Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/O9cN0ZR3uRs9JZLPjZ_apekO_1o.roa
File: O9cN0ZR3uRs9JZLPjZ_apekO_1o.roa (raw, json)
Hash identifier: VyuL/Lcqim34ks+x+bFHqTVYiETL9VCXnibosD6RzqE=
Subject key identifier: 3B:D7:0D:D1:94:77:B9:1B:3D:25:92:CF:8D:9F:DA:A5:E9:0E:FF:5A
Certificate issuer: /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial: 0197EF65B2BE6BD0EA77A78363405025006B
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/O9cN0ZR3uRs9JZLPjZ_apekO_1o.roa
Signing time: Wed 09 Jul 2025 13:35:08 +0000
ROA not before: Wed 09 Jul 2025 13:35:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 147049
IP address blocks: 86.38.66.0/24 maxlen: 24
86.38.69.0/24 maxlen: 24
86.38.77.0/24 maxlen: 24
86.38.78.0/24 maxlen: 24
86.38.79.0/24 maxlen: 24
86.38.90.0/24 maxlen: 24
86.38.94.0/24 maxlen: 24
86.38.95.0/24 maxlen: 24
89.117.202.0/24 maxlen: 24
89.117.205.0/24 maxlen: 24
89.117.210.0/24 maxlen: 24
89.117.232.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 13:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ef:65:b2:be:6b:d0:ea:77:a7:83:63:40:50:25:00:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Validity
Not Before: Jul 9 13:35:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3bd70dd19477b91b3d2592cf8d9fdaa5e90eff5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:07:5a:8c:7b:e8:54:c1:26:5d:bf:d1:87:54:
cf:d6:c1:40:d8:64:c6:92:a9:dc:ca:68:64:42:04:
af:1b:50:72:a1:4a:71:66:3e:b0:07:46:b0:f4:74:
f1:00:dd:b4:c5:32:b2:37:4f:b0:de:9a:58:c7:47:
9d:b4:27:98:3b:b8:56:0b:fe:4d:e8:68:ff:a6:fa:
5d:7b:ca:c9:04:88:87:96:f4:6c:9b:fc:3c:1c:78:
24:4c:b0:84:c5:de:59:47:39:a0:11:a9:f7:b3:55:
6b:82:74:13:02:72:2a:89:9b:d1:d3:37:c2:3a:4e:
13:f6:07:28:f1:7b:98:8f:17:ac:8e:bb:f9:bc:11:
9b:b7:2c:6a:41:c8:fe:e3:14:19:a7:c8:8a:a0:3f:
99:ca:3d:c8:27:be:a6:3e:4e:b6:68:8e:e5:d4:f4:
91:ea:c8:4e:bb:93:46:01:d6:8e:92:27:7f:42:95:
e6:db:6c:01:0c:13:2e:b9:ad:64:3d:e4:e7:97:17:
ad:c7:a7:5b:89:f6:f4:b2:ea:e8:fe:b3:79:8d:9c:
44:c8:33:3d:85:cc:e4:a5:3b:fb:35:33:a9:93:97:
26:0e:db:08:11:ed:b8:a2:4d:3a:82:73:2a:b2:fa:
45:dc:62:1f:ac:41:28:3e:83:e4:a4:c4:b0:ce:69:
28:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:D7:0D:D1:94:77:B9:1B:3D:25:92:CF:8D:9F:DA:A5:E9:0E:FF:5A
X509v3 Authority Key Identifier:
keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/O9cN0ZR3uRs9JZLPjZ_apekO_1o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.38.66.0/24
