Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/CfW3XQtgzqoTsNgygaqBk_IDaAg.roa
File: CfW3XQtgzqoTsNgygaqBk_IDaAg.roa (raw, json)
Hash identifier: wtkzLwYk8AqxMNlbCH9foq6LUUygaTWoJr2pbzB17hI=
Subject key identifier: 09:F5:B7:5D:0B:60:CE:AA:13:B0:D8:32:81:AA:81:93:F2:03:68:08
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 019A0990EA2C264BEF18E99A36545743D2AB
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/CfW3XQtgzqoTsNgygaqBk_IDaAg.roa
Signing time: Wed 22 Oct 2025 01:38:03 +0000
ROA not before: Wed 22 Oct 2025 01:38:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33659
IP address blocks: 31.132.54.0/23 maxlen: 23
45.248.54.0/24 maxlen: 24
63.246.150.0/24 maxlen: 24
78.31.205.0/24 maxlen: 24
185.205.204.0/24 maxlen: 24
2a0c:3ac0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 14:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:09:90:ea:2c:26:4b:ef:18:e9:9a:36:54:57:43:d2:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Oct 22 01:38:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=09f5b75d0b60ceaa13b0d83281aa8193f2036808
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:84:da:eb:61:4f:55:f1:64:c9:bb:37:ce:ca:
1a:e3:24:d5:9e:ad:02:96:9b:83:36:32:af:cf:89:
c8:a9:f5:71:45:da:eb:ff:93:76:dc:f5:19:01:aa:
61:b0:5c:68:a2:e2:3c:cd:6d:05:39:2f:50:5e:f9:
b5:2c:a5:98:ff:84:a4:03:82:ce:09:43:05:b1:be:
ad:ea:79:bf:ae:7a:1c:a6:80:37:a2:67:67:3d:f1:
e8:6d:5f:e4:90:03:74:c8:73:8d:16:c3:8e:c5:36:
e0:8f:37:87:58:c4:70:7b:6d:e8:47:0b:87:ed:45:
34:70:f2:1d:0b:b7:de:27:ab:51:03:15:dd:b0:7a:
26:10:ad:28:43:35:37:30:81:9c:6a:68:36:e9:28:
2f:13:10:51:12:e9:83:8c:76:f8:c0:5a:ab:84:99:
b8:76:8a:d9:81:71:ac:86:d5:86:72:54:ba:9a:e4:
5f:19:96:15:44:1a:59:13:cc:e1:62:12:0b:44:98:
2f:10:21:ad:0c:fd:1a:0d:3f:29:8e:69:46:7f:47:
18:85:9e:51:87:9f:bc:fc:99:dc:75:a5:33:58:f4:
ac:ba:a6:01:90:99:90:ed:f8:a1:5c:49:c8:15:f2:
b3:08:7e:50:8d:6c:0f:07:12:7b:1f:0f:e3:b1:a6:
45:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:F5:B7:5D:0B:60:CE:AA:13:B0:D8:32:81:AA:81:93:F2:03:68:08
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/CfW3XQtgzqoTsNgygaqBk_IDaAg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.132.54.0/23
45.248.54.0/24
63.246.150.0/24
78.31.205.0/24
185.205.204.0/24
IPv6:
2a0c:3ac0::/29
Signature Algorithm: sha256WithRSAEncryption
68:48:cc:f1:dc:7b:df:aa:5f:c5:3c:ec:fc:f2:d1:63:d3:89:
7e:43:41:d8:32:4a:f2:c5:a5:17:4b:ad:c4:43:1d:4a:d8:0a:
d8:ae:2c:73:d4:96:12:65:c2:41:11:72:c0:28:86:e7:d4:db:
d9:8c:44:13:c5:db:f5:73:a0:cb:b1:5c:ae:58:54:38:aa:76:
ce:f8:1e:71:ef:25:8c:43:d0:16:2e:9c:d0:b4:e0:48:81:ad:
9f:ec:87:ab:93:1a:a8:7b:bd:13:d4:1a:19:9b:49:f0:f9:88:
3f:19:c5:55:89:13:2d:6c:3f:81:a3:a2:b4:7e:dc:24:db:60:
6d:17:9f:aa:5e:5d:99:47:37:fa:b5:0b:ed:cc:38:14:38:02:
95:da:8b:21:ef:e3:f8:22:5c:b9:f4:84:20:bc:a7:51:14:5d:
36:fe:3d:f1:78:d5:76:06:14:35:73:33:ac:45:a3:d7:93:f7:
2e:e0:3d:d1:12:54:9f:ca:e2:2a:c0:6d:f8:e2:9c:54:14:2c:
cc:c7:69:30:ea:22:23:67:7c:1f:73:6b:6d:93:66:80:1e:48:
34:c4:3a:33:2c:0c:fd:26:fa:bd:b8:70:36:1e:a1:fb:24:5e:
70:6f:bf:9a:00:10:c2:9f:ad:dc:5e:78:c8:d6:07:d9:0e:d7:
0d:bc:b4:11
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZoJkOosJkvvGOmaNlRXQ9KrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUxMDIyMDEzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWY1Yjc1ZDBiNjBjZWFhMTNiMGQ4MzI4MWFhODE5M2YyMDM2ODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoTa62FPVfFkybs3zsoa4yTVnq0C
lpuDNjKvz4nIqfVxRdrr/5N23PUZAaphsFxoouI8zW0FOS9QXvm1LKWY/4SkA4LO
CUMFsb6t6nm/rnocpoA3omdnPfHobV/kkAN0yHONFsOOxTbgjzeHWMRwe23oRwuH
7UU0cPIdC7feJ6tRAxXdsHomEK0oQzU3MIGcamg26SgvExBREumDjHb4wFqrhJm4
dorZgXGshtWGclS6muRfGZYVRBpZE8zhYhILRJgvECGtDP0aDT8pjmlGf0cYhZ5R
h5+8/JncdaUzWPSsuqYBkJmQ7fihXEnIFfKzCH5QjWwPBxJ7Hw/jsaZFKQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFAn1t10LYM6qE7DYMoGqgZPyA2gIMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvQ2ZXM1hRdGd6cW9Uc05neWdhcUJrX0lEYUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQBH4Q2AwQA
Lfg2AwQAP/aWAwQATh/NAwQAuc3MMA0EAgACMAcDBQMqDDrAMA0GCSqGSIb3DQEB
CwUAA4IBAQBoSMzx3Hvfql/FPOz88tFj04l+Q0HYMkryxaUXS63EQx1K2ArYrixz
1JYSZcJBEXLAKIbn1NvZjEQTxdv1c6DLsVyuWFQ4qnbO+B5x7yWMQ9AWLpzQtOBI
ga2f7Ierkxqoe70T1BoZm0nw+Yg/GcVViRMtbD+Bo6K0ftwk22BtF5+qXl2ZRzf6
tQvtzDgUOAKV2osh7+P4Ily59IQgvKdRFF02/j3xeNV2BhQ1czOsRaPXk/cu4D3R
ElSfyuIqwG344pxUFCzMx2kw6iIjZ3wfc2ttk2aAHkg0xDozLAz9Jvq9uHA2HqH7
JF5wb7+aABDCn63cXnjI1gfZDtcNvLQR
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:30:03 2025 by rpki-client