Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/l_8rCZidj3R0xBljUmL3a0qMgDY.roa
File: l_8rCZidj3R0xBljUmL3a0qMgDY.roa (raw, json)
Hash identifier: htkyEfSpVuBNEiURovEjpWT/drAFOShI9SEsJT/rXwQ=
Subject key identifier: 97:FF:2B:09:98:9D:8F:74:74:C4:19:63:52:62:F7:6B:4A:8C:80:36
Certificate issuer: /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial: 019A4EF6B8432551CD7555D23117763E97B7
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/l_8rCZidj3R0xBljUmL3a0qMgDY.roa
Signing time: Tue 04 Nov 2025 13:03:03 +0000
ROA not before: Tue 04 Nov 2025 13:03:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 77.76.4.0/22 maxlen: 22
78.128.10.0/23 maxlen: 23
78.128.12.0/22 maxlen: 22
78.128.16.0/20 maxlen: 20
78.128.36.0/22 maxlen: 22
78.128.40.0/23 maxlen: 23
78.128.52.0/22 maxlen: 22
78.128.56.0/22 maxlen: 22
78.128.82.0/23 maxlen: 23
78.128.84.0/22 maxlen: 22
78.128.88.0/22 maxlen: 22
78.128.97.0/24 maxlen: 24
78.128.100.0/22 maxlen: 22
78.128.104.0/22 maxlen: 22
78.128.116.0/23 maxlen: 23
78.142.10.0/23 maxlen: 23
78.142.12.0/22 maxlen: 22
78.142.30.0/23 maxlen: 23
82.118.237.0/24 maxlen: 24
83.222.190.0/23 maxlen: 23
84.201.224.0/20 maxlen: 20
91.148.162.0/23 maxlen: 23
91.148.164.0/23 maxlen: 23
91.148.169.0/24 maxlen: 24
91.148.170.0/23 maxlen: 23
91.148.172.0/22 maxlen: 22
91.148.176.0/21 maxlen: 21
91.148.186.0/24 maxlen: 24
130.185.227.0/24 maxlen: 24
130.185.234.0/24 maxlen: 24
185.81.120.0/23 maxlen: 23
193.24.240.0/22 maxlen: 22
193.200.14.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 13:03:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4e:f6:b8:43:25:51:cd:75:55:d2:31:17:76:3e:97:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Validity
Not Before: Nov 4 13:03:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=97ff2b09989d8f7474c419635262f76b4a8c8036
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:0e:18:fa:b9:27:d3:98:16:84:62:6a:b2:37:
37:42:9f:41:c4:49:a0:70:c6:0f:b1:9d:8a:6c:b8:
ac:d1:be:c6:7a:cf:2b:dd:70:0e:60:00:00:e5:49:
3b:6a:d6:02:8e:5b:ce:1b:1c:e4:eb:12:82:2c:0f:
9a:f6:0a:b2:d4:67:48:bc:9e:f8:c3:6a:5f:11:56:
36:a6:e1:00:e2:84:6d:a7:45:d7:17:af:75:e0:3f:
45:b8:55:7a:c2:16:06:a2:32:80:f7:99:96:dd:40:
4b:7e:90:c0:e6:63:ff:a6:bb:70:57:7f:b8:f5:5e:
3b:91:a8:02:82:15:a1:a7:de:aa:ee:51:a0:d7:9f:
e8:00:4f:51:e8:73:10:d3:a6:45:4f:99:ef:00:0d:
e7:20:41:16:da:2b:cc:c6:36:04:dc:e2:fa:14:da:
e4:3f:9d:56:24:b4:e6:e2:56:c8:79:6f:a3:fe:fc:
da:fd:75:0f:b8:30:be:4d:4a:6d:9c:66:fb:19:f9:
d8:50:36:a2:c5:a5:d0:9f:23:39:a4:a8:0b:e9:5a:
65:49:87:ac:58:8a:47:6b:06:97:e3:ed:f3:a9:b5:
9e:29:5c:44:d4:58:f4:70:a4:f7:ba:14:eb:ab:01:
fb:31:1c:2f:3d:0b:04:35:82:6d:f3:82:0b:26:68:
e2:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:FF:2B:09:98:9D:8F:74:74:C4:19:63:52:62:F7:6B:4A:8C:80:36
X509v3 Authority Key Identifier:
keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/l_8rCZidj3R0xBljUmL3a0qMgDY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.76.4.0/22
