Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/_AP3FQaLWZZ4b07Vm6k0fkmrpNg.roa
File: _AP3FQaLWZZ4b07Vm6k0fkmrpNg.roa (raw, json)
Hash identifier: zZmmWUxFdkDgjpPPw8BHUSJ0nwj7XDsNJM3Ea4LtplY=
Subject key identifier: FC:03:F7:15:06:8B:59:96:78:6F:4E:D5:9B:A9:34:7E:49:AB:A4:D8
Certificate issuer: /CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
Certificate serial: 0198EFB578BF1D09BAD987BD6C1556950F08
Authority key identifier: EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/_AP3FQaLWZZ4b07Vm6k0fkmrpNg.roa
Signing time: Thu 28 Aug 2025 08:05:04 +0000
ROA not before: Thu 28 Aug 2025 08:05:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215120
IP address blocks: 91.227.33.0/24 maxlen: 24
91.244.70.0/24 maxlen: 24
91.244.71.0/24 maxlen: 24
93.157.138.0/24 maxlen: 24
93.157.139.0/24 maxlen: 24
193.178.186.0/24 maxlen: 24
2a07:cec0:4300::/48 maxlen: 48
2a07:cec4::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.mft
rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 23:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ef:b5:78:bf:1d:09:ba:d9:87:bd:6c:15:56:95:0f:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
Validity
Not Before: Aug 28 08:05:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fc03f715068b5996786f4ed59ba9347e49aba4d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:31:ca:57:83:2a:92:40:e1:98:b0:c2:b1:c8:
93:5b:b5:83:84:5c:a3:a2:34:22:b4:a3:42:2f:39:
bc:9d:a7:e8:02:7f:3a:56:d0:c0:04:93:65:5d:e7:
1f:ac:74:f8:04:36:a2:55:51:0c:d6:f8:ba:01:4c:
41:d1:9f:e3:64:ff:83:d0:e4:4b:a7:2d:34:ba:ff:
a4:4b:dc:b8:c8:c2:d8:d7:48:cb:f2:db:f9:17:ed:
a5:b3:a8:0d:8e:4a:c7:b9:f5:9d:71:e7:e1:9f:85:
fe:2b:18:f7:4d:eb:5f:78:d3:58:5b:1c:d8:dc:9d:
6d:2a:59:87:41:9b:f5:3f:eb:14:c2:3f:4f:35:84:
d3:49:a6:d3:c0:87:6c:fb:6b:5a:62:b3:f6:fe:65:
49:ac:b8:11:07:29:e5:6a:af:04:e0:3c:62:bd:0b:
00:54:98:a0:61:a4:a5:20:1a:22:8a:92:ea:d3:ac:
87:c1:f3:34:ef:87:fc:38:10:a2:ab:ad:2a:02:1c:
b9:38:43:d7:2d:46:11:3b:b6:0b:65:b5:d2:4c:53:
f7:b0:47:c0:b4:4c:13:11:87:62:40:04:6c:a4:1b:
ef:49:45:2d:13:cf:37:da:19:e2:d7:2f:41:6a:90:
a7:bf:da:fd:6f:ee:6e:91:d3:d7:e9:e9:0b:ed:7e:
00:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:03:F7:15:06:8B:59:96:78:6F:4E:D5:9B:A9:34:7E:49:AB:A4:D8
X509v3 Authority Key Identifier:
keyid:EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/_AP3FQaLWZZ4b07Vm6k0fkmrpNg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.227.33.0/24
91.244.70.0/23
93.157.138.0/23
