Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/N8lbW7Yoyaq7hT551OkHLLE0p-8.roa
File: N8lbW7Yoyaq7hT551OkHLLE0p-8.roa (raw, json)
Hash identifier: PaYSmfBdwZ0Nhmv4gZsttQQCgk3Gm/XsPJfIIlvLQgs=
Subject key identifier: 37:C9:5B:5B:B6:28:C9:AA:BB:85:3E:79:D4:E9:07:2C:B1:34:A7:EF
Certificate issuer: /CN=e43f23d68937494288dfcc7a0efe1fe74a2036e1
Certificate serial: 019985B59066CBC4D5BE26F0CFA3C6491837
Authority key identifier: E4:3F:23:D6:89:37:49:42:88:DF:CC:7A:0E:FE:1F:E7:4A:20:36:E1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/N8lbW7Yoyaq7hT551OkHLLE0p-8.roa
Signing time: Fri 26 Sep 2025 11:08:12 +0000
ROA not before: Fri 26 Sep 2025 11:08:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2847
IP address blocks: 83.171.0.0/18 maxlen: 18
83.171.24.0/24 maxlen: 24
193.219.32.0/21 maxlen: 21
193.219.60.0/22 maxlen: 22
193.219.60.0/24 maxlen: 24
193.219.64.0/20 maxlen: 20
193.219.152.0/21 maxlen: 21
193.219.160.0/19 maxlen: 19
2001:778::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.mft
rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 17:01:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:85:b5:90:66:cb:c4:d5:be:26:f0:cf:a3:c6:49:18:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e43f23d68937494288dfcc7a0efe1fe74a2036e1
Validity
Not Before: Sep 26 11:08:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=37c95b5bb628c9aabb853e79d4e9072cb134a7ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:38:51:55:6c:35:5a:f9:c5:3a:22:36:b0:18:
47:21:2f:46:b6:84:50:c5:c8:d6:fb:fa:a5:92:63:
2f:34:01:9e:fa:f4:d7:99:39:00:a0:fb:66:f7:3a:
25:9f:f2:c1:61:08:9d:f7:c2:ec:47:08:06:1a:3b:
f0:6b:2e:b6:ab:f3:01:a5:a5:ef:bd:5b:d0:bf:b9:
d4:71:e3:57:fc:50:05:94:cd:41:64:d8:ed:40:15:
94:25:4a:70:d2:9a:52:5a:be:c1:3b:23:fc:48:7b:
d6:36:00:0a:23:d1:5f:b9:eb:ce:a4:a1:d8:3a:72:
7a:5f:e1:f7:3e:4c:18:c2:49:a8:56:d1:85:8e:b1:
20:12:3d:9f:16:ef:d6:fc:84:7d:97:89:f3:c6:60:
38:bf:f3:2f:50:48:93:fa:47:03:0c:cb:66:92:47:
3e:57:ac:9c:6e:b2:a0:27:dc:69:ff:eb:0a:ec:78:
91:49:c2:0d:86:7a:23:91:d5:f8:73:e0:01:81:40:
a1:86:ee:7c:a7:91:d9:6f:79:72:86:77:0d:31:ec:
18:74:b0:3e:35:64:7d:a0:3a:81:f5:8f:ad:5a:ec:
db:b0:3a:1c:16:6e:ab:fd:66:0f:3f:75:da:0e:7c:
d2:c0:54:53:8a:da:16:50:4b:1c:07:28:87:08:d4:
e4:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:C9:5B:5B:B6:28:C9:AA:BB:85:3E:79:D4:E9:07:2C:B1:34:A7:EF
X509v3 Authority Key Identifier:
keyid:E4:3F:23:D6:89:37:49:42:88:DF:CC:7A:0E:FE:1F:E7:4A:20:36:E1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/N8lbW7Yoyaq7hT551OkHLLE0p-8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.171.0.0/18
193.219.32.0/21
193.219.60.0-193.219.79.255
