Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/9Z_lpNxBBi3Erx6I82XDcNdm7S4.roa
File: 9Z_lpNxBBi3Erx6I82XDcNdm7S4.roa (raw, json)
Hash identifier: kZ6rI3O/rdJeGyOZgRtCRO8ytZ9Gz21QOGN+HOTBtQI=
Subject key identifier: F5:9F:E5:A4:DC:41:06:2D:C4:AF:1E:88:F3:65:C3:70:D7:66:ED:2E
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0198370892780B24F5EDCA58DCAA5BF3EE0D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/9Z_lpNxBBi3Erx6I82XDcNdm7S4.roa
Signing time: Wed 23 Jul 2025 11:26:05 +0000
ROA not before: Wed 23 Jul 2025 11:26:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 77.242.146.0/23 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.201.0/24 maxlen: 24
88.209.232.0/22 maxlen: 24
88.209.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 08:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:37:08:92:78:0b:24:f5:ed:ca:58:dc:aa:5b:f3:ee:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 23 11:26:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f59fe5a4dc41062dc4af1e88f365c370d766ed2e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:7e:9b:06:ba:9e:ee:10:52:15:28:25:c0:6c:
9a:ee:70:84:6d:a9:98:5b:34:7f:20:ef:42:f0:b2:
63:1e:5e:fb:26:fa:6a:3c:7f:2e:a5:02:69:de:10:
16:c5:6c:0c:52:04:00:fa:c3:1c:0b:ab:bc:cd:f6:
4b:37:63:cb:03:48:9d:26:42:8a:4e:52:57:61:3f:
a3:82:0f:5f:00:12:14:bd:aa:e1:69:5c:0b:6e:9a:
85:8f:a2:1f:64:b5:d8:fb:57:61:af:4f:f2:27:49:
f3:8e:1d:21:fc:44:68:c8:6d:ae:1f:a4:09:dd:e6:
85:ea:18:16:72:51:e4:09:39:96:e6:e0:ae:da:0f:
cb:69:da:c1:c7:0b:3c:35:a5:75:a9:27:97:5e:ca:
25:28:2a:da:f3:99:c7:88:60:f8:43:ba:7c:e5:55:
99:3f:0f:bb:b3:41:86:a5:02:fb:b4:35:ea:04:e6:
0e:5e:8d:2a:7a:d9:00:20:5e:1b:69:3c:15:47:a7:
1f:5a:77:d1:d5:8c:9a:2f:2c:9c:ea:64:18:01:ce:
71:df:15:f9:02:5a:27:25:ae:c8:a1:11:a6:8a:11:
9a:33:71:57:db:bc:aa:a1:1d:34:e7:27:0d:76:27:
6e:0e:75:84:eb:3d:27:d5:51:d1:eb:d2:09:90:8c:
b6:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:9F:E5:A4:DC:41:06:2D:C4:AF:1E:88:F3:65:C3:70:D7:66:ED:2E
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/9Z_lpNxBBi3Erx6I82XDcNdm7S4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.146.0/23
88.151.56.0/23
88.209.201.0/24
88.209.232.0/22
88.209.254.0/24
Signature Algorithm: sha256WithRSAEncryption
a3:0f:a5:63:0c:d6:4f:f0:f3:4d:b0:70:bf:56:69:54:af:90:
d5:28:08:08:43:50:14:89:df:fc:13:73:96:16:07:87:0a:81:
fe:d0:4e:a0:10:d3:c4:cd:41:76:03:69:49:bb:bd:91:e7:bd:
b1:50:51:b4:ce:bc:dd:b3:0e:53:09:ab:df:8c:79:ab:34:94:
94:24:df:75:09:68:60:a6:dc:d4:0a:b8:1f:c1:fe:af:f9:94:
2f:29:d6:d2:02:00:5e:61:77:1b:05:8d:d9:44:3a:ac:66:e0:
4c:a3:e2:9d:73:f6:39:9c:97:19:77:26:55:13:85:90:fa:b2:
a4:41:54:67:eb:38:6a:2f:67:3d:45:15:6a:61:8e:fd:2a:b9:
2d:2c:c9:06:c8:ab:2d:5c:1d:64:96:26:f9:06:9b:e1:6e:ca:
89:65:f2:5f:08:08:6c:bf:99:97:b5:ab:ea:6e:d2:f0:3b:84:
80:a1:06:31:27:41:d7:0a:2e:20:62:61:ca:46:df:c5:83:fe:
ac:a8:0e:76:91:49:ff:5a:31:cf:be:77:dc:ee:d9:99:f3:b6:
90:e0:60:96:03:7e:95:6a:81:82:b0:98:2d:57:11:09:86:ac:
11:db:aa:de:97:b0:b5:08:ae:16:5a:d3:bc:41:e4:aa:52:16:
61:da:b8:72
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZg3CJJ4CyT17cpY3Kpb8+4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwNzIzMTEyNjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTlmZTVhNGRjNDEwNjJkYzRhZjFlODhmMzY1YzM3MGQ3NjZlZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxn6bBrqe7hBSFSglwGya7nCEbamY
WzR/IO9C8LJjHl77JvpqPH8upQJp3hAWxWwMUgQA+sMcC6u8zfZLN2PLA0idJkKK
TlJXYT+jgg9fABIUvarhaVwLbpqFj6IfZLXY+1dhr0/yJ0nzjh0h/ERoyG2uH6QJ
3eaF6hgWclHkCTmW5uCu2g/LadrBxws8NaV1qSeXXsolKCra85nHiGD4Q7p85VWZ
Pw+7s0GGpQL7tDXqBOYOXo0qetkAIF4baTwVR6cfWnfR1YyaLyyc6mQYAc5x3xX5
AlonJa7IoRGmihGaM3FX27yqoR005ycNdiduDnWE6z0n1VHR69IJkIy2/QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFPWf5aTcQQYtxK8eiPNlw3DXZu0uMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvOVpfbHBOeEJCaTNFcng2STgyWERjTmRtN1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBTfKSAwQB
WJc4AwQAWNHJAwQCWNHoAwQAWNH+MA0GCSqGSIb3DQEBCwUAA4IBAQCjD6VjDNZP
8PNNsHC/VmlUr5DVKAgIQ1AUid/8E3OWFgeHCoH+0E6gENPEzUF2A2lJu72R572x
UFG0zrzdsw5TCavfjHmrNJSUJN91CWhgptzUCrgfwf6v+ZQvKdbSAgBeYXcbBY3Z
RDqsZuBMo+Kdc/Y5nJcZdyZVE4WQ+rKkQVRn6zhqL2c9RRVqYY79KrktLMkGyKst
XB1klib5BpvhbsqJZfJfCAhsv5mXtavqbtLwO4SAoQYxJ0HXCi4gYmHKRt/Fg/6s
qA52kUn/WjHPvnfc7tmZ87aQ4GCWA36VaoGCsJgtVxEJhqwR26rel7C1CK4WWtO8
QeSqUhZh2rhy
-----END CERTIFICATE-----
Generated at Sun Aug 10 16:07:46 2025 by rpki-client