Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/3CVACMkjOKX6-b1oYxgcNccTkbQ.roa
File: 3CVACMkjOKX6-b1oYxgcNccTkbQ.roa (raw, json)
Hash identifier: oAgVFBEKc1//7g3wqbj5gkZ/UVTRfzyZPaC1dYdUEqY=
Subject key identifier: DC:25:40:08:C9:23:38:A5:FA:F9:BD:68:63:18:1C:35:C7:13:91:B4
Certificate issuer: /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial: 01985B098CF8623438D38AAFEE811573E856
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/3CVACMkjOKX6-b1oYxgcNccTkbQ.roa
Signing time: Wed 30 Jul 2025 11:13:29 +0000
ROA not before: Wed 30 Jul 2025 11:13:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39855
IP address blocks: 5.253.226.0/24 maxlen: 24
45.14.180.0/22 maxlen: 24
194.99.112.0/24 maxlen: 24
194.104.1.0/24 maxlen: 24
194.104.85.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 08 Aug 2025 16:13:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:5b:09:8c:f8:62:34:38:d3:8a:af:ee:81:15:73:e8:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Validity
Not Before: Jul 30 11:13:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dc254008c92338a5faf9bd6863181c35c71391b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:06:0e:fb:06:9e:02:a3:a0:4e:36:05:53:8a:
11:83:b1:9a:9a:84:b9:c4:56:89:03:c5:11:92:62:
e4:95:e0:15:03:ac:5a:10:54:31:c9:66:39:d9:a0:
0f:70:43:c2:f6:a6:28:1a:02:3a:44:e3:58:bc:d4:
93:7e:06:44:6f:20:76:8d:4b:25:1a:f2:5b:c8:03:
8c:48:c0:f3:07:af:05:4a:17:b4:c4:6c:e9:eb:b6:
69:70:48:a7:cb:05:4f:19:41:2b:92:83:c9:28:af:
48:59:95:a7:6b:a9:b2:d4:fb:f0:ab:1b:26:c9:9a:
e2:8f:91:4a:c8:fb:05:2d:92:00:81:98:87:64:9b:
93:17:bc:62:24:0e:1b:ce:f9:d8:56:8e:ea:a9:ea:
3c:bb:ae:1f:b3:a9:a0:81:43:3a:bf:8a:52:c7:19:
fa:dd:f2:06:fc:45:e5:b8:9f:99:8e:f5:f6:b7:e8:
4f:f3:5e:c5:74:3f:b2:19:48:46:ab:79:a4:09:e7:
22:28:b6:25:26:d7:8e:c2:24:60:92:55:0f:9b:27:
7b:91:0a:d7:fc:4a:a2:07:32:8a:b8:02:e7:40:bc:
90:d3:67:18:2e:23:09:52:58:46:89:77:7e:59:a9:
da:78:e6:e8:15:47:dd:34:09:a2:98:e7:3f:14:7a:
73:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:25:40:08:C9:23:38:A5:FA:F9:BD:68:63:18:1C:35:C7:13:91:B4
X509v3 Authority Key Identifier:
keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/3CVACMkjOKX6-b1oYxgcNccTkbQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.226.0/24
45.14.180.0/22
194.99.112.0/24
194.104.1.0/24
194.104.85.0/24
Signature Algorithm: sha256WithRSAEncryption
21:94:9b:d6:4a:2e:9e:ae:5e:9a:83:fa:01:71:8d:2c:c6:46:
a5:b9:1b:5c:fb:ae:aa:53:b3:0c:87:55:92:02:c1:a9:63:30:
1a:7e:70:02:c2:39:0b:98:ed:b0:41:6d:bf:bd:57:95:08:10:
e3:9c:e2:cb:ef:e7:72:06:a2:e7:b8:b7:84:d4:92:c0:98:a0:
5c:ea:b2:80:b0:9a:d6:c1:d9:a2:24:2d:7f:e7:a8:e3:12:be:
24:02:a3:9a:84:d8:51:64:e3:ab:1a:a5:76:fa:4f:d7:eb:7c:
40:15:34:9f:b6:92:77:d3:90:fb:95:e3:88:d3:25:69:8c:04:
cd:4d:7c:4f:22:0c:b2:ce:1b:47:f6:b7:07:5d:cb:93:75:87:
e2:25:85:de:c5:9e:c6:67:18:f6:22:22:86:14:6a:35:f8:53:
c0:08:fd:ff:d8:9a:bd:d3:0b:f7:0f:1f:96:99:42:73:16:6e:
f8:12:7d:40:af:a1:10:62:97:33:eb:db:58:59:03:0b:92:fc:
55:13:91:71:66:0e:23:d2:44:08:25:59:4b:82:51:9c:d6:47:
d6:d0:64:48:7c:be:2a:34:01:61:79:81:29:a8:49:38:9f:87:
2c:ec:1d:c4:de:8a:7b:bc:e8:82:37:25:53:95:3f:02:f2:56:
80:64:79:7f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZhbCYz4YjQ404qv7oEVc+hWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjUwNzMwMTExMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzI1NDAwOGM5MjMzOGE1ZmFmOWJkNjg2MzE4MWMzNWM3MTM5MWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AYO+waeAqOgTjYFU4oRg7GamoS5
xFaJA8URkmLkleAVA6xaEFQxyWY52aAPcEPC9qYoGgI6RONYvNSTfgZEbyB2jUsl
GvJbyAOMSMDzB68FShe0xGzp67ZpcEinywVPGUErkoPJKK9IWZWna6my1Pvwqxsm
yZrij5FKyPsFLZIAgZiHZJuTF7xiJA4bzvnYVo7qqeo8u64fs6mggUM6v4pSxxn6
3fIG/EXluJ+ZjvX2t+hP817FdD+yGUhGq3mkCeciKLYlJteOwiRgklUPmyd7kQrX
/EqiBzKKuALnQLyQ02cYLiMJUlhGiXd+WanaeOboFUfdNAmimOc/FHpzxwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNwlQAjJIzil+vm9aGMYHDXHE5G0MB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvM0NWQUNNa2pPS1g2LWIxb1l4Z2NOY2NUa2JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQABf3iAwQC
LQ60AwQAwmNwAwQAwmgBAwQAwmhVMA0GCSqGSIb3DQEBCwUAA4IBAQAhlJvWSi6e
rl6ag/oBcY0sxkaluRtc+66qU7MMh1WSAsGpYzAafnACwjkLmO2wQW2/vVeVCBDj
nOLL7+dyBqLnuLeE1JLAmKBc6rKAsJrWwdmiJC1/56jjEr4kAqOahNhRZOOrGqV2
+k/X63xAFTSftpJ305D7leOI0yVpjATNTXxPIgyyzhtH9rcHXcuTdYfiJYXexZ7G
Zxj2IiKGFGo1+FPACP3/2Jq90wv3Dx+WmUJzFm74En1Ar6EQYpcz69tYWQMLkvxV
E5FxZg4j0kQIJVlLglGc1kfW0GRIfL4qNAFheYEpqEk4n4cs7B3E3op7vOiCNyVT
lT8C8laAZHl/
-----END CERTIFICATE-----
Generated at Fri Aug 8 00:15:53 2025 by rpki-client