Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/2CWxlLP-g2_NKa4Kkpj2mT541B8.roa
File: 2CWxlLP-g2_NKa4Kkpj2mT541B8.roa (raw, json)
Hash identifier: mmFiMDnNmanIcg6TQLMQsrDR/+z17sNvs6gtqCoQhp0=
Subject key identifier: D8:25:B1:94:B3:FE:83:6F:CD:29:AE:0A:92:98:F6:99:3E:78:D4:1F
Certificate issuer: /CN=76ef0a0ee8fa154d7ada438af1212269ce0acc41
Certificate serial: 01985FB365862ABF4613ABC4B203C77BA666
Authority key identifier: 76:EF:0A:0E:E8:FA:15:4D:7A:DA:43:8A:F1:21:22:69:CE:0A:CC:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/2CWxlLP-g2_NKa4Kkpj2mT541B8.roa
Signing time: Thu 31 Jul 2025 08:57:29 +0000
ROA not before: Thu 31 Jul 2025 08:57:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43152
IP address blocks: 77.95.203.0/24 maxlen: 24
109.71.242.0/24 maxlen: 24
109.71.243.0/24 maxlen: 24
109.71.245.0/24 maxlen: 24
109.71.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.mft
rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:5f:b3:65:86:2a:bf:46:13:ab:c4:b2:03:c7:7b:a6:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=76ef0a0ee8fa154d7ada438af1212269ce0acc41
Validity
Not Before: Jul 31 08:57:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d825b194b3fe836fcd29ae0a9298f6993e78d41f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:e5:d7:45:a1:67:a3:41:3b:a6:12:9e:55:6b:
e0:5c:91:b8:f7:ab:61:fd:0d:41:23:5d:dd:81:6f:
80:2c:35:4c:0f:be:93:7e:4c:f3:ae:df:cf:ad:c5:
86:a1:6f:09:a8:c1:c4:31:fb:e8:e1:85:19:62:98:
7a:29:20:b9:73:f1:ef:b7:b1:c4:87:bf:29:f4:f8:
b6:2a:ed:bf:24:cb:4f:36:7a:4e:5f:92:40:db:ca:
23:d9:54:70:79:f6:9c:01:63:59:bb:d0:bd:53:64:
9a:5c:90:07:d0:a1:16:05:c4:e1:47:22:2f:8a:6a:
58:14:2c:cc:2c:64:9e:4a:59:da:d4:24:99:75:4e:
03:b5:6d:fe:4a:a7:6f:5e:36:40:f9:5b:ab:56:56:
be:70:2c:3a:33:ab:7a:ac:d7:24:5c:18:e6:bd:1a:
c9:7c:1d:a1:2c:73:af:ae:54:81:e8:e3:dd:30:ac:
59:67:86:d8:cc:ac:49:8c:3c:72:c8:49:e9:62:a6:
80:b6:d6:f1:1b:46:fa:7c:06:1b:6b:32:61:42:f9:
5c:2b:c9:18:b6:8a:dd:ac:39:79:3f:95:0f:af:fa:
87:7a:e2:5e:ec:5b:15:b9:44:b7:74:b6:69:5c:6d:
d0:47:d0:96:54:58:f4:01:d0:5c:2f:1e:ab:ed:11:
a7:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:25:B1:94:B3:FE:83:6F:CD:29:AE:0A:92:98:F6:99:3E:78:D4:1F
X509v3 Authority Key Identifier:
keyid:76:EF:0A:0E:E8:FA:15:4D:7A:DA:43:8A:F1:21:22:69:CE:0A:CC:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/2CWxlLP-g2_NKa4Kkpj2mT541B8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.95.203.0/24
109.71.242.0/23
109.71.245.0/24
109.71.247.0/24
Signature Algorithm: sha256WithRSAEncryption
