Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/U3sT87GYwy9D9SgOPVW_RiOktmI.roa
File: U3sT87GYwy9D9SgOPVW_RiOktmI.roa (raw, json)
Hash identifier: 1ZFvEfBkgKcB/Gz4D0UF4KApAihzQ1ZYW/CMo5SgnsM=
Subject key identifier: 53:7B:13:F3:B1:98:C3:2F:43:F5:28:0E:3D:55:BF:46:23:A4:B6:62
Certificate issuer: /CN=9c73d9453fbedfb80c4543bb529fc330c1f8c1ce
Certificate serial: 019A3472FFC04238C7B47B3945017DFB0C1F
Authority key identifier: 9C:73:D9:45:3F:BE:DF:B8:0C:45:43:BB:52:9F:C3:30:C1:F8:C1:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/U3sT87GYwy9D9SgOPVW_RiOktmI.roa
Signing time: Thu 30 Oct 2025 09:29:03 +0000
ROA not before: Thu 30 Oct 2025 09:29:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207353
IP address blocks: 77.220.217.0/24 maxlen: 24
77.220.219.0/24 maxlen: 24
77.220.220.0/24 maxlen: 24
77.220.221.0/24 maxlen: 24
77.220.222.0/24 maxlen: 24
89.248.230.0/24 maxlen: 24
185.62.100.0/24 maxlen: 24
193.243.161.0/24 maxlen: 24
195.246.246.0/24 maxlen: 24
195.246.247.0/24 maxlen: 24
195.246.248.0/24 maxlen: 24
195.246.249.0/24 maxlen: 24
217.199.213.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/nHPZRT--37gMRUO7Up_DMMH4wc4.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/nHPZRT--37gMRUO7Up_DMMH4wc4.mft
rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 06:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:34:72:ff:c0:42:38:c7:b4:7b:39:45:01:7d:fb:0c:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c73d9453fbedfb80c4543bb529fc330c1f8c1ce
Validity
Not Before: Oct 30 09:29:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=537b13f3b198c32f43f5280e3d55bf4623a4b662
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:ae:60:78:f3:5e:4c:1f:44:6a:f8:89:8f:84:
26:9f:ab:9e:76:7c:1b:8d:4b:7f:31:4f:7d:1a:92:
50:4e:4c:1f:d9:ef:44:de:1a:09:5e:42:63:a0:50:
c8:35:b0:d0:61:1d:88:1b:d1:8e:61:08:82:d4:3d:
be:82:6a:9c:f2:1b:5f:01:95:41:6b:39:e6:05:c7:
4a:d5:ce:d6:4f:32:43:5f:45:3e:b7:23:da:97:22:
78:d8:67:2d:b2:7d:38:32:69:51:ad:02:22:a8:59:
2e:4e:5c:90:a6:6d:ee:00:08:8b:21:90:9f:d1:ef:
58:5f:6d:8e:e2:13:2a:41:a7:d9:35:b6:57:7d:9e:
7a:a9:31:41:f4:db:fd:c0:86:ec:11:b1:38:94:39:
98:96:e3:2a:e8:1e:d6:cb:e9:92:74:ca:4b:7b:e7:
3c:71:5a:1b:17:46:34:0a:07:d4:87:15:fa:92:c5:
2b:50:01:cf:96:5c:3e:96:e3:68:6b:fa:9e:7a:5f:
f8:12:0e:ad:01:2a:05:94:e1:71:bf:a4:ad:08:a3:
e6:14:2d:4e:7e:3b:d8:72:fa:ed:56:68:d9:e3:80:
fc:bf:73:f0:77:6c:61:63:2e:fe:ff:19:4a:7e:22:
d9:0b:5e:6d:f5:aa:4b:77:7c:15:a9:89:df:de:05:
e5:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:7B:13:F3:B1:98:C3:2F:43:F5:28:0E:3D:55:BF:46:23:A4:B6:62
X509v3 Authority Key Identifier:
keyid:9C:73:D9:45:3F:BE:DF:B8:0C:45:43:BB:52:9F:C3:30:C1:F8:C1:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/U3sT87GYwy9D9SgOPVW_RiOktmI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/nHPZRT--37gMRUO7Up_DMMH4wc4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.220.217.0/24
