Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/SXkpqaXeErUr75MdUiQzroIG9Oo.roa
File: SXkpqaXeErUr75MdUiQzroIG9Oo.roa (raw, json)
Hash identifier: xM+1yL5RuBInEIVQwffofhGJw/eL/kHP90mqlK8dxFE=
Subject key identifier: 49:79:29:A9:A5:DE:12:B5:2B:EF:93:1D:52:24:33:AE:82:06:F4:EA
Certificate issuer: /CN=07afdcd5e97ac1c102479c954d5f922b126cbc14
Certificate serial: 0199DD8EF8802999762CD4C248F3912CA62D
Authority key identifier: 07:AF:DC:D5:E9:7A:C1:C1:02:47:9C:95:4D:5F:92:2B:12:6C:BC:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/SXkpqaXeErUr75MdUiQzroIG9Oo.roa
Signing time: Mon 13 Oct 2025 12:32:38 +0000
ROA not before: Mon 13 Oct 2025 12:32:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42337
IP address blocks: 77.237.64.0/19 maxlen: 19
77.237.65.0/24 maxlen: 24
77.237.68.0/24 maxlen: 24
77.237.69.0/24 maxlen: 24
77.237.70.0/24 maxlen: 24
77.237.72.0/24 maxlen: 24
77.237.74.0/24 maxlen: 24
77.237.75.0/24 maxlen: 24
77.237.76.0/24 maxlen: 24
77.237.77.0/24 maxlen: 24
77.237.78.0/23 maxlen: 23
77.237.78.0/24 maxlen: 24
77.237.80.0/20 maxlen: 20
77.237.80.0/24 maxlen: 24
77.237.81.0/24 maxlen: 24
77.237.82.0/24 maxlen: 24
77.237.83.0/24 maxlen: 24
77.237.84.0/23 maxlen: 24
77.237.84.0/24 maxlen: 24
77.237.85.0/24 maxlen: 24
77.237.87.0/24 maxlen: 24
77.237.88.0/24 maxlen: 24
77.237.89.0/24 maxlen: 24
77.237.91.0/24 maxlen: 24
77.237.94.0/24 maxlen: 24
77.237.95.0/24 maxlen: 24
92.242.192.0/19 maxlen: 19
92.242.192.0/23 maxlen: 23
92.242.192.0/24 maxlen: 24
92.242.193.0/24 maxlen: 24
92.242.194.0/24 maxlen: 24
92.242.195.0/24 maxlen: 24
92.242.198.0/24 maxlen: 24
92.242.200.0/21 maxlen: 21
92.242.201.0/24 maxlen: 24
92.242.202.0/23 maxlen: 23
92.242.202.0/24 maxlen: 24
92.242.203.0/24 maxlen: 24
92.242.204.0/24 maxlen: 24
92.242.205.0/24 maxlen: 24
92.242.206.0/24 maxlen: 24
92.242.207.0/24 maxlen: 24
92.242.208.0/20 maxlen: 20
92.242.208.0/24 maxlen: 24
92.242.210.0/23 maxlen: 23
92.242.210.0/24 maxlen: 24
92.242.211.0/24 maxlen: 24
92.242.212.0/22 maxlen: 22
92.242.214.0/24 maxlen: 24
92.242.215.0/24 maxlen: 24
92.242.220.0/24 maxlen: 24
92.242.223.0/24 maxlen: 24
185.14.160.0/22 maxlen: 22
185.14.160.0/24 maxlen: 24
185.14.163.0/24 maxlen: 24
185.225.240.0/24 maxlen: 24
185.225.241.0/24 maxlen: 24
185.225.242.0/23 maxlen: 23
185.225.242.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:dd:8e:f8:80:29:99:76:2c:d4:c2:48:f3:91:2c:a6:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=07afdcd5e97ac1c102479c954d5f922b126cbc14
Validity
Not Before: Oct 13 12:32:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=497929a9a5de12b52bef931d522433ae8206f4ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:0a:b0:07:2c:c6:19:a3:70:53:9b:de:10:83:
99:56:ed:db:c1:80:9c:14:e2:e5:fd:0f:66:b2:f2:
ec:a0:c7:81:47:af:98:a8:c9:9b:d9:63:d0:e5:19:
76:d5:a9:6c:25:74:6e:7c:1e:05:6d:7d:b5:c5:79:
6b:47:87:cc:77:4c:7b:2f:ee:2c:36:91:01:e1:18:
03:9f:3b:38:9d:b8:99:6b:b9:b2:f7:6f:d1:6f:a4:
bf:fe:70:4d:22:e8:ed:42:49:76:c0:de:8f:37:d1:
7a:6a:cc:f8:b0:ba:66:25:34:58:f8:7c:e6:7d:0e:
b7:de:f4:01:e4:5f:27:36:7d:ba:cb:63:47:ca:89:
3f:58:e5:f0:e3:cb:d0:69:e8:b1:07:01:50:e5:a1:
dd:a6:13:59:09:35:fe:dc:3e:49:cc:5e:36:4f:10:
9c:79:c2:d5:a4:09:4b:64:c1:4c:d7:5d:b4:d8:e3:
21:3a:69:49:1e:89:d5:ba:5b:f5:be:b9:9e:5b:05:
29:2b:8f:4c:fb:e9:56:ee:d9:a3:16:7a:65:8a:dd:
e6:00:77:73:b8:3d:67:1a:51:5a:40:51:91:68:37:
48:e8:9d:84:45:05:17:91:41:a6:fe:3c:d2:42:a4:
29:70:11:da:0f:f7:f4:c5:3f:ce:2b:e1:ee:2a:8b:
f6:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:79:29:A9:A5:DE:12:B5:2B:EF:93:1D:52:24:33:AE:82:06:F4:EA
X509v3 Authority Key Identifier:
keyid:07:AF:DC:D5:E9:7A:C1:C1:02:47:9C:95:4D:5F:92:2B:12:6C:BC:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/SXkpqaXeErUr75MdUiQzroIG9Oo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.237.64.0/19
92.242.192.0/19
185.14.160.0/22
185.225.240.0/22
Signature Algorithm: sha256WithRSAEncryption
ce:1b:36:99:8b:51:1b:d5:22:25:70:6c:df:03:2e:38:9b:6c:
9c:e1:de:54:24:3f:2b:68:7c:36:46:bc:0b:c2:c5:9c:2f:de:
f9:69:9f:55:2f:47:fa:63:c7:8c:6d:36:f5:1b:ad:a0:db:b5:
81:b6:49:b1:33:e4:38:38:1e:57:a3:b8:10:9f:3f:b3:e9:66:
e7:82:73:6c:05:e9:89:30:4f:b7:6e:b8:6c:38:d4:91:bb:d7:
9d:2c:e1:4d:29:b4:b0:91:eb:21:13:ae:37:37:87:34:bb:bd:
e6:9c:cb:31:1d:d0:37:de:a8:3f:ac:52:7d:3f:d0:51:45:41:
95:34:97:a5:db:7a:ae:88:d2:c5:87:da:f5:01:ae:70:d1:1f:
68:d8:ba:53:44:b1:21:a7:6a:f3:53:45:2d:60:13:56:bd:12:
c4:83:ae:70:48:b8:53:d1:c3:f2:17:f4:e0:7f:7f:c7:3b:04:
10:78:73:29:1f:f3:6b:dd:a0:b6:26:de:54:e5:6e:38:5c:a1:
98:0f:72:50:56:5e:83:7a:66:05:06:b0:6f:1c:d1:97:fc:f8:
6c:a1:43:af:17:71:f0:04:d5:09:f5:11:80:8e:36:67:e8:52:
46:cd:a1:e1:4b:98:f8:67:ff:7a:3b:4c:b0:9f:71:be:c3:c7:
a9:96:b2:ea
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZndjviAKZl2LNTCSPORLKYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YWZkY2Q1ZTk3YWMxYzEwMjQ3OWM5NTRkNWY5MjJiMTI2
Y2JjMTQwHhcNMjUxMDEzMTIzMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTc5MjlhOWE1ZGUxMmI1MmJlZjkzMWQ1MjI0MzNhZTgyMDZmNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQqwByzGGaNwU5veEIOZVu3bwYCc
FOLl/Q9msvLsoMeBR6+YqMmb2WPQ5Rl21alsJXRufB4FbX21xXlrR4fMd0x7L+4s
NpEB4RgDnzs4nbiZa7my92/Rb6S//nBNIujtQkl2wN6PN9F6asz4sLpmJTRY+Hzm
fQ633vQB5F8nNn26y2NHyok/WOXw48vQaeixBwFQ5aHdphNZCTX+3D5JzF42TxCc
ecLVpAlLZMFM11202OMhOmlJHonVulv1vrmeWwUpK49M++lW7tmjFnplit3mAHdz
uD1nGlFaQFGRaDdI6J2ERQUXkUGm/jzSQqQpcBHaD/f0xT/OK+HuKov2awIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEl5Kaml3hK1K++THVIkM66CBvTqMB8GA1UdIwQY
MBaAFAev3NXpesHBAkeclU1fkisSbLwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZfYzFlbDZ3Y0VDUjV5VlRWLVNLeEpzdkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8wZTI3NDQtZjY0Ni00NDI5LWEyNWEt
ZmY2ODUxNzc3MGU0LzEvU1hrcHFhWGVFclVyNzVNZFVpUXpyb0lHOU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8wZTI3NDQtZjY0Ni00NDI5LWEyNWEtZmY2ODUxNzc3MGU0
LzEvQjZfYzFlbDZ3Y0VDUjV5VlRWLVNLeEpzdkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQFTe1AAwQF
XPLAAwQCuQ6gAwQCueHwMA0GCSqGSIb3DQEBCwUAA4IBAQDOGzaZi1Eb1SIlcGzf
Ay44m2yc4d5UJD8raHw2RrwLwsWcL975aZ9VL0f6Y8eMbTb1G62g27WBtkmxM+Q4
OB5Xo7gQnz+z6WbngnNsBemJME+3brhsONSRu9edLOFNKbSwkeshE643N4c0u73m
nMsxHdA33qg/rFJ9P9BRRUGVNJel23quiNLFh9r1Aa5w0R9o2LpTRLEhp2rzU0Ut
YBNWvRLEg65wSLhT0cPyF/Tgf3/HOwQQeHMpH/Nr3aC2Jt5U5W44XKGYD3JQVl6D
emYFBrBvHNGX/PhsoUOvF3HwBNUJ9RGAjjZn6FJGzaHhS5j4Z/96O0ywn3G+w8ep
lrLq
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:30:29 2025 by rpki-client