Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/od9af71GeQfA9Hxa-pUi9HfyQbQ.roa
File: od9af71GeQfA9Hxa-pUi9HfyQbQ.roa (raw, json)
Hash identifier: XWeJ2o3YIDMGq+Gf7bx+E7FN5efcdXQkm09+SRPSSXw=
Subject key identifier: A1:DF:5A:7F:BD:46:79:07:C0:F4:7C:5A:FA:95:22:F4:77:F2:41:B4
Certificate issuer: /CN=29993007c7c92df6178e7cb43183fd7f52a526d8
Certificate serial: 0197EB08C22D25779A6F1157CE016C20EEFF
Authority key identifier: 29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/od9af71GeQfA9Hxa-pUi9HfyQbQ.roa
Signing time: Tue 08 Jul 2025 17:15:09 +0000
ROA not before: Tue 08 Jul 2025 17:15:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214381
IP address blocks: 37.77.18.0/24 maxlen: 24
37.77.19.0/24 maxlen: 24
37.77.20.0/24 maxlen: 24
37.77.21.0/24 maxlen: 24
37.77.22.0/24 maxlen: 24
37.77.23.0/24 maxlen: 24
37.77.24.0/24 maxlen: 24
37.77.25.0/24 maxlen: 24
37.77.26.0/24 maxlen: 24
37.77.27.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 11:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:eb:08:c2:2d:25:77:9a:6f:11:57:ce:01:6c:20:ee:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29993007c7c92df6178e7cb43183fd7f52a526d8
Validity
Not Before: Jul 8 17:15:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a1df5a7fbd467907c0f47c5afa9522f477f241b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:54:24:4c:53:92:f7:c6:6f:f1:c2:f9:f8:3c:
a2:38:f7:cb:a3:da:98:3b:6c:ae:de:26:52:f1:ac:
53:f2:fa:23:33:f0:09:b6:cd:92:cf:7d:51:d7:50:
b8:67:18:03:c8:3d:76:fe:be:75:31:b6:56:26:a9:
5d:5a:0e:bc:53:e2:99:54:48:af:13:14:46:47:21:
e3:99:e7:64:b8:56:63:cb:82:75:65:b8:6a:f4:b3:
76:8f:d2:fa:9b:78:53:c2:1a:d1:66:d5:32:f3:12:
bb:98:85:96:1b:b4:f7:00:e3:c2:14:af:7a:88:52:
1b:12:59:8f:7c:ec:74:1e:e0:9b:73:f3:92:87:3f:
7a:3d:f0:c7:0b:f2:69:8f:df:0b:b0:e8:30:63:50:
e3:22:96:85:8c:92:c2:26:98:43:d7:02:ca:9e:2d:
de:80:96:36:f3:ca:1c:7b:31:e2:77:f2:fa:dd:81:
3e:ae:3f:5a:b0:ac:b8:5e:a9:db:04:0d:76:e7:04:
ae:89:7d:e9:e0:39:70:39:dd:d3:a3:24:52:b1:1f:
d5:2e:98:54:9a:83:8d:42:1c:d9:27:d2:2d:8c:6a:
e7:74:78:57:08:ef:79:09:f4:6f:e2:fd:6c:cd:b1:
fc:e4:21:d6:41:f2:26:73:82:2a:55:be:04:83:3b:
e3:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:DF:5A:7F:BD:46:79:07:C0:F4:7C:5A:FA:95:22:F4:77:F2:41:B4
X509v3 Authority Key Identifier:
keyid:29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/od9af71GeQfA9Hxa-pUi9HfyQbQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.77.18.0-37.77.27.255
