Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/c1cf6f-54cd-434a-837d-def6efb44319/1/Z3bDGesWID5pZs4-6WcKVMsx_OY.roa
File: Z3bDGesWID5pZs4-6WcKVMsx_OY.roa (raw, json)
Hash identifier: 3SSpuO+HaOURPZjiBSW700LPUzxRvcEB66saiLR1wYQ=
Subject key identifier: 67:76:C3:19:EB:16:20:3E:69:66:CE:3E:E9:67:0A:54:CB:31:FC:E6
Certificate issuer: /CN=993900f66e70b2fffd9c0ce92602f2f45c659961
Certificate serial: 019A343CFB9179173BC19E107760A225AB9E
Authority key identifier: 99:39:00:F6:6E:70:B2:FF:FD:9C:0C:E9:26:02:F2:F4:5C:65:99:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mTkA9m5wsv_9nAzpJgLy9FxlmWE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/c1cf6f-54cd-434a-837d-def6efb44319/1/Z3bDGesWID5pZs4-6WcKVMsx_OY.roa
Signing time: Thu 30 Oct 2025 08:30:03 +0000
ROA not before: Thu 30 Oct 2025 08:30:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39032
IP address blocks: 87.237.232.0/21 maxlen: 21
89.236.216.0/22 maxlen: 22
94.141.68.0/23 maxlen: 23
94.141.76.0/24 maxlen: 24
94.141.77.0/24 maxlen: 24
94.141.81.0/24 maxlen: 24
94.141.92.0/24 maxlen: 24
217.30.160.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ac/c1cf6f-54cd-434a-837d-def6efb44319/1/mTkA9m5wsv_9nAzpJgLy9FxlmWE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ac/c1cf6f-54cd-434a-837d-def6efb44319/1/mTkA9m5wsv_9nAzpJgLy9FxlmWE.mft
rsync://rpki.ripe.net/repository/DEFAULT/mTkA9m5wsv_9nAzpJgLy9FxlmWE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:34:3c:fb:91:79:17:3b:c1:9e:10:77:60:a2:25:ab:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=993900f66e70b2fffd9c0ce92602f2f45c659961
Validity
Not Before: Oct 30 08:30:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6776c319eb16203e6966ce3ee9670a54cb31fce6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:d1:9d:10:76:dd:20:05:53:a5:5f:7c:5c:bf:
52:9c:ae:86:93:a0:05:e8:83:b5:b8:4d:68:15:e0:
73:7b:81:aa:96:65:14:cb:e7:1e:93:ae:7a:11:26:
81:14:fe:85:c5:da:91:05:6b:87:1c:3d:8d:37:93:
96:5a:eb:e1:ad:90:aa:1d:4d:2c:0b:05:7d:3b:65:
d0:f6:8d:ae:48:fe:62:64:67:db:2e:4c:79:f8:20:
a1:45:e9:bc:80:d6:01:3f:b6:2e:a9:2f:e3:af:99:
4b:8a:9d:b0:eb:51:5b:f0:73:64:f5:ec:00:2c:4b:
06:28:01:ee:bb:7c:63:74:1e:a1:77:06:c1:4d:3d:
64:7b:a5:fd:7d:dd:e5:61:d3:0b:f8:6b:55:9a:16:
65:37:19:52:9b:7f:e9:e3:e5:df:19:de:d3:23:20:
85:55:c0:f9:6d:3c:5d:76:b1:59:3b:d6:f5:e8:3e:
4e:90:58:d3:ec:c5:28:27:57:ef:fe:84:1e:20:30:
38:37:4d:fe:e1:60:8e:d0:54:a0:14:54:fa:66:aa:
96:3a:42:23:f8:bb:8f:74:39:86:21:da:16:39:45:
04:f8:ac:5d:ee:f5:c8:62:38:32:27:29:00:41:8e:
a1:b3:1a:61:45:f7:2e:37:b0:26:85:f3:e4:d1:97:
cd:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:76:C3:19:EB:16:20:3E:69:66:CE:3E:E9:67:0A:54:CB:31:FC:E6
X509v3 Authority Key Identifier:
