Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/2zlKOvbAvQZnhSVaWjsOOlM3Xzg.roa
File: 2zlKOvbAvQZnhSVaWjsOOlM3Xzg.roa (raw, json)
Hash identifier: BfYATa29KVeAb0l3w0wWL4QpEZML5G/JVPVE014fS6c=
Subject key identifier: DB:39:4A:3A:F6:C0:BD:06:67:85:25:5A:5A:3B:0E:3A:53:37:5F:38
Certificate issuer: /CN=09cd218abcdf66e79500ab913cd21cf06e405d4e
Certificate serial: 019A4EBFC9D6AEDBDB9A671A165A2346ECE3
Authority key identifier: 09:CD:21:8A:BC:DF:66:E7:95:00:AB:91:3C:D2:1C:F0:6E:40:5D:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Cc0hirzfZueVAKuRPNIc8G5AXU4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/2zlKOvbAvQZnhSVaWjsOOlM3Xzg.roa
Signing time: Tue 04 Nov 2025 12:03:03 +0000
ROA not before: Tue 04 Nov 2025 12:03:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35753
IP address blocks: 80.240.64.0/20 maxlen: 20
82.167.0.0/16 maxlen: 16
82.167.0.0/17 maxlen: 17
82.167.0.0/18 maxlen: 24
82.167.64.0/22 maxlen: 22
82.167.68.0/22 maxlen: 22
82.167.72.0/22 maxlen: 22
82.167.76.0/22 maxlen: 22
82.167.80.0/22 maxlen: 22
82.167.84.0/22 maxlen: 22
82.167.88.0/22 maxlen: 22
82.167.92.0/22 maxlen: 22
82.167.96.0/22 maxlen: 22
82.167.100.0/22 maxlen: 22
82.167.104.0/22 maxlen: 22
82.167.108.0/22 maxlen: 22
82.167.112.0/22 maxlen: 22
82.167.116.0/22 maxlen: 22
82.167.120.0/22 maxlen: 22
82.167.124.0/22 maxlen: 22
82.167.128.0/19 maxlen: 19
82.167.144.0/22 maxlen: 22
82.167.148.0/22 maxlen: 22
82.167.152.0/22 maxlen: 22
82.167.156.0/22 maxlen: 22
82.167.160.0/22 maxlen: 22
82.167.164.0/22 maxlen: 22
82.167.168.0/22 maxlen: 22
82.167.172.0/22 maxlen: 22
82.167.180.0/22 maxlen: 22
82.167.180.0/23 maxlen: 23
82.167.192.0/18 maxlen: 18
82.167.192.0/20 maxlen: 20
82.167.208.0/20 maxlen: 20
82.167.224.0/21 maxlen: 21
82.167.232.0/21 maxlen: 21
82.167.240.0/22 maxlen: 22
82.167.244.0/22 maxlen: 22
82.167.248.0/24 maxlen: 24
82.167.249.0/24 maxlen: 24
82.167.250.0/23 maxlen: 23
82.167.252.0/23 maxlen: 23
82.167.254.0/23 maxlen: 23
82.167.254.0/24 maxlen: 24
82.167.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/Cc0hirzfZueVAKuRPNIc8G5AXU4.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/Cc0hirzfZueVAKuRPNIc8G5AXU4.mft
rsync://rpki.ripe.net/repository/DEFAULT/Cc0hirzfZueVAKuRPNIc8G5AXU4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4e:bf:c9:d6:ae:db:db:9a:67:1a:16:5a:23:46:ec:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=09cd218abcdf66e79500ab913cd21cf06e405d4e
Validity
Not Before: Nov 4 12:03:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=db394a3af6c0bd066785255a5a3b0e3a53375f38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:eb:76:e4:cc:b5:51:7b:a6:ad:58:b8:fa:22:
9c:5b:44:a4:ae:5f:10:be:0f:d0:c6:63:3e:96:ea:
6e:29:44:0c:85:cf:68:a8:59:6f:f9:6c:3b:9d:5d:
2f:75:f7:73:1b:58:ef:9e:9e:6d:bc:ec:a1:71:8a:
4d:f0:c6:af:39:76:58:d2:4f:63:4b:1b:45:95:7b:
39:99:0b:80:62:d0:43:36:0a:2c:71:c6:09:ac:1b:
c3:07:64:00:4b:9d:92:0a:bf:77:44:0d:35:75:30:
43:39:fb:92:56:f4:4c:79:35:f2:03:94:cc:42:3d:
53:e4:ad:87:89:56:71:46:af:14:ca:a8:4a:56:b1:
43:ff:15:b6:78:1d:01:f0:cd:d7:37:a6:0d:b6:48:
58:38:d1:2e:30:90:76:8b:dd:30:94:d3:0d:a6:4a:
88:2f:27:a0:ec:ce:b0:96:65:6a:45:fa:46:1e:1a:
0e:86:57:dd:90:01:47:c1:85:76:58:8d:20:33:f5:
25:ea:79:5f:91:c7:2f:49:77:d8:49:0f:d3:3d:81:
