Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/JZtyqMbXS8tPNB0lzf2hzdvVBEU.roa
File: JZtyqMbXS8tPNB0lzf2hzdvVBEU.roa (raw, json)
Hash identifier: RpDAo1vXO9TdJDmBZdj/bGq/o6oVBhV2VRLtIe7d52M=
Subject key identifier: 25:9B:72:A8:C6:D7:4B:CB:4F:34:1D:25:CD:FD:A1:CD:DB:D5:04:45
Certificate issuer: /CN=8c36ad879c645aee98ac4a89fc800b9a974e941f
Certificate serial: 0199328CA1A1D6DC1F79406DA1BA242B238C
Authority key identifier: 8C:36:AD:87:9C:64:5A:EE:98:AC:4A:89:FC:80:0B:9A:97:4E:94:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jDath5xkWu6YrEqJ_IALmpdOlB8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/JZtyqMbXS8tPNB0lzf2hzdvVBEU.roa
Signing time: Wed 10 Sep 2025 07:35:01 +0000
ROA not before: Wed 10 Sep 2025 07:35:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209792
IP address blocks: 194.93.20.0/22 maxlen: 24
2a09:2280::/48 maxlen: 64
2a09:2280:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/jDath5xkWu6YrEqJ_IALmpdOlB8.crl
rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/jDath5xkWu6YrEqJ_IALmpdOlB8.mft
rsync://rpki.ripe.net/repository/DEFAULT/jDath5xkWu6YrEqJ_IALmpdOlB8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:32:8c:a1:a1:d6:dc:1f:79:40:6d:a1:ba:24:2b:23:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8c36ad879c645aee98ac4a89fc800b9a974e941f
Validity
Not Before: Sep 10 07:35:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=259b72a8c6d74bcb4f341d25cdfda1cddbd50445
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:9a:fc:9d:c8:f0:77:f2:c4:20:00:e0:02:7a:
72:3f:d5:46:f8:b3:55:39:3d:66:9a:a1:e4:f7:35:
e1:b6:80:01:cf:0a:1d:07:4b:bd:ca:ec:38:42:75:
cd:8d:9d:53:8b:e8:fd:79:97:aa:02:01:dd:16:f0:
70:f2:3b:83:ab:b8:01:da:ba:ab:b2:49:8f:7c:47:
f7:f0:56:81:c7:cc:18:56:cf:ad:ee:af:b5:96:01:
63:8a:12:a5:f2:4e:b2:45:23:32:56:98:d2:b3:89:
98:e7:cb:8d:d5:cd:d5:3b:ee:2a:49:05:78:11:dc:
4b:b3:07:92:dd:a2:ce:66:c6:bb:a3:71:5c:40:ef:
6d:57:c4:a8:74:84:ec:83:d5:02:36:55:32:17:ce:
e8:aa:92:73:54:2c:87:6e:b4:9b:d7:9a:42:b6:cd:
eb:94:37:2a:67:ae:9c:61:0b:da:45:7c:b2:57:5d:
5d:76:51:15:3a:63:61:2f:1e:09:42:41:7b:66:f7:
1b:58:8f:64:26:89:58:a4:c5:04:37:7f:ff:56:9f:
e8:86:de:bf:15:71:f6:0f:1b:22:7a:c6:c0:4c:5b:
e1:f9:77:da:e0:bb:ac:ad:07:7d:e5:21:da:95:6d:
53:56:33:0b:ea:33:f0:ed:11:a7:c8:00:b0:a5:13:
ec:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:9B:72:A8:C6:D7:4B:CB:4F:34:1D:25:CD:FD:A1:CD:DB:D5:04:45
X509v3 Authority Key Identifier:
keyid:8C:36:AD:87:9C:64:5A:EE:98:AC:4A:89:FC:80:0B:9A:97:4E:94:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jDath5xkWu6YrEqJ_IALmpdOlB8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/JZtyqMbXS8tPNB0lzf2hzdvVBEU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f663a3-684e-4779-88b9-14e6ec020bfa/1/jDath5xkWu6YrEqJ_IALmpdOlB8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.93.20.0/22
