Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/c3WDl8SfFCkca3Wid6jBSPNKAGE.roa
File: c3WDl8SfFCkca3Wid6jBSPNKAGE.roa (raw, json)
Hash identifier: lxKRn2VdYBDHJ0paIp1wPq/rCuS2/hh20C+G3q+EDZo=
Subject key identifier: 73:75:83:97:C4:9F:14:29:1C:6B:75:A2:77:A8:C1:48:F3:4A:00:61
Certificate issuer: /CN=8f2824c61357dc344bbdf35b83577459b9d3fc44
Certificate serial: 0199295ED1F41266DCD588002ECAAC3F09CA
Authority key identifier: 8F:28:24:C6:13:57:DC:34:4B:BD:F3:5B:83:57:74:59:B9:D3:FC:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/c3WDl8SfFCkca3Wid6jBSPNKAGE.roa
Signing time: Mon 08 Sep 2025 12:48:23 +0000
ROA not before: Mon 08 Sep 2025 12:48:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 93.157.38.0/23 maxlen: 24
2a00:4bc0:2000::/44 maxlen: 56
2a00:4bc0:2100::/40 maxlen: 48
2a00:4bc0:2300::/40 maxlen: 48
2a00:4bc0:2400::/40 maxlen: 48
2a00:4bc0:2500::/40 maxlen: 48
2a00:4bc0:2600::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 12:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:29:5e:d1:f4:12:66:dc:d5:88:00:2e:ca:ac:3f:09:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8f2824c61357dc344bbdf35b83577459b9d3fc44
Validity
Not Before: Sep 8 12:48:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=73758397c49f14291c6b75a277a8c148f34a0061
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:24:67:17:fc:b3:78:20:4d:04:84:08:90:95:
60:84:4a:af:ba:6b:1c:19:1f:71:14:9d:2f:b6:bc:
8e:5c:57:bc:d9:46:88:7a:f3:ec:99:85:7a:25:62:
90:45:89:92:3e:d0:44:7c:c0:f9:5f:bd:84:ce:1e:
55:01:f5:ba:37:ca:d0:6e:b3:65:23:9b:c4:75:4c:
64:8f:25:7e:98:5b:e8:1e:22:1e:cb:1b:bc:8a:45:
6d:5c:3a:38:ea:d9:6b:80:57:09:1e:f3:fd:6c:4d:
ce:90:b9:77:79:e2:72:a3:94:d8:db:a3:9b:55:86:
e0:fe:f7:33:57:30:3d:d3:f0:b3:6f:97:43:94:b1:
58:31:c4:4d:e5:17:27:98:92:96:34:fb:00:3e:2c:
3b:fc:7b:5c:c0:e2:63:13:ee:ab:f4:98:83:c5:d1:
67:46:fe:14:db:bb:b6:b8:f6:f0:f4:88:1d:91:23:
65:56:6e:81:89:67:66:bd:73:39:4b:5e:3c:5b:e2:
ae:1d:7c:67:09:44:74:0f:cf:c1:54:e5:f1:ff:9c:
2a:f6:2e:9e:27:9c:81:10:ef:7a:70:d4:7c:ce:f2:
a1:f4:aa:97:30:67:85:1a:d9:c1:27:b6:3f:44:0f:
91:fe:db:cb:ee:9c:ff:d4:47:df:8c:f5:fa:be:ec:
e3:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:75:83:97:C4:9F:14:29:1C:6B:75:A2:77:A8:C1:48:F3:4A:00:61
X509v3 Authority Key Identifier:
keyid:8F:28:24:C6:13:57:DC:34:4B:BD:F3:5B:83:57:74:59:B9:D3:FC:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/c3WDl8SfFCkca3Wid6jBSPNKAGE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.157.38.0/23
IPv6:
2a00:4bc0:2000::/44
2a00:4bc0:2100::/40
2a00:4bc0:2300::-2a00:4bc0:26ff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
