Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/j1UMkEVqOkZKPApcDF7TIiugx5Y.roa
File: j1UMkEVqOkZKPApcDF7TIiugx5Y.roa (raw, json)
Hash identifier: Ez0TtsH86DLgCJPoR0FKK9Lo9zYsYt5p+KrQPcf5yMY=
Subject key identifier: 8F:55:0C:90:45:6A:3A:46:4A:3C:0A:5C:0C:5E:D3:22:2B:A0:C7:96
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019A49218011D49534436512F6FF49E0E085
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/j1UMkEVqOkZKPApcDF7TIiugx5Y.roa
Signing time: Mon 03 Nov 2025 09:52:03 +0000
ROA not before: Mon 03 Nov 2025 09:52:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 77.93.140.0/24 maxlen: 24
81.5.156.0/24 maxlen: 24
81.168.41.0/24 maxlen: 24
81.168.125.0/24 maxlen: 24
82.152.111.0/24 maxlen: 24
82.152.252.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.67.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
82.153.137.0/24 maxlen: 24
82.153.139.0/24 maxlen: 24
82.153.140.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.153.240.0/24 maxlen: 24
82.153.250.0/24 maxlen: 24
89.213.153.0/24 maxlen: 24
109.176.209.0/24 maxlen: 24
109.176.211.0/24 maxlen: 24
109.176.216.0/24 maxlen: 24
109.176.217.0/24 maxlen: 24
109.176.218.0/24 maxlen: 24
109.176.219.0/24 maxlen: 24
109.176.220.0/24 maxlen: 24
109.176.221.0/24 maxlen: 24
109.176.222.0/24 maxlen: 24
109.176.223.0/24 maxlen: 24
109.176.249.0/24 maxlen: 24
213.152.61.0/24 maxlen: 24
213.152.62.0/24 maxlen: 24
213.218.216.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:49:21:80:11:d4:95:34:43:65:12:f6:ff:49:e0:e0:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Nov 3 09:52:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8f550c90456a3a464a3c0a5c0c5ed3222ba0c796
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:67:93:ce:4a:7d:c3:d8:d4:98:09:16:12:fa:
7b:18:9a:8f:81:db:94:e4:c8:4e:88:04:7b:eb:ff:
97:86:79:57:26:3f:ca:62:52:ee:e6:5c:ac:46:57:
5d:3e:e2:b7:1c:86:03:5a:e2:a4:fe:6f:db:66:73:
81:bd:0e:d2:8f:98:4e:5f:34:c5:5d:a9:28:34:d2:
1e:b5:94:40:28:56:fd:df:42:7b:d7:08:89:02:ae:
0e:d6:64:8c:8b:02:32:ba:48:36:1b:0f:ee:36:c4:
b2:6a:a5:2c:53:27:6c:ac:a3:e3:55:1c:5c:c3:bb:
a1:41:be:d0:7d:0d:d1:65:1e:0f:47:cc:55:a6:bb:
39:ea:35:a7:8b:ea:92:35:90:4c:c3:0f:5a:6e:b9:
45:55:3d:3f:61:52:9f:31:2f:6e:23:bc:49:d2:67:
53:e2:09:40:33:cb:9f:9e:a3:a1:de:2f:1d:e1:28:
89:2a:a1:c9:4d:ef:d8:73:a8:04:4b:84:9d:94:b2:
2a:ff:b7:90:d7:fc:b3:dd:69:ae:03:88:de:43:4b:
6a:f3:e3:31:01:50:43:79:f8:bd:f8:59:82:d0:ce:
12:e4:78:d9:f5:ba:f7:90:1e:35:5d:ea:c1:9d:f4:
14:16:64:8f:27:81:1a:77:05:ed:88:28:a0:22:5c:
b2:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:55:0C:90:45:6A:3A:46:4A:3C:0A:5C:0C:5E:D3:22:2B:A0:C7:96
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/j1UMkEVqOkZKPApcDF7TIiugx5Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.93.140.0/24
