Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/d2eNnQB3ievX3B5N82WLGDqncDw.roa
File: d2eNnQB3ievX3B5N82WLGDqncDw.roa (raw, json)
Hash identifier: Q66sy6m1lt3CuYQFshY0DZ61khzWILcYL68tYgpiZTg=
Subject key identifier: 77:67:8D:9D:00:77:89:EB:D7:DC:1E:4D:F3:65:8B:18:3A:A7:70:3C
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 0198347FC670815D56BEA4C8C600FA0AE846
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/d2eNnQB3ievX3B5N82WLGDqncDw.roa
Signing time: Tue 22 Jul 2025 23:37:25 +0000
ROA not before: Tue 22 Jul 2025 23:37:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6079
IP address blocks: 45.248.55.0/24 maxlen: 24
94.154.177.0/24 maxlen: 24
185.52.136.0/24 maxlen: 24
185.253.122.0/24 maxlen: 24
192.145.71.0/24 maxlen: 24
193.160.80.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 05:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:34:7f:c6:70:81:5d:56:be:a4:c8:c6:00:fa:0a:e8:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Jul 22 23:37:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=77678d9d007789ebd7dc1e4df3658b183aa7703c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:f0:dd:f4:23:56:eb:70:47:93:6c:87:82:c4:
57:e6:fc:71:df:55:ea:97:c1:8c:e6:86:65:a5:2f:
7d:6f:c1:65:9a:bc:fb:5b:5c:76:c0:6b:9c:3b:29:
5f:6d:cd:91:bc:62:1a:ec:c5:36:c4:a0:d4:52:a3:
84:13:fe:13:32:f4:3d:d1:35:9d:76:d8:32:9c:40:
05:d3:86:9e:7c:52:58:57:dd:5a:63:e3:ea:05:29:
70:7c:db:45:35:ec:30:2d:e3:a6:b0:88:aa:26:4e:
17:02:15:3a:8b:9a:f3:7b:ac:d8:50:2a:d3:b3:3e:
ce:d2:6c:ee:95:20:cd:b0:28:0c:b3:f9:7a:c0:c8:
a1:6c:25:6a:5a:a1:f2:67:88:55:46:59:64:e2:08:
f7:32:0f:a0:f6:b5:c6:5e:dc:2f:33:08:66:d1:82:
33:e0:6a:f6:47:20:6b:2c:5e:46:f9:22:a4:f0:1b:
28:28:d3:9b:04:8e:58:9f:30:3c:97:e3:32:3b:fc:
01:84:3d:a9:90:e4:c6:d4:79:9f:36:0b:10:74:29:
84:88:56:bb:83:96:e9:b5:2a:c2:5b:38:58:10:ff:
44:34:36:10:a7:07:2d:25:32:7d:0b:80:c9:8b:5b:
65:46:fb:92:e7:3d:57:59:4d:f8:d4:ab:c3:03:92:
47:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:67:8D:9D:00:77:89:EB:D7:DC:1E:4D:F3:65:8B:18:3A:A7:70:3C
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/d2eNnQB3ievX3B5N82WLGDqncDw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.248.55.0/24
94.154.177.0/24
185.52.136.0/24
185.253.122.0/24
192.145.71.0/24
193.160.80.0/22
Signature Algorithm: sha256WithRSAEncryption
78:a1:72:41:2e:35:e7:0d:1b:76:11:c9:fb:fb:fa:67:ff:c5:
2a:ea:83:09:5d:05:e9:3f:8f:1f:bc:ba:04:e2:9a:0a:2a:60:
37:87:83:cf:06:1a:ee:83:e1:4c:db:8f:42:e5:63:a7:38:f4:
b2:6e:b4:6e:94:36:e3:bb:1b:4b:c5:99:08:1f:fe:ff:2d:a3:
c7:a8:04:8f:12:cb:8b:2d:45:02:d8:75:68:10:da:fd:b5:5b:
36:fd:f9:29:d5:d7:64:70:c3:f4:d3:79:ba:ac:4c:56:83:b1:
cb:87:08:1f:ac:72:20:8b:2e:d6:60:3e:3d:6e:47:5e:0c:41:
39:b4:76:d4:0f:af:36:11:e7:7b:5f:35:37:80:8d:d5:d5:71:
06:78:0e:e0:3a:2a:9c:6e:ae:bd:3f:96:15:69:5b:12:5a:7d:
fb:80:2d:df:60:10:4b:b8:27:c7:6f:ce:54:4c:0a:7e:62:4f:
e3:ce:a2:3c:65:1e:c3:f5:8e:2a:19:32:62:0f:f9:6c:7e:63:
b6:cb:71:8d:2a:23:af:dc:73:95:d3:be:5c:cb:46:cc:84:f6:
0f:bb:41:0a:5d:29:0f:e6:96:94:e0:a3:e2:31:7d:25:b9:63:
b5:61:2d:67:ba:21:f8:a3:dd:a4:d6:ab:c1:e8:e1:69:37:bc:
c9:8e:0c:eb
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZg0f8ZwgV1WvqTIxgD6CuhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwNzIyMjMzNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzY3OGQ5ZDAwNzc4OWViZDdkYzFlNGRmMzY1OGIxODNhYTc3MDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/Dd9CNW63BHk2yHgsRX5vxx31Xq
l8GM5oZlpS99b8Flmrz7W1x2wGucOylfbc2RvGIa7MU2xKDUUqOEE/4TMvQ90TWd
dtgynEAF04aefFJYV91aY+PqBSlwfNtFNewwLeOmsIiqJk4XAhU6i5rze6zYUCrT
sz7O0mzulSDNsCgMs/l6wMihbCVqWqHyZ4hVRllk4gj3Mg+g9rXGXtwvMwhm0YIz
4Gr2RyBrLF5G+SKk8BsoKNObBI5YnzA8l+MyO/wBhD2pkOTG1HmfNgsQdCmEiFa7
g5bptSrCWzhYEP9ENDYQpwctJTJ9C4DJi1tlRvuS5z1XWU341KvDA5JHfwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHdnjZ0Ad4nr19weTfNlixg6p3A8MB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvZDJlTm5RQjNpZXZYM0I1TjgyV0xHRHFuY0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALfg3AwQA
XpqxAwQAuTSIAwQAuf16AwQAwJFHAwQCwaBQMA0GCSqGSIb3DQEBCwUAA4IBAQB4
oXJBLjXnDRt2Ecn7+/pn/8Uq6oMJXQXpP48fvLoE4poKKmA3h4PPBhrug+FM249C
5WOnOPSybrRulDbjuxtLxZkIH/7/LaPHqASPEsuLLUUC2HVoENr9tVs2/fkp1ddk
cMP003m6rExWg7HLhwgfrHIgiy7WYD49bkdeDEE5tHbUD682Eed7XzU3gI3V1XEG
eA7gOiqcbq69P5YVaVsSWn37gC3fYBBLuCfHb85UTAp+Yk/jzqI8ZR7D9Y4qGTJi
D/lsfmO2y3GNKiOv3HOV075cy0bMhPYPu0EKXSkP5paU4KPiMX0luWO1YS1nuiH4
o92k1qvB6OFpN7zJjgzr
-----END CERTIFICATE-----
Generated at Sun Jul 27 14:16:13 2025 by rpki-client