84:b4:be:29:a5:ab:02:53:a5:ef:63:0b:df:94:45:
34:01:09:ca:65:af:27:72:dd:fc:34:3c:83:68:51:
da:ef:ef:a5:d1:d2:62:31:3b:e3:d3:f0:48:10:2b:
e2:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:39:4A:3A:F6:C0:BD:06:67:85:25:5A:5A:3B:0E:3A:53:37:5F:38
X509v3 Authority Key Identifier:
keyid:09:CD:21:8A:BC:DF:66:E7:95:00:AB:91:3C:D2:1C:F0:6E:40:5D:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cc0hirzfZueVAKuRPNIc8G5AXU4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/2zlKOvbAvQZnhSVaWjsOOlM3Xzg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/Cc0hirzfZueVAKuRPNIc8G5AXU4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.240.64.0/20
82.167.0.0/16
Signature Algorithm: sha256WithRSAEncryption
58:da:68:25:43:01:46:81:fd:ea:34:be:39:3c:67:20:76:b8:
1d:b9:8a:eb:eb:03:b6:fb:2d:e8:a7:56:de:f7:b2:b6:5c:18:
49:94:2f:f0:15:45:d5:14:4e:61:ba:e6:5f:2b:4b:65:54:86:
44:70:75:51:c8:11:ba:85:83:84:c7:ac:49:09:b3:ce:87:3f:
65:7e:28:5d:7c:7f:35:86:8f:fc:4b:f5:c0:84:6f:e0:e3:a6:
a6:21:a3:b7:bd:0f:4d:a3:b9:5a:6b:da:ff:93:10:10:5b:b3:
25:11:37:a7:3e:1b:44:39:2d:dc:f8:b2:43:8e:14:8f:07:b6:
db:47:ed:55:a6:2a:51:7f:48:fa:7e:99:b5:90:b2:66:14:e8:
89:b9:0a:3f:45:77:d5:d1:63:62:80:42:41:21:7f:59:68:ec:
56:a4:0b:4b:54:fd:6d:b7:97:9e:51:b4:34:e9:e6:02:37:ca:
a8:1e:f8:09:c2:fb:40:07:78:49:a4:c9:f9:6d:26:eb:23:a3:
e2:33:2f:4c:53:5c:85:cc:3d:24:b4:ba:90:be:c4:0e:42:ac:
78:ea:c8:e4:47:91:4a:d9:c5:24:ae:e5:b8:f5:b6:a0:6b:32:
3c:2f:b7:74:1e:5a:68:1e:9b:49:c1:c9:49:81:5d:6a:90:79:
2f:48:db:a8
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZpOv8nWrtvbmmcaFlojRuzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5Y2QyMThhYmNkZjY2ZTc5NTAwYWI5MTNjZDIxY2YwNmU0
MDVkNGUwHhcNMjUxMTA0MTIwMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjM5NGEzYWY2YzBiZDA2Njc4NTI1NWE1YTNiMGUzYTUzMzc1ZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ut25My1UXumrVi4+iKcW0Skrl8Q
vg/QxmM+lupuKUQMhc9oqFlv+Ww7nV0vdfdzG1jvnp5tvOyhcYpN8MavOXZY0k9j
SxtFlXs5mQuAYtBDNgosccYJrBvDB2QAS52SCr93RA01dTBDOfuSVvRMeTXyA5TM
Qj1T5K2HiVZxRq8UyqhKVrFD/xW2eB0B8M3XN6YNtkhYONEuMJB2i90wlNMNpkqI
Lyeg7M6wlmVqRfpGHhoOhlfdkAFHwYV2WI0gM/Ul6nlfkccvSXfYSQ/TPYGEtL4p
pasCU6XvYwvflEU0AQnKZa8nct38NDyDaFHa7++l0dJiMTvj0/BIECvijwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFNs5Sjr2wL0GZ4UlWlo7DjpTN184MB8GA1UdIwQY
MBaAFAnNIYq832bnlQCrkTzSHPBuQF1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2MwaGlyemZadWVWQUt1UlBOSWM4RzVBWFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi83N2ZlNDgtZDFmMS00NDlhLTgwN2Qt
NGMxOWVjNWI1N2NhLzEvMnpsS092YkF2UVpuaFNWYVdqc09PbE0zWHpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi83N2ZlNDgtZDFmMS00NDlhLTgwN2QtNGMxOWVjNWI1N2Nh
LzEvQ2MwaGlyemZadWVWQUt1UlBOSWM4RzVBWFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwQEUPBAAwMA
UqcwDQYJKoZIhvcNAQELBQADggEBAFjaaCVDAUaB/eo0vjk8ZyB2uB25iuvrA7b7
LeinVt73srZcGEmUL/AVRdUUTmG65l8rS2VUhkRwdVHIEbqFg4THrEkJs86HP2V+
KF18fzWGj/xL9cCEb+DjpqYho7e9D02juVpr2v+TEBBbsyURN6c+G0Q5Ldz4skOO
FI8HtttH7VWmKlF/SPp+mbWQsmYU6Im5Cj9Fd9XRY2KAQkEhf1lo7FakC0tU/W23
l55RtDTp5gI3yqge+AnC+0AHeEmkyfltJusjo+IzL0xTXIXMPSS0upC+xA5CrHjq
yORHkUrZxSSu5bj1tqBrMjwvt3QeWmgem0nByUmBXWqQeS9I26g=
-----END CERTIFICATE-----
Generated at Wed Nov 5 21:46:39 2025 by rpki-client