Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/Q9Q78d-jsiF5ILAqRcPi-38ptt8.roa
File: Q9Q78d-jsiF5ILAqRcPi-38ptt8.roa (raw, json)
Hash identifier: YzBAYIWUa9/3ZSqBiY5Wy7QpsAq3KA1Xx1umoytO+nA=
Subject key identifier: 43:D4:3B:F1:DF:A3:B2:21:79:20:B0:2A:45:C3:E2:FB:7F:29:B6:DF
Certificate issuer: /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial: 01994C3EEAD4B8BDE88BB93C8E2D8647D4E2
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/Q9Q78d-jsiF5ILAqRcPi-38ptt8.roa
Signing time: Mon 15 Sep 2025 07:20:15 +0000
ROA not before: Mon 15 Sep 2025 07:20:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8491
IP address blocks: 81.95.32.0/20 maxlen: 24
81.95.42.0/24 maxlen: 24
81.95.46.0/24 maxlen: 24
82.194.224.0/19 maxlen: 24
82.194.232.0/24 maxlen: 24
82.194.237.0/24 maxlen: 24
87.238.96.0/21 maxlen: 21
87.238.101.0/24 maxlen: 24
89.188.160.0/19 maxlen: 19
2a03:8640::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:4c:3e:ea:d4:b8:bd:e8:8b:b9:3c:8e:2d:86:47:d4:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Validity
Not Before: Sep 15 07:20:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=43d43bf1dfa3b2217920b02a45c3e2fb7f29b6df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:2b:70:80:46:ee:8e:51:6e:d2:6d:92:ad:b4:
28:03:dd:62:ca:c4:e6:7b:02:8f:6f:00:8d:07:fc:
c3:96:23:a0:1c:8a:f5:2c:ef:0e:d2:94:7f:bf:ff:
f0:38:85:68:17:53:fc:b3:1a:c7:b4:9b:38:f0:4d:
5d:a0:87:cd:8c:b3:bc:97:97:c9:36:8a:20:4a:32:
b7:32:b6:ce:8b:fe:f8:aa:13:5d:70:df:d2:12:5a:
d0:d0:b3:63:29:0a:8d:f1:40:3b:ba:74:22:e7:3b:
3b:ba:4a:aa:4b:dd:9d:9f:17:8e:61:e4:28:59:36:
79:cf:da:af:69:dc:71:85:c7:6f:42:5a:d1:c1:04:
43:49:ce:c2:bc:b4:d7:08:09:8d:83:3a:9f:a2:f7:
47:8d:af:53:11:e8:ec:52:46:b9:15:32:18:8c:97:
dc:f5:02:74:c4:bc:52:8b:95:ec:2b:8d:d8:0a:e1:
a5:59:66:a8:2c:78:b8:bb:42:5f:e0:34:df:ab:d8:
66:49:54:90:5d:9b:ad:d1:0a:92:49:7b:b5:66:84:
0d:a7:61:11:51:20:a2:52:52:de:46:bb:30:26:ac:
b3:20:35:79:18:ec:03:ea:ed:0b:a6:96:77:b7:f9:
bb:f6:53:a3:d4:97:3c:b8:8b:35:f1:d6:b9:e1:e4:
41:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:D4:3B:F1:DF:A3:B2:21:79:20:B0:2A:45:C3:E2:FB:7F:29:B6:DF
X509v3 Authority Key Identifier:
keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/Q9Q78d-jsiF5ILAqRcPi-38ptt8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.95.32.0/20
82.194.224.0/19
87.238.96.0/21
89.188.160.0/19
IPv6:
2a03:8640::/32
Signature Algorithm: sha256WithRSAEncryption
14:ba:b5:c1:b6:56:6d:14:99:e3:73:a6:ec:4c:2d:12:0d:39:
9c:c7:c2:af:50:92:cb:d9:92:ac:b1:95:b8:af:ee:71:ec:11:
eb:db:d2:67:5d:11:66:a9:15:ae:2c:09:e9:e1:18:a6:90:75:
ee:d0:59:3d:a3:ef:c1:ce:c6:e5:03:b4:1c:06:50:9c:75:90:
d4:c5:8f:eb:fe:2a:13:ef:f7:26:b4:1d:11:64:87:64:22:e3:
8f:85:94:bb:4a:e6:ca:1f:37:98:bd:8d:23:30:94:23:d2:46:
7b:c6:28:3b:a4:60:00:fe:70:b4:23:88:7a:8e:b2:ee:7a:0d:
1a:5b:29:ab:ca:e4:1c:aa:a6:04:99:7b:3b:46:92:61:9a:bf:
e0:51:30:e1:1b:4f:cb:13:d0:6f:90:42:88:1e:4f:1f:96:f8:
05:9e:b4:ba:fb:f2:17:ed:b7:5f:d7:28:e5:c2:ec:86:81:76:
f2:b3:f5:4f:89:58:a1:37:29:5d:bb:32:a0:93:81:ee:51:66:
60:18:f2:cc:c1:d1:cc:6b:27:3e:2f:28:e9:45:20:d4:79:34:
45:35:d3:af:18:d1:b0:c0:25:f4:4a:b7:b3:04:29:cc:e6:45:
6b:da:c0:d5:61:59:31:31:f3:ac:cb:51:c1:6f:05:ca:1a:07:
93:02:8f:38
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZlMPurUuL3oi7k8ji2GR9TiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjUwOTE1MDcyMDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Q0M2JmMWRmYTNiMjIxNzkyMGIwMmE0NWMzZTJmYjdmMjliNmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoytwgEbujlFu0m2SrbQoA91iysTm
ewKPbwCNB/zDliOgHIr1LO8O0pR/v//wOIVoF1P8sxrHtJs48E1doIfNjLO8l5fJ
NoogSjK3MrbOi/74qhNdcN/SElrQ0LNjKQqN8UA7unQi5zs7ukqqS92dnxeOYeQo
WTZ5z9qvadxxhcdvQlrRwQRDSc7CvLTXCAmNgzqfovdHja9TEejsUka5FTIYjJfc
9QJ0xLxSi5XsK43YCuGlWWaoLHi4u0Jf4DTfq9hmSVSQXZut0QqSSXu1ZoQNp2ER
USCiUlLeRrswJqyzIDV5GOwD6u0LppZ3t/m79lOj1Jc8uIs18da54eRBYQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFEPUO/Hfo7IheSCwKkXD4vt/KbbfMB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvUTlRNzhkLWpzaUY1SUxBcVJjUGktMzhwdHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEUV8gAwQF
UsLgAwQDV+5gAwQFWbygMA0EAgACMAcDBQAqA4ZAMA0GCSqGSIb3DQEBCwUAA4IB
AQAUurXBtlZtFJnjc6bsTC0SDTmcx8KvUJLL2ZKssZW4r+5x7BHr29JnXRFmqRWu
LAnp4RimkHXu0Fk9o+/BzsblA7QcBlCcdZDUxY/r/ioT7/cmtB0RZIdkIuOPhZS7
SubKHzeYvY0jMJQj0kZ7xig7pGAA/nC0I4h6jrLueg0aWymryuQcqqYEmXs7RpJh
mr/gUTDhG0/LE9BvkEKIHk8flvgFnrS6+/IX7bdf1yjlwuyGgXbys/VPiVihNyld
uzKgk4HuUWZgGPLMwdHMayc+LyjpRSDUeTRFNdOvGNGwwCX0SrezBCnM5kVr2sDV
YVkxMfOsy1HBbwXKGgeTAo84
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:37:13 2025 by rpki-client