Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/df4945-f532-4a01-a7fa-53a998de63e3/1/g2pmYdtMoiuQPm1G35LS-gM4tuY.roa
File: g2pmYdtMoiuQPm1G35LS-gM4tuY.roa (raw, json)
Hash identifier: CWDorRb0FA7mvx2YHncFLS9iEAAHLTBxgOQlA6dQKII=
Subject key identifier: 83:6A:66:61:DB:4C:A2:2B:90:3E:6D:46:DF:92:D2:FA:03:38:B6:E6
Certificate issuer: /CN=85e1567b1681833c944a5f2640a9e03be8ef0bf4
Certificate serial: 0197F84E460E1689743B90C89A51FF904143
Authority key identifier: 85:E1:56:7B:16:81:83:3C:94:4A:5F:26:40:A9:E0:3B:E8:EF:0B:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/heFWexaBgzyUSl8mQKngO-jvC_Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2c/df4945-f532-4a01-a7fa-53a998de63e3/1/g2pmYdtMoiuQPm1G35LS-gM4tuY.roa
Signing time: Fri 11 Jul 2025 07:06:08 +0000
ROA not before: Fri 11 Jul 2025 07:06:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42334
IP address blocks: 77.235.128.0/24 maxlen: 24
77.235.129.0/24 maxlen: 24
77.235.130.0/24 maxlen: 24
77.235.131.0/24 maxlen: 24
77.235.132.0/24 maxlen: 24
77.235.133.0/24 maxlen: 24
77.235.134.0/24 maxlen: 24
77.235.135.0/24 maxlen: 24
77.235.136.0/24 maxlen: 24
77.235.137.0/24 maxlen: 24
77.235.138.0/24 maxlen: 24
77.235.139.0/24 maxlen: 24
77.235.140.0/24 maxlen: 24
77.235.141.0/24 maxlen: 24
77.235.142.0/24 maxlen: 24
77.235.143.0/24 maxlen: 24
77.235.144.0/24 maxlen: 24
77.235.145.0/24 maxlen: 24
77.235.146.0/24 maxlen: 24
77.235.147.0/24 maxlen: 24
77.235.148.0/24 maxlen: 24
77.235.149.0/24 maxlen: 24
77.235.150.0/24 maxlen: 24
77.235.151.0/24 maxlen: 24
77.235.152.0/24 maxlen: 24
77.235.153.0/24 maxlen: 24
77.235.154.0/24 maxlen: 24
77.235.155.0/24 maxlen: 24
77.235.156.0/24 maxlen: 24
77.235.157.0/24 maxlen: 24
77.235.158.0/24 maxlen: 24
77.235.159.0/24 maxlen: 24
185.131.36.0/24 maxlen: 24
185.131.37.0/24 maxlen: 24
185.131.38.0/24 maxlen: 24
185.131.39.0/24 maxlen: 24
2a02:4180::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2c/df4945-f532-4a01-a7fa-53a998de63e3/1/heFWexaBgzyUSl8mQKngO-jvC_Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/2c/df4945-f532-4a01-a7fa-53a998de63e3/1/heFWexaBgzyUSl8mQKngO-jvC_Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/heFWexaBgzyUSl8mQKngO-jvC_Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 05:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f8:4e:46:0e:16:89:74:3b:90:c8:9a:51:ff:90:41:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=85e1567b1681833c944a5f2640a9e03be8ef0bf4
Validity
Not Before: Jul 11 07:06:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=836a6661db4ca22b903e6d46df92d2fa0338b6e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:97:c1:6d:6f:e7:6d:a6:49:d5:61:15:62:fd:
97:65:a4:eb:d1:64:07:fe:ec:f5:99:fa:82:57:89:
10:32:57:80:2d:81:8e:ec:8f:70:00:9e:a0:43:33:
b9:00:bf:b8:50:72:45:a5:40:61:b1:da:31:f8:e4:
2a:ac:12:fc:7a:ed:a9:ec:30:10:bc:e6:a7:c3:fb:
32:5a:b2:eb:5e:d8:b6:ed:d2:42:c1:0e:c0:35:e1:
1f:ad:e4:e1:96:91:a9:b9:9a:7a:f4:33:5a:92:52:
8b:0c:15:2b:07:81:7d:22:39:ea:fe:ad:f6:e7:9a:
92:9a:22:17:f5:14:f8:fb:62:6b:9c:ec:52:fd:ef:
ed:03:4f:04:43:77:3c:61:d5:a9:a6:6e:71:bd:de:
20:26:dc:35:12:25:92:19:99:d2:c2:ff:23:8a:7e:
c8:ff:55:4e:b8:01:0b:b2:73:c2:28:cb:32:b8:25:
02:ce:06:ab:2d:6a:8a:e7:36:d3:af:f5:b8:75:08:
c6:ca:89:2c:0d:b9:d6:82:ec:85:b1:2b:db:51:84:
03:06:4e:56:53:6e:b6:6c:3c:f5:31:79:c5:12:41:
