
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/k4yKqIR7cQItxrDu_gDWC-myYX0.roa
File: k4yKqIR7cQItxrDu_gDWC-myYX0.roa (raw, json)
Hash identifier: xhdvsy13/3L8cbu2Dvi5ab7FoTe57YZRZZmouEau4sA=
Subject key identifier: 93:8C:8A:A8:84:7B:71:02:2D:C6:B0:EE:FE:00:D6:0B:E9:B2:61:7D
Certificate issuer: /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial: 0198798DBE191CE88353C63A05DB269542DA
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/k4yKqIR7cQItxrDu_gDWC-myYX0.roa
Signing time: Tue 05 Aug 2025 09:26:29 +0000
ROA not before: Tue 05 Aug 2025 09:26:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35263
IP address blocks: 86.109.64.0/21 maxlen: 21
86.109.72.0/23 maxlen: 23
2a00:1b90::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 09 Aug 2025 16:01:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:79:8d:be:19:1c:e8:83:53:c6:3a:05:db:26:95:42:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Validity
Not Before: Aug 5 09:26:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=938c8aa8847b71022dc6b0eefe00d60be9b2617d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:b1:c9:88:97:69:ac:41:a2:e8:6f:1e:04:d7:
6a:b0:6d:f7:82:75:3b:d4:9d:d8:61:df:39:b4:18:
29:b6:e6:08:d8:1c:74:43:1f:18:4b:57:06:7e:ee:
3c:18:6f:2f:c8:71:a3:28:ce:00:08:77:a8:93:01:
1a:d5:9d:3d:45:97:dc:5d:2a:ba:6d:54:bd:4c:b4:
ab:b9:8e:b5:42:4e:14:36:11:18:45:49:05:f8:be:
31:0a:71:17:c8:f7:96:8e:19:ea:96:73:16:8b:d7:
a9:0a:7d:7c:f0:cb:bd:ab:77:0c:34:fa:7f:85:af:
c0:c7:b6:44:5c:7d:03:46:ea:3c:8f:65:a6:33:8d:
fc:9f:27:6d:83:26:a5:da:01:26:7a:cf:06:c9:75:
a5:16:e4:3a:5b:fb:f2:3a:c8:9f:67:70:07:93:06:
14:72:9b:c9:e5:95:a7:c4:c8:fd:4d:7e:52:11:9c:
19:04:dc:71:ba:34:2f:c6:96:fb:85:cf:6e:7c:c5:
e1:45:36:10:51:d9:cd:b0:56:06:f9:d7:ec:03:8c:
29:94:0c:e7:fb:d1:05:86:90:74:7a:9d:8a:1b:cf:
7f:5a:6d:f9:02:9a:68:60:df:d5:2b:de:3d:fe:57:
86:85:de:44:e1:89:b9:79:24:39:46:12:d4:86:ec:
46:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:8C:8A:A8:84:7B:71:02:2D:C6:B0:EE:FE:00:D6:0B:E9:B2:61:7D
X509v3 Authority Key Identifier:
keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/k4yKqIR7cQItxrDu_gDWC-myYX0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.109.64.0-86.109.73.255
IPv6:
2a00:1b90::/32
Signature Algorithm: sha256WithRSAEncryption
ac:f2:c4:1e:1c:a9:c2:13:9e:a9:22:28:dc:38:ff:b9:9f:81:
12:14:47:5f:f7:96:31:9b:d0:b3:26:ae:84:8a:ac:6a:1d:5d:
63:00:51:ce:2d:57:74:18:48:cb:b3:6d:ef:4d:54:ae:1f:5b:
18:2f:49:20:c9:3f:0e:f7:03:ba:67:29:62:13:3a:d0:c4:0a:
7a:bb:10:02:7e:c1:b5:17:6a:80:95:e7:ce:b7:6d:a7:58:5b:
bf:2b:51:da:a6:ad:4d:8c:4e:a1:ec:ab:e3:be:a6:a4:4d:86:
7d:fa:08:e6:0f:03:48:f9:a2:44:4d:b2:0d:4d:80:7a:ac:42:
04:39:23:5b:77:20:59:76:a3:c3:ed:bd:5a:ab:c8:67:cc:31:
ac:ad:68:a7:ad:cd:44:9b:c6:ee:d0:bc:b6:94:8e:b2:49:70:
93:18:69:de:b0:44:f7:02:c3:82:6e:61:76:e0:df:45:0e:f1:
80:1a:ad:c5:8b:d0:31:b6:cb:5f:d2:5b:51:08:69:d4:aa:60:
46:b6:ca:2d:34:af:21:58:6d:5d:cf:bb:01:4a:d1:16:cc:eb:
4c:9d:b1:28:fa:b3:87:e0:58:5f:1c:d5:2b:9e:6b:28:0a:0a:
0e:f8:72:a7:bd:f4:da:a5:db:6b:b0:99:db:08:c6:b4:43:e8:
d2:3a:6a:47
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZh5jb4ZHOiDU8Y6BdsmlULaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUwODA1MDkyNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhjOGFhODg0N2I3MTAyMmRjNmIwZWVmZTAwZDYwYmU5YjI2MTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLHJiJdprEGi6G8eBNdqsG33gnU7
1J3YYd85tBgptuYI2Bx0Qx8YS1cGfu48GG8vyHGjKM4ACHeokwEa1Z09RZfcXSq6
bVS9TLSruY61Qk4UNhEYRUkF+L4xCnEXyPeWjhnqlnMWi9epCn188Mu9q3cMNPp/
ha/Ax7ZEXH0DRuo8j2WmM438nydtgyal2gEmes8GyXWlFuQ6W/vyOsifZ3AHkwYU
cpvJ5ZWnxMj9TX5SEZwZBNxxujQvxpb7hc9ufMXhRTYQUdnNsFYG+dfsA4wplAzn
+9EFhpB0ep2KG89/Wm35AppoYN/VK949/leGhd5E4Ym5eSQ5RhLUhuxGEQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJOMiqiEe3ECLcaw7v4A1gvpsmF9MB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvazR5S3FJUjdjUUl0eHJEdV9nRFdDLW15WVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAZWbUAD
BAFWbUgwDQQCAAIwBwMFACoAG5AwDQYJKoZIhvcNAQELBQADggEBAKzyxB4cqcIT
nqkiKNw4/7mfgRIUR1/3ljGb0LMmroSKrGodXWMAUc4tV3QYSMuzbe9NVK4fWxgv
SSDJPw73A7pnKWITOtDECnq7EAJ+wbUXaoCV5863badYW78rUdqmrU2MTqHsq+O+
pqRNhn36COYPA0j5okRNsg1NgHqsQgQ5I1t3IFl2o8PtvVqryGfMMaytaKetzUSb
xu7QvLaUjrJJcJMYad6wRPcCw4JuYXbg30UO8YAarcWL0DG2y1/SW1EIadSqYEa2
yi00ryFYbV3PuwFK0RbM60ydsSj6s4fgWF8c1SueaygKCg74cqe99Nql22uwmdsI
xrRD6NI6akc=
-----END CERTIFICATE-----
Generated at Sat Aug 9 01:22:53 2025 by rpki-client