Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3cSxaOlRCRqV_UjrirTSav-gPSE.roa
File: 3cSxaOlRCRqV_UjrirTSav-gPSE.roa (raw, json)
Hash identifier: HPCbE1z6//7A2Z4Y2u5Bfj49kqBcmczFKqHL+M0TrsA=
Subject key identifier: DD:C4:B1:68:E9:51:09:1A:95:FD:48:EB:8A:B4:D2:6A:FF:A0:3D:21
Certificate issuer: /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial: 01981F2269AF26E7A5D87F7D05EAC1088D63
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3cSxaOlRCRqV_UjrirTSav-gPSE.roa
Signing time: Fri 18 Jul 2025 20:03:25 +0000
ROA not before: Fri 18 Jul 2025 20:03:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42821
IP address blocks: 77.90.128.0/24 maxlen: 24
77.90.129.0/24 maxlen: 24
77.90.130.0/24 maxlen: 24
77.90.132.0/24 maxlen: 24
77.90.133.0/24 maxlen: 24
77.90.134.0/24 maxlen: 24
77.90.136.0/24 maxlen: 24
77.90.137.0/24 maxlen: 24
77.90.139.0/24 maxlen: 24
77.90.140.0/24 maxlen: 24
77.90.143.0/24 maxlen: 24
77.90.144.0/24 maxlen: 24
77.90.146.0/24 maxlen: 24
77.90.147.0/24 maxlen: 24
77.90.151.0/24 maxlen: 24
185.230.13.0/24 maxlen: 24
185.230.15.0/24 maxlen: 24
213.209.138.0/24 maxlen: 24
213.209.146.0/24 maxlen: 24
2a04:29c2::/32 maxlen: 32
2a04:29c7::/32 maxlen: 32
2a04:29c7:1280:24::/64 maxlen: 64
2a04:29c7:1280:27::/64 maxlen: 64
2a04:29c7:1290:24::/64 maxlen: 64
2a04:29c7:1300:24::/64 maxlen: 64
2a04:29c7:1371:6027::/64 maxlen: 64
2a04:29c7:1420::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 17:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:1f:22:69:af:26:e7:a5:d8:7f:7d:05:ea:c1:08:8d:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Validity
Not Before: Jul 18 20:03:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ddc4b168e951091a95fd48eb8ab4d26affa03d21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:c2:de:a8:fe:ea:07:74:5a:17:42:1a:39:d8:
4e:09:f8:be:4f:67:69:9f:3e:19:20:62:d0:25:9b:
1d:a2:a5:5a:10:45:5e:5c:26:66:ca:c7:63:5d:19:
3b:d9:81:56:90:95:f8:08:32:f7:b2:d4:01:be:1f:
0e:33:0d:97:84:c1:df:02:83:eb:41:19:31:1e:01:
b6:7c:29:71:e9:b8:5a:47:80:fa:fb:3f:82:f9:14:
29:95:66:66:93:2a:6e:62:78:b2:b9:d6:c2:77:a0:
67:70:f5:37:99:fb:5a:8d:e4:15:df:5d:ba:17:56:
73:60:32:c1:71:9c:c1:45:77:97:9f:9e:eb:e9:83:
dc:15:d7:82:d1:f1:08:1f:4f:c3:7c:99:e7:04:96:
2c:30:cf:bc:20:3a:33:c8:38:27:d0:6f:4f:18:6f:
12:92:3c:84:8d:53:4a:07:c1:b6:db:30:8e:4d:7a:
ce:da:87:54:ae:e1:08:73:c2:28:8c:ee:23:08:f1:
dd:ae:9b:51:18:e8:16:ab:b1:bc:db:75:5b:d4:15:
15:ff:a8:4e:ad:5c:23:a8:c5:80:17:cc:ac:72:0b:
61:51:98:f8:4b:f4:d4:07:ab:b3:e8:71:44:d2:cc:
0c:8f:e2:c9:5c:9d:f5:53:4d:83:9e:31:56:8a:ca:
6d:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:C4:B1:68:E9:51:09:1A:95:FD:48:EB:8A:B4:D2:6A:FF:A0:3D:21
X509v3 Authority Key Identifier:
keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3cSxaOlRCRqV_UjrirTSav-gPSE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.90.128.0-77.90.130.255
77.90.132.0-77.90.134.255
77.90.136.0/23
77.90.139.0-77.90.140.255
77.90.143.0-77.90.144.255
77.90.146.0/23
77.90.151.0/24
185.230.13.0/24
185.230.15.0/24
213.209.138.0/24
213.209.146.0/24
IPv6:
2a04:29c2::/32
2a04:29c7::/32
Signature Algorithm: sha256WithRSAEncryption
5c:a3:09:05:2f:50:4f:17:e5:6d:71:60:fb:8e:25:c9:e8:8b:
88:ec:cf:e5:13:a7:e0:94:48:9f:a1:0d:36:b6:78:1b:a9:92:
a7:f1:9a:2c:a9:5b:c3:dd:8e:f7:d7:3a:9d:4f:f6:d9:62:57:
e5:bf:7d:b7:61:12:81:62:56:75:ec:b0:30:47:3e:2f:8b:f7:
5e:c5:d6:50:e0:08:77:92:cc:71:d3:60:e3:b9:74:cf:69:87:
ea:fd:ec:bb:fa:ed:24:43:dd:e9:7e:81:c5:19:e4:8a:7e:40:
5c:ad:52:bf:30:19:76:5b:f8:87:5f:97:26:47:bf:dd:73:6d:
88:93:31:fe:e0:59:89:b0:ce:8c:3f:6b:9c:87:45:b1:8a:1e:
ef:2a:84:65:33:be:53:b6:7b:5d:cf:fd:af:9c:82:b5:a5:f6:
2d:f7:55:8c:74:9d:03:49:65:15:e8:9b:5f:ec:9e:e0:01:50:
ca:3a:00:35:65:6f:57:58:04:bd:ec:8b:09:e8:6d:0b:85:86:
67:11:7a:c1:f0:47:2e:18:d8:df:5e:c6:af:64:f0:48:20:2d:
30:88:92:b6:74:53:6e:70:b8:b6:ff:ab:ab:50:39:5f:36:10:
c4:48:5b:64:7b:c5:8e:cd:e3:3b:95:14:1c:21:3a:cf:55:ed:
67:c9:95:64
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAZgfImmvJuel2H99BerBCI1jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUwNzE4MjAwMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGM0YjE2OGU5NTEwOTFhOTVmZDQ4ZWI4YWI0ZDI2YWZmYTAzZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8LeqP7qB3RaF0IaOdhOCfi+T2dp
nz4ZIGLQJZsdoqVaEEVeXCZmysdjXRk72YFWkJX4CDL3stQBvh8OMw2XhMHfAoPr
QRkxHgG2fClx6bhaR4D6+z+C+RQplWZmkypuYniyudbCd6BncPU3mftajeQV3126
F1ZzYDLBcZzBRXeXn57r6YPcFdeC0fEIH0/DfJnnBJYsMM+8IDozyDgn0G9PGG8S
kjyEjVNKB8G22zCOTXrO2odUruEIc8IojO4jCPHdrptRGOgWq7G823Vb1BUV/6hO
rVwjqMWAF8yscgthUZj4S/TUB6uz6HFE0swMj+LJXJ31U02DnjFWisptxQIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFN3EsWjpUQkalf1I64q00mr/oD0hMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvM2NTeGFPbFJDUnFWX1VqcmlyVFNhdi1nUFNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDBoBAIAATBiMAwDBAdN
WoADBABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiDAMAwQATVqLAwQATVqMMAwDBABN
Wo8DBABNWpADBAFNWpIDBABNWpcDBAC55g0DBAC55g8DBADV0YoDBADV0ZIwFAQC
AAIwDgMFACoEKcIDBQAqBCnHMA0GCSqGSIb3DQEBCwUAA4IBAQBcowkFL1BPF+Vt
cWD7jiXJ6IuI7M/lE6fglEifoQ02tngbqZKn8ZosqVvD3Y731zqdT/bZYlflv323
YRKBYlZ17LAwRz4vi/dexdZQ4Ah3ksxx02DjuXTPaYfq/ey7+u0kQ93pfoHFGeSK
fkBcrVK/MBl2W/iHX5cmR7/dc22IkzH+4FmJsM6MP2uch0Wxih7vKoRlM75Ttntd
z/2vnIK1pfYt91WMdJ0DSWUV6Jtf7J7gAVDKOgA1ZW9XWAS97IsJ6G0LhYZnEXrB
8EcuGNjfXsavZPBIIC0wiJK2dFNucLi2/6urUDlfNhDESFtke8WOzeM7lRQcITrP
Ve1nyZVk
-----END CERTIFICATE-----
Generated at Mon Jul 21 02:09:04 2025 by rpki-client