Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/wu6ek6l2NBjXAnMwXL9G8HfYrWQ.roa
File: wu6ek6l2NBjXAnMwXL9G8HfYrWQ.roa (raw, json)
Hash identifier: RWycgtixOxP0odIoomQLaZ/UwguMZfM+nPBcfd6lNvI=
Subject key identifier: C2:EE:9E:93:A9:76:34:18:D7:02:73:30:5C:BF:46:F0:77:D8:AD:64
Certificate issuer: /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial: 019933827B86098D02081F1ADC2FEB1948B2
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/wu6ek6l2NBjXAnMwXL9G8HfYrWQ.roa
Signing time: Wed 10 Sep 2025 12:03:33 +0000
ROA not before: Wed 10 Sep 2025 12:03:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213999
IP address blocks: 77.221.150.0/24 maxlen: 24
109.120.128.0/24 maxlen: 24
109.120.129.0/24 maxlen: 24
109.120.130.0/24 maxlen: 24
109.120.131.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:33:82:7b:86:09:8d:02:08:1f:1a:dc:2f:eb:19:48:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Validity
Not Before: Sep 10 12:03:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c2ee9e93a9763418d70273305cbf46f077d8ad64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:59:47:5a:b7:d2:22:69:30:aa:81:90:47:08:
b3:78:33:dd:75:96:0b:74:73:b5:b7:44:c6:cd:a0:
6c:23:7f:b1:f8:5f:f5:c9:9f:bd:e4:f7:47:60:82:
fd:49:8d:7c:66:66:c1:e7:26:aa:8d:e5:b5:58:bd:
d8:ab:8a:c0:72:c2:0e:d9:b7:f7:bc:a1:39:2a:8c:
3f:bd:39:c0:8d:72:2f:d9:a8:5a:92:c7:a5:2c:92:
56:08:56:0c:4c:5e:16:97:27:a6:26:3c:6a:87:d5:
0e:26:80:27:4a:a2:e2:0c:56:7d:b7:7f:53:bf:8d:
b6:57:f9:1c:b3:0e:81:1b:21:24:8c:a0:95:f2:81:
66:60:21:73:68:a6:26:bc:3e:dc:64:64:ff:6f:2c:
a5:c1:e0:a7:46:b7:27:04:fa:64:ed:8f:d2:9e:bb:
83:7a:00:12:17:47:83:76:d4:ca:7f:61:5c:43:a7:
d7:a7:e9:7c:27:8b:c9:cf:b3:45:06:75:7e:e3:77:
00:54:e2:ff:3b:5d:59:65:2a:c0:31:3d:41:0a:f4:
c7:62:02:f0:95:0a:e4:17:6c:aa:9a:a5:71:f3:8c:
b0:f9:e8:30:91:e2:13:30:5c:5e:23:33:44:d1:49:
2b:5e:72:dc:c5:37:16:de:ea:a8:43:4f:3f:f2:1f:
c4:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:EE:9E:93:A9:76:34:18:D7:02:73:30:5C:BF:46:F0:77:D8:AD:64
X509v3 Authority Key Identifier:
keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/wu6ek6l2NBjXAnMwXL9G8HfYrWQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.221.150.0/24
109.120.128.0/22
Signature Algorithm: sha256WithRSAEncryption
24:20:6b:9c:a7:7b:03:d4:9f:71:4e:ef:c3:52:63:f2:7e:8a:
d2:a7:cf:ec:5c:11:48:cd:76:7c:d4:19:46:f3:ce:b8:ec:fe:
27:65:12:d1:cc:10:31:94:3b:23:ad:07:f6:6a:ca:40:ce:2e:
e6:f5:78:4b:80:b4:83:57:86:75:48:6a:55:6f:eb:c4:29:e3:
45:28:f2:d8:31:5d:fc:5c:6f:31:a8:29:e0:95:f4:33:b3:6e:
a2:db:c5:d0:7b:25:fa:9c:12:16:24:a7:33:ae:10:f7:da:05:
10:4b:40:71:ca:4e:d7:91:a3:d0:b7:88:ea:82:bc:3c:c8:db:
92:b6:95:83:06:98:21:f7:d4:8d:31:4e:8b:09:44:b5:3c:1f:
c2:fa:2b:5b:27:d3:87:78:23:41:b4:37:26:06:f5:b5:1f:61:
c9:7e:42:29:50:5f:13:a4:1f:50:a6:1b:cb:1d:53:36:64:97:
85:43:fd:89:ac:ba:01:98:4c:8b:c5:b4:21:1a:20:a1:38:fc:
be:ae:2b:67:39:60:7e:b1:00:17:5e:3e:12:33:19:26:df:c4:
65:e5:94:0c:85:aa:59:d5:7e:1e:71:03:23:69:4d:8b:71:fb:
d0:c5:ae:0e:c0:2e:13:76:2a:0f:79:00:6f:1e:6d:f7:78:6b:
d6:77:00:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkzgnuGCY0CCB8a3C/rGUiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwOTEwMTIwMzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmVlOWU5M2E5NzYzNDE4ZDcwMjczMzA1Y2JmNDZmMDc3ZDhhZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFlHWrfSImkwqoGQRwizeDPddZYL
dHO1t0TGzaBsI3+x+F/1yZ+95PdHYIL9SY18ZmbB5yaqjeW1WL3Yq4rAcsIO2bf3
vKE5Kow/vTnAjXIv2ahakselLJJWCFYMTF4WlyemJjxqh9UOJoAnSqLiDFZ9t39T
v422V/kcsw6BGyEkjKCV8oFmYCFzaKYmvD7cZGT/byylweCnRrcnBPpk7Y/SnruD
egASF0eDdtTKf2FcQ6fXp+l8J4vJz7NFBnV+43cAVOL/O11ZZSrAMT1BCvTHYgLw
lQrkF2yqmqVx84yw+egwkeITMFxeIzNE0UkrXnLcxTcW3uqoQ08/8h/EVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMLunpOpdjQY1wJzMFy/RvB32K1kMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvd3U2ZWs2bDJOQmpYQW5Nd1hMOUc4SGZZcldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATd2WAwQC
bXiAMA0GCSqGSIb3DQEBCwUAA4IBAQAkIGucp3sD1J9xTu/DUmPyforSp8/sXBFI
zXZ81BlG88647P4nZRLRzBAxlDsjrQf2aspAzi7m9XhLgLSDV4Z1SGpVb+vEKeNF
KPLYMV38XG8xqCnglfQzs26i28XQeyX6nBIWJKczrhD32gUQS0Bxyk7XkaPQt4jq
grw8yNuStpWDBpgh99SNMU6LCUS1PB/C+itbJ9OHeCNBtDcmBvW1H2HJfkIpUF8T
pB9QphvLHVM2ZJeFQ/2JrLoBmEyLxbQhGiChOPy+ritnOWB+sQAXXj4SMxkm38Rl
5ZQMhapZ1X4ecQMjaU2LcfvQxa4OwC4TdioPeQBvHm33eGvWdwDE
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:42:32 2025 by rpki-client