Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/5af699-b1a9-49dc-bdc9-1d4dfb4f4800/1/03xoijHJR91pQdRK4BVsUMo651Q.roa
File: 03xoijHJR91pQdRK4BVsUMo651Q.roa (raw, json)
Hash identifier: NiWV6nMnI3xd8nfLo25KyV3pkHiiEo7coUv5lu4C83o=
Subject key identifier: D3:7C:68:8A:31:C9:47:DD:69:41:D4:4A:E0:15:6C:50:CA:3A:E7:54
Certificate issuer: /CN=21269675acefbbf8497b1e21ca73764af4aa8c7b
Certificate serial: 0199944BD98922CC114B11C8AC869AAA4971
Authority key identifier: 21:26:96:75:AC:EF:BB:F8:49:7B:1E:21:CA:73:76:4A:F4:AA:8C:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ISaWdazvu_hJex4hynN2SvSqjHs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/5af699-b1a9-49dc-bdc9-1d4dfb4f4800/1/03xoijHJR91pQdRK4BVsUMo651Q.roa
Signing time: Mon 29 Sep 2025 07:07:02 +0000
ROA not before: Mon 29 Sep 2025 07:07:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39591
IP address blocks: 77.94.240.0/21 maxlen: 24
79.143.208.0/20 maxlen: 24
185.3.104.0/22 maxlen: 24
2a00:1280::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ea/5af699-b1a9-49dc-bdc9-1d4dfb4f4800/1/ISaWdazvu_hJex4hynN2SvSqjHs.crl
rsync://rpki.ripe.net/repository/DEFAULT/ea/5af699-b1a9-49dc-bdc9-1d4dfb4f4800/1/ISaWdazvu_hJex4hynN2SvSqjHs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ISaWdazvu_hJex4hynN2SvSqjHs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 07:01:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:94:4b:d9:89:22:cc:11:4b:11:c8:ac:86:9a:aa:49:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21269675acefbbf8497b1e21ca73764af4aa8c7b
Validity
Not Before: Sep 29 07:07:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d37c688a31c947dd6941d44ae0156c50ca3ae754
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:28:e0:95:e9:d7:19:af:36:c0:9f:37:74:5f:
21:e9:3b:f3:ba:2d:ed:84:ab:25:95:75:d2:bf:19:
90:d3:aa:41:b7:3e:3d:a9:da:9a:8b:ed:81:24:3e:
58:12:44:93:1b:fa:5a:b7:cb:11:78:8e:b9:65:78:
e1:10:cd:54:8f:cc:f1:3b:0b:90:04:d7:87:8e:71:
f6:e0:06:bd:c8:8f:9e:32:48:c0:6d:70:7f:95:be:
42:6a:ce:4e:99:9d:65:05:d8:48:dd:be:7e:1d:c9:
ba:60:ab:3a:d1:e9:57:f2:79:85:66:1d:c1:55:4d:
ed:a2:82:0c:26:d9:dc:a0:43:72:28:6b:d9:22:5d:
0f:32:4c:ed:0e:a4:39:91:eb:a4:9d:7a:34:b7:2a:
4d:8e:86:da:2b:32:7a:8d:b4:15:7a:a4:05:5b:56:
25:00:60:5f:d9:84:41:6e:a2:81:4e:c1:96:47:c0:
a0:ad:bf:cc:af:89:56:3a:81:60:b8:95:08:06:51:
f2:fe:51:cb:dd:de:ac:7c:96:19:a9:03:aa:cb:76:
58:92:d7:ee:95:21:27:d8:14:02:6d:97:0b:40:d0:
f7:c2:f6:13:a0:b5:61:89:ba:e1:ab:1a:de:80:ed:
4d:2f:ce:72:28:ae:89:be:0c:b2:d1:81:22:86:ed:
bd:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:7C:68:8A:31:C9:47:DD:69:41:D4:4A:E0:15:6C:50:CA:3A:E7:54
X509v3 Authority Key Identifier:
