Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/2f3iJSIm_gwsjLqHKwwPCgVXmU4.roa
File: 2f3iJSIm_gwsjLqHKwwPCgVXmU4.roa (raw, json)
Hash identifier: N9m+XB9yu5/umOhHO4AH3n4GJdoAiP1f7gS+JghQR/w=
Subject key identifier: D9:FD:E2:25:22:26:FE:0C:2C:8C:BA:87:2B:0C:0F:0A:05:57:99:4E
Certificate issuer: /CN=66af1c224db29a5104a61aac32f60956025fad43
Certificate serial: 0199DDC34FD800E778C7A75A9FB54BA2A818
Authority key identifier: 66:AF:1C:22:4D:B2:9A:51:04:A6:1A:AC:32:F6:09:56:02:5F:AD:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zq8cIk2ymlEEphqsMvYJVgJfrUM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/2f3iJSIm_gwsjLqHKwwPCgVXmU4.roa
Signing time: Mon 13 Oct 2025 13:29:48 +0000
ROA not before: Mon 13 Oct 2025 13:29:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215037
IP address blocks: 81.177.208.0/22 maxlen: 24
81.177.208.0/23 maxlen: 23
81.177.210.0/23 maxlen: 23
194.117.65.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/Zq8cIk2ymlEEphqsMvYJVgJfrUM.crl
rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/Zq8cIk2ymlEEphqsMvYJVgJfrUM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zq8cIk2ymlEEphqsMvYJVgJfrUM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:dd:c3:4f:d8:00:e7:78:c7:a7:5a:9f:b5:4b:a2:a8:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66af1c224db29a5104a61aac32f60956025fad43
Validity
Not Before: Oct 13 13:29:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9fde2252226fe0c2c8cba872b0c0f0a0557994e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:66:97:03:68:05:94:be:e4:e2:1b:3a:a0:bc:
ba:0e:ed:5f:a1:e0:e0:4e:98:b9:1a:0c:52:5c:d2:
19:f0:e4:f9:c1:63:2c:c9:b6:60:9b:05:9c:b2:77:
70:ba:71:5f:1a:fc:1a:d7:cf:a7:3d:29:02:f5:1e:
2f:bb:b9:3b:da:9e:7a:d3:70:43:b6:d6:b8:03:c3:
e8:d8:73:a0:27:5d:34:00:b5:bb:bb:58:a7:e1:b9:
49:c0:ca:7f:57:ee:03:72:3c:46:57:d0:5b:af:0d:
77:0b:80:1a:cf:5f:8b:d2:3a:6a:42:35:6b:8d:e5:
86:06:f9:9a:45:89:ec:fc:d5:d9:8e:4f:39:04:6c:
36:d8:63:01:3d:69:20:4e:8d:08:e9:8d:82:50:fd:
6d:0b:cf:3c:6d:1b:65:64:b6:28:73:7c:06:06:07:
6a:6a:18:26:6d:be:ba:6b:c8:77:3a:6d:dc:be:06:
17:d2:60:4f:52:c7:e5:9f:e6:9b:35:5c:c2:11:0b:
41:14:1e:89:1e:e0:14:59:a5:f3:d0:25:1e:43:ed:
c8:a9:a2:9c:27:82:54:32:79:f0:e9:10:c8:05:66:
f4:05:e3:b5:f8:2c:eb:0e:43:37:8e:76:da:42:29:
5d:b6:fc:4d:a8:30:05:25:bc:3f:ac:14:8f:d5:49:
f5:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:FD:E2:25:22:26:FE:0C:2C:8C:BA:87:2B:0C:0F:0A:05:57:99:4E
X509v3 Authority Key Identifier:
keyid:66:AF:1C:22:4D:B2:9A:51:04:A6:1A:AC:32:F6:09:56:02:5F:AD:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zq8cIk2ymlEEphqsMvYJVgJfrUM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/2f3iJSIm_gwsjLqHKwwPCgVXmU4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b28a1d-f471-4eb7-a8de-c0c74809439e/1/Zq8cIk2ymlEEphqsMvYJVgJfrUM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.177.208.0/22