78.128.10.0-78.128.31.255
78.128.36.0-78.128.41.255
78.128.52.0-78.128.59.255
78.128.82.0-78.128.91.255
78.128.97.0/24
78.128.100.0-78.128.107.255
78.128.116.0/23
78.142.10.0-78.142.15.255
78.142.30.0/23
82.118.237.0/24
83.222.190.0/23
84.201.224.0/20
91.148.162.0-91.148.165.255
91.148.169.0-91.148.183.255
91.148.186.0/24
130.185.227.0/24
130.185.234.0/24
185.81.120.0/23
193.24.240.0/22
193.200.14.0/23
Signature Algorithm: sha256WithRSAEncryption
50:02:5f:f7:52:70:ee:bc:16:02:2c:f3:87:2c:7a:9c:83:de:
18:07:b6:cd:7f:09:03:b3:68:f1:98:ff:18:8d:c2:2a:06:0a:
d9:df:b4:11:0d:7e:5d:1a:37:cb:0f:ae:8f:ad:7b:d7:58:dd:
78:3c:16:f7:03:ee:2c:51:fe:ea:aa:0d:94:74:54:79:ad:f3:
2e:4e:9b:a5:44:18:89:91:bb:3e:b9:35:26:98:a4:e6:79:4d:
15:ed:df:02:26:7f:39:19:07:d5:5e:ea:da:78:4c:57:3e:ce:
13:0c:70:3e:dd:55:5c:ee:26:93:bc:a3:4f:0f:09:87:3b:81:
73:dd:12:6b:87:20:b8:28:0e:32:4b:e8:03:7f:30:c2:08:8d:
dc:01:d0:a5:24:3c:b3:e8:10:5a:ac:ae:7f:0c:71:38:b0:50:
d2:1e:81:90:39:2c:6b:4b:be:ad:45:b7:af:2a:26:ab:4a:0a:
08:73:69:18:80:47:7a:2a:ff:98:ca:b1:2e:4b:dc:c9:b8:60:
91:f3:78:1f:44:f5:ef:a2:28:8b:1a:94:5e:d1:4e:95:64:40:
8e:09:e2:37:bd:b3:04:f6:49:08:4d:d5:6b:d3:60:bf:8d:e5:
85:a5:8a:ab:84:b4:1c:fd:c2:09:25:39:11:15:03:24:c2:b3:
74:30:9c:d4
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgISAZpO9rhDJVHNdVXSMRd2Ppe3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUxMTA0MTMwMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2ZmMmIwOTk4OWQ4Zjc0NzRjNDE5NjM1MjYyZjc2YjRhOGM4MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyg4Y+rkn05gWhGJqsjc3Qp9BxEmg
cMYPsZ2KbLis0b7Ges8r3XAOYAAA5Uk7atYCjlvOGxzk6xKCLA+a9gqy1GdIvJ74
w2pfEVY2puEA4oRtp0XXF6914D9FuFV6whYGojKA95mW3UBLfpDA5mP/prtwV3+4
9V47kagCghWhp96q7lGg15/oAE9R6HMQ06ZFT5nvAA3nIEEW2ivMxjYE3OL6FNrk
P51WJLTm4lbIeW+j/vza/XUPuDC+TUptnGb7GfnYUDaixaXQnyM5pKgL6VplSYes
WIpHawaX4+3zqbWeKVxE1Fj0cKT3uhTrqwH7MRwvPQsENYJt84ILJmjiXwIDAQAB
o4ICxjCCAsIwHQYDVR0OBBYEFJf/KwmYnY90dMQZY1Ji92tKjIA2MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvbF84ckNaaWRqM1IweEJsalVtTDNhMHFNZ0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHbBggrBgEFBQcBBwEB/wSByzCByDCBxQQCAAEwgb4DBAJN
TAQwDAMEAU6ACgMEBU6AADAMAwQCToAkAwQBToAoMAwDBAJOgDQDBAJOgDgwDAME
AU6AUgMEAk6AWAMEAE6AYTAMAwQCToBkAwQCToBoAwQBToB0MAwDBAFOjgoDBARO
jgADBAFOjh4DBABSdu0DBAFT3r4DBARUyeAwDAMEAVuUogMEAVuUpDAMAwQAW5Sp
AwQDW5SwAwQAW5S6AwQAgrnjAwQAgrnqAwQBuVF4AwQCwRjwAwQBwcgOMA0GCSqG
SIb3DQEBCwUAA4IBAQBQAl/3UnDuvBYCLPOHLHqcg94YB7bNfwkDs2jxmP8YjcIq
BgrZ37QRDX5dGjfLD66PrXvXWN14PBb3A+4sUf7qqg2UdFR5rfMuTpulRBiJkbs+
uTUmmKTmeU0V7d8CJn85GQfVXuraeExXPs4TDHA+3VVc7iaTvKNPDwmHO4Fz3RJr
hyC4KA4yS+gDfzDCCI3cAdClJDyz6BBarK5/DHE4sFDSHoGQOSxrS76tRbevKiar
SgoIc2kYgEd6Kv+YyrEuS9zJuGCR83gfRPXvoiiLGpRe0U6VZECOCeI3vbME9kkI
TdVr02C/jeWFpYqrhLQc/cIJJTkRFQMkwrN0MJzU
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:54:45 2025 by rpki-client