keyid:99:39:00:F6:6E:70:B2:FF:FD:9C:0C:E9:26:02:F2:F4:5C:65:99:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mTkA9m5wsv_9nAzpJgLy9FxlmWE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/c1cf6f-54cd-434a-837d-def6efb44319/1/Z3bDGesWID5pZs4-6WcKVMsx_OY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/c1cf6f-54cd-434a-837d-def6efb44319/1/mTkA9m5wsv_9nAzpJgLy9FxlmWE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.237.232.0/21
89.236.216.0/22
94.141.68.0/23
94.141.76.0/23
94.141.81.0/24
94.141.92.0/24
217.30.160.0/20
Signature Algorithm: sha256WithRSAEncryption
03:12:41:bf:d2:de:98:4f:d2:d9:5e:f1:32:44:8b:f2:f1:e4:
3d:08:20:26:65:fe:02:5a:13:9c:53:0a:f1:4d:72:e5:bd:4d:
1a:6d:5f:95:a6:31:d6:c5:cd:35:19:f9:b4:b4:ea:97:fe:0d:
55:4c:4a:86:40:10:d8:24:b7:5e:4e:c8:6e:cc:10:3c:32:ee:
0e:44:23:8a:9b:68:40:e4:0b:63:8e:a0:04:93:9b:ed:db:e5:
f3:da:4e:5e:bc:95:74:92:7a:e0:fc:ac:12:c1:aa:6a:a7:e9:
52:a8:01:07:f8:75:0f:ab:62:61:51:b3:a8:42:b6:51:d1:25:
22:59:f8:f4:f6:8d:ed:4d:45:80:b6:08:09:4b:61:dd:01:44:
7e:61:57:b5:a1:c9:84:23:2c:c1:c0:59:0d:44:e1:e3:ef:7c:
e5:b9:47:de:ff:e7:d1:1b:b8:9d:30:1a:76:a5:58:e0:c7:06:
d5:26:a8:39:2c:61:e5:ec:17:93:90:c3:3e:70:13:ed:56:e3:
c5:f5:74:dd:e8:89:ad:17:59:87:a1:3f:ec:19:f4:4d:57:c0:
4e:66:54:15:06:fe:84:ef:a8:9e:b5:dd:e7:e8:47:8a:ea:f2:
46:95:e7:ff:26:bc:51:5a:6a:dd:c2:2e:0e:14:d9:3d:1f:81:
9c:13:3a:47
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZo0PPuReRc7wZ4Qd2CiJaueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MzkwMGY2NmU3MGIyZmZmZDljMGNlOTI2MDJmMmY0NWM2
NTk5NjEwHhcNMjUxMDMwMDgzMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzc2YzMxOWViMTYyMDNlNjk2NmNlM2VlOTY3MGE1NGNiMzFmY2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstGdEHbdIAVTpV98XL9SnK6Gk6AF
6IO1uE1oFeBze4GqlmUUy+cek656ESaBFP6FxdqRBWuHHD2NN5OWWuvhrZCqHU0s
CwV9O2XQ9o2uSP5iZGfbLkx5+CChRem8gNYBP7YuqS/jr5lLip2w61Fb8HNk9ewA
LEsGKAHuu3xjdB6hdwbBTT1ke6X9fd3lYdML+GtVmhZlNxlSm3/p4+XfGd7TIyCF
VcD5bTxddrFZO9b16D5OkFjT7MUoJ1fv/oQeIDA4N03+4WCO0FSgFFT6ZqqWOkIj
+LuPdDmGIdoWOUUE+Kxd7vXIYjgyJykAQY6hsxphRfcuN7AmhfPk0ZfNMwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGd2wxnrFiA+aWbOPulnClTLMfzmMB8GA1UdIwQY
MBaAFJk5APZucLL//ZwM6SYC8vRcZZlhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVRrQTltNXdzdl85bkF6cEpnTHk5RnhsbVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9jMWNmNmYtNTRjZC00MzRhLTgzN2Qt
ZGVmNmVmYjQ0MzE5LzEvWjNiREdlc1dJRDVwWnM0LTZXY0tWTXN4X09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9jMWNmNmYtNTRjZC00MzRhLTgzN2QtZGVmNmVmYjQ0MzE5
LzEvbVRrQTltNXdzdl85bkF6cEpnTHk5RnhsbVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQDV+3oAwQC
WezYAwQBXo1EAwQBXo1MAwQAXo1RAwQAXo1cAwQE2R6gMA0GCSqGSIb3DQEBCwUA
A4IBAQADEkG/0t6YT9LZXvEyRIvy8eQ9CCAmZf4CWhOcUwrxTXLlvU0abV+VpjHW
xc01Gfm0tOqX/g1VTEqGQBDYJLdeTshuzBA8Mu4ORCOKm2hA5AtjjqAEk5vt2+Xz
2k5evJV0knrg/KwSwapqp+lSqAEH+HUPq2JhUbOoQrZR0SUiWfj09o3tTUWAtggJ
S2HdAUR+YVe1ocmEIyzBwFkNROHj73zluUfe/+fRG7idMBp2pVjgxwbVJqg5LGHl
7BeTkMM+cBPtVuPF9XTd6ImtF1mHoT/sGfRNV8BOZlQVBv6E76ietd3n6EeK6vJG
lef/JrxRWmrdwi4OFNk9H4GcEzpH
-----END CERTIFICATE-----
Generated at Wed Nov 5 08:13:46 2025 by rpki-client