keyid:21:26:96:75:AC:EF:BB:F8:49:7B:1E:21:CA:73:76:4A:F4:AA:8C:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ISaWdazvu_hJex4hynN2SvSqjHs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/5af699-b1a9-49dc-bdc9-1d4dfb4f4800/1/03xoijHJR91pQdRK4BVsUMo651Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/5af699-b1a9-49dc-bdc9-1d4dfb4f4800/1/ISaWdazvu_hJex4hynN2SvSqjHs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.94.240.0/21
79.143.208.0/20
185.3.104.0/22
IPv6:
2a00:1280::/32
Signature Algorithm: sha256WithRSAEncryption
42:4f:89:ad:ea:28:ec:df:75:e1:d8:0d:7e:01:7a:53:d3:c2:
39:84:9b:50:10:c3:b0:9d:0d:19:48:07:48:49:26:37:0f:16:
0e:76:db:25:74:4a:12:90:3d:04:a7:40:f2:bf:f8:08:9a:cc:
3b:36:f9:7d:2e:81:56:bc:ac:98:62:07:94:58:2e:ec:92:c0:
2e:bf:b0:49:02:00:e9:ef:93:43:02:0e:42:56:f6:84:eb:a2:
9b:83:dd:5b:49:d7:ac:7d:fa:6c:2e:8f:20:10:a3:b0:27:c3:
5e:87:af:ef:9b:d4:a3:21:9e:bd:a7:74:51:8b:a1:0b:3e:f2:
6a:28:70:4b:8c:b5:cd:4a:c1:b6:0d:a1:9f:66:c5:34:9f:19:
bc:7d:2b:14:f4:24:e4:59:fb:2c:64:69:a9:7d:45:7e:5a:ad:
fb:cf:4f:22:9c:f5:e9:c1:5e:70:45:1f:80:b3:bf:c7:7d:52:
f8:4f:1a:a2:27:fc:79:93:a8:8e:3b:a4:b7:5a:2d:b2:ca:e3:
8f:37:71:23:7b:6b:14:2b:70:83:0f:c1:62:22:12:ef:7f:0d:
2c:cc:02:33:e9:13:d7:09:9c:48:05:e2:af:f4:ac:60:e4:25:
da:84:09:7d:9a:59:9d:2f:62:ea:ab:53:6b:03:02:5e:a4:7d:
0f:bf:95:52
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZmUS9mJIswRSxHIrIaaqklxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMjY5Njc1YWNlZmJiZjg0OTdiMWUyMWNhNzM3NjRhZjRh
YThjN2IwHhcNMjUwOTI5MDcwNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzdjNjg4YTMxYzk0N2RkNjk0MWQ0NGFlMDE1NmM1MGNhM2FlNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzijglenXGa82wJ83dF8h6Tvzui3t
hKsllXXSvxmQ06pBtz49qdqai+2BJD5YEkSTG/pat8sReI65ZXjhEM1Uj8zxOwuQ
BNeHjnH24Aa9yI+eMkjAbXB/lb5Cas5OmZ1lBdhI3b5+Hcm6YKs60elX8nmFZh3B
VU3tooIMJtncoENyKGvZIl0PMkztDqQ5keuknXo0typNjobaKzJ6jbQVeqQFW1Yl
AGBf2YRBbqKBTsGWR8Cgrb/Mr4lWOoFguJUIBlHy/lHL3d6sfJYZqQOqy3ZYktfu
lSEn2BQCbZcLQND3wvYToLVhibrhqxregO1NL85yKK6Jvgyy0YEihu29gwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNN8aIoxyUfdaUHUSuAVbFDKOudUMB8GA1UdIwQY
MBaAFCEmlnWs77v4SXseIcpzdkr0qox7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVNhV2RhenZ1X2hKZXg0aHluTjJTdlNxakhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS81YWY2OTktYjFhOS00OWRjLWJkYzkt
MWQ0ZGZiNGY0ODAwLzEvMDN4b2lqSEpSOTFwUWRSSzRCVnNVTW82NTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS81YWY2OTktYjFhOS00OWRjLWJkYzktMWQ0ZGZiNGY0ODAw
LzEvSVNhV2RhenZ1X2hKZXg0aHluTjJTdlNxakhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDTV7wAwQE
T4/QAwQCuQNoMA0EAgACMAcDBQAqABKAMA0GCSqGSIb3DQEBCwUAA4IBAQBCT4mt
6ijs33Xh2A1+AXpT08I5hJtQEMOwnQ0ZSAdISSY3DxYOdtsldEoSkD0Ep0Dyv/gI
msw7Nvl9LoFWvKyYYgeUWC7sksAuv7BJAgDp75NDAg5CVvaE66Kbg91bSdesffps
Lo8gEKOwJ8Neh6/vm9SjIZ69p3RRi6ELPvJqKHBLjLXNSsG2DaGfZsU0nxm8fSsU
9CTkWfssZGmpfUV+Wq37z08inPXpwV5wRR+As7/HfVL4TxqiJ/x5k6iOO6S3Wi2y
yuOPN3Eje2sUK3CDD8FiIhLvfw0szAIz6RPXCZxIBeKv9Kxg5CXahAl9mlmdL2Lq
q1NrAwJepH0Pv5VS
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:02:29 2025 by rpki-client