193.178.186.0/24
IPv6:
2a07:cec0:4300::/48
2a07:cec4::/30
Signature Algorithm: sha256WithRSAEncryption
3a:ef:93:56:84:f2:52:b4:97:99:8e:ef:8f:fd:6e:01:23:2a:
01:f1:0b:ef:72:da:3e:ca:1f:bd:e0:d1:b3:69:ee:19:02:b0:
ae:77:cf:77:2e:05:d6:19:b8:e4:bc:b2:3f:12:ef:58:7b:4b:
f8:eb:e3:fb:63:45:db:49:64:c3:bc:08:59:29:d2:da:28:bb:
65:5f:ac:15:b5:bc:27:bf:f3:e2:9c:89:9a:ef:3e:cf:7a:c4:
f7:62:57:f0:52:97:f2:5c:f2:92:df:4f:09:98:45:03:b7:80:
32:0f:1e:bb:fb:13:1a:e1:de:36:0b:88:4e:ed:24:ea:ee:b2:
b4:c8:de:0e:27:df:4c:ea:9a:44:78:6d:93:25:b4:e3:43:fd:
d3:5f:0e:ee:36:57:e8:19:a3:c0:17:aa:c0:b2:5b:16:46:1b:
87:ec:44:8a:f4:46:54:1b:26:bf:d5:c9:d5:02:49:0d:71:69:
a9:21:2d:ab:e0:67:74:e0:2f:51:42:cf:96:d6:68:f5:bd:a7:
e4:ca:8b:15:2b:f3:7d:d6:1f:6b:d4:a4:2c:8c:ce:7e:61:4c:
80:74:28:dd:c5:1e:4a:2b:c7:16:34:77:52:9b:f3:f7:01:ea:
c7:93:2a:c5:ad:c6:75:cb:e0:ad:17:a0:2d:9e:e6:2d:55:05:
15:80:bd:83
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZjvtXi/HQm62Ye9bBVWlQ8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTViNjIzNDdhMWI2NGNlYTQ5YTJhYjNhYjQ5ODNjMzQ4
NjFmYjIwHhcNMjUwODI4MDgwNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzAzZjcxNTA2OGI1OTk2Nzg2ZjRlZDU5YmE5MzQ3ZTQ5YWJhNGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDHKV4MqkkDhmLDCsciTW7WDhFyj
ojQitKNCLzm8nafoAn86VtDABJNlXecfrHT4BDaiVVEM1vi6AUxB0Z/jZP+D0ORL
py00uv+kS9y4yMLY10jL8tv5F+2ls6gNjkrHufWdcefhn4X+Kxj3TetfeNNYWxzY
3J1tKlmHQZv1P+sUwj9PNYTTSabTwIds+2taYrP2/mVJrLgRBynlaq8E4DxivQsA
VJigYaSlIBoiipLq06yHwfM074f8OBCiq60qAhy5OEPXLUYRO7YLZbXSTFP3sEfA
tEwTEYdiQARspBvvSUUtE8832hni1y9BapCnv9r9b+5ukdPX6ekL7X4AcQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFPwD9xUGi1mWeG9O1ZupNH5Jq6TYMB8GA1UdIwQY
MBaAFO+ltiNHobZM6kmiqzq0mDw0hh+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQt
MDEzZDJhMTFjMGE1LzEvX0FQM0ZRYUxXWlo0YjA3Vm02azBma21ycE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQtMDEzZDJhMTFjMGE1
LzEvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQAW+MhAwQB
W/RGAwQBXZ2KAwQAwbK6MBYEAgACMBADBwAqB87AQwADBQIqB87EMA0GCSqGSIb3
DQEBCwUAA4IBAQA675NWhPJStJeZju+P/W4BIyoB8Qvvcto+yh+94NGzae4ZArCu
d893LgXWGbjkvLI/Eu9Ye0v46+P7Y0XbSWTDvAhZKdLaKLtlX6wVtbwnv/PinIma
7z7PesT3YlfwUpfyXPKS308JmEUDt4AyDx67+xMa4d42C4hO7STq7rK0yN4OJ99M
6ppEeG2TJbTjQ/3TXw7uNlfoGaPAF6rAslsWRhuH7ESK9EZUGya/1cnVAkkNcWmp
IS2r4Gd04C9RQs+W1mj1vafkyosVK/N91h9r1KQsjM5+YUyAdCjdxR5KK8cWNHdS
m/P3AerHkyrFrcZ1y+CtF6AtnuYtVQUVgL2D
-----END CERTIFICATE-----
Generated at Tue Sep 9 05:45:18 2025 by rpki-client