Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZPoN0ebpllV8P14kznTcpiI81Kc.roa
File: ZPoN0ebpllV8P14kznTcpiI81Kc.roa (raw, json)
Hash identifier: tnp8F7/IMCTRrd/yA6/gqgFPzOUxuaberB+kea7APDM=
Subject key identifier: 64:FA:0D:D1:E6:E9:96:55:7C:3F:5E:24:CE:74:DC:A6:22:3C:D4:A7
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01989828C5097A0C0E434809EB5405AD484C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZPoN0ebpllV8P14kznTcpiI81Kc.roa
Signing time: Mon 11 Aug 2025 08:04:25 +0000
ROA not before: Mon 11 Aug 2025 08:04:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5065
IP address blocks: 77.93.138.0/23 maxlen: 24
82.152.52.0/23 maxlen: 24
82.153.44.0/24 maxlen: 24
82.153.46.0/24 maxlen: 24
109.176.75.0/24 maxlen: 24
213.130.150.0/24 maxlen: 24
213.210.48.0/23 maxlen: 24
213.218.226.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:98:28:c5:09:7a:0c:0e:43:48:09:eb:54:05:ad:48:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 11 08:04:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=64fa0dd1e6e996557c3f5e24ce74dca6223cd4a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:5b:d4:22:b6:9d:a9:7c:16:82:a0:3a:86:a2:
5e:78:06:f7:2b:46:ba:bc:ab:58:41:05:60:e8:f9:
9a:43:b2:2c:96:ba:b5:0e:66:d5:92:54:f2:a0:51:
3f:a6:f8:7f:93:d5:7f:e6:40:12:25:5b:46:1e:63:
36:4d:7f:cd:f8:e5:76:c7:3b:cf:b8:1b:67:43:1a:
6c:a7:fe:b0:ab:60:21:fd:8f:31:f3:5a:df:d3:09:
73:e8:a3:8b:76:8e:44:4f:7a:bb:31:8d:38:08:0f:
20:0f:cd:cc:82:50:22:d7:78:9f:22:fd:c7:96:73:
c9:05:de:e4:e1:05:b8:b7:f0:b6:50:08:80:aa:71:
09:f1:09:19:f2:f8:b5:c2:b4:73:e6:15:8f:07:18:
f5:32:da:66:93:57:6d:3d:76:32:dc:3c:1d:e8:ab:
18:aa:a7:bf:e3:89:6d:c5:3d:2c:0c:a1:51:9a:38:
f1:03:73:d7:1e:73:d2:c5:1e:54:c5:fd:0b:cc:4c:
66:df:82:8c:bd:70:ad:6c:da:54:5a:af:c7:87:30:
c1:16:7c:cf:98:ab:1a:f9:f9:25:98:e4:17:bf:ac:
6d:05:3f:43:37:f9:58:ff:51:bf:79:7a:35:38:6e:
04:85:d5:4b:46:dd:43:c4:59:c7:29:92:7e:58:75:
e8:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:FA:0D:D1:E6:E9:96:55:7C:3F:5E:24:CE:74:DC:A6:22:3C:D4:A7
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZPoN0ebpllV8P14kznTcpiI81Kc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.93.138.0/23
82.152.52.0/23
82.153.44.0/24
82.153.46.0/24
109.176.75.0/24
213.130.150.0/24
213.210.48.0/23
213.218.226.0/24
Signature Algorithm: sha256WithRSAEncryption
49:b9:f1:18:4e:0c:66:b0:0f:07:15:eb:34:af:e5:34:f7:0b:
1c:f3:0e:3d:ac:96:e2:31:ac:f3:1b:b5:10:f1:37:64:cc:ab:
ef:1a:2a:51:77:88:a1:3f:76:db:25:c7:88:1c:3d:fb:d7:38:
88:ef:43:35:8b:f1:79:4a:a0:f1:41:1c:e7:ae:c7:c4:06:11:
c5:5f:94:b4:5d:55:b5:bb:b4:45:f0:f6:ba:52:69:5f:a4:c6:
20:be:95:15:0c:c6:37:66:d5:c8:eb:f8:1c:72:ff:16:74:84:
91:da:42:dc:5e:0d:49:0f:fc:b2:e0:a5:59:66:c8:8f:c6:b8:
67:1a:32:98:a3:08:e8:f1:d5:81:94:da:8c:1d:38:30:62:ed:
21:ef:ec:4e:bf:2d:c1:de:e1:1d:ec:45:39:55:01:b7:30:26:
4a:60:e5:1c:3e:9a:51:b6:14:76:4e:e1:7f:e0:2a:98:85:9a:
9d:a2:4c:41:3b:23:b0:50:82:6d:76:2d:7a:0e:3c:fe:af:81:
21:ed:d0:ae:f3:78:d3:98:e9:74:9b:14:94:94:1d:a8:33:5b:
23:0e:ab:9d:a8:4f:84:41:97:91:b6:be:63:3d:07:1e:a8:94:
30:7d:61:23:df:f3:f3:97:f1:31:7f:7f:58:b9:ae:a2:51:8f:
9d:13:f1:30
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZiYKMUJegwOQ0gJ61QFrUhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODExMDgwNDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGZhMGRkMWU2ZTk5NjU1N2MzZjVlMjRjZTc0ZGNhNjIyM2NkNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1vUIradqXwWgqA6hqJeeAb3K0a6
vKtYQQVg6PmaQ7Islrq1DmbVklTyoFE/pvh/k9V/5kASJVtGHmM2TX/N+OV2xzvP
uBtnQxpsp/6wq2Ah/Y8x81rf0wlz6KOLdo5ET3q7MY04CA8gD83MglAi13ifIv3H
lnPJBd7k4QW4t/C2UAiAqnEJ8QkZ8vi1wrRz5hWPBxj1Mtpmk1dtPXYy3Dwd6KsY
qqe/44ltxT0sDKFRmjjxA3PXHnPSxR5Uxf0LzExm34KMvXCtbNpUWq/HhzDBFnzP
mKsa+fklmOQXv6xtBT9DN/lY/1G/eXo1OG4EhdVLRt1DxFnHKZJ+WHXoxQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGT6DdHm6ZZVfD9eJM503KYiPNSnMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWlBvTjBlYnBsbFY4UDE0a3puVGNwaUk4MUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBTV2KAwQB
Upg0AwQAUpksAwQAUpkuAwQAbbBLAwQA1YKWAwQB1dIwAwQA1driMA0GCSqGSIb3
DQEBCwUAA4IBAQBJufEYTgxmsA8HFes0r+U09wsc8w49rJbiMazzG7UQ8TdkzKvv
GipRd4ihP3bbJceIHD371ziI70M1i/F5SqDxQRznrsfEBhHFX5S0XVW1u7RF8Pa6
UmlfpMYgvpUVDMY3ZtXI6/gccv8WdISR2kLcXg1JD/yy4KVZZsiPxrhnGjKYowjo
8dWBlNqMHTgwYu0h7+xOvy3B3uEd7EU5VQG3MCZKYOUcPppRthR2TuF/4CqYhZqd
okxBOyOwUIJtdi16Djz+r4Eh7dCu83jTmOl0mxSUlB2oM1sjDqudqE+EQZeRtr5j
PQceqJQwfWEj3/Pzl/Exf39Yua6iUY+dE/Ew
-----END CERTIFICATE-----
Generated at Sat Aug 23 10:14:41 2025 by rpki-client