46:f4:5d:0a:68:43:25:22:7b:10:05:c4:6d:ec:c2:aa:d2:9a:
56:ca:68:1a:c3:44:60:13:8c:77:2a:e7:a1:1e:ca:9c:d5:6c:
50:3a:d1:71:7c:fb:3a:5d:c7:8c:17:7e:f8:5a:c9:c9:10:c4:
f9:5d:af:b1:0c:4d:e7:55:ee:a4:8c:ca:83:37:50:a2:33:87:
d8:83:8a:7d:eb:36:aa:99:bc:3b:2b:35:88:83:9e:a4:08:27:
5d:97:de:3a:a3:51:0d:71:f1:8e:5c:19:0d:9c:dd:90:cf:ec:
ed:79:6b:d3:f8:33:96:16:2a:ed:98:57:5f:59:33:e8:e5:fa:
34:8d:90:3f:b8:a7:c5:69:a2:f6:ce:8c:ef:d4:df:0e:29:d6:
8a:50:e0:c7:53:0f:de:6f:c4:dd:cf:ea:84:f2:bd:f3:89:9e:
48:67:1f:f7:14:66:44:60:a7:71:e2:54:d2:12:53:0f:2b:1a:
ca:2b:3d:a1:35:14:d3:e5:47:c4:c4:90:88:a1:07:40:29:a4:
62:48:58:bf:98:c5:d4:77:59:6c:f7:84:c9:e4:1e:48:9d:82:
6b:96:1b:45:84:9a:f3:fd:34:d0:8e:04:e2:ca:30:6f:73:d0:
30:f0:ec:a4:84:29:c6:1a:82:30:53:82:97:97:0c:e9:d1:b9:
7e:e6:32:ab
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZhfs2WGKr9GE6vEsgPHe6ZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZWYwYTBlZThmYTE1NGQ3YWRhNDM4YWYxMjEyMjY5Y2Uw
YWNjNDEwHhcNMjUwNzMxMDg1NzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODI1YjE5NGIzZmU4MzZmY2QyOWFlMGE5Mjk4ZjY5OTNlNzhkNDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeXXRaFno0E7phKeVWvgXJG496th
/Q1BI13dgW+ALDVMD76Tfkzzrt/PrcWGoW8JqMHEMfvo4YUZYph6KSC5c/Hvt7HE
h78p9Pi2Ku2/JMtPNnpOX5JA28oj2VRwefacAWNZu9C9U2SaXJAH0KEWBcThRyIv
impYFCzMLGSeSlna1CSZdU4DtW3+SqdvXjZA+VurVla+cCw6M6t6rNckXBjmvRrJ
fB2hLHOvrlSB6OPdMKxZZ4bYzKxJjDxyyEnpYqaAttbxG0b6fAYbazJhQvlcK8kY
tordrDl5P5UPr/qHeuJe7FsVuUS3dLZpXG3QR9CWVFj0AdBcLx6r7RGntQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNglsZSz/oNvzSmuCpKY9pk+eNQfMB8GA1UdIwQY
MBaAFHbvCg7o+hVNetpDivEhImnOCsxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHU4S0R1ajZGVTE2MmtPSzhTRWlhYzRLekVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8xNjg2YzMtZGE3MC00YjU0LWFiMmIt
M2JlOTk1ZDJiYmRhLzEvMkNXeGxMUC1nMl9OS2E0S2twajJtVDU0MUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8xNjg2YzMtZGE3MC00YjU0LWFiMmItM2JlOTk1ZDJiYmRh
LzEvZHU4S0R1ajZGVTE2MmtPSzhTRWlhYzRLekVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQATV/LAwQB
bUfyAwQAbUf1AwQAbUf3MA0GCSqGSIb3DQEBCwUAA4IBAQBG9F0KaEMlInsQBcRt
7MKq0ppWymgaw0RgE4x3KuehHsqc1WxQOtFxfPs6XceMF374WsnJEMT5Xa+xDE3n
Ve6kjMqDN1CiM4fYg4p96zaqmbw7KzWIg56kCCddl946o1ENcfGOXBkNnN2Qz+zt
eWvT+DOWFirtmFdfWTPo5fo0jZA/uKfFaaL2zozv1N8OKdaKUODHUw/eb8Tdz+qE
8r3ziZ5IZx/3FGZEYKdx4lTSElMPKxrKKz2hNRTT5UfExJCIoQdAKaRiSFi/mMXU
d1ls94TJ5B5InYJrlhtFhJrz/TTQjgTiyjBvc9Aw8OykhCnGGoIwU4KXlwzp0bl+
5jKr
-----END CERTIFICATE-----
Generated at Sat Aug 23 21:14:00 2025 by rpki-client