57:2f:02:52:91:68:34:79:40:8e:0a:53:92:fe:79:6d:bd:e5:
b7:06:43:0d:f1:c2:30:75:7c:a2:36:7c:c5:32:64:a2:ba:22:
9b:cb:5d:34:da:e2:e6:5a:eb:d2:b6:0c:d1:ae:80:1c:26:7e:
a4:a3:2b:0e:03:8e:44:ab:29:62:e5:c4:87:16:3d:87:2e:c5:
1c:e3:34:cc:82:51:6b:a6:e5:a7:d3:06:24:7b:5e:9b:15:75:
6e:fd:83:80:2f:43:2a:cd:a6:0d:fc:3f:1c:78:23:e3:7f:db:
a2:c8:57:ed:6d:0d:6f:38:2b:34:04:20:8c:9c:46:bf:5d:87:
f6:2b:37:7a:2a:88:77:e5:a4:86:bd:f7:42:9e:e0:f8:8e:1e:
2a:a6:99:61:82:9d:be:bb:64:c6:03:e6:30:fc:73:c5:96:07:
8b:1c:f9:57:2d:cc:7d:8f:ec:f4:d7:c3:f5:31:66:18:09:4b:
fa:f7:fd:2d:f3:0b:5a:ad:af:a5:7a:57:f2:71:73:ec:31:08:
77:05:0f:bb:7b:a2:96:b4:de:e5:cf:cb:a8:34:66:e2:c0:d6:
ae:27:6b:47:50:fb:1c:70:71:98:0d:8f:dd:01:76:55:17:d1:
4b:6b:b6:13:74:84:14:9a:01:fc:9a:18:bd:ee:11:53:39:d5:
45:ef:1a:2e
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZkpXtH0Embc1YgALsqsPwnKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMjgyNGM2MTM1N2RjMzQ0YmJkZjM1YjgzNTc3NDU5Yjlk
M2ZjNDQwHhcNMjUwOTA4MTI0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzc1ODM5N2M0OWYxNDI5MWM2Yjc1YTI3N2E4YzE0OGYzNGEwMDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yRnF/yzeCBNBIQIkJVghEqvumsc
GR9xFJ0vtryOXFe82UaIevPsmYV6JWKQRYmSPtBEfMD5X72Ezh5VAfW6N8rQbrNl
I5vEdUxkjyV+mFvoHiIeyxu8ikVtXDo46tlrgFcJHvP9bE3OkLl3eeJyo5TY26Ob
VYbg/vczVzA90/Czb5dDlLFYMcRN5RcnmJKWNPsAPiw7/HtcwOJjE+6r9JiDxdFn
Rv4U27u2uPbw9IgdkSNlVm6BiWdmvXM5S148W+KuHXxnCUR0D8/BVOXx/5wq9i6e
J5yBEO96cNR8zvKh9KqXMGeFGtnBJ7Y/RA+R/tvL7pz/1EffjPX6vuzjUwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFHN1g5fEnxQpHGt1oneowUjzSgBhMB8GA1UdIwQY
MBaAFI8oJMYTV9w0S73zW4NXdFm50/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanlna3hoTlgzRFJMdmZOYmcxZDBXYm5UX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82NTJlYjQtMzIxYy00OGMwLTkyNzIt
M2FlNzExYWYwMzRiLzEvYzNXRGw4U2ZGQ2tjYTNXaWQ2akJTUE5LQUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82NTJlYjQtMzIxYy00OGMwLTkyNzItM2FlNzExYWYwMzRi
LzEvanlna3hoTlgzRFJMdmZOYmcxZDBXYm5UX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAMBAIAATAGAwQBXZ0mMCkE
AgACMCMDBwQqAEvAIAADBgAqAEvAITAQAwYAKgBLwCMDBgAqAEvAJjANBgkqhkiG
9w0BAQsFAAOCAQEAVy8CUpFoNHlAjgpTkv55bb3ltwZDDfHCMHV8ojZ8xTJkoroi
m8tdNNri5lrr0rYM0a6AHCZ+pKMrDgOORKspYuXEhxY9hy7FHOM0zIJRa6blp9MG
JHtemxV1bv2DgC9DKs2mDfw/HHgj43/boshX7W0NbzgrNAQgjJxGv12H9is3eiqI
d+Wkhr33Qp7g+I4eKqaZYYKdvrtkxgPmMPxzxZYHixz5Vy3MfY/s9NfD9TFmGAlL
+vf9LfMLWq2vpXpX8nFz7DEIdwUPu3uilrTe5c/LqDRm4sDWridrR1D7HHBxmA2P
3QF2VRfRS2u2E3SEFJoB/JoYve4RUznVRe8aLg==
-----END CERTIFICATE-----
Generated at Wed Oct 8 21:10:39 2025 by rpki-client