Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/r4D0GS5Kc5fsNv7UtAttVyrIPWg.roa
File: r4D0GS5Kc5fsNv7UtAttVyrIPWg.roa (raw, json)
Hash identifier: BIVeW3yNK6X6g+JaCwUkCK3grZPtrQsSuSohDXrtOH4=
Subject key identifier: AF:80:F4:19:2E:4A:73:97:EC:36:FE:D4:B4:0B:6D:57:2A:C8:3D:68
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 0197533A96AFA9380FF62DA459E846DE322A
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/r4D0GS5Kc5fsNv7UtAttVyrIPWg.roa
Signing time: Mon 09 Jun 2025 05:47:17 +0000
ROA not before: Mon 09 Jun 2025 05:47:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34974
IP address blocks: 77.82.0.0/20 maxlen: 20
77.82.48.0/20 maxlen: 20
77.82.64.0/18 maxlen: 24
77.82.80.0/21 maxlen: 21
77.82.128.0/17 maxlen: 17
77.82.130.0/24 maxlen: 24
77.82.140.0/23 maxlen: 23
77.82.142.0/24 maxlen: 24
85.28.192.0/18 maxlen: 23
85.28.192.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 10:59:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:53:3a:96:af:a9:38:0f:f6:2d:a4:59:e8:46:de:32:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Jun 9 05:47:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=af80f4192e4a7397ec36fed4b40b6d572ac83d68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:15:79:06:cd:c4:43:2a:b6:58:79:1a:74:4d:
b6:ac:15:e5:dc:e3:2e:aa:a0:15:16:c5:8b:43:60:
a7:14:68:10:3a:d6:ac:4f:c3:df:64:c5:b1:40:f4:
bd:f6:b8:2c:6f:74:6b:bf:74:90:76:46:dc:91:52:
3f:b6:56:0c:35:10:da:6b:bc:d5:2f:da:0f:dc:89:
aa:29:7d:b5:1f:04:e5:37:28:ed:7f:87:fb:80:38:
03:37:61:81:e4:3e:b2:21:b4:03:b2:f7:12:ef:df:
83:bd:84:07:66:14:c1:ef:51:dc:2e:fe:6d:a9:db:
79:0b:7c:50:c4:db:93:90:e3:64:96:2a:ce:d1:48:
ff:a3:25:e7:ac:18:c4:4b:fb:6c:02:41:72:e6:cb:
ef:c0:01:7f:4f:82:5d:41:ad:fd:b6:86:a6:99:f2:
68:0f:66:ff:80:a6:b6:27:1a:e1:b4:f4:d0:ec:25:
4d:4d:b2:ba:13:d1:75:7b:31:83:a8:c8:a4:9a:80:
1f:69:3a:0d:ae:86:ca:0d:be:e0:43:35:8f:25:72:
21:6b:ce:2e:d7:d7:36:77:8b:f8:78:f1:0e:cf:98:
c3:91:65:a9:ed:ee:5c:f4:07:b6:58:f1:55:58:0e:
2e:35:d5:22:28:3c:17:d1:d5:f8:b5:c5:8b:f4:02:
5f:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:80:F4:19:2E:4A:73:97:EC:36:FE:D4:B4:0B:6D:57:2A:C8:3D:68
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/r4D0GS5Kc5fsNv7UtAttVyrIPWg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.82.0.0/20
77.82.48.0-77.82.255.255
85.28.192.0/18
Signature Algorithm: sha256WithRSAEncryption
43:d6:12:c5:4b:9d:b6:c0:e9:61:6e:de:bc:4c:74:e6:2f:00:
f3:79:32:15:38:95:ec:df:6f:92:b9:37:3f:5d:e5:be:6e:45:
28:b5:34:a4:f7:40:fd:d6:e9:8b:3b:1f:cd:34:45:19:3c:f8:
c2:a0:96:ab:fe:7a:ee:1c:d5:46:ff:3e:f1:e3:4a:42:7d:34:
75:ac:27:4c:45:fd:e6:36:da:b1:5c:d5:c1:be:17:1f:38:16:
9b:cd:18:0f:4b:99:65:1b:87:09:fa:b7:e6:19:87:ce:ef:f3:
bc:ef:5d:14:3a:41:70:2b:89:96:d5:79:d4:44:78:c0:30:13:
30:8a:6a:75:97:29:63:c2:13:1d:0d:09:a9:e2:21:d0:a2:46:
5c:c2:3a:4c:af:56:68:a3:e4:c9:fb:71:db:9e:37:3e:96:94:
c2:ec:50:e9:06:b1:c9:ac:56:21:d8:e0:96:7d:41:76:f9:5a:
2c:aa:fe:43:3d:23:63:29:9a:78:25:12:1b:42:a3:55:10:f8:
c8:19:ab:ad:b1:d7:71:0c:05:c8:07:b2:0b:7c:31:5f:81:d7:
fc:76:3f:14:c2:ee:a2:b8:98:fd:87:04:30:85:b0:b4:6e:74:
59:84:23:c6:9f:6e:3b:a7:ab:4b:9b:7e:a4:db:b0:72:f5:28:
1f:e4:c4:d9
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZdTOpavqTgP9i2kWehG3jIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwNjA5MDU0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjgwZjQxOTJlNGE3Mzk3ZWMzNmZlZDRiNDBiNmQ1NzJhYzgzZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhV5Bs3EQyq2WHkadE22rBXl3OMu
qqAVFsWLQ2CnFGgQOtasT8PfZMWxQPS99rgsb3Rrv3SQdkbckVI/tlYMNRDaa7zV
L9oP3ImqKX21HwTlNyjtf4f7gDgDN2GB5D6yIbQDsvcS79+DvYQHZhTB71HcLv5t
qdt5C3xQxNuTkONklirO0Uj/oyXnrBjES/tsAkFy5svvwAF/T4JdQa39toammfJo
D2b/gKa2JxrhtPTQ7CVNTbK6E9F1ezGDqMikmoAfaToNrobKDb7gQzWPJXIha84u
19c2d4v4ePEOz5jDkWWp7e5c9Ae2WPFVWA4uNdUiKDwX0dX4tcWL9AJfHQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFK+A9BkuSnOX7Db+1LQLbVcqyD1oMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvcjREMEdTNUtjNWZzTnY3VXRBdHRWeXJJUFdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAATAZAwQETVIAMAsD
BARNUjADAwBNUgMEBlUcwDANBgkqhkiG9w0BAQsFAAOCAQEAQ9YSxUudtsDpYW7e
vEx05i8A83kyFTiV7N9vkrk3P13lvm5FKLU0pPdA/dbpizsfzTRFGTz4wqCWq/56
7hzVRv8+8eNKQn00dawnTEX95jbasVzVwb4XHzgWm80YD0uZZRuHCfq35hmHzu/z
vO9dFDpBcCuJltV51ER4wDATMIpqdZcpY8ITHQ0JqeIh0KJGXMI6TK9WaKPkyftx
2543PpaUwuxQ6QaxyaxWIdjgln1BdvlaLKr+Qz0jYymaeCUSG0KjVRD4yBmrrbHX
cQwFyAeyC3wxX4HX/HY/FMLuoriY/YcEMIWwtG50WYQjxp9uO6erS5t+pNuwcvUo
H+TE2Q==
-----END CERTIFICATE-----
Generated at Mon Jun 16 17:39:56 2025 by rpki-client