Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/bjRr7IWjofFhY5UaTK36gjVTmJw.roa
File: bjRr7IWjofFhY5UaTK36gjVTmJw.roa (raw, json)
Hash identifier: 8Uet42He0JUZ3FcDIiHrwMRWDjvtV5w/CbqK7W2EWwk=
Subject key identifier: 6E:34:6B:EC:85:A3:A1:F1:61:63:95:1A:4C:AD:FA:82:35:53:98:9C
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0198D05F9F969515C7C842EC9CD7306BE7AA
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/bjRr7IWjofFhY5UaTK36gjVTmJw.roa
Signing time: Fri 22 Aug 2025 06:03:04 +0000
ROA not before: Fri 22 Aug 2025 06:03:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42864
IP address blocks: 45.9.169.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.171.0/24 maxlen: 24
45.14.10.0/24 maxlen: 24
45.14.11.0/24 maxlen: 24
45.88.93.0/24 maxlen: 24
77.242.144.0/24 maxlen: 24
77.242.148.0/24 maxlen: 24
77.242.151.0/24 maxlen: 24
77.242.154.0/24 maxlen: 24
88.209.193.0/24 maxlen: 24
88.209.196.0/24 maxlen: 24
88.209.208.0/24 maxlen: 24
88.209.210.0/24 maxlen: 24
88.209.212.0/24 maxlen: 24
88.209.213.0/24 maxlen: 24
88.209.214.0/24 maxlen: 24
88.209.215.0/24 maxlen: 24
88.209.219.0/24 maxlen: 24
92.52.208.0/24 maxlen: 24
92.52.209.0/24 maxlen: 24
92.52.210.0/23 maxlen: 23
92.52.212.0/22 maxlen: 24
92.52.215.0/24 maxlen: 24
178.248.200.0/21 maxlen: 21
193.138.125.0/24 maxlen: 24
2a00:1f40::/29 maxlen: 29
2a05:f5c0::/29 maxlen: 29
2a05:f5c0::/32 maxlen: 32
2a0c:f1c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 09:01:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:d0:5f:9f:96:95:15:c7:c8:42:ec:9c:d7:30:6b:e7:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Aug 22 06:03:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6e346bec85a3a1f16163951a4cadfa823553989c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:54:ae:b7:b7:fd:d0:c7:47:01:c2:6d:03:f6:
b8:b9:9a:54:81:8d:0f:c9:c3:d2:d8:18:50:67:da:
db:f1:63:1b:3c:ab:7a:61:e4:a0:d8:f9:a3:fa:cf:
cc:7b:78:ea:d8:d8:6c:f6:af:4d:66:8f:5b:1a:bc:
49:09:c1:8a:4c:d5:d5:4b:17:19:a4:31:11:72:17:
43:f2:5b:e7:fc:ba:3c:df:4a:d6:0d:be:b1:97:dd:
b0:dc:66:84:6c:22:81:fb:f0:39:ef:70:87:c1:1b:
a2:b0:8d:86:ea:db:ea:d5:73:ff:0b:54:a2:8c:79:
ff:19:35:49:d9:c7:79:28:b6:b8:94:a3:55:18:6d:
de:ae:7c:7d:91:ef:7b:7f:77:82:4f:51:d1:69:bb:
12:5a:a3:32:ed:c4:25:6b:53:5b:c9:30:7f:c1:4b:
d8:d5:83:1e:49:9a:7a:05:22:84:a9:e8:5f:1b:af:
dd:26:3c:2d:90:06:6c:cb:69:99:a2:d5:8c:67:90:
fe:ca:1c:6d:5f:cb:28:cd:c1:49:b4:10:fd:96:4c:
7a:df:96:73:b6:8f:ab:40:0d:e1:8e:62:45:51:4e:
a7:03:31:a1:e9:b6:00:16:cb:d9:63:72:07:08:9f:
fc:c1:fc:06:d9:54:c4:ad:60:19:19:fc:c1:2f:fb:
c1:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:34:6B:EC:85:A3:A1:F1:61:63:95:1A:4C:AD:FA:82:35:53:98:9C
