Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ec9616-79ad-4a36-aba4-84bd67ed0eef/1/fDz3kopcBM9QxzmTVEyXXnv306k.roa
File: fDz3kopcBM9QxzmTVEyXXnv306k.roa (raw, json)
Hash identifier: 5BoEUF/2XHrQViUE5avfp10L0ql6QUNJ3wwxARAepi4=
Subject key identifier: 7C:3C:F7:92:8A:5C:04:CF:50:C7:39:93:54:4C:97:5E:7B:F7:D3:A9
Certificate issuer: /CN=90d426209bd8c405cbefee5741b1a52548012bab
Certificate serial: 0198F2541FD4D5B4E078543222767B5C9D82
Authority key identifier: 90:D4:26:20:9B:D8:C4:05:CB:EF:EE:57:41:B1:A5:25:48:01:2B:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kNQmIJvYxAXL7-5XQbGlJUgBK6s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/ec9616-79ad-4a36-aba4-84bd67ed0eef/1/fDz3kopcBM9QxzmTVEyXXnv306k.roa
Signing time: Thu 28 Aug 2025 20:17:36 +0000
ROA not before: Thu 28 Aug 2025 20:17:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60388
IP address blocks: 185.31.108.0/22 maxlen: 32
212.73.96.0/19 maxlen: 32
212.73.99.0/24 maxlen: 24
212.73.102.0/24 maxlen: 24
212.73.103.0/24 maxlen: 24
2a00:b4a0::/32 maxlen: 128
2a00:b4a0:ebe4::/64 maxlen: 64
2a00:b4a0:fe09::/48 maxlen: 48
2a01:70c0::/32 maxlen: 128
2a01:70c0::/48 maxlen: 48
2a01:70c0:1::/48 maxlen: 48
2a01:70c0:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/ec9616-79ad-4a36-aba4-84bd67ed0eef/1/kNQmIJvYxAXL7-5XQbGlJUgBK6s.crl
rsync://rpki.ripe.net/repository/DEFAULT/2a/ec9616-79ad-4a36-aba4-84bd67ed0eef/1/kNQmIJvYxAXL7-5XQbGlJUgBK6s.mft
rsync://rpki.ripe.net/repository/DEFAULT/kNQmIJvYxAXL7-5XQbGlJUgBK6s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 23:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f2:54:1f:d4:d5:b4:e0:78:54:32:22:76:7b:5c:9d:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=90d426209bd8c405cbefee5741b1a52548012bab
Validity
Not Before: Aug 28 20:17:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7c3cf7928a5c04cf50c73993544c975e7bf7d3a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:0b:0a:74:fd:62:b5:85:53:6d:b8:6d:2d:c2:
ae:66:f0:50:5e:fb:54:14:53:56:3f:1d:0c:9c:47:
64:44:4e:96:3b:be:74:87:2f:e7:6f:d0:af:08:58:
fe:86:fc:45:b3:77:7f:ab:60:f8:cc:8c:99:73:c4:
5e:1c:8c:26:20:5f:4e:c7:88:71:d2:cf:19:3a:3c:
f7:5b:36:69:49:23:8d:94:f3:59:f1:9f:29:48:46:
ed:1e:99:cf:fd:63:03:b0:53:1e:db:83:4a:84:c9:
3e:86:66:c1:2e:32:4b:bd:31:e3:72:3f:77:bd:34:
7d:a8:9c:c9:13:f8:f8:7e:4a:6c:77:de:61:60:68:
61:96:ab:e1:1b:c0:85:f2:f8:70:84:4d:ca:09:17:
99:36:17:8f:f2:32:f1:62:13:48:d0:d4:52:4f:0a:
86:c9:85:8b:d7:ed:74:fe:59:91:d5:cb:83:70:74:
b9:2a:af:ca:d8:6f:37:5b:cc:9d:21:af:ce:b5:e7:
fe:2a:5e:ad:d5:9e:7b:48:68:90:63:df:e1:23:0a:
1b:d2:49:7f:11:52:2d:79:7e:91:8e:db:de:84:2b:
85:3e:d2:45:03:2c:df:97:98:c5:a5:50:9e:34:61:
1f:53:d7:3a:2e:68:b1:db:fb:2a:52:5b:c5:5e:6d:
fb:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:3C:F7:92:8A:5C:04:CF:50:C7:39:93:54:4C:97:5E:7B:F7:D3:A9
X509v3 Authority Key Identifier:
