Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZxbKXjnBPf3AnoMKuLNv8CQvpmQ.roa
File: ZxbKXjnBPf3AnoMKuLNv8CQvpmQ.roa (raw, json)
Hash identifier: CzlDvM5gWYjkEKjDgesTwVDa95qQ0Cm38PaYGtwMPRg=
Subject key identifier: 67:16:CA:5E:39:C1:3D:FD:C0:9E:83:0A:B8:B3:6F:F0:24:2F:A6:64
Certificate issuer: /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial: 0199D36C5C1653E0724CD40C9E9210DB9DC6
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZxbKXjnBPf3AnoMKuLNv8CQvpmQ.roa
Signing time: Sat 11 Oct 2025 13:18:38 +0000
ROA not before: Sat 11 Oct 2025 13:18:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42821
IP address blocks: 77.90.128.0/24 maxlen: 24
77.90.129.0/24 maxlen: 24
77.90.130.0/24 maxlen: 24
77.90.132.0/24 maxlen: 24
77.90.133.0/24 maxlen: 24
77.90.134.0/24 maxlen: 24
77.90.136.0/24 maxlen: 24
77.90.137.0/24 maxlen: 24
77.90.139.0/24 maxlen: 24
77.90.140.0/24 maxlen: 24
77.90.143.0/24 maxlen: 24
77.90.144.0/24 maxlen: 24
77.90.146.0/24 maxlen: 24
77.90.147.0/24 maxlen: 24
77.90.188.0/24 maxlen: 24
213.209.138.0/24 maxlen: 24
2a04:29c2::/32 maxlen: 32
2a04:29c7::/32 maxlen: 32
2a04:29c7:1280:24::/64 maxlen: 64
2a04:29c7:1280:27::/64 maxlen: 64
2a04:29c7:1290:24::/64 maxlen: 64
2a04:29c7:1300:24::/64 maxlen: 64
2a04:29c7:1371:6027::/64 maxlen: 64
2a04:29c7:1420::/48 maxlen: 48
2a04:29c7:1880:24::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 04:02:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:d3:6c:5c:16:53:e0:72:4c:d4:0c:9e:92:10:db:9d:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Validity
Not Before: Oct 11 13:18:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6716ca5e39c13dfdc09e830ab8b36ff0242fa664
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:0a:82:22:76:9b:55:bf:3d:97:98:28:d9:91:
96:38:d5:4c:eb:e1:a9:3f:e9:d2:be:1f:78:2f:b0:
7b:d3:d5:7d:50:b3:23:30:f2:ad:4f:2b:b6:43:07:
99:04:86:46:4b:11:78:50:87:22:aa:7c:99:2b:56:
5d:eb:a9:7a:6f:22:c1:b6:8b:3d:19:cf:d1:5a:de:
0c:76:b4:ed:20:8c:67:02:00:c9:42:f8:04:e4:f0:
73:58:3b:9f:f1:b2:ed:b1:ad:f2:6f:58:2e:2f:67:
01:44:ff:0c:7d:7c:5d:9d:0d:b0:6d:a8:27:27:c4:
30:54:f3:28:7e:3f:d5:40:32:a4:07:fb:51:a6:9a:
58:0d:29:74:9c:22:fe:2b:a5:c9:1b:8f:e8:36:ea:
66:9b:49:14:b0:48:c1:af:65:5f:2e:af:89:a6:8d:
d0:4c:74:dd:71:9b:c1:2e:5b:05:7e:1a:32:ac:2b:
32:e9:da:8f:28:b8:1f:12:15:24:af:7f:3a:92:dc:
3a:c9:45:30:22:63:ad:48:c1:4e:82:13:bd:3e:42:
2c:f6:f3:59:a8:5b:a4:d4:a6:f4:27:22:c8:45:0f:
b3:2d:77:b1:8b:e8:73:bb:a1:06:f8:69:9e:1c:cc:
8d:47:a3:f9:30:cd:82:18:b7:a0:30:6b:fd:6a:fe:
d8:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:16:CA:5E:39:C1:3D:FD:C0:9E:83:0A:B8:B3:6F:F0:24:2F:A6:64
X509v3 Authority Key Identifier:
keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ZxbKXjnBPf3AnoMKuLNv8CQvpmQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.90.128.0-77.90.130.255
77.90.132.0-77.90.134.255
77.90.136.0/23
77.90.139.0-77.90.140.255
77.90.143.0-77.90.144.255
77.90.146.0/23
77.90.188.0/24
213.209.138.0/24
IPv6:
2a04:29c2::/32
2a04:29c7::/32
Signature Algorithm: sha256WithRSAEncryption
b3:3b:81:a8:2e:ec:b5:4e:aa:85:11:af:4f:5a:13:3c:6d:f4:
01:9b:b5:ed:e5:ce:0b:5f:d9:47:fe:d6:c9:76:ba:91:77:71:
92:f2:60:3f:c4:bd:84:b7:12:15:23:a3:1e:56:ee:64:dc:fe:
df:5d:f9:f9:48:32:5f:41:cc:ff:fe:66:d0:ed:bb:10:42:4c:
43:ed:4b:57:90:8d:83:32:65:ed:7f:01:fc:f6:20:83:e8:ee:
fa:00:04:48:1c:bf:46:b0:4e:a0:84:e7:d2:0c:bf:e7:14:a1:
41:a3:a8:53:42:e4:79:59:7d:a2:b5:6c:ea:78:8d:2b:b3:22:
db:a1:6e:1d:08:13:3a:7e:0e:9e:62:f6:f3:0c:ed:d7:38:b5:
76:6f:dd:5c:19:04:7c:25:7f:70:eb:07:9f:a2:15:bb:fe:53:
c7:e4:32:81:cc:9d:d1:64:fd:eb:e1:b4:b4:46:1b:7e:af:d5:
96:7b:c7:58:25:e1:f5:e6:9b:ef:de:49:0d:48:a5:21:36:0f:
59:b8:04:21:1d:c0:97:b6:22:0d:37:09:17:b6:ed:a8:33:d2:
44:95:7c:38:55:eb:c3:fb:c9:09:5a:3d:9a:47:5c:e2:c9:84:
c7:c3:5f:6b:ec:b6:b6:9b:1f:ac:f3:53:09:ea:48:6d:db:6a:
c8:ca:87:f2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZnTbFwWU+ByTNQMnpIQ253GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUxMDExMTMxODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzE2Y2E1ZTM5YzEzZGZkYzA5ZTgzMGFiOGIzNmZmMDI0MmZhNjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAqCInabVb89l5go2ZGWONVM6+Gp
P+nSvh94L7B709V9ULMjMPKtTyu2QweZBIZGSxF4UIciqnyZK1Zd66l6byLBtos9
Gc/RWt4MdrTtIIxnAgDJQvgE5PBzWDuf8bLtsa3yb1guL2cBRP8MfXxdnQ2wbagn
J8QwVPMofj/VQDKkB/tRpppYDSl0nCL+K6XJG4/oNupmm0kUsEjBr2VfLq+Jpo3Q
THTdcZvBLlsFfhoyrCsy6dqPKLgfEhUkr386ktw6yUUwImOtSMFOghO9PkIs9vNZ
qFuk1Kb0JyLIRQ+zLXexi+hzu6EG+GmeHMyNR6P5MM2CGLegMGv9av7YGQIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFGcWyl45wT39wJ6DCrizb/AkL6ZkMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvWnhiS1hqbkJQZjNBbm9NS3VMTnY4Q1F2cG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBWBAIAATBQMAwDBAdNWoAD
BABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiDAMAwQATVqLAwQATVqMMAwDBABNWo8D
BABNWpADBAFNWpIDBABNWrwDBADV0YowFAQCAAIwDgMFACoEKcIDBQAqBCnHMA0G
CSqGSIb3DQEBCwUAA4IBAQCzO4GoLuy1TqqFEa9PWhM8bfQBm7Xt5c4LX9lH/tbJ
drqRd3GS8mA/xL2EtxIVI6MeVu5k3P7fXfn5SDJfQcz//mbQ7bsQQkxD7UtXkI2D
MmXtfwH89iCD6O76AARIHL9GsE6ghOfSDL/nFKFBo6hTQuR5WX2itWzqeI0rsyLb
oW4dCBM6fg6eYvbzDO3XOLV2b91cGQR8JX9w6wefohW7/lPH5DKBzJ3RZP3r4bS0
Rht+r9WWe8dYJeH15pvv3kkNSKUhNg9ZuAQhHcCXtiINNwkXtu2oM9JElXw4VevD
+8kJWj2aR1ziyYTHw19r7La2mx+s81MJ6kht22rIyofy
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:56:03 2025 by rpki-client