Signature Algorithm: sha256WithRSAEncryption
73:1c:cb:7d:33:f2:1b:84:63:7b:4c:ae:07:69:12:77:14:7f:
78:e8:e7:fc:9d:07:7a:4a:68:76:eb:84:c4:6d:e5:94:2a:4e:
63:6a:d9:e7:25:9a:bb:a8:90:2e:01:75:c5:8a:e4:1c:a7:44:
78:90:88:80:3e:1e:8c:1b:75:75:49:bd:d2:af:a9:42:32:25:
1c:54:5b:26:bf:e7:f0:81:aa:51:1c:04:67:dd:31:e9:e1:fd:
0e:5c:1f:41:79:2f:67:93:d5:df:7a:df:53:a7:87:f5:17:9d:
84:57:11:d0:20:dc:4a:9c:00:71:d0:d0:79:10:04:80:ff:f4:
43:b0:3e:89:dd:69:5f:2f:08:55:9e:36:52:92:04:0d:25:49:
f4:2a:42:ee:2f:12:d1:06:94:7e:9d:de:16:43:31:99:03:36:
3e:74:db:d9:b9:a1:29:f3:9d:c7:06:86:c7:d5:cb:84:10:ae:
7e:bf:af:e3:8f:da:e6:65:06:9e:b1:cb:2a:09:fd:34:f7:12:
cb:0d:53:44:df:b9:0e:2a:48:c2:56:12:2c:3b:a4:9f:07:0f:
86:ae:a5:a5:69:d6:4d:0e:e3:10:01:89:9a:8e:49:02:f9:31:
0b:6b:9d:04:a4:ba:18:54:d5:b8:a8:98:76:f8:eb:13:01:36:
c6:57:fc:0e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZfrCMItJXeabxFXzgFsIO7/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5OTkzMDA3YzdjOTJkZjYxNzhlN2NiNDMxODNmZDdmNTJh
NTI2ZDgwHhcNMjUwNzA4MTcxNTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWRmNWE3ZmJkNDY3OTA3YzBmNDdjNWFmYTk1MjJmNDc3ZjI0MWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFQkTFOS98Zv8cL5+DyiOPfLo9qY
O2yu3iZS8axT8vojM/AJts2Sz31R11C4ZxgDyD12/r51MbZWJqldWg68U+KZVEiv
ExRGRyHjmedkuFZjy4J1Zbhq9LN2j9L6m3hTwhrRZtUy8xK7mIWWG7T3AOPCFK96
iFIbElmPfOx0HuCbc/OShz96PfDHC/Jpj98LsOgwY1DjIpaFjJLCJphD1wLKni3e
gJY288ocezHid/L63YE+rj9asKy4XqnbBA125wSuiX3p4DlwOd3ToyRSsR/VLphU
moONQhzZJ9ItjGrndHhXCO95CfRv4v1szbH85CHWQfImc4IqVb4EgzvjbwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKHfWn+9RnkHwPR8WvqVIvR38kG0MB8GA1UdIwQY
MBaAFCmZMAfHyS32F458tDGD/X9SpSbYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODkt
MWU4MjlmZmExYzNhLzEvb2Q5YWY3MUdlUWZBOUh4YS1wVWk5SGZ5UWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODktMWU4MjlmZmExYzNh
LzEvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAElTRID
BAIlTRgwDQYJKoZIhvcNAQELBQADggEBAHMcy30z8huEY3tMrgdpEncUf3jo5/yd
B3pKaHbrhMRt5ZQqTmNq2eclmruokC4BdcWK5BynRHiQiIA+HowbdXVJvdKvqUIy
JRxUWya/5/CBqlEcBGfdMenh/Q5cH0F5L2eT1d9631Onh/UXnYRXEdAg3EqcAHHQ
0HkQBID/9EOwPondaV8vCFWeNlKSBA0lSfQqQu4vEtEGlH6d3hZDMZkDNj5029m5
oSnznccGhsfVy4QQrn6/r+OP2uZlBp6xyyoJ/TT3EssNU0TfuQ4qSMJWEiw7pJ8H
D4aupaVp1k0O4xABiZqOSQL5MQtrnQSkuhhU1biomHb46xMBNsZX/A4=
-----END CERTIFICATE-----
Generated at Sat Jul 26 20:29:59 2025 by rpki-client