Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/DWT1BFPFWlMn-EW7OXKASofLxjI.roa
File: DWT1BFPFWlMn-EW7OXKASofLxjI.roa (raw, json)
Hash identifier: 3/vEqC+zLm7Xcvpe0qoRcoT7hYTJhYXRGNbAI+6aThs=
Subject key identifier: 0D:64:F5:04:53:C5:5A:53:27:F8:45:BB:39:72:80:4A:87:CB:C6:32
Certificate issuer: /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial: 0199527F4208C61535277F4C9F3AE8366226
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/DWT1BFPFWlMn-EW7OXKASofLxjI.roa
Signing time: Tue 16 Sep 2025 12:28:15 +0000
ROA not before: Tue 16 Sep 2025 12:28:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42956
IP address blocks: 78.128.74.0/24 maxlen: 24
78.142.36.0/24 maxlen: 24
78.142.40.0/22 maxlen: 24
79.124.2.0/23 maxlen: 24
79.124.83.0/24 maxlen: 24
79.124.86.0/24 maxlen: 24
80.72.81.0/24 maxlen: 24
94.72.142.0/24 maxlen: 24
94.72.144.0/24 maxlen: 24
185.81.122.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:52:7f:42:08:c6:15:35:27:7f:4c:9f:3a:e8:36:62:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Validity
Not Before: Sep 16 12:28:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0d64f50453c55a5327f845bb3972804a87cbc632
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:9c:18:f0:81:1c:3c:2a:a6:33:4c:c6:b4:40:
7e:7c:17:9f:30:c0:6a:e2:3d:32:48:96:07:40:10:
d4:3e:43:e4:4a:b7:23:88:5c:b4:43:59:44:78:76:
7e:1d:7c:fd:a2:aa:8c:87:be:d3:a2:bd:62:e7:fb:
67:1a:40:06:9c:05:67:b6:20:c9:97:16:9d:e4:16:
e8:75:a5:24:db:a0:ac:7c:e5:c7:ad:c3:df:ff:d7:
bd:9f:47:34:39:d3:1c:7a:e4:9a:24:fd:9f:cd:b6:
52:f5:56:5a:5d:b1:26:e3:ba:aa:97:ce:53:a3:08:
a3:92:7f:c6:7c:5e:5d:f1:c5:48:1b:ac:7f:a3:a9:
ca:bf:ce:c0:b8:aa:9e:85:4c:da:9e:6f:fc:84:42:
3d:80:36:aa:f2:6e:1c:dd:71:80:7f:09:fd:e7:56:
cd:35:ce:ec:d5:d4:b7:35:50:1e:db:7d:f0:91:04:
0c:36:69:74:a1:aa:55:e5:37:1c:08:2f:b6:72:6d:
b3:76:58:5f:54:39:bb:d3:1a:0a:19:c1:05:7e:3b:
69:82:31:4c:62:83:f8:d5:6a:62:08:7f:e3:cf:dd:
ed:8d:80:f5:d6:ae:71:fb:96:86:8a:82:3f:4a:65:
60:07:8e:3a:9e:db:cd:70:b1:8b:29:05:86:4d:f2:
9f:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:64:F5:04:53:C5:5A:53:27:F8:45:BB:39:72:80:4A:87:CB:C6:32
X509v3 Authority Key Identifier:
keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/DWT1BFPFWlMn-EW7OXKASofLxjI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.128.74.0/24
78.142.36.0/24
78.142.40.0/22
79.124.2.0/23
79.124.83.0/24
79.124.86.0/24
80.72.81.0/24
94.72.142.0/24
94.72.144.0/24
185.81.122.0/24
Signature Algorithm: sha256WithRSAEncryption
28:22:8e:ac:47:1d:84:29:78:a9:8c:7f:33:19:92:2a:ab:97:
01:bb:4e:75:47:43:f5:76:e2:a3:9a:07:7f:d6:49:11:5f:af:
60:67:37:c9:da:ec:ce:06:18:9d:10:21:1d:de:fc:34:bc:ea:
44:2d:0b:9c:28:67:0a:53:a2:6b:e2:64:94:fd:25:1c:1e:88:
27:34:b2:c7:b8:97:82:23:85:e4:c8:ff:3a:a8:ea:d7:4e:2a:
51:fe:66:be:7d:c5:af:95:dc:cf:fa:08:47:c0:a1:f8:04:ab:
cb:3e:fb:15:68:e0:0c:7b:e1:44:14:f6:0b:8f:e2:02:df:61:
a6:d8:6e:a4:da:77:c6:59:47:7a:1b:47:7b:91:3f:26:97:07:
f3:61:ac:75:57:25:20:e2:12:78:55:1e:81:15:e4:c9:c9:bf:
11:21:56:6d:2e:9e:4c:7e:4b:9d:70:db:82:60:20:cd:50:80:
75:fe:49:71:d5:d5:e8:c0:54:e8:23:a6:99:4e:3a:a9:86:85:
f7:97:6c:22:87:9c:51:0b:3a:75:91:cf:e3:c6:dd:1e:fd:03:
f3:9c:ad:ad:81:e2:62:2f:f1:2c:57:7e:37:6a:8d:81:b3:02:
9a:66:3f:6f:1f:20:6d:7e:a4:99:57:a8:fa:1f:57:04:4a:4b:
e2:b7:fc:ad
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZlSf0IIxhU1J39MnzroNmImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwOTE2MTIyODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDY0ZjUwNDUzYzU1YTUzMjdmODQ1YmIzOTcyODA0YTg3Y2JjNjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7pwY8IEcPCqmM0zGtEB+fBefMMBq
4j0ySJYHQBDUPkPkSrcjiFy0Q1lEeHZ+HXz9oqqMh77Tor1i5/tnGkAGnAVntiDJ
lxad5BbodaUk26CsfOXHrcPf/9e9n0c0OdMceuSaJP2fzbZS9VZaXbEm47qql85T
owijkn/GfF5d8cVIG6x/o6nKv87AuKqehUzanm/8hEI9gDaq8m4c3XGAfwn951bN
Nc7s1dS3NVAe233wkQQMNml0oapV5TccCC+2cm2zdlhfVDm70xoKGcEFfjtpgjFM
YoP41WpiCH/jz93tjYD11q5x+5aGioI/SmVgB446ntvNcLGLKQWGTfKfowIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFA1k9QRTxVpTJ/hFuzlygEqHy8YyMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvRFdUMUJGUEZXbE1uLUVXN09YS0FTb2ZMeGpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAToBKAwQA
To4kAwQCTo4oAwQBT3wCAwQAT3xTAwQAT3xWAwQAUEhRAwQAXkiOAwQAXkiQAwQA
uVF6MA0GCSqGSIb3DQEBCwUAA4IBAQAoIo6sRx2EKXipjH8zGZIqq5cBu051R0P1
duKjmgd/1kkRX69gZzfJ2uzOBhidECEd3vw0vOpELQucKGcKU6Jr4mSU/SUcHogn
NLLHuJeCI4XkyP86qOrXTipR/ma+fcWvldzP+ghHwKH4BKvLPvsVaOAMe+FEFPYL
j+IC32Gm2G6k2nfGWUd6G0d7kT8mlwfzYax1VyUg4hJ4VR6BFeTJyb8RIVZtLp5M
fkudcNuCYCDNUIB1/klx1dXowFToI6aZTjqphoX3l2wih5xRCzp1kc/jxt0e/QPz
nK2tgeJiL/EsV343ao2BswKaZj9vHyBtfqSZV6j6H1cESkvit/yt
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:59:14 2025 by rpki-client