Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/czNTNqg9HxxVpVhMru77MA-8VxA.roa
File: czNTNqg9HxxVpVhMru77MA-8VxA.roa (raw, json)
Hash identifier: 3xyVOm6l03HU2hH6CAprpq4BdkyEwqcN5epG5zEOhPM=
Subject key identifier: 73:33:53:36:A8:3D:1F:1C:55:A5:58:4C:AE:EE:FB:30:0F:BC:57:10
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019A492184309E4189E81C8E4BCCEA6C8D82
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/czNTNqg9HxxVpVhMru77MA-8VxA.roa
Signing time: Mon 03 Nov 2025 09:52:04 +0000
ROA not before: Mon 03 Nov 2025 09:52:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211439
IP address blocks: 37.252.28.0/24 maxlen: 24
79.99.149.0/24 maxlen: 24
89.213.117.0/24 maxlen: 24
89.213.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:49:21:84:30:9e:41:89:e8:1c:8e:4b:cc:ea:6c:8d:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Nov 3 09:52:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=73335336a83d1f1c55a5584caeeefb300fbc5710
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:3c:21:49:b9:49:69:fc:8d:29:cc:70:ce:c3:
95:68:7d:06:58:bc:35:bb:bb:c4:bd:01:67:8e:8f:
f7:67:1b:3c:c7:8a:31:ae:f6:a4:e1:fe:e5:cb:34:
9b:c5:9c:4b:22:42:db:eb:7c:4b:97:20:a4:b1:71:
7e:48:1c:fc:4a:e2:fe:c9:21:5c:6a:0e:95:30:27:
8d:4c:85:b7:ee:7b:09:29:f1:cf:e6:8a:d3:b3:fe:
7a:ed:7b:66:ea:20:46:54:51:1d:8d:42:f9:fc:b9:
a9:e9:5a:76:4a:f7:58:6c:ae:63:76:c7:80:0f:ec:
59:ec:7a:91:cd:02:2e:b2:7e:7d:51:98:dc:bc:71:
cc:33:ec:a5:97:a2:23:54:32:ac:dc:bb:11:95:84:
ce:10:6a:80:a6:f3:cd:9c:d4:1f:23:b3:66:4e:42:
59:d8:9b:de:79:87:64:5f:af:12:7d:6c:91:8a:33:
8e:a4:44:8e:85:71:1a:b6:77:08:d9:c6:11:2a:e7:
84:a8:d0:ab:63:15:10:9d:03:f4:c9:9a:58:f6:3c:
a8:35:04:bf:20:d8:e2:64:e6:fb:8a:89:67:b7:70:
ec:be:fe:a0:13:32:b9:69:e4:23:1b:05:51:0e:09:
99:65:7d:ea:18:d2:6b:29:c6:23:d0:4a:32:d3:0a:
4e:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:33:53:36:A8:3D:1F:1C:55:A5:58:4C:AE:EE:FB:30:0F:BC:57:10
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/czNTNqg9HxxVpVhMru77MA-8VxA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.252.28.0/24
79.99.149.0/24
89.213.117.0/24
89.213.221.0/24
Signature Algorithm: sha256WithRSAEncryption
89:5e:4f:51:e0:4d:72:c7:67:c2:e7:d3:a7:76:fd:df:1d:87:
73:40:60:25:c4:77:81:79:f9:ac:31:ff:05:04:ca:45:c6:b5:
0e:f7:55:a9:ce:a5:29:3c:64:76:3f:87:7f:0a:55:f1:33:09:
7a:73:89:a2:f7:e8:f5:c0:44:72:b3:f5:ed:b7:80:0c:71:17:
b5:37:88:3c:3c:0c:44:cc:d3:c5:a0:7b:cb:f9:fc:80:2f:c0:
08:06:7d:2a:44:24:40:77:81:69:ae:ec:3f:a8:25:92:68:0a:
47:d2:56:ef:60:83:15:64:2d:f5:a3:26:e9:fd:12:3d:71:b0:
fb:91:cf:37:91:b5:6d:eb:86:9d:9c:33:23:57:f5:40:10:5a:
8e:62:a3:0e:a6:d0:81:89:38:6a:29:cc:04:15:26:62:bf:5b:
4a:7c:23:3c:ec:fd:4e:29:f2:5a:bc:12:cc:f7:51:11:fe:b8:
c8:75:06:e3:ea:09:42:a8:b0:d5:a1:70:46:44:3b:fa:28:7d:
d4:fc:56:b2:a1:de:54:e4:4d:04:c8:3c:1c:29:f8:1c:ef:8d:
76:fc:aa:36:50:62:0b:a2:39:5a:7d:8b:f6:b5:cc:ab:77:f7:
a4:4c:0b:be:a9:71:fd:ee:d3:3a:9b:d2:4d:6b:0e:8e:32:6d:
75:b6:fa:8b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZpJIYQwnkGJ6ByOS8zqbI2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMTAzMDk1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzMzNTMzNmE4M2QxZjFjNTVhNTU4NGNhZWVlZmIzMDBmYmM1NzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9DwhSblJafyNKcxwzsOVaH0GWLw1
u7vEvQFnjo/3Zxs8x4oxrvak4f7lyzSbxZxLIkLb63xLlyCksXF+SBz8SuL+ySFc
ag6VMCeNTIW37nsJKfHP5orTs/567Xtm6iBGVFEdjUL5/Lmp6Vp2SvdYbK5jdseA
D+xZ7HqRzQIusn59UZjcvHHMM+yll6IjVDKs3LsRlYTOEGqApvPNnNQfI7NmTkJZ
2JveeYdkX68SfWyRijOOpESOhXEatncI2cYRKueEqNCrYxUQnQP0yZpY9jyoNQS/
INjiZOb7iolnt3Dsvv6gEzK5aeQjGwVRDgmZZX3qGNJrKcYj0Eoy0wpOywIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHMzUzaoPR8cVaVYTK7u+zAPvFcQMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY3pOVE5xZzlIeHhWcFZoTXJ1NzdNQS04VnhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJfwcAwQA
T2OVAwQAWdV1AwQAWdXdMA0GCSqGSIb3DQEBCwUAA4IBAQCJXk9R4E1yx2fC59On
dv3fHYdzQGAlxHeBefmsMf8FBMpFxrUO91WpzqUpPGR2P4d/ClXxMwl6c4mi9+j1
wERys/Xtt4AMcRe1N4g8PAxEzNPFoHvL+fyAL8AIBn0qRCRAd4Fpruw/qCWSaApH
0lbvYIMVZC31oybp/RI9cbD7kc83kbVt64adnDMjV/VAEFqOYqMOptCBiThqKcwE
FSZiv1tKfCM87P1OKfJavBLM91ER/rjIdQbj6glCqLDVoXBGRDv6KH3U/Fayod5U
5E0EyDwcKfgc7412/Ko2UGILojlafYv2tcyrd/ekTAu+qXH97tM6m9JNaw6OMm11
tvqL
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:45:50 2025 by rpki-client