Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/KFrROomQMJBnIrzsgZU84yvQLdQ.roa
File: KFrROomQMJBnIrzsgZU84yvQLdQ.roa (raw, json)
Hash identifier: CshrhqcbJrkLcDCTTw3Y7CjvQ9onI+0d2hk5a/aWW9U=
Subject key identifier: 28:5A:D1:3A:89:90:30:90:67:22:BC:EC:81:95:3C:E3:2B:D0:2D:D4
Certificate issuer: /CN=fde76ca85e96541a5add3cacaf1e5e114faa47ef
Certificate serial: 0197F32B931C07B2411B4173C6A84733F718
Authority key identifier: FD:E7:6C:A8:5E:96:54:1A:5A:DD:3C:AC:AF:1E:5E:11:4F:AA:47:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_edsqF6WVBpa3Tysrx5eEU-qR-8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/KFrROomQMJBnIrzsgZU84yvQLdQ.roa
Signing time: Thu 10 Jul 2025 07:10:08 +0000
ROA not before: Thu 10 Jul 2025 07:10:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43370
IP address blocks: 37.46.48.0/22 maxlen: 22
37.77.128.0/24 maxlen: 24
37.221.202.0/24 maxlen: 24
37.221.207.0/24 maxlen: 24
46.34.130.0/23 maxlen: 23
46.34.146.0/23 maxlen: 23
62.32.78.0/24 maxlen: 24
62.32.84.0/23 maxlen: 23
62.32.92.0/23 maxlen: 23
79.142.93.0/24 maxlen: 24
79.142.94.0/23 maxlen: 23
95.161.184.0/22 maxlen: 22
95.161.196.0/22 maxlen: 22
95.161.224.0/22 maxlen: 22
178.16.157.0/24 maxlen: 24
185.244.132.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/_edsqF6WVBpa3Tysrx5eEU-qR-8.crl
rsync://rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/_edsqF6WVBpa3Tysrx5eEU-qR-8.mft
rsync://rpki.ripe.net/repository/DEFAULT/_edsqF6WVBpa3Tysrx5eEU-qR-8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 06:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f3:2b:93:1c:07:b2:41:1b:41:73:c6:a8:47:33:f7:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fde76ca85e96541a5add3cacaf1e5e114faa47ef
Validity
Not Before: Jul 10 07:10:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=285ad13a899030906722bcec81953ce32bd02dd4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:5c:cb:e5:2e:bd:d6:53:61:b0:39:4c:9a:da:
d8:fd:61:0f:26:c1:5e:89:80:36:3c:37:cf:ef:03:
3d:fb:56:c8:3c:c7:79:10:7f:3a:1d:4d:1d:60:5d:
b7:f7:40:9e:35:f7:90:f9:85:76:8a:6d:d6:30:a4:
60:8f:68:9d:a9:ad:2c:eb:16:b3:eb:68:89:5f:97:
09:7b:34:fb:8e:b3:ff:eb:16:5c:a9:16:41:e9:0f:
07:c8:d7:2d:9b:ce:c5:21:e1:d9:5a:64:0a:15:13:
bd:f6:b0:b2:04:92:14:c8:03:73:9b:13:94:9d:72:
c7:fa:cd:80:ec:64:8d:35:3f:e3:29:38:f7:bb:67:
36:55:c4:84:f6:21:86:2e:a0:0d:94:31:fc:9b:4f:
c3:2d:11:5e:4d:01:86:91:de:42:0a:27:8a:a1:c9:
ee:6c:5e:e1:f5:1d:02:c5:94:9f:2b:50:88:e3:76:
e8:b7:ed:54:5e:8b:a1:5f:bc:ea:05:60:c8:33:32:
e7:ef:bc:59:8f:86:7d:31:46:0a:42:a1:1a:2a:b1:
a9:71:5a:79:11:bc:f3:6e:17:37:8f:ac:73:4b:3b:
77:08:e8:a0:2a:14:3d:3f:f8:51:27:8b:d8:ba:0c:
a5:f9:ff:92:ac:1f:ac:73:0b:f2:d8:f4:48:5b:81:
08:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:5A:D1:3A:89:90:30:90:67:22:BC:EC:81:95:3C:E3:2B:D0:2D:D4
X509v3 Authority Key Identifier:
keyid:FD:E7:6C:A8:5E:96:54:1A:5A:DD:3C:AC:AF:1E:5E:11:4F:AA:47:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_edsqF6WVBpa3Tysrx5eEU-qR-8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/KFrROomQMJBnIrzsgZU84yvQLdQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/_edsqF6WVBpa3Tysrx5eEU-qR-8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.46.48.0/22