keyid:90:D4:26:20:9B:D8:C4:05:CB:EF:EE:57:41:B1:A5:25:48:01:2B:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kNQmIJvYxAXL7-5XQbGlJUgBK6s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ec9616-79ad-4a36-aba4-84bd67ed0eef/1/fDz3kopcBM9QxzmTVEyXXnv306k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ec9616-79ad-4a36-aba4-84bd67ed0eef/1/kNQmIJvYxAXL7-5XQbGlJUgBK6s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.31.108.0/22
212.73.96.0/19
IPv6:
2a00:b4a0::/32
2a01:70c0::/32
Signature Algorithm: sha256WithRSAEncryption
2b:1f:f5:5f:d0:35:5b:00:d0:48:67:41:03:48:2c:7f:cc:45:
bb:ab:d3:4c:81:77:f8:c3:16:40:66:47:e6:5a:9c:a7:8b:2a:
1d:a1:67:75:2d:46:78:6a:4a:ec:9c:9f:e6:5f:13:c8:17:a5:
4e:ab:55:a9:48:0e:3c:b0:93:6b:c0:4d:cb:f6:77:f5:7f:30:
60:d3:8d:57:54:d8:43:2c:b6:76:90:46:1b:7c:c3:b5:d3:e2:
d0:46:4c:2d:8a:a8:b3:f1:5a:9f:d1:66:94:8e:b1:5d:2f:01:
e0:b5:1f:b3:80:f0:88:6b:da:c9:52:7e:d2:02:20:d8:ee:cc:
c7:e7:0b:3b:e6:27:80:9e:88:3f:ce:e1:7f:f0:46:15:48:e5:
0f:46:e7:0c:f2:bf:79:81:4c:97:92:29:4c:f3:91:37:1a:6d:
f4:0d:67:55:6b:68:c3:14:c4:86:97:5f:4b:7e:84:b8:fe:4d:
0f:78:25:a7:d1:87:e2:f5:85:25:b8:a2:92:13:9f:b1:8f:ee:
28:0c:c9:3f:15:cc:3d:7e:24:a8:61:35:45:3c:cd:a5:a9:89:
1a:db:b3:6f:66:cc:44:79:70:5e:a9:1e:9e:72:9d:6c:3c:3e:
7d:9c:b2:1e:b3:1e:fd:09:d9:bf:85:92:fc:82:ef:f1:e7:fc:
0d:04:7f:33
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZjyVB/U1bTgeFQyInZ7XJ2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZDQyNjIwOWJkOGM0MDVjYmVmZWU1NzQxYjFhNTI1NDgw
MTJiYWIwHhcNMjUwODI4MjAxNzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzNjZjc5MjhhNWMwNGNmNTBjNzM5OTM1NDRjOTc1ZTdiZjdkM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwsKdP1itYVTbbhtLcKuZvBQXvtU
FFNWPx0MnEdkRE6WO750hy/nb9CvCFj+hvxFs3d/q2D4zIyZc8ReHIwmIF9Ox4hx
0s8ZOjz3WzZpSSONlPNZ8Z8pSEbtHpnP/WMDsFMe24NKhMk+hmbBLjJLvTHjcj93
vTR9qJzJE/j4fkpsd95hYGhhlqvhG8CF8vhwhE3KCReZNheP8jLxYhNI0NRSTwqG
yYWL1+10/lmR1cuDcHS5Kq/K2G83W8ydIa/Otef+Kl6t1Z57SGiQY9/hIwob0kl/
EVIteX6RjtvehCuFPtJFAyzfl5jFpVCeNGEfU9c6Lmix2/sqUlvFXm370QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFHw895KKXATPUMc5k1RMl15799OpMB8GA1UdIwQY
MBaAFJDUJiCb2MQFy+/uV0GxpSVIASurMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva05RbUlKdll4QVhMNy01WFFiR2xKVWdCSzZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lYzk2MTYtNzlhZC00YTM2LWFiYTQt
ODRiZDY3ZWQwZWVmLzEvZkR6M2tvcGNCTTlReHptVFZFeVhYbnYzMDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lYzk2MTYtNzlhZC00YTM2LWFiYTQtODRiZDY3ZWQwZWVm
LzEva05RbUlKdll4QVhMNy01WFFiR2xKVWdCSzZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCuR9sAwQF
1ElgMBQEAgACMA4DBQAqALSgAwUAKgFwwDANBgkqhkiG9w0BAQsFAAOCAQEAKx/1
X9A1WwDQSGdBA0gsf8xFu6vTTIF3+MMWQGZH5lqcp4sqHaFndS1GeGpK7Jyf5l8T
yBelTqtVqUgOPLCTa8BNy/Z39X8wYNONV1TYQyy2dpBGG3zDtdPi0EZMLYqos/Fa
n9FmlI6xXS8B4LUfs4DwiGvayVJ+0gIg2O7Mx+cLO+YngJ6IP87hf/BGFUjlD0bn
DPK/eYFMl5IpTPORNxpt9A1nVWtowxTEhpdfS36EuP5ND3glp9GH4vWFJbiikhOf
sY/uKAzJPxXMPX4kqGE1RTzNpamJGtuzb2bMRHlwXqkennKdbDw+fZyyHrMe/QnZ
v4WS/ILv8ef8DQR/Mw==
-----END CERTIFICATE-----
Generated at Mon Sep 8 06:25:27 2025 by rpki-client