Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/8MF9LpY4IEy9l1FARzK6C5L2w1A.roa
File: 8MF9LpY4IEy9l1FARzK6C5L2w1A.roa (raw, json)
Hash identifier: oxOX+x4ImJf3gE4hmPOAVT49apZypumYsZNKHvDAJTo=
Subject key identifier: F0:C1:7D:2E:96:38:20:4C:BD:97:51:40:47:32:BA:0B:92:F6:C3:50
Certificate issuer: /CN=41a59b0960ea65d6b92393ee0347a1a832f9b984
Certificate serial: 019976D179475BCF0F0F14F5440C962BC5D8
Authority key identifier: 41:A5:9B:09:60:EA:65:D6:B9:23:93:EE:03:47:A1:A8:32:F9:B9:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QaWbCWDqZda5I5PuA0ehqDL5uYQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/8MF9LpY4IEy9l1FARzK6C5L2w1A.roa
Signing time: Tue 23 Sep 2025 13:44:23 +0000
ROA not before: Tue 23 Sep 2025 13:44:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29668
IP address blocks: 185.62.76.0/22 maxlen: 22
2a01:90::/40 maxlen: 40
2a01:90:200::/40 maxlen: 40
2a01:90:400::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/QaWbCWDqZda5I5PuA0ehqDL5uYQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/QaWbCWDqZda5I5PuA0ehqDL5uYQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/QaWbCWDqZda5I5PuA0ehqDL5uYQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:76:d1:79:47:5b:cf:0f:0f:14:f5:44:0c:96:2b:c5:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=41a59b0960ea65d6b92393ee0347a1a832f9b984
Validity
Not Before: Sep 23 13:44:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f0c17d2e9638204cbd9751404732ba0b92f6c350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:36:95:5a:06:2c:a0:31:8c:46:f5:17:9b:ae:
50:1b:d1:dc:31:2c:5c:e6:6e:93:0a:51:20:7a:a8:
13:d0:77:bd:c7:27:a6:a9:91:8e:af:a3:5d:1e:22:
51:ba:cf:53:cf:03:90:93:19:20:c1:b3:3a:e7:01:
50:53:de:18:8b:ca:bb:f8:28:0b:36:82:d1:2f:89:
33:1a:fb:6b:2a:8e:e2:23:c4:4c:30:f6:18:d6:32:
ca:fb:0c:e5:a9:d2:90:f0:c1:38:6f:14:1c:70:c4:
61:5c:74:90:7c:cd:56:3c:bc:db:83:50:fc:00:26:
46:a1:41:00:39:84:37:e4:e5:cc:3a:74:d2:b7:4d:
f7:de:58:94:51:d5:60:b4:aa:77:59:e0:45:b5:d7:
c6:2d:1c:d3:61:ec:c0:56:f7:c7:f3:37:14:32:21:
cc:67:19:93:58:9f:94:8d:b3:3a:89:d7:40:c2:38:
ca:0d:68:7b:08:13:bb:21:78:ea:68:86:d4:e9:b3:
c3:6d:50:d4:c4:f8:0f:5f:95:37:95:03:c5:1f:cf:
86:bb:41:cb:91:8b:6d:d0:4d:36:d8:68:05:e6:df:
37:fe:81:e8:c3:10:99:b6:2d:f4:55:36:b6:22:54:
ac:65:26:c1:d3:cc:8f:6c:75:fb:b8:d8:5b:76:b8:
b1:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:C1:7D:2E:96:38:20:4C:BD:97:51:40:47:32:BA:0B:92:F6:C3:50
X509v3 Authority Key Identifier:
keyid:41:A5:9B:09:60:EA:65:D6:B9:23:93:EE:03:47:A1:A8:32:F9:B9:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QaWbCWDqZda5I5PuA0ehqDL5uYQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/8MF9LpY4IEy9l1FARzK6C5L2w1A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/0a1b83-86ba-401a-a543-bfdec0c112e3/1/QaWbCWDqZda5I5PuA0ehqDL5uYQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.62.76.0/22