193.219.152.0-193.219.191.255
IPv6:
2001:778::/32
Signature Algorithm: sha256WithRSAEncryption
68:df:34:10:c3:be:4d:d3:01:0b:32:fa:f8:60:69:ba:f9:2c:
84:6f:ff:e0:f7:05:01:f8:e3:dd:bf:5c:10:a6:c8:a0:d2:bf:
90:6a:de:0e:46:b7:4f:5a:b4:94:39:b1:ed:42:ec:c2:5d:7b:
a5:93:fe:ad:6a:95:21:0f:d9:7c:0b:f8:f0:68:88:17:ad:2a:
f7:64:1b:2c:16:d7:0c:21:c1:d3:ad:02:82:ce:56:f8:c1:04:
41:9f:0d:bd:d4:f0:86:a5:e2:9b:d7:92:1c:e2:2d:b3:5b:45:
77:c0:77:f6:8a:95:2d:aa:62:c7:c8:9c:86:01:3d:a5:b6:57:
b0:28:17:4e:a7:cc:69:65:9a:8f:d6:50:54:2a:70:08:4d:f2:
01:92:ba:1a:15:27:fb:30:a9:37:6b:d3:fc:48:f9:e8:ca:1e:
79:2a:b8:3e:fd:6b:8b:6e:73:9e:83:b9:c8:23:49:cd:5e:b5:
48:66:d2:aa:c5:fc:9e:8f:25:95:f8:79:0a:d7:63:5b:e6:7b:
77:74:c5:b3:04:bf:54:4d:db:c6:7e:4e:82:bf:89:82:19:ce:
c0:57:70:89:0a:cf:02:32:65:1e:d9:4e:3a:8f:06:1b:7b:62:
94:e4:56:91:7d:f1:68:1e:b7:b8:b0:24:df:2a:8e:64:15:f5:
f3:c1:70:be
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZmFtZBmy8TVvibwz6PGSRg3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0M2YyM2Q2ODkzNzQ5NDI4OGRmY2M3YTBlZmUxZmU3NGEy
MDM2ZTEwHhcNMjUwOTI2MTEwODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2M5NWI1YmI2MjhjOWFhYmI4NTNlNzlkNGU5MDcyY2IxMzRhN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzhRVWw1WvnFOiI2sBhHIS9GtoRQ
xcjW+/qlkmMvNAGe+vTXmTkAoPtm9zoln/LBYQid98LsRwgGGjvway62q/MBpaXv
vVvQv7nUceNX/FAFlM1BZNjtQBWUJUpw0ppSWr7BOyP8SHvWNgAKI9FfuevOpKHY
OnJ6X+H3PkwYwkmoVtGFjrEgEj2fFu/W/IR9l4nzxmA4v/MvUEiT+kcDDMtmkkc+
V6ycbrKgJ9xp/+sK7HiRScINhnojkdX4c+ABgUChhu58p5HZb3lyhncNMewYdLA+
NWR9oDqB9Y+tWuzbsDocFm6r/WYPP3XaDnzSwFRTitoWUEscByiHCNTkAwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFDfJW1u2KMmqu4U+edTpByyxNKfvMB8GA1UdIwQY
MBaAFOQ/I9aJN0lCiN/Meg7+H+dKIDbhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUQ4ajFvazNTVUtJMzh4NkR2NGY1MG9nTnVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hYjVmZGMtOWQ2Yi00Njc1LTlhMTMt
OWQxODVmNzM4MjExLzEvTjhsYlc3WW95YXE3aFQ1NTFPa0hMTEUwcC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hYjVmZGMtOWQ2Yi00Njc1LTlhMTMtOWQxODVmNzM4MjEx
LzEvNUQ4ajFvazNTVUtJMzh4NkR2NGY1MG9nTnVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwQGU6sAAwQD
wdsgMAwDBALB2zwDBATB20AwDAMEA8HbmAMEBsHbgDANBAIAAjAHAwUAIAEHeDAN
BgkqhkiG9w0BAQsFAAOCAQEAaN80EMO+TdMBCzL6+GBpuvkshG//4PcFAfjj3b9c
EKbIoNK/kGreDka3T1q0lDmx7ULswl17pZP+rWqVIQ/ZfAv48GiIF60q92QbLBbX
DCHB060Cgs5W+MEEQZ8NvdTwhqXim9eSHOIts1tFd8B39oqVLapix8ichgE9pbZX
sCgXTqfMaWWaj9ZQVCpwCE3yAZK6GhUn+zCpN2vT/Ej56MoeeSq4Pv1ri25znoO5
yCNJzV61SGbSqsX8no8llfh5CtdjW+Z7d3TFswS/VE3bxn5Ogr+JghnOwFdwiQrP
AjJlHtlOOo8GG3tilORWkX3xaB63uLAk3yqOZBX188Fwvg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:50:01 2025 by rpki-client