Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/Pnnishmz6mmH1kDhubH1FM1N764.roa
File: Pnnishmz6mmH1kDhubH1FM1N764.roa (raw, json)
Hash identifier: JeO+A8KCko5cL5TRf164ytYgaJ9iXP1K2ZTbCsQa/GY=
Subject key identifier: 3E:79:E2:B2:19:B3:EA:69:87:D6:40:E1:B9:B1:F5:14:CD:4D:EF:AE
Certificate issuer: /CN=6998500402c8215cf571073a495cdc80c742f2cc
Certificate serial: 0199B9541ABAC60885332E293FF703B700BA
Authority key identifier: 69:98:50:04:02:C8:21:5C:F5:71:07:3A:49:5C:DC:80:C7:42:F2:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aZhQBALIIVz1cQc6SVzcgMdC8sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/Pnnishmz6mmH1kDhubH1FM1N764.roa
Signing time: Mon 06 Oct 2025 11:42:00 +0000
ROA not before: Mon 06 Oct 2025 11:42:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197784
IP address blocks: 31.13.8.0/21 maxlen: 21
77.243.152.0/22 maxlen: 22
77.243.152.0/24 maxlen: 24
77.243.153.0/24 maxlen: 24
77.243.154.0/24 maxlen: 24
77.243.155.0/24 maxlen: 24
185.152.228.0/22 maxlen: 22
2a03:ef00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/aZhQBALIIVz1cQc6SVzcgMdC8sw.crl
rsync://rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/aZhQBALIIVz1cQc6SVzcgMdC8sw.mft
rsync://rpki.ripe.net/repository/DEFAULT/aZhQBALIIVz1cQc6SVzcgMdC8sw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 08:01:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:b9:54:1a:ba:c6:08:85:33:2e:29:3f:f7:03:b7:00:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6998500402c8215cf571073a495cdc80c742f2cc
Validity
Not Before: Oct 6 11:42:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3e79e2b219b3ea6987d640e1b9b1f514cd4defae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:45:27:5b:3a:ba:33:15:18:68:db:36:09:01:
41:04:1d:29:bd:00:37:2c:b0:c8:e3:bd:d9:13:d7:
59:dd:72:cf:51:db:fc:07:d9:12:5b:8f:44:f8:3d:
64:1a:10:7a:60:2f:98:d4:60:cd:75:24:b8:a0:97:
db:5c:4e:41:cd:a9:d6:8a:2b:16:a6:13:a3:d6:9d:
61:9c:05:73:09:ed:24:86:02:74:73:c1:27:49:a2:
f1:59:cb:40:ed:52:9b:8d:3b:99:44:4b:29:cf:93:
65:96:3e:20:18:d5:fa:78:6c:8c:f1:84:2b:79:42:
cf:89:8f:45:52:04:a8:d7:eb:37:01:84:97:a9:64:
d7:2b:67:05:0e:64:56:85:a2:73:2a:67:dc:ae:44:
27:dd:bc:15:ef:c0:bb:55:6e:aa:6d:59:ac:49:7a:
a8:78:05:8c:3d:2b:65:dc:4b:b5:b3:77:ec:83:99:
29:27:b1:e9:86:f5:e7:b4:4f:b9:36:64:71:d2:dc:
f7:de:b6:b2:42:d2:c8:88:68:fd:be:a1:e4:28:3d:
9f:66:70:1b:ad:d2:7d:04:5a:10:02:a4:0e:f7:2d:
46:c3:73:53:ed:ea:2a:b3:b0:ec:c4:50:6d:e7:d6:
23:db:44:4d:23:c1:ec:02:22:c7:55:3d:f6:39:09:
88:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:79:E2:B2:19:B3:EA:69:87:D6:40:E1:B9:B1:F5:14:CD:4D:EF:AE
X509v3 Authority Key Identifier:
keyid:69:98:50:04:02:C8:21:5C:F5:71:07:3A:49:5C:DC:80:C7:42:F2:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZhQBALIIVz1cQc6SVzcgMdC8sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/Pnnishmz6mmH1kDhubH1FM1N764.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/aZhQBALIIVz1cQc6SVzcgMdC8sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.8.0/21