IPv6:
2a01:90::/40
2a01:90:200::/40
2a01:90:400::/48
Signature Algorithm: sha256WithRSAEncryption
93:4a:b8:2b:93:ac:22:89:47:58:07:2f:78:a0:6d:6f:8d:0c:
96:1c:8b:af:96:3a:fa:43:2d:7b:9f:20:5e:5f:89:09:9c:6c:
a8:db:79:24:ac:9b:ee:ac:c1:50:99:7d:16:d4:5b:6a:f1:dd:
79:ba:a4:31:df:9f:c0:3c:ec:96:57:75:dc:c2:a7:20:f9:c1:
b6:da:08:8e:65:e4:df:c4:2c:8d:e9:ae:5b:6b:c4:47:d9:8a:
6e:53:0f:d6:55:15:f3:9a:3f:94:5f:f9:f9:08:de:5f:78:62:
05:5e:ca:9e:22:18:54:d7:99:15:37:a2:4a:a8:00:6c:59:a1:
08:f1:83:a8:8c:45:ba:23:4e:b0:34:b3:dd:67:4b:8f:df:a1:
4a:10:97:5b:2e:13:57:34:32:fa:06:c4:d8:dc:76:0d:7f:52:
d8:5a:76:39:85:73:f7:9d:3e:59:fe:35:0b:79:f8:f2:8d:a9:
a0:0d:34:7c:af:63:29:5a:e3:e1:fd:d9:9c:38:02:f7:06:24:
f0:8c:7c:9d:7d:c3:64:f6:8a:ce:0f:65:a1:d0:09:86:e5:51:
c7:b1:3a:d5:c4:30:59:1f:28:8b:fe:16:32:69:0f:52:73:f8:
da:4b:db:96:72:8e:c2:10:33:47:02:9d:18:22:7d:1a:c4:ae:
14:a8:22:e0
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZl20XlHW88PDxT1RAyWK8XYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxYTU5YjA5NjBlYTY1ZDZiOTIzOTNlZTAzNDdhMWE4MzJm
OWI5ODQwHhcNMjUwOTIzMTM0NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGMxN2QyZTk2MzgyMDRjYmQ5NzUxNDA0NzMyYmEwYjkyZjZjMzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzaVWgYsoDGMRvUXm65QG9HcMSxc
5m6TClEgeqgT0He9xyemqZGOr6NdHiJRus9TzwOQkxkgwbM65wFQU94Yi8q7+CgL
NoLRL4kzGvtrKo7iI8RMMPYY1jLK+wzlqdKQ8ME4bxQccMRhXHSQfM1WPLzbg1D8
ACZGoUEAOYQ35OXMOnTSt0333liUUdVgtKp3WeBFtdfGLRzTYezAVvfH8zcUMiHM
ZxmTWJ+UjbM6iddAwjjKDWh7CBO7IXjqaIbU6bPDbVDUxPgPX5U3lQPFH8+Gu0HL
kYtt0E022GgF5t83/oHowxCZti30VTa2IlSsZSbB08yPbHX7uNhbdrixCQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFPDBfS6WOCBMvZdRQEcyuguS9sNQMB8GA1UdIwQY
MBaAFEGlmwlg6mXWuSOT7gNHoagy+bmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWFXYkNXRHFaZGE1STVQdUEwZWhxREw1dVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wYTFiODMtODZiYS00MDFhLWE1NDMt
YmZkZWMwYzExMmUzLzEvOE1GOUxwWTRJRXk5bDFGQVJ6SzZDNUwydzFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wYTFiODMtODZiYS00MDFhLWE1NDMtYmZkZWMwYzExMmUz
LzEvUWFXYkNXRHFaZGE1STVQdUEwZWhxREw1dVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAMBAIAATAGAwQCuT5MMB8E
AgACMBkDBgAqAQCQAAMGACoBAJACAwcAKgEAkAQAMA0GCSqGSIb3DQEBCwUAA4IB
AQCTSrgrk6wiiUdYBy94oG1vjQyWHIuvljr6Qy17nyBeX4kJnGyo23kkrJvurMFQ
mX0W1Ftq8d15uqQx35/APOyWV3Xcwqcg+cG22giOZeTfxCyN6a5ba8RH2YpuUw/W
VRXzmj+UX/n5CN5feGIFXsqeIhhU15kVN6JKqABsWaEI8YOojEW6I06wNLPdZ0uP
36FKEJdbLhNXNDL6BsTY3HYNf1LYWnY5hXP3nT5Z/jULefjyjamgDTR8r2MpWuPh
/dmcOAL3BiTwjHydfcNk9orOD2Wh0AmG5VHHsTrVxDBZHyiL/hYyaQ9Sc/jaS9uW
co7CEDNHAp0YIn0axK4UqCLg
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:29:56 2025 by rpki-client