81.5.156.0/24
81.168.41.0/24
81.168.125.0/24
82.152.111.0/24
82.152.252.0/23
82.152.255.0/24
82.153.67.0/24
82.153.73.0/24
82.153.78.0/24
82.153.137.0/24
82.153.139.0-82.153.140.255
82.153.221.0/24
82.153.223.0/24
82.153.240.0/24
82.153.250.0/24
89.213.153.0/24
109.176.209.0/24
109.176.211.0/24
109.176.216.0/21
109.176.249.0/24
213.152.61.0-213.152.62.255
213.218.216.0/24
Signature Algorithm: sha256WithRSAEncryption
87:45:f1:cf:88:dd:7e:0a:4e:54:e9:93:f6:67:12:57:d5:cf:
1d:f0:6c:92:c1:76:71:af:ec:f8:4f:2c:a1:1e:8c:3e:21:a0:
67:56:07:7f:fb:93:b5:a5:3c:9e:23:d9:51:cf:fe:f2:3b:38:
14:a7:d9:d4:2b:f7:00:a6:5b:4c:7c:d9:91:34:de:49:a9:33:
25:d9:2e:ef:9e:88:dd:01:7c:be:5f:4f:a7:b6:71:19:01:69:
cf:c7:71:2b:0a:1f:45:9d:03:97:cb:67:9f:a6:87:77:d4:96:
5e:00:aa:af:49:b7:29:d0:b0:8e:4b:a5:69:b6:0b:bf:61:37:
87:03:74:dd:9d:ea:d3:6a:f9:83:0d:be:92:8f:62:4d:88:32:
f1:ab:f1:73:b5:d9:9f:89:c6:99:65:fd:90:1c:74:30:73:7a:
6a:f7:4e:fd:e9:cc:68:17:6e:8c:d1:98:38:ab:f5:15:21:7b:
1c:c2:1d:29:2f:9b:38:31:d7:bd:a0:ca:a5:82:d5:df:69:06:
c4:37:25:45:0e:fb:30:7d:0f:47:ad:92:73:f8:68:4f:11:b9:
b5:02:b5:d3:64:96:24:de:c7:59:3a:9a:fe:64:fe:57:41:5f:
76:db:e8:24:67:71:97:2a:0f:62:bc:9c:91:72:9f:84:cc:fc:
54:d5:c6:ab
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAZpJIYAR1JU0Q2US9v9J4OCFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMTAzMDk1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjU1MGM5MDQ1NmEzYTQ2NGEzYzBhNWMwYzVlZDMyMjJiYTBjNzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmeTzkp9w9jUmAkWEvp7GJqPgduU
5MhOiAR76/+XhnlXJj/KYlLu5lysRlddPuK3HIYDWuKk/m/bZnOBvQ7Sj5hOXzTF
XakoNNIetZRAKFb930J71wiJAq4O1mSMiwIyukg2Gw/uNsSyaqUsUydsrKPjVRxc
w7uhQb7QfQ3RZR4PR8xVprs56jWni+qSNZBMww9abrlFVT0/YVKfMS9uI7xJ0mdT
4glAM8ufnqOh3i8d4SiJKqHJTe/Yc6gES4SdlLIq/7eQ1/yz3WmuA4jeQ0tq8+Mx
AVBDefi9+FmC0M4S5HjZ9br3kB41XerBnfQUFmSPJ4EadwXtiCigIlyy2QIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFI9VDJBFajpGSjwKXAxe0yIroMeWMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvajFVTWtFVnFPa1pLUEFwY0RGN1RJaXVneDVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBoQQCAAEwgZoDBABN
XYwDBABRBZwDBABRqCkDBABRqH0DBABSmG8DBAFSmPwDBABSmP8DBABSmUMDBABS
mUkDBABSmU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8AME
AFKZ+gMEAFnVmQMEAG2w0QMEAG2w0wMEA22w2AMEAG2w+TAMAwQA1Zg9AwQA1Zg+
AwQA1drYMA0GCSqGSIb3DQEBCwUAA4IBAQCHRfHPiN1+Ck5U6ZP2ZxJX1c8d8GyS
wXZxr+z4TyyhHow+IaBnVgd/+5O1pTyeI9lRz/7yOzgUp9nUK/cApltMfNmRNN5J
qTMl2S7vnojdAXy+X0+ntnEZAWnPx3ErCh9FnQOXy2efpod31JZeAKqvSbcp0LCO
S6Vptgu/YTeHA3TdnerTavmDDb6Sj2JNiDLxq/FztdmficaZZf2QHHQwc3pq9079
6cxoF26M0Zg4q/UVIXscwh0pL5s4Mde9oMqlgtXfaQbENyVFDvswfQ9HrZJz+GhP
Ebm1ArXTZJYk3sdZOpr+ZP5XQV922+gkZ3GXKg9ivJyRcp+EzPxU1car
-----END CERTIFICATE-----
Generated at Wed Nov 5 05:38:49 2025 by rpki-client