Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NZrHWIAxkjZ0mh6MPFJVPlu7bXQ.roa
File: NZrHWIAxkjZ0mh6MPFJVPlu7bXQ.roa (raw, json)
Hash identifier: 5Gik6q4giaH/wt74r4uqpdcvISzmtHsg61zWLB8eiTk=
Subject key identifier: 35:9A:C7:58:80:31:92:36:74:9A:1E:8C:3C:52:55:3E:5B:BB:6D:74
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0199855C9D8DE1F64460E5E9178D00CB24CA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NZrHWIAxkjZ0mh6MPFJVPlu7bXQ.roa
Signing time: Fri 26 Sep 2025 09:31:03 +0000
ROA not before: Fri 26 Sep 2025 09:31:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 79.99.150.0/23 maxlen: 24
82.152.55.0/24 maxlen: 24
82.153.145.0/24 maxlen: 24
82.163.0.0/24 maxlen: 24
82.163.10.0/23 maxlen: 24
89.213.226.0/24 maxlen: 24
109.176.30.0/24 maxlen: 24
109.176.208.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 16:33:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:85:5c:9d:8d:e1:f6:44:60:e5:e9:17:8d:00:cb:24:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Sep 26 09:31:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=359ac75880319236749a1e8c3c52553e5bbb6d74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:55:77:8a:cb:5f:49:8b:b9:3b:f8:4b:22:b5:
a0:65:a1:fc:1a:03:8f:a1:47:05:2f:64:b7:a5:19:
4a:10:4d:7c:58:10:9d:66:de:0e:35:c2:f4:1b:cf:
6f:45:79:97:f9:a0:82:5c:f5:0b:e7:2b:9c:4b:9b:
b1:0a:e2:ad:84:27:98:64:60:a1:e5:6a:9a:a8:14:
15:2c:85:14:59:cc:cb:6c:e0:3c:99:46:f5:16:fa:
00:9b:34:1c:37:10:a5:ed:b3:16:e8:32:4d:00:a0:
98:84:d2:cc:7e:d7:07:e0:85:4c:fe:7a:19:41:6a:
7b:bf:81:38:59:9b:15:7a:e3:52:04:1a:d5:07:6e:
08:3d:a8:32:3e:ca:4b:36:03:b9:a3:3f:e5:9d:3c:
92:76:5a:4e:81:49:9a:79:9d:5a:f7:4b:0f:9a:00:
4a:de:fd:08:2a:05:19:33:5b:4b:e7:51:34:e1:50:
8d:47:50:7f:28:94:6e:e5:e9:98:a8:5f:2b:dc:83:
10:ac:07:41:03:25:35:0f:1d:58:11:6e:0c:bf:f7:
6c:ad:56:49:ea:2f:1d:48:f9:1d:c7:3c:9b:70:fb:
06:aa:68:ed:9b:92:f0:93:78:66:df:8c:97:42:fd:
3f:ce:6a:a3:cd:7e:ce:df:dc:92:39:05:7c:7a:71:
5c:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:9A:C7:58:80:31:92:36:74:9A:1E:8C:3C:52:55:3E:5B:BB:6D:74
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NZrHWIAxkjZ0mh6MPFJVPlu7bXQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.99.150.0/23
82.152.55.0/24
82.153.145.0/24
82.163.0.0/24
82.163.10.0/23
89.213.226.0/24
109.176.30.0/24
109.176.208.0/24
Signature Algorithm: sha256WithRSAEncryption
10:da:36:da:99:b0:95:fe:2b:bb:8a:a7:a3:a5:18:0d:64:3b:
d8:9d:77:e0:e3:4a:20:5a:bd:f0:0e:52:e7:b8:c4:59:66:b9:
d1:f6:71:3a:8a:c7:a4:ed:3b:a6:51:06:d7:bc:3f:8a:78:f7:
5f:72:ce:32:68:77:5e:29:f2:a8:19:10:17:67:dc:a2:b9:82:
d7:68:ca:2d:fa:85:3a:47:32:33:b7:5b:7e:01:24:5e:31:c6:
3a:c4:ca:0e:bd:dc:5f:00:eb:76:ac:b9:ca:41:e2:f6:c2:25:
75:77:1c:ca:91:f9:a0:10:5e:67:28:af:ea:3b:10:4b:e4:e6:
df:bb:fe:ab:da:3f:76:61:4b:bb:5a:43:1d:38:a5:41:de:4e:
11:04:fd:ab:72:9e:bb:d7:d2:e5:1a:6e:51:7d:fe:61:ea:8d:
a6:43:d9:33:42:29:3c:85:3d:5b:22:e1:63:2c:6d:d7:43:b7:
86:f3:c5:d0:f8:17:00:60:04:51:70:68:f2:e0:f9:b1:e0:1f:
7e:94:d3:42:c2:79:91:c4:7c:02:35:99:5c:02:11:3a:24:de:
7c:4d:62:f9:d6:11:34:50:07:5c:7b:fa:c5:86:b1:a3:db:34:
11:ca:39:db:47:79:f1:34:d5:c9:11:e9:e8:75:6c:5a:0d:27:
73:07:f2:5f
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZmFXJ2N4fZEYOXpF40AyyTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTI2MDkzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTlhYzc1ODgwMzE5MjM2NzQ5YTFlOGMzYzUyNTUzZTViYmI2ZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVV3istfSYu5O/hLIrWgZaH8GgOP
oUcFL2S3pRlKEE18WBCdZt4ONcL0G89vRXmX+aCCXPUL5yucS5uxCuKthCeYZGCh
5WqaqBQVLIUUWczLbOA8mUb1FvoAmzQcNxCl7bMW6DJNAKCYhNLMftcH4IVM/noZ
QWp7v4E4WZsVeuNSBBrVB24IPagyPspLNgO5oz/lnTySdlpOgUmaeZ1a90sPmgBK
3v0IKgUZM1tL51E04VCNR1B/KJRu5emYqF8r3IMQrAdBAyU1Dx1YEW4Mv/dsrVZJ
6i8dSPkdxzybcPsGqmjtm5Lwk3hm34yXQv0/zmqjzX7O39ySOQV8enFc6QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDWax1iAMZI2dJoejDxSVT5bu210MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTlpySFdJQXhralowbWg2TVBGSlZQbHU3YlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBT2OWAwQA
Upg3AwQAUpmRAwQAUqMAAwQBUqMKAwQAWdXiAwQAbbAeAwQAbbDQMA0GCSqGSIb3
DQEBCwUAA4IBAQAQ2jbambCV/iu7iqejpRgNZDvYnXfg40ogWr3wDlLnuMRZZrnR
9nE6isek7TumUQbXvD+KePdfcs4yaHdeKfKoGRAXZ9yiuYLXaMot+oU6RzIzt1t+
ASReMcY6xMoOvdxfAOt2rLnKQeL2wiV1dxzKkfmgEF5nKK/qOxBL5Obfu/6r2j92
YUu7WkMdOKVB3k4RBP2rcp6719LlGm5Rff5h6o2mQ9kzQik8hT1bIuFjLG3XQ7eG
88XQ+BcAYARRcGjy4Pmx4B9+lNNCwnmRxHwCNZlcAhE6JN58TWL51hE0UAdce/rF
hrGj2zQRyjnbR3nxNNXJEenodWxaDSdzB/Jf
-----END CERTIFICATE-----
Generated at Thu Oct 9 01:27:58 2025 by rpki-client