86.38.69.0/24
86.38.77.0-86.38.79.255
86.38.90.0/24
86.38.94.0/23
89.117.202.0/24
89.117.205.0/24
89.117.210.0/24
89.117.232.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:c3:66:7f:a7:15:11:70:e4:8f:2e:d2:40:ee:06:44:75:02:
53:c1:33:af:0e:1a:96:81:2e:88:55:82:7e:bc:67:1e:9f:61:
ef:0c:14:0a:67:3c:ef:ca:59:cc:45:b3:84:b5:70:b3:a1:a6:
5c:82:f1:01:bb:71:9d:86:8b:a5:3e:c1:4c:16:b6:c0:8a:73:
4e:5b:61:0e:db:b2:09:b7:fc:e2:b3:e1:73:64:c3:7e:ff:46:
7b:2b:b5:24:ec:7b:09:8e:d5:5b:db:62:a1:f1:24:a8:25:15:
f2:1b:70:3b:13:ab:2b:57:e4:83:f8:5d:74:4a:5a:66:a4:79:
d0:2e:cf:79:85:1f:68:95:37:6f:ba:49:3a:be:3e:ac:72:62:
53:be:16:7d:69:d0:fb:ee:e3:c4:ba:d1:2e:1e:6c:94:83:ad:
a3:d3:14:11:2d:78:9c:57:d3:f7:ce:c9:7d:a7:d6:e0:05:2a:
6c:f9:75:a5:c1:4b:db:51:26:c5:f3:f6:61:2a:a3:8a:f7:8e:
c1:bd:0d:9d:4f:2a:6f:86:78:0f:cd:23:67:98:bc:f9:b4:6f:
c3:04:76:ab:3a:a0:39:c1:78:cd:29:ef:87:44:c0:bb:70:93:
bf:cc:35:75:82:b1:1b:e5:86:96:9a:a9:2a:b1:c0:78:4a:b7:
05:87:a9:d8
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZfvZbK+a9Dqd6eDY0BQJQBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUwNzA5MTMzNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQ3MGRkMTk0NzdiOTFiM2QyNTkyY2Y4ZDlmZGFhNWU5MGVmZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgdajHvoVMEmXb/Rh1TP1sFA2GTG
kqncymhkQgSvG1ByoUpxZj6wB0aw9HTxAN20xTKyN0+w3ppYx0edtCeYO7hWC/5N
6Gj/pvpde8rJBIiHlvRsm/w8HHgkTLCExd5ZRzmgEan3s1VrgnQTAnIqiZvR0zfC
Ok4T9gco8XuYjxesjrv5vBGbtyxqQcj+4xQZp8iKoD+Zyj3IJ76mPk62aI7l1PSR
6shOu5NGAdaOkid/QpXm22wBDBMuua1kPeTnlxetx6dbifb0suro/rN5jZxEyDM9
hczkpTv7NTOpk5cmDtsIEe24ok06gnMqsvpF3GIfrEEoPoPkpMSwzmkozwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFDvXDdGUd7kbPSWSz42f2qXpDv9aMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvTzljTjBaUjN1UnM5SlpMUGpaX2FwZWtPXzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAViZCAwQA
ViZFMAwDBABWJk0DBARWJkADBABWJloDBAFWJl4DBABZdcoDBABZdc0DBABZddID
BABZdegwDQYJKoZIhvcNAQELBQADggEBAKTDZn+nFRFw5I8u0kDuBkR1AlPBM68O
GpaBLohVgn68Zx6fYe8MFApnPO/KWcxFs4S1cLOhplyC8QG7cZ2Gi6U+wUwWtsCK
c05bYQ7bsgm3/OKz4XNkw37/RnsrtSTsewmO1VvbYqHxJKglFfIbcDsTqytX5IP4
XXRKWmakedAuz3mFH2iVN2+6STq+PqxyYlO+Fn1p0Pvu48S60S4ebJSDraPTFBEt
eJxX0/fOyX2n1uAFKmz5daXBS9tRJsXz9mEqo4r3jsG9DZ1PKm+GeA/NI2eYvPm0
b8MEdqs6oDnBeM0p74dEwLtwk7/MNXWCsRvlhpaaqSqxwHhKtwWHqdg=
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:22:45 2025 by rpki-client