77.220.219.0-77.220.222.255
89.248.230.0/24
185.62.100.0/24
193.243.161.0/24
195.246.246.0-195.246.249.255
217.199.213.0/24
Signature Algorithm: sha256WithRSAEncryption
25:c5:fe:1c:d9:d9:0f:b9:62:8b:31:00:ff:5e:76:62:b8:e3:
f3:1e:7b:34:65:55:98:3d:24:df:ed:03:1f:f4:ac:6e:51:20:
0b:b5:fa:b5:64:5f:ec:03:d8:82:6f:ae:b3:8b:d1:33:3b:8e:
82:28:e2:15:3e:e9:02:61:55:ea:e8:45:c7:c6:6c:71:cf:1b:
74:33:d6:74:a6:7a:d2:b1:ac:91:f6:c8:bf:37:ba:40:ff:c8:
7a:fd:5c:b1:90:69:0b:3c:2f:a9:3a:dd:49:50:30:77:e6:89:
bf:2a:b2:1c:0d:4a:b9:a5:81:90:0d:43:91:dd:d9:1a:0c:c3:
e1:14:8b:9b:ff:84:08:2b:c7:e2:cf:c3:0a:e2:db:1c:8d:b5:
07:07:25:7f:da:e6:1a:02:8e:da:d6:f9:ba:a1:30:71:6d:44:
b0:46:61:f0:91:c0:1c:bf:08:2d:27:65:0a:88:db:5a:d4:ca:
b3:aa:35:85:96:1c:80:ad:65:e4:e1:12:67:11:c1:04:a7:4b:
97:5a:13:0f:d2:45:e1:a8:e6:79:90:46:41:a8:05:eb:2f:05:
aa:2d:fc:83:36:0a:7b:e6:d8:98:29:06:b9:3f:0c:a8:b3:d8:
a9:2d:69:ce:a1:46:a8:5b:b9:c3:45:49:dc:9b:68:0b:78:19:
f5:77:af:be
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZo0cv/AQjjHtHs5RQF9+wwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNzNkOTQ1M2ZiZWRmYjgwYzQ1NDNiYjUyOWZjMzMwYzFm
OGMxY2UwHhcNMjUxMDMwMDkyOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzdiMTNmM2IxOThjMzJmNDNmNTI4MGUzZDU1YmY0NjIzYTRiNjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAta5gePNeTB9EaviJj4Qmn6uednwb
jUt/MU99GpJQTkwf2e9E3hoJXkJjoFDINbDQYR2IG9GOYQiC1D2+gmqc8htfAZVB
aznmBcdK1c7WTzJDX0U+tyPalyJ42Gctsn04MmlRrQIiqFkuTlyQpm3uAAiLIZCf
0e9YX22O4hMqQafZNbZXfZ56qTFB9Nv9wIbsEbE4lDmYluMq6B7Wy+mSdMpLe+c8
cVobF0Y0CgfUhxX6ksUrUAHPllw+luNoa/qeel/4Eg6tASoFlOFxv6StCKPmFC1O
fjvYcvrtVmjZ44D8v3Pwd2xhYy7+/xlKfiLZC15t9apLd3wVqYnf3gXl+wIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFFN7E/OxmMMvQ/UoDj1Vv0YjpLZiMB8GA1UdIwQY
MBaAFJxz2UU/vt+4DEVDu1KfwzDB+MHOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkhQWlJULS0zN2dNUlVPN1VwX0RNTUg0d2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9iMzUzNzktMjEyMi00MTkxLTg4MjEt
YzQ3ZTE4ZGYwMzcxLzEvVTNzVDg3R1l3eTlEOVNnT1BWV19SaU9rdG1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9iMzUzNzktMjEyMi00MTkxLTg4MjEtYzQ3ZTE4ZGYwMzcx
LzEvbkhQWlJULS0zN2dNUlVPN1VwX0RNTUg0d2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQATdzZMAwD
BABN3NsDBABN3N4DBABZ+OYDBAC5PmQDBADB86EwDAMEAcP29gMEAcP2+AMEANnH
1TANBgkqhkiG9w0BAQsFAAOCAQEAJcX+HNnZD7liizEA/152Yrjj8x57NGVVmD0k
3+0DH/SsblEgC7X6tWRf7APYgm+us4vRMzuOgijiFT7pAmFV6uhFx8Zscc8bdDPW
dKZ60rGskfbIvze6QP/Iev1csZBpCzwvqTrdSVAwd+aJvyqyHA1KuaWBkA1Dkd3Z
GgzD4RSLm/+ECCvH4s/DCuLbHI21Bwclf9rmGgKO2tb5uqEwcW1EsEZh8JHAHL8I
LSdlCojbWtTKs6o1hZYcgK1l5OESZxHBBKdLl1oTD9JF4ajmeZBGQagF6y8Fqi38
gzYKe+bYmCkGuT8MqLPYqS1pzqFGqFu5w0VJ3JtoC3gZ9Xevvg==
-----END CERTIFICATE-----
Generated at Tue Nov 4 15:03:59 2025 by rpki-client