Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iCjGR7B-Sc0Jjo1czDDVCX6w2lo.roa
File: iCjGR7B-Sc0Jjo1czDDVCX6w2lo.roa (raw, json)
Hash identifier: /XkZDF6JVe8yLyHDriFOxNBX+a9meQdSm7lnZf855Ds=
Subject key identifier: 88:28:C6:47:B0:7E:49:CD:09:8E:8D:5C:CC:30:D5:09:7E:B0:DA:5A
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0199869964D531EA7518B7EB2C619F1B9D8E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iCjGR7B-Sc0Jjo1czDDVCX6w2lo.roa
Signing time: Fri 26 Sep 2025 15:17:03 +0000
ROA not before: Fri 26 Sep 2025 15:17:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5065
IP address blocks: 77.93.138.0/23 maxlen: 24
82.152.52.0/23 maxlen: 24
82.153.44.0/24 maxlen: 24
82.153.46.0/24 maxlen: 24
109.176.75.0/24 maxlen: 24
213.130.150.0/24 maxlen: 24
213.210.48.0/23 maxlen: 24
213.218.226.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 16:33:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:86:99:64:d5:31:ea:75:18:b7:eb:2c:61:9f:1b:9d:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Sep 26 15:17:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8828c647b07e49cd098e8d5ccc30d5097eb0da5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:f1:31:b0:ac:f4:7c:84:77:22:a8:51:6f:f7:
0a:c9:42:b4:df:3a:a6:84:6e:11:b2:36:3b:ca:dd:
2b:8f:a4:2a:4e:1a:a9:24:f2:e5:7e:8c:30:1a:23:
51:4a:ac:a0:e9:ec:04:c3:45:54:bb:10:08:4b:d9:
76:16:47:bc:03:4d:c7:23:28:bf:61:35:b6:32:8f:
93:94:0d:a6:fc:a0:f3:4f:8f:b3:49:3d:fa:d1:f6:
95:fa:96:20:a0:b5:dc:51:b5:ed:25:9a:ce:6d:66:
fc:ad:1d:f6:b6:6a:ae:24:3d:34:01:e2:a9:95:4e:
b0:b9:29:2e:87:8b:36:c7:c9:e2:ab:ed:0d:ea:af:
14:7b:f6:64:60:4c:f3:15:86:2e:f2:30:b8:b3:05:
45:cd:43:c1:0c:16:82:f4:60:72:1d:b6:70:07:1d:
0b:6a:12:39:2e:78:07:76:4c:cc:58:81:43:ae:bc:
a3:da:a6:5b:3f:09:50:18:30:66:fc:84:ce:b9:0e:
53:35:f8:6d:ba:7b:c8:1a:cb:b4:c7:72:60:73:b6:
f8:a9:fd:9a:bd:57:98:48:e2:3a:19:65:fe:1a:ac:
73:cb:49:58:6c:c9:fb:4a:a7:9b:d4:a9:1f:3f:5c:
4e:2b:63:f7:76:5a:89:e2:f7:fe:76:89:dd:64:86:
11:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:28:C6:47:B0:7E:49:CD:09:8E:8D:5C:CC:30:D5:09:7E:B0:DA:5A
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iCjGR7B-Sc0Jjo1czDDVCX6w2lo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.93.138.0/23
82.152.52.0/23
82.153.44.0/24
82.153.46.0/24
109.176.75.0/24
213.130.150.0/24
213.210.48.0/23
213.218.226.0/24
Signature Algorithm: sha256WithRSAEncryption
28:49:21:3b:d1:7f:af:81:fa:ce:6e:b1:39:90:20:91:59:86:
e8:7f:fa:0b:62:97:d3:e9:cf:e9:e3:95:6e:e3:4b:28:73:f0:
58:5d:52:a8:6f:5d:a4:7a:bf:4a:ac:73:93:b9:f5:3f:f4:8b:
fc:5d:1b:e8:35:79:a6:2f:6a:59:26:b8:c3:ba:34:8c:47:5c:
27:2b:44:0d:fe:09:ec:6d:f3:c5:0f:60:e2:14:a2:41:9e:75:
96:03:14:6e:aa:fd:4a:b1:22:b1:c8:cb:21:fc:d9:ef:3c:60:
9e:76:bd:1a:35:ec:e1:60:f8:8e:01:b8:bd:b8:4d:e8:c2:d7:
bd:62:d2:25:24:30:82:d9:c9:d2:42:de:b1:44:76:17:0a:46:
66:08:ed:1c:8b:1b:7d:b0:6f:73:67:ff:9d:d0:ba:b1:b0:8a:
4a:4e:b2:56:7d:22:86:05:19:08:d3:52:04:40:e1:77:45:c9:
2d:47:69:0f:83:6e:e2:5a:04:f6:aa:5a:af:3d:14:fb:a4:75:
37:f1:f7:e1:09:ff:84:43:26:99:0c:f6:95:c5:dc:8b:7c:90:
37:e5:a7:61:cd:2f:6d:e1:eb:46:f6:1f:54:74:8c:21:a4:e8:
61:aa:45:17:7c:07:4f:7f:e7:69:3d:4a:03:24:ed:1b:21:e0:
f5:94:b1:45
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZmGmWTVMep1GLfrLGGfG52OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTI2MTUxNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI4YzY0N2IwN2U0OWNkMDk4ZThkNWNjYzMwZDUwOTdlYjBkYTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovExsKz0fIR3IqhRb/cKyUK03zqm
hG4RsjY7yt0rj6QqThqpJPLlfowwGiNRSqyg6ewEw0VUuxAIS9l2Fke8A03HIyi/
YTW2Mo+TlA2m/KDzT4+zST360faV+pYgoLXcUbXtJZrObWb8rR32tmquJD00AeKp
lU6wuSkuh4s2x8niq+0N6q8Ue/ZkYEzzFYYu8jC4swVFzUPBDBaC9GByHbZwBx0L
ahI5LngHdkzMWIFDrryj2qZbPwlQGDBm/ITOuQ5TNfhtunvIGsu0x3Jgc7b4qf2a
vVeYSOI6GWX+Gqxzy0lYbMn7Sqeb1KkfP1xOK2P3dlqJ4vf+dondZIYRtwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFIgoxkewfknNCY6NXMww1Ql+sNpaMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaUNqR1I3Qi1TYzBKam8xY3pERFZDWDZ3MmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBTV2KAwQB
Upg0AwQAUpksAwQAUpkuAwQAbbBLAwQA1YKWAwQB1dIwAwQA1driMA0GCSqGSIb3
DQEBCwUAA4IBAQAoSSE70X+vgfrObrE5kCCRWYbof/oLYpfT6c/p45Vu40soc/BY
XVKob12ker9KrHOTufU/9Iv8XRvoNXmmL2pZJrjDujSMR1wnK0QN/gnsbfPFD2Di
FKJBnnWWAxRuqv1KsSKxyMsh/NnvPGCedr0aNezhYPiOAbi9uE3owte9YtIlJDCC
2cnSQt6xRHYXCkZmCO0cixt9sG9zZ/+d0LqxsIpKTrJWfSKGBRkI01IEQOF3Rckt
R2kPg27iWgT2qlqvPRT7pHU38ffhCf+EQyaZDPaVxdyLfJA35adhzS9t4etG9h9U
dIwhpOhhqkUXfAdPf+dpPUoDJO0bIeD1lLFF
-----END CERTIFICATE-----
Generated at Thu Oct 9 01:28:02 2025 by rpki-client