77.243.152.0/22
185.152.228.0/22
IPv6:
2a03:ef00::/32
Signature Algorithm: sha256WithRSAEncryption
84:07:c2:82:c1:8e:02:d8:13:c1:68:e8:72:e1:e9:d3:9f:0f:
98:3c:ff:03:81:40:98:ce:73:87:98:5b:78:a6:28:43:42:cf:
09:01:e6:73:42:7b:20:fd:7a:eb:01:05:1b:6d:83:5f:02:9f:
b7:08:43:c2:c4:f1:c2:6e:39:f7:e7:47:3b:76:32:47:a8:0f:
7d:ff:67:89:87:9c:6e:75:7f:59:96:63:ab:40:4a:bc:e5:0a:
6d:d5:80:21:4e:78:2a:3a:2e:6d:ee:56:7a:df:5d:ae:0a:89:
15:e4:ab:66:06:6b:f6:ae:47:49:7d:9b:f2:88:86:fa:af:e4:
0a:cb:e3:e9:18:81:4a:11:90:f1:a3:dd:16:92:80:9e:6f:89:
b4:cb:ab:81:c4:5b:50:bf:a6:2d:a4:cd:ea:ff:ec:2f:ec:d6:
f9:86:4f:da:ff:2b:d6:8e:e4:0f:00:ff:b4:95:dd:1d:cd:30:
36:aa:4f:79:1e:3c:60:3b:08:b9:0f:53:46:bb:87:48:df:a5:
88:cb:8b:3e:b1:92:eb:16:7d:e6:ef:48:15:04:64:ce:4e:1f:
3a:9c:62:63:0d:04:90:d9:74:13:9e:ef:f9:c0:eb:cf:b9:49:
8c:84:29:f1:d3:a1:6b:9d:08:4f:55:79:56:ab:11:03:2d:94:
e2:87:a0:9e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZm5VBq6xgiFMy4pP/cDtwC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTg1MDA0MDJjODIxNWNmNTcxMDczYTQ5NWNkYzgwYzc0
MmYyY2MwHhcNMjUxMDA2MTE0MjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTc5ZTJiMjE5YjNlYTY5ODdkNjQwZTFiOWIxZjUxNGNkNGRlZmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UUnWzq6MxUYaNs2CQFBBB0pvQA3
LLDI473ZE9dZ3XLPUdv8B9kSW49E+D1kGhB6YC+Y1GDNdSS4oJfbXE5BzanWiisW
phOj1p1hnAVzCe0khgJ0c8EnSaLxWctA7VKbjTuZREspz5Nllj4gGNX6eGyM8YQr
eULPiY9FUgSo1+s3AYSXqWTXK2cFDmRWhaJzKmfcrkQn3bwV78C7VW6qbVmsSXqo
eAWMPStl3Eu1s3fsg5kpJ7HphvXntE+5NmRx0tz33rayQtLIiGj9vqHkKD2fZnAb
rdJ9BFoQAqQO9y1Gw3NT7eoqs7DsxFBt59Yj20RNI8HsAiLHVT32OQmIrwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFD554rIZs+pph9ZA4bmx9RTNTe+uMB8GA1UdIwQY
MBaAFGmYUAQCyCFc9XEHOklc3IDHQvLMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpoUUJBTElJVnoxY1FjNlNWemNnTWRDOHN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8wNTdhZTgtMGNiNy00ZTE0LThhNWIt
MTg5MDI4ZjMzOTZjLzEvUG5uaXNobXo2bW1IMWtEaHViSDFGTTFONzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8wNTdhZTgtMGNiNy00ZTE0LThhNWItMTg5MDI4ZjMzOTZj
LzEvYVpoUUJBTElJVnoxY1FjNlNWemNnTWRDOHN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDHw0IAwQC
TfOYAwQCuZjkMA0EAgACMAcDBQAqA+8AMA0GCSqGSIb3DQEBCwUAA4IBAQCEB8KC
wY4C2BPBaOhy4enTnw+YPP8DgUCYznOHmFt4pihDQs8JAeZzQnsg/XrrAQUbbYNf
Ap+3CEPCxPHCbjn350c7djJHqA99/2eJh5xudX9ZlmOrQEq85Qpt1YAhTngqOi5t
7lZ6312uCokV5KtmBmv2rkdJfZvyiIb6r+QKy+PpGIFKEZDxo90WkoCeb4m0y6uB
xFtQv6YtpM3q/+wv7Nb5hk/a/yvWjuQPAP+0ld0dzTA2qk95HjxgOwi5D1NGu4dI
36WIy4s+sZLrFn3m70gVBGTOTh86nGJjDQSQ2XQTnu/5wOvPuUmMhCnx06FrnQhP
VXlWqxEDLZTih6Ce
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:50:18 2025 by rpki-client