Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/2aoaMcLeoHsRYMrDwR7GYBYfV38.roa
File: 2aoaMcLeoHsRYMrDwR7GYBYfV38.roa (raw, json)
Hash identifier: jssRFClKzuPy7Bnng6eFWBTeCatBaCf3VHUaJ2d4iI0=
Subject key identifier: D9:AA:1A:31:C2:DE:A0:7B:11:60:CA:C3:C1:1E:C6:60:16:1F:57:7F
Certificate issuer: /CN=2236ed5f5623edeb7910acd31d5f6ee81e5cb17e
Certificate serial: 019976639C81A3F02CAF9C715D6757FD9A08
Authority key identifier: 22:36:ED:5F:56:23:ED:EB:79:10:AC:D3:1D:5F:6E:E8:1E:5C:B1:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IjbtX1Yj7et5EKzTHV9u6B5csX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/2aoaMcLeoHsRYMrDwR7GYBYfV38.roa
Signing time: Tue 23 Sep 2025 11:44:23 +0000
ROA not before: Tue 23 Sep 2025 11:44:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43009
IP address blocks: 83.166.64.0/19 maxlen: 24
83.166.64.0/24 maxlen: 24
83.166.65.0/24 maxlen: 24
83.166.66.0/24 maxlen: 24
83.166.67.0/24 maxlen: 24
83.166.68.0/24 maxlen: 24
83.166.78.0/24 maxlen: 24
83.166.79.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/IjbtX1Yj7et5EKzTHV9u6B5csX4.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/IjbtX1Yj7et5EKzTHV9u6B5csX4.mft
rsync://rpki.ripe.net/repository/DEFAULT/IjbtX1Yj7et5EKzTHV9u6B5csX4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:76:63:9c:81:a3:f0:2c:af:9c:71:5d:67:57:fd:9a:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2236ed5f5623edeb7910acd31d5f6ee81e5cb17e
Validity
Not Before: Sep 23 11:44:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9aa1a31c2dea07b1160cac3c11ec660161f577f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:6b:94:0e:f5:64:c5:ce:36:48:f6:fd:cb:48:
1e:07:1f:f2:4b:9f:61:0a:f4:07:67:90:9b:19:0f:
fb:ff:81:cb:07:c2:c8:f0:90:ca:dd:86:3a:4d:6f:
bb:04:6a:b2:34:6e:0d:fe:64:00:20:e8:a3:3b:a5:
0a:e7:0b:03:0b:1f:8e:3b:6d:32:bd:36:32:86:c4:
42:a3:f2:d7:28:7a:a7:ff:e5:8f:64:3a:3b:ac:e7:
9a:cd:9c:0d:d9:30:31:e1:ae:ca:d2:8a:b0:1a:7c:
d1:a5:d8:17:31:e9:6c:dc:6d:ca:96:70:a8:6c:4e:
61:3a:b6:f9:b1:1c:7e:ae:00:2c:90:5d:56:c3:16:
1e:f6:08:e9:86:85:5c:bb:99:94:37:7c:8e:d9:c0:
34:32:c6:9d:25:4d:f7:2c:49:37:83:af:ed:55:36:
5d:3d:72:a7:61:4f:12:fb:91:7c:8a:f3:c2:1b:6f:
c2:f3:19:44:2b:83:51:0f:f5:67:08:1c:ba:b8:91:
90:d3:66:da:19:24:c4:2b:01:be:91:80:82:c8:d8:
d4:bf:f8:e9:f5:2c:19:e7:4a:58:4e:22:aa:d9:68:
5d:4b:35:86:10:c0:cb:49:ef:56:d7:47:82:b4:bf:
e7:80:65:8d:55:52:78:2c:fb:28:7a:fc:47:77:dc:
d6:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:AA:1A:31:C2:DE:A0:7B:11:60:CA:C3:C1:1E:C6:60:16:1F:57:7F
X509v3 Authority Key Identifier:
keyid:22:36:ED:5F:56:23:ED:EB:79:10:AC:D3:1D:5F:6E:E8:1E:5C:B1:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IjbtX1Yj7et5EKzTHV9u6B5csX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/2aoaMcLeoHsRYMrDwR7GYBYfV38.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/IjbtX1Yj7et5EKzTHV9u6B5csX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.166.64.0/19
Signature Algorithm: sha256WithRSAEncryption
84:67:36:d6:f2:74:1f:ef:fb:f9:14:6e:76:3f:e2:70:86:76:
bb:32:cd:2f:86:e7:a7:f8:44:02:43:c4:ab:ef:24:85:40:02:
d1:61:fb:43:99:74:db:17:87:4a:7a:50:b9:3e:64:cc:78:c7:
63:3f:ed:4a:e0:e0:41:2b:26:ed:23:df:58:ae:64:43:ce:74:
59:73:82:e6:ce:55:ef:e9:13:b9:90:8c:a3:cf:de:a2:e7:2a:
e5:ea:ef:54:d5:3d:6f:7e:06:c3:38:12:9c:76:0f:a5:5b:65:
03:07:75:5f:8d:80:41:15:d3:b1:e1:09:95:1e:a8:df:8a:62:
6c:7a:f6:f5:2b:b6:41:17:3c:ff:68:8f:74:d6:a0:f2:3f:ff:
34:4b:3b:be:a5:42:cb:9d:58:f2:b4:83:d0:31:cd:3a:fe:f4:
55:3e:fa:7f:e0:d1:53:ba:5b:6d:92:18:10:c2:1c:54:b4:ab:
e9:22:fe:e9:aa:f4:26:96:28:1a:c5:e4:23:b9:0a:f3:84:4d:
33:e7:fb:d1:6e:8b:7a:01:09:bd:85:f1:c4:c2:15:7e:1d:36:
ae:6e:8d:dc:53:12:2b:44:41:28:a4:f0:f1:68:7a:f1:cf:ae:
a6:f5:99:95:5b:28:a4:e3:4a:a7:07:03:0a:03:48:d0:f6:7e:
23:46:c3:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl2Y5yBo/Asr5xxXWdX/ZoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzZlZDVmNTYyM2VkZWI3OTEwYWNkMzFkNWY2ZWU4MWU1
Y2IxN2UwHhcNMjUwOTIzMTE0NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWFhMWEzMWMyZGVhMDdiMTE2MGNhYzNjMTFlYzY2MDE2MWY1NzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmuUDvVkxc42SPb9y0geBx/yS59h
CvQHZ5CbGQ/7/4HLB8LI8JDK3YY6TW+7BGqyNG4N/mQAIOijO6UK5wsDCx+OO20y
vTYyhsRCo/LXKHqn/+WPZDo7rOeazZwN2TAx4a7K0oqwGnzRpdgXMels3G3KlnCo
bE5hOrb5sRx+rgAskF1WwxYe9gjphoVcu5mUN3yO2cA0MsadJU33LEk3g6/tVTZd
PXKnYU8S+5F8ivPCG2/C8xlEK4NRD/VnCBy6uJGQ02baGSTEKwG+kYCCyNjUv/jp
9SwZ50pYTiKq2WhdSzWGEMDLSe9W10eCtL/ngGWNVVJ4LPsoevxHd9zWgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmqGjHC3qB7EWDKw8EexmAWH1d/MB8GA1UdIwQY
MBaAFCI27V9WI+3reRCs0x1fbugeXLF+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpidFgxWWo3ZXQ1RUt6VEhWOXU2QjVjc1g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8xZDlkZGEtMmFkZi00NmJkLThhZjct
NGQxNmJlOWJhMTMyLzEvMmFvYU1jTGVvSHNSWU1yRHdSN0dZQllmVjM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8xZDlkZGEtMmFkZi00NmJkLThhZjctNGQxNmJlOWJhMTMy
LzEvSWpidFgxWWo3ZXQ1RUt6VEhWOXU2QjVjc1g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFU6ZAMA0G
CSqGSIb3DQEBCwUAA4IBAQCEZzbW8nQf7/v5FG52P+Jwhna7Ms0vhuen+EQCQ8Sr
7ySFQALRYftDmXTbF4dKelC5PmTMeMdjP+1K4OBBKybtI99YrmRDznRZc4LmzlXv
6RO5kIyjz96i5yrl6u9U1T1vfgbDOBKcdg+lW2UDB3VfjYBBFdOx4QmVHqjfimJs
evb1K7ZBFzz/aI901qDyP/80Szu+pULLnVjytIPQMc06/vRVPvp/4NFTulttkhgQ
whxUtKvpIv7pqvQmligaxeQjuQrzhE0z5/vRbot6AQm9hfHEwhV+HTaubo3cUxIr
REEopPDxaHrxz66m9ZmVWyik40qnBwMKA0jQ9n4jRsPZ
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:03:46 2025 by rpki-client