37.77.128.0/24
37.221.202.0/24
37.221.207.0/24
46.34.130.0/23
46.34.146.0/23
62.32.78.0/24
62.32.84.0/23
62.32.92.0/23
79.142.93.0-79.142.95.255
95.161.184.0/22
95.161.196.0/22
95.161.224.0/22
178.16.157.0/24
185.244.132.0/22
Signature Algorithm: sha256WithRSAEncryption
01:87:32:03:58:31:b6:75:61:34:24:b4:84:a7:45:85:d4:59:
5c:71:e7:e8:2c:40:b3:99:f1:87:7d:15:7c:23:4f:1c:61:e3:
70:e7:bf:af:0f:2d:ea:4e:5e:c1:0a:e8:40:42:a4:02:32:f2:
e9:83:fe:b4:38:17:c7:91:b4:fa:b9:d1:e0:aa:5f:41:72:c8:
e7:90:9b:4e:ec:d8:40:65:a4:9f:8b:bf:99:52:aa:1f:34:ce:
99:da:5e:fc:a0:f2:f1:22:f2:68:a2:c8:40:1f:fc:19:4b:dd:
d9:b7:1e:73:b3:eb:2b:78:1e:ce:86:6f:6b:95:f6:7a:fd:fd:
c6:f5:d6:2d:87:8d:48:54:c1:17:78:4c:81:64:ad:8d:a4:f9:
bd:63:4a:59:2e:a4:a7:11:d5:3f:d6:69:35:b0:f3:68:e4:b3:
90:94:4c:ff:5e:c8:77:cc:5c:c5:fd:bf:66:4b:9c:88:e0:39:
fb:fe:2e:cc:f8:da:f0:f1:70:d4:53:a8:51:3c:c1:a2:ea:b1:
1c:2d:3f:14:c6:a5:b9:c9:3b:c6:da:ad:95:c2:12:c7:c8:12:
80:5d:33:de:a4:3a:6d:f5:9d:c1:94:4e:19:7a:0a:ed:ce:56:
03:64:d9:c8:87:b0:3d:6f:e8:e5:da:96:02:f7:77:50:3c:91:
b4:d0:e1:1e
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAZfzK5McB7JBG0FzxqhHM/cYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZTc2Y2E4NWU5NjU0MWE1YWRkM2NhY2FmMWU1ZTExNGZh
YTQ3ZWYwHhcNMjUwNzEwMDcxMDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODVhZDEzYTg5OTAzMDkwNjcyMmJjZWM4MTk1M2NlMzJiZDAyZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1zL5S691lNhsDlMmtrY/WEPJsFe
iYA2PDfP7wM9+1bIPMd5EH86HU0dYF2390CeNfeQ+YV2im3WMKRgj2idqa0s6xaz
62iJX5cJezT7jrP/6xZcqRZB6Q8HyNctm87FIeHZWmQKFRO99rCyBJIUyANzmxOU
nXLH+s2A7GSNNT/jKTj3u2c2VcSE9iGGLqANlDH8m0/DLRFeTQGGkd5CCieKocnu
bF7h9R0CxZSfK1CI43bot+1UXouhX7zqBWDIMzLn77xZj4Z9MUYKQqEaKrGpcVp5
Ebzzbhc3j6xzSzt3COigKhQ9P/hRJ4vYugyl+f+SrB+scwvy2PRIW4EI5QIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFCha0TqJkDCQZyK87IGVPOMr0C3UMB8GA1UdIwQY
MBaAFP3nbKhellQaWt08rK8eXhFPqkfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2Vkc3FGNldWQnBhM1R5c3J4NWVFVS1xUi04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9mODUyYWMtOWU5OC00NWI3LTg3N2Yt
MjI5ZTJjYjBmNjZjLzEvS0ZyUk9vbVFNSkJuSXJ6c2daVTg0eXZRTGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9mODUyYWMtOWU5OC00NWI3LTg3N2YtMjI5ZTJjYjBmNjZj
LzEvX2Vkc3FGNldWQnBhM1R5c3J4NWVFVS1xUi04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQCJS4wAwQA
JU2AAwQAJd3KAwQAJd3PAwQBLiKCAwQBLiKSAwQAPiBOAwQBPiBUAwQBPiBcMAwD
BABPjl0DBAVPjkADBAJfobgDBAJfocQDBAJfoeADBACyEJ0DBAK59IQwDQYJKoZI
hvcNAQELBQADggEBAAGHMgNYMbZ1YTQktISnRYXUWVxx5+gsQLOZ8Yd9FXwjTxxh
43Dnv68PLepOXsEK6EBCpAIy8umD/rQ4F8eRtPq50eCqX0FyyOeQm07s2EBlpJ+L
v5lSqh80zpnaXvyg8vEi8miiyEAf/BlL3dm3HnOz6yt4Hs6Gb2uV9nr9/cb11i2H
jUhUwRd4TIFkrY2k+b1jSlkupKcR1T/WaTWw82jks5CUTP9eyHfMXMX9v2ZLnIjg
Ofv+Lsz42vDxcNRTqFE8waLqsRwtPxTGpbnJO8barZXCEsfIEoBdM96kOm31ncGU
Thl6Cu3OVgNk2ciHsD1v6OXalgL3d1A8kbTQ4R4=
-----END CERTIFICATE-----
Generated at Sat Jul 26 14:49:40 2025 by rpki-client