Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/d7FmenUgQhK_r6UO7kaMhyCzEnw.roa
File: d7FmenUgQhK_r6UO7kaMhyCzEnw.roa (raw, json)
Hash identifier: 1Wz8VpxvhOKmLy3lyqr/ob9rCuf8X9i+4xg9TuIVG7c=
Subject key identifier: 77:B1:66:7A:75:20:42:12:BF:AF:A5:0E:EE:46:8C:87:20:B3:12:7C
Certificate issuer: /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial: 019A35066736E4C95BB19E61BB0786B10775
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/d7FmenUgQhK_r6UO7kaMhyCzEnw.roa
Signing time: Thu 30 Oct 2025 12:10:03 +0000
ROA not before: Thu 30 Oct 2025 12:10:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 395793
IP address blocks: 88.148.35.0/24 maxlen: 24
88.148.40.0/23 maxlen: 23
88.148.44.0/24 maxlen: 24
88.148.45.0/24 maxlen: 24
88.148.55.0/24 maxlen: 24
88.148.95.0/24 maxlen: 24
88.148.109.0/24 maxlen: 24
88.148.117.0/24 maxlen: 24
94.76.158.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 08:48:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:35:06:67:36:e4:c9:5b:b1:9e:61:bb:07:86:b1:07:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Validity
Not Before: Oct 30 12:10:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=77b1667a75204212bfafa50eee468c8720b3127c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:bd:97:d6:fd:4f:8b:2a:a0:63:e7:8f:d0:86:
19:45:c1:3c:93:0f:1b:e8:7d:f6:d6:48:31:71:52:
18:9f:82:57:0d:4e:38:31:b8:d9:d0:3e:8c:7e:64:
c8:64:b2:17:79:8f:b7:f6:92:19:be:a9:e0:40:32:
f4:83:44:8f:64:5b:b9:8f:2d:e0:13:37:2a:cf:66:
df:da:31:da:53:f0:60:92:12:e8:6e:0c:86:15:a5:
ae:0c:d3:71:ae:a0:cd:39:e9:31:74:de:04:67:49:
29:1f:91:46:fb:f9:23:2d:3c:db:96:79:ae:e9:38:
36:f7:50:f3:42:70:f9:d4:ac:5e:9d:56:b9:91:09:
2d:52:71:7f:39:41:2a:26:97:3e:7b:41:3b:ba:24:
cc:6e:13:12:ec:f6:9b:06:81:48:0c:0e:9c:7f:7d:
fb:cb:36:fa:cc:04:d4:2c:da:8c:82:77:f5:93:33:
25:6b:d3:85:42:b2:47:e9:88:f2:0a:ff:d5:44:5f:
09:31:69:ab:37:c5:93:7b:9f:d2:3a:e7:9d:d3:ed:
2a:70:7c:53:b6:40:55:ff:a0:b2:9a:64:f6:9a:00:
9d:a1:9b:de:e0:bd:43:46:8d:06:7f:a7:d8:86:48:
6c:ca:43:e2:c3:84:b9:d3:8d:6b:f7:b2:64:5a:6d:
69:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:B1:66:7A:75:20:42:12:BF:AF:A5:0E:EE:46:8C:87:20:B3:12:7C
X509v3 Authority Key Identifier:
keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/d7FmenUgQhK_r6UO7kaMhyCzEnw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.148.35.0/24
88.148.40.0/23
88.148.44.0/23
88.148.55.0/24
88.148.95.0/24
88.148.109.0/24
88.148.117.0/24
94.76.158.0/24
Signature Algorithm: sha256WithRSAEncryption
c0:9d:36:05:22:73:33:7e:e4:c6:e0:f4:6b:af:b0:48:23:ee:
d6:5c:80:8a:2e:63:b7:49:ac:05:4a:fc:dc:87:21:42:42:1c:
8d:57:a8:95:19:17:e1:9c:7b:6f:5b:66:a5:d4:1a:04:72:83:
88:b5:d9:31:28:3b:93:71:f8:f1:07:cc:9f:e2:42:8f:7f:d9:
95:8f:39:7c:72:22:89:ea:0f:45:6f:d9:e7:2e:a5:30:f5:60:
52:9d:64:0e:da:e7:6d:a3:62:79:2a:45:63:68:aa:a5:bd:87:
68:68:3d:c5:ce:9d:6b:7f:c5:42:a2:f0:a4:85:f6:20:52:06:
6e:53:83:54:7a:7c:f2:f0:c1:19:c0:bf:86:6c:8b:a3:5c:2a:
40:fb:69:6b:08:f0:dc:6f:25:06:d7:f6:38:fc:76:f5:39:6d:
ec:e7:5b:af:ec:5a:09:3a:ac:a0:fd:e1:fb:4f:9d:07:db:a4:
97:d3:72:73:85:0d:42:48:bc:4d:68:3b:a1:86:b3:d6:c2:67:
d2:e8:f7:cd:5b:2a:91:54:ea:e1:e5:83:59:91:0c:b3:25:c7:
e7:ef:c3:9b:16:f8:05:0b:68:64:f4:7e:d3:a4:cd:99:ca:63:
ab:a0:ee:3c:db:e5:35:e4:a3:f4:93:e3:28:0c:bf:cd:99:3f:
30:2a:33:7d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZo1Bmc25MlbsZ5huweGsQd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjUxMDMwMTIxMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2IxNjY3YTc1MjA0MjEyYmZhZmE1MGVlZTQ2OGM4NzIwYjMxMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb2X1v1PiyqgY+eP0IYZRcE8kw8b
6H321kgxcVIYn4JXDU44MbjZ0D6MfmTIZLIXeY+39pIZvqngQDL0g0SPZFu5jy3g
Ezcqz2bf2jHaU/BgkhLobgyGFaWuDNNxrqDNOekxdN4EZ0kpH5FG+/kjLTzblnmu
6Tg291DzQnD51KxenVa5kQktUnF/OUEqJpc+e0E7uiTMbhMS7PabBoFIDA6cf337
yzb6zATULNqMgnf1kzMla9OFQrJH6YjyCv/VRF8JMWmrN8WTe5/SOued0+0qcHxT
tkBV/6CymmT2mgCdoZve4L1DRo0Gf6fYhkhsykPiw4S5041r97JkWm1pyQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHexZnp1IEISv6+lDu5GjIcgsxJ8MB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvZDdGbWVuVWdRaEtfcjZVTzdrYU1oeUN6RW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAWJQjAwQB
WJQoAwQBWJQsAwQAWJQ3AwQAWJRfAwQAWJRtAwQAWJR1AwQAXkyeMA0GCSqGSIb3
DQEBCwUAA4IBAQDAnTYFInMzfuTG4PRrr7BII+7WXICKLmO3SawFSvzchyFCQhyN
V6iVGRfhnHtvW2al1BoEcoOItdkxKDuTcfjxB8yf4kKPf9mVjzl8ciKJ6g9Fb9nn
LqUw9WBSnWQO2udto2J5KkVjaKqlvYdoaD3Fzp1rf8VCovCkhfYgUgZuU4NUenzy
8MEZwL+GbIujXCpA+2lrCPDcbyUG1/Y4/Hb1OW3s51uv7FoJOqyg/eH7T50H26SX
03JzhQ1CSLxNaDuhhrPWwmfS6PfNWyqRVOrh5YNZkQyzJcfn78ObFvgFC2hk9H7T
pM2ZymOroO482+U15KP0k+MoDL/NmT8wKjN9
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:04:48 2025 by rpki-client