Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/8ls1IYf4jQgBfxPe5pEbNm_NZ0o.roa
File: 8ls1IYf4jQgBfxPe5pEbNm_NZ0o.roa (raw, json)
Hash identifier: rz6mEuTJKM68i99abhpJpeLaSY9D73ABA1sM9jV+L58=
Subject key identifier: F2:5B:35:21:87:F8:8D:08:01:7F:13:DE:E6:91:1B:36:6F:CD:67:4A
Certificate issuer: /CN=db99f330be3147b4da90d114a3cf4205fa451103
Certificate serial: 0198DF37FA7D1D5C8D831CE59F8C9F184EAD
Authority key identifier: DB:99:F3:30:BE:31:47:B4:DA:90:D1:14:A3:CF:42:05:FA:45:11:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/25nzML4xR7TakNEUo89CBfpFEQM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/8ls1IYf4jQgBfxPe5pEbNm_NZ0o.roa
Signing time: Mon 25 Aug 2025 03:14:04 +0000
ROA not before: Mon 25 Aug 2025 03:14:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20738
IP address blocks: 79.170.40.0/21 maxlen: 21
79.170.40.0/24 maxlen: 24
79.170.41.0/24 maxlen: 24
79.170.42.0/24 maxlen: 24
79.170.43.0/24 maxlen: 24
79.170.44.0/24 maxlen: 24
79.170.45.0/24 maxlen: 24
79.170.46.0/24 maxlen: 24
79.170.47.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/25nzML4xR7TakNEUo89CBfpFEQM.crl
rsync://rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/25nzML4xR7TakNEUo89CBfpFEQM.mft
rsync://rpki.ripe.net/repository/DEFAULT/25nzML4xR7TakNEUo89CBfpFEQM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:df:37:fa:7d:1d:5c:8d:83:1c:e5:9f:8c:9f:18:4e:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=db99f330be3147b4da90d114a3cf4205fa451103
Validity
Not Before: Aug 25 03:14:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f25b352187f88d08017f13dee6911b366fcd674a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:6e:ea:4f:04:c6:12:64:f0:24:c6:de:95:bf:
e4:be:fb:a7:1f:cd:9f:1c:04:59:9e:cc:92:60:44:
cd:b9:7e:5e:b1:b1:f2:a8:5f:02:ce:1e:25:10:5c:
66:42:41:7e:c2:30:58:6a:98:a9:e3:18:69:09:aa:
38:6c:b1:70:53:2f:c1:e9:af:5e:b0:d5:0c:57:e6:
4d:42:32:eb:26:ae:37:09:11:f4:f5:1a:03:0a:0a:
db:b8:3c:c9:8d:c2:47:50:98:22:80:4d:19:91:48:
f5:4a:18:a8:81:32:66:3d:56:39:75:ef:17:e2:20:
15:ad:62:d2:57:5c:71:91:5d:e7:71:66:05:5b:f1:
f7:2d:50:c9:c9:ad:91:fb:2b:f5:68:6b:4b:b9:22:
9b:f1:4f:f5:ba:fa:26:f3:75:d1:22:fd:6e:87:c5:
55:4f:d9:3c:2a:ec:a4:87:0f:6a:b3:83:13:8d:56:
b7:d6:fe:4a:c5:cf:ed:34:f9:07:31:f3:e6:bc:84:
27:64:4b:5a:96:e0:18:0c:fa:f1:e9:0d:c4:3d:e8:
10:cd:2e:57:cd:0e:8b:6b:ee:31:7f:64:f6:b9:98:
ff:6d:5b:f4:7c:27:42:55:60:8d:75:ce:4c:27:72:
3f:92:b0:23:76:2f:07:d5:94:17:b6:a9:c0:c6:dc:
f1:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:5B:35:21:87:F8:8D:08:01:7F:13:DE:E6:91:1B:36:6F:CD:67:4A
X509v3 Authority Key Identifier:
keyid:DB:99:F3:30:BE:31:47:B4:DA:90:D1:14:A3:CF:42:05:FA:45:11:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/25nzML4xR7TakNEUo89CBfpFEQM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/8ls1IYf4jQgBfxPe5pEbNm_NZ0o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/93/308c09-0034-4486-8274-d4dbd5e204f7/1/25nzML4xR7TakNEUo89CBfpFEQM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.170.40.0/21
Signature Algorithm: sha256WithRSAEncryption
0e:1d:4b:9d:e0:4d:d4:90:df:85:32:cb:d8:47:48:34:10:0d:
60:11:22:77:e3:7e:63:68:11:1e:98:0c:5e:9f:b1:c8:b9:c0:
e8:63:4a:42:ad:de:71:ab:b4:f0:44:fb:18:0e:0d:51:45:b5:
80:a6:2e:07:70:5f:2e:36:f7:e5:03:fd:77:6b:c4:a4:14:11:
77:59:38:1d:22:77:e1:6c:8b:54:0c:ed:4f:7b:fb:e6:36:11:
9f:e8:a6:68:9c:63:5e:72:eb:46:f8:a0:cb:5a:76:40:6b:4c:
fc:b1:6e:d1:d2:f7:09:b0:d8:8e:82:3f:23:2e:eb:58:61:85:
57:a8:56:49:fb:ba:19:a7:ed:83:a0:d3:6c:1e:8a:a3:e5:4d:
cb:0c:48:4e:52:5d:e3:4e:82:9a:0a:4b:6e:05:ad:88:5d:9c:
32:08:36:06:d4:a5:4e:fa:45:6e:c2:f9:3b:52:b5:26:6a:0a:
5c:5a:5c:2b:97:5d:52:c7:5a:74:7c:1c:4e:7e:80:87:da:6a:
0d:54:23:53:a2:bf:f6:10:06:7a:2f:95:51:b5:22:68:ae:99:
3e:ab:07:59:f8:66:a0:d8:8c:3e:23:a7:33:9e:25:75:b8:ac:
73:5f:f8:e8:34:69:fb:aa:0f:3c:1f:c9:37:a2:16:ef:45:a5:
96:d7:c5:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjfN/p9HVyNgxzln4yfGE6tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOTlmMzMwYmUzMTQ3YjRkYTkwZDExNGEzY2Y0MjA1ZmE0
NTExMDMwHhcNMjUwODI1MDMxNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjViMzUyMTg3Zjg4ZDA4MDE3ZjEzZGVlNjkxMWIzNjZmY2Q2NzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqm7qTwTGEmTwJMbelb/kvvunH82f
HARZnsySYETNuX5esbHyqF8Czh4lEFxmQkF+wjBYapip4xhpCao4bLFwUy/B6a9e
sNUMV+ZNQjLrJq43CRH09RoDCgrbuDzJjcJHUJgigE0ZkUj1ShiogTJmPVY5de8X
4iAVrWLSV1xxkV3ncWYFW/H3LVDJya2R+yv1aGtLuSKb8U/1uvom83XRIv1uh8VV
T9k8Kuykhw9qs4MTjVa31v5Kxc/tNPkHMfPmvIQnZEtaluAYDPrx6Q3EPegQzS5X
zQ6La+4xf2T2uZj/bVv0fCdCVWCNdc5MJ3I/krAjdi8H1ZQXtqnAxtzxgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJbNSGH+I0IAX8T3uaRGzZvzWdKMB8GA1UdIwQY
MBaAFNuZ8zC+MUe02pDRFKPPQgX6RREDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjVuek1MNHhSN1Rha05FVW84OUNCZnBGRVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8zMDhjMDktMDAzNC00NDg2LTgyNzQt
ZDRkYmQ1ZTIwNGY3LzEvOGxzMUlZZjRqUWdCZnhQZTVwRWJObV9OWjBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8zMDhjMDktMDAzNC00NDg2LTgyNzQtZDRkYmQ1ZTIwNGY3
LzEvMjVuek1MNHhSN1Rha05FVW84OUNCZnBGRVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDT6ooMA0G
CSqGSIb3DQEBCwUAA4IBAQAOHUud4E3UkN+FMsvYR0g0EA1gESJ3435jaBEemAxe
n7HIucDoY0pCrd5xq7TwRPsYDg1RRbWApi4HcF8uNvflA/13a8SkFBF3WTgdInfh
bItUDO1Pe/vmNhGf6KZonGNecutG+KDLWnZAa0z8sW7R0vcJsNiOgj8jLutYYYVX
qFZJ+7oZp+2DoNNsHoqj5U3LDEhOUl3jToKaCktuBa2IXZwyCDYG1KVO+kVuwvk7
UrUmagpcWlwrl11Sx1p0fBxOfoCH2moNVCNTor/2EAZ6L5VRtSJorpk+qwdZ+Gag
2Iw+I6czniV1uKxzX/joNGn7qg88H8k3ohbvRaWW18WP
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:09:07 2025 by rpki-client