Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/2eface-d0a3-4339-8068-d7678a0787d1/1/nvFWMlN4X92KRkvOxX78tU9AiMU.roa
File: nvFWMlN4X92KRkvOxX78tU9AiMU.roa (raw, json)
Hash identifier: Cawdk3ecA0ugRKq4sCsh7iIYZI6bpAW5VK6MQOdmMWI=
Subject key identifier: 9E:F1:56:32:53:78:5F:DD:8A:46:4B:CE:C5:7E:FC:B5:4F:40:88:C5
Certificate issuer: /CN=e039649faa8f9de3dae91be799a27e2ca6628789
Certificate serial: 0198E08D76D48EB5ECB92CFB3FFA41A7D43D
Authority key identifier: E0:39:64:9F:AA:8F:9D:E3:DA:E9:1B:E7:99:A2:7E:2C:A6:62:87:89
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4Dlkn6qPnePa6RvnmaJ-LKZih4k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/2eface-d0a3-4339-8068-d7678a0787d1/1/nvFWMlN4X92KRkvOxX78tU9AiMU.roa
Signing time: Mon 25 Aug 2025 09:27:04 +0000
ROA not before: Mon 25 Aug 2025 09:27:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42396
IP address blocks: 77.109.0.0/23 maxlen: 23
77.109.1.0/24 maxlen: 24
77.109.4.0/24 maxlen: 24
77.109.5.0/24 maxlen: 24
77.109.6.0/24 maxlen: 24
77.109.7.0/24 maxlen: 24
77.109.8.0/24 maxlen: 24
77.109.9.0/24 maxlen: 24
77.109.12.0/22 maxlen: 22
77.109.12.0/24 maxlen: 24
77.109.16.0/23 maxlen: 23
77.109.16.0/24 maxlen: 24
77.109.17.0/24 maxlen: 24
77.109.18.0/24 maxlen: 24
77.109.20.0/24 maxlen: 24
77.109.21.0/24 maxlen: 24
77.109.22.0/24 maxlen: 24
77.109.23.0/24 maxlen: 24
77.109.24.0/21 maxlen: 21
77.109.24.0/24 maxlen: 24
77.109.26.0/23 maxlen: 23
77.109.29.0/24 maxlen: 24
77.109.30.0/24 maxlen: 24
77.109.31.0/24 maxlen: 24
77.109.32.0/23 maxlen: 23
77.109.32.0/24 maxlen: 24
77.109.33.0/24 maxlen: 24
77.109.34.0/23 maxlen: 23
77.109.36.0/23 maxlen: 23
77.109.38.0/23 maxlen: 23
77.109.40.0/21 maxlen: 21
77.109.48.0/22 maxlen: 22
77.109.52.0/22 maxlen: 22
77.109.57.0/24 maxlen: 24
77.109.60.0/24 maxlen: 24
77.109.61.0/24 maxlen: 24
77.109.62.0/24 maxlen: 24
94.248.0.0/20 maxlen: 20
94.248.0.0/21 maxlen: 21
94.248.8.0/22 maxlen: 22
94.248.12.0/22 maxlen: 22
94.248.16.0/23 maxlen: 23
94.248.18.0/23 maxlen: 23
94.248.20.0/23 maxlen: 23
94.248.22.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/2eface-d0a3-4339-8068-d7678a0787d1/1/4Dlkn6qPnePa6RvnmaJ-LKZih4k.crl
rsync://rpki.ripe.net/repository/DEFAULT/2a/2eface-d0a3-4339-8068-d7678a0787d1/1/4Dlkn6qPnePa6RvnmaJ-LKZih4k.mft
rsync://rpki.ripe.net/repository/DEFAULT/4Dlkn6qPnePa6RvnmaJ-LKZih4k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e0:8d:76:d4:8e:b5:ec:b9:2c:fb:3f:fa:41:a7:d4:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e039649faa8f9de3dae91be799a27e2ca6628789
Validity
Not Before: Aug 25 09:27:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9ef1563253785fdd8a464bcec57efcb54f4088c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:c3:e7:9e:71:15:77:98:28:da:11:c8:d6:47:
d1:02:7f:18:c9:ba:a3:1f:e3:f1:d9:8f:61:f4:03:
ae:7e:8e:3d:30:bf:c8:a8:b1:d2:c1:88:14:94:a7:
6f:6b:f3:50:81:8e:24:e9:76:49:c2:7b:1d:02:6d:
33:52:35:1f:e6:89:6d:c1:d3:6a:71:5e:21:14:7e:
18:24:ad:ba:e7:f5:8d:7e:47:de:96:f2:68:d3:e7:
aa:b6:a3:24:d0:35:ea:6f:2b:ca:98:5e:59:39:9e:
76:41:ec:d7:9e:22:a9:19:8c:6b:31:72:ef:fb:ac:
41:a2:aa:0c:d4:5f:4c:27:8b:dc:05:90:26:b9:61:
43:af:7c:cf:9e:b7:4e:b7:75:ac:9f:18:82:9f:ac:
a1:9e:05:9b:38:bf:fc:de:83:5a:76:b5:5d:31:5e:
f2:76:fb:06:f4:2e:3a:f1:8f:37:45:bc:88:4c:91:
37:3a:60:55:be:e0:e4:a4:a1:27:88:d5:19:7c:7f:
85:85:65:f5:c9:b2:e2:ec:c5:3e:ab:20:ed:16:cc:
f7:1a:8b:73:ad:6e:0a:8f:67:42:95:2a:9b:74:aa:
4f:4c:05:ac:4c:f9:7d:bb:67:df:40:05:e6:1c:a6:
84:a5:58:b8:35:5c:ec:f8:41:d9:87:bf:16:0f:48:
59:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:F1:56:32:53:78:5F:DD:8A:46:4B:CE:C5:7E:FC:B5:4F:40:88:C5
X509v3 Authority Key Identifier:
keyid:E0:39:64:9F:AA:8F:9D:E3:DA:E9:1B:E7:99:A2:7E:2C:A6:62:87:89
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Dlkn6qPnePa6RvnmaJ-LKZih4k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/2eface-d0a3-4339-8068-d7678a0787d1/1/nvFWMlN4X92KRkvOxX78tU9AiMU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/2eface-d0a3-4339-8068-d7678a0787d1/1/4Dlkn6qPnePa6RvnmaJ-LKZih4k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.109.0.0/23
77.109.4.0-77.109.9.255
77.109.12.0-77.109.18.255
77.109.20.0-77.109.55.255
77.109.57.0/24
77.109.60.0-77.109.62.255
94.248.0.0-94.248.23.255
Signature Algorithm: sha256WithRSAEncryption
a3:fc:d8:21:cd:9a:95:82:ac:c8:49:a3:9b:b2:9a:42:d9:aa:
84:00:2b:49:20:70:9c:42:d3:84:8b:cb:9a:f8:92:28:e9:b0:
39:f3:d7:94:d1:a7:32:f8:76:31:f1:81:d0:87:6f:5e:00:cf:
2c:60:c3:9f:2d:33:7c:d8:44:fc:87:87:01:9a:8a:69:7b:c4:
28:85:79:62:15:54:65:3e:3c:6c:aa:47:b3:f1:4e:73:6a:11:
96:4b:84:42:40:c0:ab:df:ec:4b:b9:3d:e1:06:7c:a6:03:46:
66:48:96:57:4a:01:1f:ee:d1:06:ca:06:cf:d4:e3:36:38:eb:
7d:50:45:d2:6a:0e:5a:77:fb:d2:ee:ee:0f:73:6f:ef:3c:36:
85:4b:9a:58:5c:16:67:6d:ad:e4:67:96:2a:13:d6:5f:ca:17:
44:c3:af:22:af:0a:22:14:f7:ad:36:3c:b4:7a:82:16:e9:c0:
38:e6:83:4c:2f:d0:93:fc:5d:0b:3b:81:5c:da:3c:1c:70:9e:
d7:8c:bd:e2:65:02:bf:57:3c:fb:a4:08:ad:3b:27:f3:34:16:
21:1e:0d:33:df:a3:7b:d3:30:ea:c5:63:b4:99:f7:22:2a:0d:
28:87:85:cc:2a:36:13:f1:78:27:b9:22:45:c1:e7:a8:d7:a4:
c1:b0:7b:8b
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZjgjXbUjrXsuSz7P/pBp9Q9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwMzk2NDlmYWE4ZjlkZTNkYWU5MWJlNzk5YTI3ZTJjYTY2
Mjg3ODkwHhcNMjUwODI1MDkyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWYxNTYzMjUzNzg1ZmRkOGE0NjRiY2VjNTdlZmNiNTRmNDA4OGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+MPnnnEVd5go2hHI1kfRAn8Yybqj
H+Px2Y9h9AOufo49ML/IqLHSwYgUlKdva/NQgY4k6XZJwnsdAm0zUjUf5oltwdNq
cV4hFH4YJK265/WNfkfelvJo0+eqtqMk0DXqbyvKmF5ZOZ52QezXniKpGYxrMXLv
+6xBoqoM1F9MJ4vcBZAmuWFDr3zPnrdOt3WsnxiCn6yhngWbOL/83oNadrVdMV7y
dvsG9C468Y83RbyITJE3OmBVvuDkpKEniNUZfH+FhWX1ybLi7MU+qyDtFsz3Gotz
rW4Kj2dClSqbdKpPTAWsTPl9u2ffQAXmHKaEpVi4NVzs+EHZh78WD0hZXQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFJ7xVjJTeF/dikZLzsV+/LVPQIjFMB8GA1UdIwQY
MBaAFOA5ZJ+qj53j2ukb55mifiymYoeJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNERsa242cVBuZVBhNlJ2bm1hSi1MS1ppaDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8yZWZhY2UtZDBhMy00MzM5LTgwNjgt
ZDc2NzhhMDc4N2QxLzEvbnZGV01sTjRYOTJLUmt2T3hYNzh0VTlBaU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8yZWZhY2UtZDBhMy00MzM5LTgwNjgtZDc2NzhhMDc4N2Qx
LzEvNERsa242cVBuZVBhNlJ2bm1hSi1MS1ppaDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBXBAIAATBRAwQBTW0AMAwD
BAJNbQQDBAFNbQgwDAMEAk1tDAMEAE1tEjAMAwQCTW0UAwQDTW0wAwQATW05MAwD
BAJNbTwDBABNbT4wCwMDA174AwQDXvgQMA0GCSqGSIb3DQEBCwUAA4IBAQCj/Ngh
zZqVgqzISaObsppC2aqEACtJIHCcQtOEi8ua+JIo6bA589eU0acy+HYx8YHQh29e
AM8sYMOfLTN82ET8h4cBmoppe8QohXliFVRlPjxsqkez8U5zahGWS4RCQMCr3+xL
uT3hBnymA0ZmSJZXSgEf7tEGygbP1OM2OOt9UEXSag5ad/vS7u4Pc2/vPDaFS5pY
XBZnba3kZ5YqE9ZfyhdEw68irwoiFPetNjy0eoIW6cA45oNML9CT/F0LO4Fc2jwc
cJ7XjL3iZQK/Vzz7pAitOyfzNBYhHg0z36N70zDqxWO0mfciKg0oh4XMKjYT8Xgn
uSJFweeo16TBsHuL
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:41:10 2025 by rpki-client