43:69:ba:60:9c:1c:74:eb:0f:13:28:da:16:34:c5:
c0:db:35:79:f9:19:e6:c6:0e:18:5b:8f:d3:5a:02:
0d:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:6A:66:61:DB:4C:A2:2B:90:3E:6D:46:DF:92:D2:FA:03:38:B6:E6
X509v3 Authority Key Identifier:
keyid:85:E1:56:7B:16:81:83:3C:94:4A:5F:26:40:A9:E0:3B:E8:EF:0B:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/heFWexaBgzyUSl8mQKngO-jvC_Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/df4945-f532-4a01-a7fa-53a998de63e3/1/g2pmYdtMoiuQPm1G35LS-gM4tuY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/df4945-f532-4a01-a7fa-53a998de63e3/1/heFWexaBgzyUSl8mQKngO-jvC_Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.235.128.0/19
185.131.36.0/22
IPv6:
2a02:4180::/32
Signature Algorithm: sha256WithRSAEncryption
8f:ca:19:c6:4e:be:bc:de:7b:ba:07:4f:92:b1:57:eb:6e:08:
cd:d8:ac:b9:65:0b:ee:dd:d5:88:ff:06:52:fa:18:a2:ef:48:
aa:3f:fc:81:10:d9:04:46:c7:20:31:08:2c:74:da:58:78:db:
d7:d0:79:2b:a8:91:0a:c9:f0:93:07:a9:78:5a:62:d6:89:6d:
d0:36:b1:5f:5a:a1:7b:4f:1e:8d:75:1f:57:24:a3:a8:6a:4f:
67:00:c6:b1:bf:10:34:09:68:83:22:ed:9b:52:77:bc:c1:87:
07:bf:20:38:51:c9:1b:fe:f7:43:88:56:83:9f:2d:e3:12:67:
94:d5:91:14:c8:1a:47:bd:25:db:51:6b:53:c9:2c:c3:ac:f5:
3d:17:b4:da:ad:1b:0d:3a:29:fa:25:35:fd:59:fb:68:c8:84:
e1:29:83:60:3a:85:d0:01:a0:9a:ed:79:70:b8:e8:21:80:15:
94:f2:bf:2f:49:de:01:a2:e2:eb:14:c1:d6:d0:fd:49:d1:b2:
41:87:cf:b6:ed:f5:77:57:e7:c4:55:32:60:11:a4:56:8d:47:
fa:cf:5d:c8:03:32:08:e8:18:2b:ac:24:16:7a:ed:9b:e9:f8:
ef:4c:fa:b3:d6:02:4b:f4:8d:65:72:94:d3:a4:6e:40:ff:24:
32:d3:e7:aa
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZf4TkYOFol0O5DImlH/kEFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZTE1NjdiMTY4MTgzM2M5NDRhNWYyNjQwYTllMDNiZThl
ZjBiZjQwHhcNMjUwNzExMDcwNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzZhNjY2MWRiNGNhMjJiOTAzZTZkNDZkZjkyZDJmYTAzMzhiNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5fBbW/nbaZJ1WEVYv2XZaTr0WQH
/uz1mfqCV4kQMleALYGO7I9wAJ6gQzO5AL+4UHJFpUBhsdox+OQqrBL8eu2p7DAQ
vOanw/syWrLrXti27dJCwQ7ANeEfreThlpGpuZp69DNaklKLDBUrB4F9Ijnq/q32
55qSmiIX9RT4+2JrnOxS/e/tA08EQ3c8YdWppm5xvd4gJtw1EiWSGZnSwv8jin7I
/1VOuAELsnPCKMsyuCUCzgarLWqK5zbTr/W4dQjGyoksDbnWguyFsSvbUYQDBk5W
U262bDz1MXnFEkFDabpgnBx06w8TKNoWNMXA2zV5+Rnmxg4YW4/TWgINUwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFINqZmHbTKIrkD5tRt+S0voDOLbmMB8GA1UdIwQY
MBaAFIXhVnsWgYM8lEpfJkCp4Dvo7wv0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVGV2V4YUJnenlVU2w4bVFLbmdPLWp2Q19RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9kZjQ5NDUtZjUzMi00YTAxLWE3ZmEt
NTNhOTk4ZGU2M2UzLzEvZzJwbVlkdE1vaXVRUG0xRzM1TFMtZ000dHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9kZjQ5NDUtZjUzMi00YTAxLWE3ZmEtNTNhOTk4ZGU2M2Uz
LzEvaGVGV2V4YUJnenlVU2w4bVFLbmdPLWp2Q19RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFTeuAAwQC
uYMkMA0EAgACMAcDBQAqAkGAMA0GCSqGSIb3DQEBCwUAA4IBAQCPyhnGTr683nu6
B0+SsVfrbgjN2Ky5ZQvu3dWI/wZS+hii70iqP/yBENkERscgMQgsdNpYeNvX0Hkr
qJEKyfCTB6l4WmLWiW3QNrFfWqF7Tx6NdR9XJKOoak9nAMaxvxA0CWiDIu2bUne8
wYcHvyA4Uckb/vdDiFaDny3jEmeU1ZEUyBpHvSXbUWtTySzDrPU9F7TarRsNOin6
JTX9WftoyIThKYNgOoXQAaCa7XlwuOghgBWU8r8vSd4BouLrFMHW0P1J0bJBh8+2
7fV3V+fEVTJgEaRWjUf6z13IAzII6BgrrCQWeu2b6fjvTPqz1gJL9I1lcpTTpG5A
/yQy0+eq
-----END CERTIFICATE-----
Generated at Sun Jul 27 13:08:21 2025 by rpki-client