Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/O3tbFXDUNkAmLSIxqp5nO5PWx4k.roa
File: O3tbFXDUNkAmLSIxqp5nO5PWx4k.roa (raw, json)
Hash identifier: 9WJFZMQPbizETyzdBkqDIH8UssgZxuk/SRVrb5jEZgQ=
Subject key identifier: 3B:7B:5B:15:70:D4:36:40:26:2D:22:31:AA:9E:67:3B:93:D6:C7:89
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019837967DCE289DC0BA197414ED97DEF02C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/O3tbFXDUNkAmLSIxqp5nO5PWx4k.roa
Signing time: Wed 23 Jul 2025 14:01:06 +0000
ROA not before: Wed 23 Jul 2025 14:01:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 40676
IP address blocks: 77.93.143.0/24 maxlen: 24
82.153.222.0/24 maxlen: 24
109.176.18.0/24 maxlen: 24
109.176.208.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 18:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:37:96:7d:ce:28:9d:c0:ba:19:74:14:ed:97:de:f0:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jul 23 14:01:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b7b5b1570d43640262d2231aa9e673b93d6c789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:49:f3:a6:42:95:1e:70:42:45:95:ec:98:83:
aa:a2:40:e0:f3:27:22:0b:84:3b:03:8e:ac:7e:d8:
6d:f1:f3:00:86:10:6c:77:e7:c5:b1:15:54:57:cd:
cc:3f:bb:0c:90:51:01:4d:cf:65:b5:7b:e3:29:ef:
fc:00:b3:53:4b:04:01:e0:fd:bb:7d:5e:ff:1b:94:
e9:39:aa:7a:98:44:2b:12:b0:4b:79:48:7f:8e:5e:
a5:a0:25:76:d2:fc:9e:97:e0:78:8a:68:98:72:2e:
90:e5:c8:aa:97:2e:c1:20:2f:e8:42:2d:17:a5:29:
ad:7d:e4:e0:5c:10:05:81:67:16:20:09:57:fe:31:
55:28:f6:c3:2a:b1:a2:f8:6a:4d:a5:d0:4e:6f:d9:
59:9b:35:52:13:59:9e:af:a2:e0:96:ee:0e:9d:cc:
8e:86:af:f3:0c:df:5a:0d:8b:1c:7c:66:75:91:46:
37:19:8d:77:d3:29:21:4b:94:98:72:55:36:1a:2e:
1a:5c:67:50:37:d4:a4:e3:62:a8:21:54:27:4a:59:
e0:d5:54:2d:38:e7:3c:c2:ce:4c:08:f7:5a:65:f3:
4c:75:47:7f:95:d9:19:ab:8d:6d:5a:a7:d7:9c:93:
68:29:85:4a:9c:cd:16:78:c0:86:35:50:6f:ce:cf:
d4:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:7B:5B:15:70:D4:36:40:26:2D:22:31:AA:9E:67:3B:93:D6:C7:89
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/O3tbFXDUNkAmLSIxqp5nO5PWx4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.93.143.0/24
82.153.222.0/24
109.176.18.0/24
109.176.208.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:cf:ab:74:ce:63:3e:ec:a1:f3:75:d5:b2:8d:f2:7e:20:98:
95:07:19:b7:5d:9a:98:02:70:de:20:46:03:7c:05:a7:da:b0:
33:ad:4e:ac:e6:fb:2a:70:2b:a4:01:36:4e:a9:b3:a7:84:65:
f9:6c:ca:1b:1e:9e:fc:09:e8:5f:0f:65:06:d4:6b:b5:15:0c:
c3:86:fb:94:b7:1d:df:4f:1e:30:7a:f4:76:66:45:19:9e:e0:
8c:43:0c:09:8f:96:3c:93:89:6f:a7:ab:3a:90:dd:ff:10:cf:
09:1b:1e:8d:f6:fd:72:5c:19:fa:d1:5e:41:a2:cd:8a:c0:7d:
e5:ca:21:d8:bb:c4:96:80:7c:d9:00:d5:7b:c8:b1:e1:a0:2b:
fa:4e:d0:e8:bf:b3:6d:86:03:7b:76:60:8c:42:eb:db:a2:ed:
fe:0a:47:10:24:7e:eb:7a:d9:e2:26:b3:7a:f3:c6:39:b6:e6:
b4:90:59:08:4b:67:c2:ec:d6:2c:8b:ae:22:c6:b5:0d:80:70:
8f:dc:0b:d5:d5:91:6f:96:ed:d4:a6:3e:21:07:15:20:ad:39:
bd:c5:5b:d0:c4:e7:50:7c:bb:27:e3:a5:f1:d8:94:f5:99:fc:
9b:e6:9f:73:fc:7c:6c:ea:d1:82:4a:d0:bc:e2:9b:1d:2a:69:
97:6a:5d:08
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZg3ln3OKJ3Auhl0FO2X3vAsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzIzMTQwMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjdiNWIxNTcwZDQzNjQwMjYyZDIyMzFhYTllNjczYjkzZDZjNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0nzpkKVHnBCRZXsmIOqokDg8yci
C4Q7A46sftht8fMAhhBsd+fFsRVUV83MP7sMkFEBTc9ltXvjKe/8ALNTSwQB4P27
fV7/G5TpOap6mEQrErBLeUh/jl6loCV20vyel+B4imiYci6Q5ciqly7BIC/oQi0X
pSmtfeTgXBAFgWcWIAlX/jFVKPbDKrGi+GpNpdBOb9lZmzVSE1mer6Lglu4OncyO
hq/zDN9aDYscfGZ1kUY3GY130ykhS5SYclU2Gi4aXGdQN9Sk42KoIVQnSlng1VQt
OOc8ws5MCPdaZfNMdUd/ldkZq41tWqfXnJNoKYVKnM0WeMCGNVBvzs/UlwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDt7WxVw1DZAJi0iMaqeZzuT1seJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTzN0YkZYRFVOa0FtTFNJeHFwNW5PNVBXeDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQATV2PAwQA
UpneAwQAbbASAwQAbbDQMA0GCSqGSIb3DQEBCwUAA4IBAQBbz6t0zmM+7KHzddWy
jfJ+IJiVBxm3XZqYAnDeIEYDfAWn2rAzrU6s5vsqcCukATZOqbOnhGX5bMobHp78
CehfD2UG1Gu1FQzDhvuUtx3fTx4wevR2ZkUZnuCMQwwJj5Y8k4lvp6s6kN3/EM8J
Gx6N9v1yXBn60V5Bos2KwH3lyiHYu8SWgHzZANV7yLHhoCv6TtDov7NthgN7dmCM
Quvbou3+CkcQJH7retniJrN688Y5tua0kFkIS2fC7NYsi64ixrUNgHCP3AvV1ZFv
lu3Upj4hBxUgrTm9xVvQxOdQfLsn46Xx2JT1mfyb5p9z/Hxs6tGCStC84psdKmmX
al0I
-----END CERTIFICATE-----
Generated at Sun Aug 10 04:45:23 2025 by rpki-client