194.117.65.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:fb:c5:20:15:bf:e5:c5:e0:c6:a6:47:93:db:0e:25:cc:e4:
47:54:f3:12:4c:a1:f0:55:5e:ff:0b:22:27:37:90:e9:50:ad:
8c:c6:5c:88:18:ce:6a:92:d6:19:a2:fd:08:8c:fd:ba:cc:cb:
c6:be:4e:8b:40:53:8f:67:1c:62:85:67:e5:ea:d1:7a:e6:d2:
b1:61:34:fd:07:78:b3:2f:d9:18:89:84:ae:b1:c3:87:4d:bb:
1f:da:8d:ac:73:65:25:f2:06:bf:53:b7:7d:9c:83:81:ff:d9:
95:06:61:41:97:6e:ec:14:58:38:0b:05:b6:53:2f:e5:cf:38:
86:e2:45:26:bb:0a:27:35:71:51:2f:91:bb:3d:d0:13:7f:71:
28:a0:a9:4f:81:8f:a0:83:fe:d4:5b:89:fa:98:29:11:f1:83:
b4:9a:0a:29:f9:00:10:56:a8:55:05:2d:76:0f:5e:c6:27:06:
23:78:3a:c9:83:06:d3:ea:70:03:bc:d2:9d:56:d6:29:47:22:
ae:84:2e:ce:03:42:c3:e0:a8:0f:2d:a5:ee:74:32:e8:61:93:
c9:8b:38:35:da:ed:09:3e:7c:58:f3:26:7b:37:82:57:8f:5d:
e5:ed:cf:a4:73:19:20:21:a5:cb:6f:f5:4c:06:71:90:b1:d1:
2a:80:a4:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZndw0/YAOd4x6dan7VLoqgYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YWYxYzIyNGRiMjlhNTEwNGE2MWFhYzMyZjYwOTU2MDI1
ZmFkNDMwHhcNMjUxMDEzMTMyOTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWZkZTIyNTIyMjZmZTBjMmM4Y2JhODcyYjBjMGYwYTA1NTc5OTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02aXA2gFlL7k4hs6oLy6Du1foeDg
Tpi5GgxSXNIZ8OT5wWMsybZgmwWcsndwunFfGvwa18+nPSkC9R4vu7k72p5603BD
tta4A8Po2HOgJ100ALW7u1in4blJwMp/V+4DcjxGV9Bbrw13C4Aaz1+L0jpqQjVr
jeWGBvmaRYns/NXZjk85BGw22GMBPWkgTo0I6Y2CUP1tC888bRtlZLYoc3wGBgdq
ahgmbb66a8h3Om3cvgYX0mBPUsfln+abNVzCEQtBFB6JHuAUWaXz0CUeQ+3IqaKc
J4JUMnnw6RDIBWb0BeO1+CzrDkM3jnbaQildtvxNqDAFJbw/rBSP1Un1IwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNn94iUiJv4MLIy6hysMDwoFV5lOMB8GA1UdIwQY
MBaAFGavHCJNsppRBKYarDL2CVYCX61DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnE4Y0lrMnltbEVFcGhxc012WUpWZ0pmclVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9iMjhhMWQtZjQ3MS00ZWI3LWE4ZGUt
YzBjNzQ4MDk0MzllLzEvMmYzaUpTSW1fZ3dzakxxSEt3d1BDZ1ZYbVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9iMjhhMWQtZjQ3MS00ZWI3LWE4ZGUtYzBjNzQ4MDk0Mzll
LzEvWnE4Y0lrMnltbEVFcGhxc012WUpWZ0pmclVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUbHQAwQA
wnVBMA0GCSqGSIb3DQEBCwUAA4IBAQAP+8UgFb/lxeDGpkeT2w4lzORHVPMSTKHw
VV7/CyInN5DpUK2MxlyIGM5qktYZov0IjP26zMvGvk6LQFOPZxxihWfl6tF65tKx
YTT9B3izL9kYiYSuscOHTbsf2o2sc2Ul8ga/U7d9nIOB/9mVBmFBl27sFFg4CwW2
Uy/lzziG4kUmuwonNXFRL5G7PdATf3EooKlPgY+gg/7UW4n6mCkR8YO0mgop+QAQ
VqhVBS12D17GJwYjeDrJgwbT6nADvNKdVtYpRyKuhC7OA0LD4KgPLaXudDLoYZPJ
izg12u0JPnxY8yZ7N4JXj13l7c+kcxkgIaXLb/VMBnGQsdEqgKQx
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:25:11 2025 by rpki-client