IPv6:
2a09:2280::/47
Signature Algorithm: sha256WithRSAEncryption
37:f4:c4:2c:9a:83:5c:68:c8:bc:84:dc:88:05:d4:39:fd:50:
53:60:b2:ea:78:0c:f9:02:0a:a9:00:fc:67:cf:71:91:0b:3b:
95:1f:b9:58:11:ab:92:e8:63:52:e9:c1:58:9d:cd:91:86:3c:
6a:e4:9c:04:4e:ea:12:8d:1c:7e:30:69:54:a3:9c:61:1e:bd:
58:42:69:c9:e4:5f:54:61:5f:f2:6f:93:cb:b7:b0:18:39:a6:
7f:39:26:7f:99:96:04:d7:18:a5:34:3c:f3:51:a0:1b:a6:bb:
79:91:bd:a8:cc:8d:8c:a9:3e:d2:64:aa:7f:02:bc:b8:ed:5f:
55:e8:be:1e:20:ae:ef:67:ef:a9:9d:2c:8e:9c:21:ea:8d:99:
46:65:eb:6f:5e:98:a2:ec:84:a0:04:b8:85:e4:e9:70:8a:94:
2b:7a:d6:c5:16:f2:4c:f9:30:89:26:08:4f:82:09:49:f8:8b:
59:84:ee:9f:da:c0:ba:7f:9c:bd:ac:8b:31:5d:3a:b6:8b:45:
8d:05:10:fc:ca:41:3d:de:22:11:7f:a6:c9:48:7e:0c:4c:6b:
cb:f0:c5:f5:6d:67:94:c6:13:d7:1a:28:4b:fc:00:5e:b6:42:
1a:5e:3e:ee:c4:d0:41:9d:b5:86:23:96:b7:28:64:8e:88:d8:
4e:e3:84:f8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZkyjKGh1twfeUBtobokKyOMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMzZhZDg3OWM2NDVhZWU5OGFjNGE4OWZjODAwYjlhOTc0
ZTk0MWYwHhcNMjUwOTEwMDczNTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTliNzJhOGM2ZDc0YmNiNGYzNDFkMjVjZGZkYTFjZGRiZDUwNDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5r8ncjwd/LEIADgAnpyP9VG+LNV
OT1mmqHk9zXhtoABzwodB0u9yuw4QnXNjZ1Ti+j9eZeqAgHdFvBw8juDq7gB2rqr
skmPfEf38FaBx8wYVs+t7q+1lgFjihKl8k6yRSMyVpjSs4mY58uN1c3VO+4qSQV4
EdxLsweS3aLOZsa7o3FcQO9tV8SodITsg9UCNlUyF87oqpJzVCyHbrSb15pCts3r
lDcqZ66cYQvaRXyyV11ddlEVOmNhLx4JQkF7ZvcbWI9kJolYpMUEN3//Vp/oht6/
FXH2DxsiesbATFvh+Xfa4LusrQd95SHalW1TVjML6jPw7RGnyACwpRPszQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCWbcqjG10vLTzQdJc39oc3b1QRFMB8GA1UdIwQY
MBaAFIw2rYecZFrumKxKifyAC5qXTpQfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakRhdGg1eGtXdTZZckVxSl9JQUxtcGRPbEI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mNjYzYTMtNjg0ZS00Nzc5LTg4Yjkt
MTRlNmVjMDIwYmZhLzEvSlp0eXFNYlhTOHRQTkIwbHpmMmh6ZHZWQkVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mNjYzYTMtNjg0ZS00Nzc5LTg4YjktMTRlNmVjMDIwYmZh
LzEvakRhdGg1eGtXdTZZckVxSl9JQUxtcGRPbEI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwl0UMA8E
AgACMAkDBwEqCSKAAAAwDQYJKoZIhvcNAQELBQADggEBADf0xCyag1xoyLyE3IgF
1Dn9UFNgsup4DPkCCqkA/GfPcZELO5UfuVgRq5LoY1LpwVidzZGGPGrknARO6hKN
HH4waVSjnGEevVhCacnkX1RhX/Jvk8u3sBg5pn85Jn+ZlgTXGKU0PPNRoBumu3mR
vajMjYypPtJkqn8CvLjtX1Xovh4gru9n76mdLI6cIeqNmUZl629emKLshKAEuIXk
6XCKlCt61sUW8kz5MIkmCE+CCUn4i1mE7p/awLp/nL2sizFdOraLRY0FEPzKQT3e
IhF/pslIfgxMa8vwxfVtZ5TGE9caKEv8AF62QhpePu7E0EGdtYYjlrcoZI6I2E7j
hPg=
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:42:47 2025 by rpki-client