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/bjRr7IWjofFhY5UaTK36gjVTmJw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.169.0-45.9.171.255
45.14.10.0/23
45.88.93.0/24
77.242.144.0/24
77.242.148.0/24
77.242.151.0/24
77.242.154.0/24
88.209.193.0/24
88.209.196.0/24
88.209.208.0/24
88.209.210.0/24
88.209.212.0/22
88.209.219.0/24
92.52.208.0/21
178.248.200.0/21
193.138.125.0/24
IPv6:
2a00:1f40::/29
2a05:f5c0::/29
2a0c:f1c0::/29
Signature Algorithm: sha256WithRSAEncryption
1d:c9:ed:dd:92:9f:fd:cd:7b:38:3f:29:4d:71:a3:83:89:49:
ae:3e:e0:59:d7:3c:0a:c7:44:c7:d0:9b:ad:ca:0c:92:2d:da:
ae:9b:f8:be:b6:ff:84:62:36:33:06:b4:73:33:3e:01:f1:18:
ea:e1:7e:0e:46:9b:16:bb:05:23:d9:4f:6f:ef:17:62:2e:de:
48:da:54:85:f2:eb:0a:0f:57:7e:9d:af:2c:98:5f:98:e7:8a:
b4:e6:1e:48:6d:b5:7d:2f:49:82:50:c1:93:b5:41:58:45:a1:
e0:b0:26:76:7f:bb:42:ef:20:c9:cd:1a:65:88:35:d6:07:81:
ce:07:30:46:40:ee:05:b1:f7:05:60:41:5a:fa:93:14:d2:57:
aa:e4:0d:6b:41:22:4c:d0:9f:ad:b2:65:76:f1:7c:31:f4:4f:
2b:20:11:b0:c7:53:9b:ec:7b:9b:6c:8e:e1:60:ac:4b:a6:1a:
26:8a:0e:d5:af:94:fd:75:42:1c:9e:a7:61:dd:74:0e:1d:9d:
87:6f:2e:d4:17:87:fc:a4:3f:0d:d1:7e:9c:9f:88:36:cd:b6:
3b:27:e7:34:7b:bc:b6:83:17:67:2d:1a:4f:f3:62:cf:e5:ec:
32:48:3a:40:99:95:d8:3b:4a:a2:45:51:e2:a2:71:e4:28:84:
5b:27:26:dd
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgISAZjQX5+WlRXHyELsnNcwa+eqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwODIyMDYwMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTM0NmJlYzg1YTNhMWYxNjE2Mzk1MWE0Y2FkZmE4MjM1NTM5ODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlSut7f90MdHAcJtA/a4uZpUgY0P
ycPS2BhQZ9rb8WMbPKt6YeSg2Pmj+s/Me3jq2Nhs9q9NZo9bGrxJCcGKTNXVSxcZ
pDERchdD8lvn/Lo830rWDb6xl92w3GaEbCKB+/A573CHwRuisI2G6tvq1XP/C1Si
jHn/GTVJ2cd5KLa4lKNVGG3ernx9ke97f3eCT1HRabsSWqMy7cQla1NbyTB/wUvY
1YMeSZp6BSKEqehfG6/dJjwtkAZsy2mZotWMZ5D+yhxtX8sozcFJtBD9lkx635Zz
to+rQA3hjmJFUU6nAzGh6bYAFsvZY3IHCJ/8wfwG2VTErWAZGfzBL/vB7wIDAQAB
o4ICizCCAocwHQYDVR0OBBYEFG40a+yFo6HxYWOVGkyt+oI1U5icMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvYmpScjdJV2pvZkZoWTVVYVRLMzZnalZUbUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGgBggrBgEFBQcBBwEB/wSBkDCBjTBuBAIAATBoMAwDBAAt
CakDBAItCagDBAEtDgoDBAAtWF0DBABN8pADBABN8pQDBABN8pcDBABN8poDBABY
0cEDBABY0cQDBABY0dADBABY0dIDBAJY0dQDBABY0dsDBANcNNADBAOy+MgDBADB
in0wGwQCAAIwFQMFAyoAH0ADBQMqBfXAAwUDKgzxwDANBgkqhkiG9w0BAQsFAAOC
AQEAHcnt3ZKf/c17OD8pTXGjg4lJrj7gWdc8CsdEx9CbrcoMki3arpv4vrb/hGI2
Mwa0czM+AfEY6uF+DkabFrsFI9lPb+8XYi7eSNpUhfLrCg9Xfp2vLJhfmOeKtOYe
SG21fS9JglDBk7VBWEWh4LAmdn+7Qu8gyc0aZYg11geBzgcwRkDuBbH3BWBBWvqT
FNJXquQNa0EiTNCfrbJldvF8MfRPKyARsMdTm+x7m2yO4WCsS6YaJooO1a+U/XVC
HJ6nYd10Dh2dh28u1BeH/KQ/DdF+nJ+INs22OyfnNHu8toMXZy0aT/Niz+XsMkg6
QJmV2DtKokVR4qJx5CiEWycm3Q==
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:19:14 2025 by rpki-client