Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Sww353fnkB2Awf3dyEnzNBEPxkY.roa
File: Sww353fnkB2Awf3dyEnzNBEPxkY.roa (raw, json)
Hash identifier: dhWVnK3AjACpf0yrpw1A8IP3NRD1ODdj2MOLdN/3WRs=
Subject key identifier: 4B:0C:37:E7:77:E7:90:1D:80:C1:FD:DD:C8:49:F3:34:11:0F:C6:46
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019879F0A14185DF66FF3A83217A4850D889
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Sww353fnkB2Awf3dyEnzNBEPxkY.roa
Signing time: Tue 05 Aug 2025 11:14:29 +0000
ROA not before: Tue 05 Aug 2025 11:14:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 154049
IP address blocks: 37.252.25.0/24 maxlen: 24
77.107.83.0/24 maxlen: 24
79.99.147.0/24 maxlen: 24
81.168.38.0/24 maxlen: 24
89.213.55.0/24 maxlen: 24
109.176.14.0/24 maxlen: 24
212.38.80.0/24 maxlen: 24
213.210.24.0/24 maxlen: 24
217.144.147.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 05:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:79:f0:a1:41:85:df:66:ff:3a:83:21:7a:48:50:d8:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 5 11:14:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b0c37e777e7901d80c1fdddc849f334110fc646
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:3c:42:06:21:e9:0a:1a:3d:ad:21:a0:90:b4:
cd:d4:4b:f5:c4:d3:5f:28:92:e8:30:a8:62:95:2c:
22:06:e3:76:b6:b4:ab:ac:1c:b7:50:15:fc:e6:86:
ce:dc:00:36:cd:4a:f7:35:17:a8:d5:31:1a:8f:0d:
8a:30:b2:cf:00:24:63:8b:c4:fa:f1:ff:a1:eb:ff:
41:e7:44:4f:80:ed:92:47:57:e5:ab:08:12:67:2a:
9d:ad:78:a2:f1:7b:17:57:d9:64:50:85:8d:23:ae:
3f:3f:56:d5:b1:07:8f:84:59:44:26:d2:39:90:45:
6c:ac:2c:35:81:14:89:05:1e:67:97:a6:de:f9:8f:
1f:73:aa:03:7b:5f:c7:37:54:8b:41:34:c6:b3:ee:
2d:a5:a3:5c:3f:60:13:e9:5d:ef:73:54:e4:9f:f5:
99:f3:be:32:3c:0f:76:3a:74:ce:91:83:b8:2e:ac:
3f:1a:ce:9b:41:84:44:6d:09:b4:25:d1:dd:19:51:
c9:ca:44:1e:3e:83:97:d3:f3:fb:e4:3f:d5:e8:55:
0c:42:97:b7:61:27:82:39:84:19:ad:9c:39:ea:5b:
de:b3:13:70:4a:53:8e:69:ea:b0:31:5b:12:37:92:
bd:b1:88:1e:23:0c:73:16:e8:5a:e2:4b:e1:34:7e:
38:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:0C:37:E7:77:E7:90:1D:80:C1:FD:DD:C8:49:F3:34:11:0F:C6:46
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Sww353fnkB2Awf3dyEnzNBEPxkY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.252.25.0/24
77.107.83.0/24
79.99.147.0/24
81.168.38.0/24
89.213.55.0/24
109.176.14.0/24
212.38.80.0/24
213.210.24.0/24
217.144.147.0/24
Signature Algorithm: sha256WithRSAEncryption
77:05:d2:d6:65:35:d9:67:13:89:02:02:30:32:7c:86:15:62:
07:0e:1e:68:33:79:ad:5f:3b:7f:c2:22:79:35:c6:f1:c7:59:
d0:7f:82:8b:40:b2:43:c2:a3:00:2c:4e:7f:31:61:3c:af:8c:
16:5b:c8:ad:cf:2e:5c:a3:55:94:f4:dc:14:39:4f:3c:66:3d:
77:39:04:18:fc:25:9a:4b:fb:1d:8a:9f:6f:66:2b:cb:a0:bf:
4e:00:9d:de:cd:27:fc:f0:ff:ae:65:51:53:75:8d:4b:b8:b7:
39:e5:f9:f5:c2:0e:d7:95:40:5b:46:02:8c:34:6c:35:ca:cd:
7d:37:83:d2:f3:07:b9:8e:4c:b0:bf:5c:5d:e5:93:b2:8d:7c:
ef:19:7e:39:66:d5:5b:e9:47:22:fb:fe:61:4a:1c:73:4f:8d:
0d:2f:1e:3f:ff:10:66:4c:5f:d8:d5:e7:dd:61:2b:6c:f9:a4:
b6:1d:5d:3e:9d:70:db:b2:56:7f:b3:1a:42:25:18:48:77:0b:
ef:36:c3:7d:c2:aa:9a:04:7e:0e:8f:24:17:1c:72:ef:bd:7f:
2c:a1:de:2b:b4:09:05:99:97:24:d3:30:ca:f6:b7:6e:da:71:
0e:7d:95:d0:8b:f2:59:fb:0b:0d:e3:18:ea:69:aa:fe:b1:fa:
50:6d:39:d3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZh58KFBhd9m/zqDIXpIUNiJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODA1MTExNDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjBjMzdlNzc3ZTc5MDFkODBjMWZkZGRjODQ5ZjMzNDExMGZjNjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizxCBiHpCho9rSGgkLTN1Ev1xNNf
KJLoMKhilSwiBuN2trSrrBy3UBX85obO3AA2zUr3NReo1TEajw2KMLLPACRji8T6
8f+h6/9B50RPgO2SR1flqwgSZyqdrXii8XsXV9lkUIWNI64/P1bVsQePhFlEJtI5
kEVsrCw1gRSJBR5nl6be+Y8fc6oDe1/HN1SLQTTGs+4tpaNcP2AT6V3vc1Tkn/WZ
874yPA92OnTOkYO4Lqw/Gs6bQYREbQm0JdHdGVHJykQePoOX0/P75D/V6FUMQpe3
YSeCOYQZrZw56lvesxNwSlOOaeqwMVsSN5K9sYgeIwxzFuha4kvhNH44PwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEsMN+d355AdgMH93chJ8zQRD8ZGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvU3d3MzUzZm5rQjJBd2YzZHlFbnpOQkVQeGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAJfwZAwQA
TWtTAwQAT2OTAwQAUagmAwQAWdU3AwQAbbAOAwQA1CZQAwQA1dIYAwQA2ZCTMA0G
CSqGSIb3DQEBCwUAA4IBAQB3BdLWZTXZZxOJAgIwMnyGFWIHDh5oM3mtXzt/wiJ5
Ncbxx1nQf4KLQLJDwqMALE5/MWE8r4wWW8itzy5co1WU9NwUOU88Zj13OQQY/CWa
S/sdip9vZivLoL9OAJ3ezSf88P+uZVFTdY1LuLc55fn1wg7XlUBbRgKMNGw1ys19
N4PS8we5jkywv1xd5ZOyjXzvGX45ZtVb6Uci+/5hShxzT40NLx4//xBmTF/Y1efd
YSts+aS2HV0+nXDbslZ/sxpCJRhIdwvvNsN9wqqaBH4OjyQXHHLvvX8sod4rtAkF
mZck0zDK9rdu2nEOfZXQi/JZ+wsN4xjqaar+sfpQbTnT
-----END CERTIFICATE-----
Generated at Sat Aug 9 14:24:24 2025 by rpki-client