jjLnBXeZCL9gi/4mwDwUPj8KAgGcEDwZPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB486GoSOqcqBbz9WoUU2pAnR2S+MB8GA1UdIwQY
MBaAFPT3q0WH5pAi5eK8JBB7UB0DHDcgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVBlclJZZm1rQ0xsNHJ3a0VIdFFIUU1jTnlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83N2Y0ZjAtYjgzMy00N2I3LWEzYzct
ZWY3MTBlYzdiMmZlLzEvSGp6b2FoSTZweW9GdlAxYWhSVGFrQ2RIWkw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83N2Y0ZjAtYjgzMy00N2I3LWEzYzctZWY3MTBlYzdiMmZl
LzEvOVBlclJZZm1rQ0xsNHJ3a0VIdFFIUU1jTnlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+JUAwQC
bcroMA0GCSqGSIb3DQEBCwUAA4IBAQA2kT3yRUIcat1Ft61jilJiJI5wQdXf2hVJ
goOW816gi5eYKLXNKdfpmnUYwNftV8QY42fglFMZjX6WJaOfrxk9OLCBMEwLnHPG
J9CrgJ8V4e9dDMZcSmqlxw70Jv/aBlIPsf/tt6hAU061JbuCPqDCJbCGrpBD5zYR
uEw8NzCbn+AoO+gY5wFh6llajHBHONuBwfA7PdWaKL1N1wA4FTUZAzCx0QU9BSO9
p1hVFrtIP9lZldYqRpILRAb2U+honzwH2Npy9MbLYHeLfV64/gTIOU4mlgIWBWml
xItDXcb6Dq5+YWHWqu3pq79Un/J8fQvGrmR/Ef/nQnxOfdt4BJBa
-----END CERTIFICATE-----
Generated at Sat Aug 9 10:39:57 2025 by rpki-client