Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ct-xQNtbnrCInzUNrLB_xtyvKaM.roa
File: ct-xQNtbnrCInzUNrLB_xtyvKaM.roa (raw, json)
Hash identifier: XhwI8n2e/SNqNOvS5qJ+4/Tm7U/1thsXi50GuuWG6fI=
Subject key identifier: 72:DF:B1:40:DB:5B:9E:B0:88:9F:35:0D:AC:B0:7F:C6:DC:AF:29:A3
Certificate issuer: /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial: 019909645D1B36BDE108213CE7260151709D
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ct-xQNtbnrCInzUNrLB_xtyvKaM.roa
Signing time: Tue 02 Sep 2025 07:46:36 +0000
ROA not before: Tue 02 Sep 2025 07:46:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42821
IP address blocks: 77.90.128.0/24 maxlen: 24
77.90.129.0/24 maxlen: 24
77.90.130.0/24 maxlen: 24
77.90.132.0/24 maxlen: 24
77.90.133.0/24 maxlen: 24
77.90.134.0/24 maxlen: 24
77.90.136.0/24 maxlen: 24
77.90.137.0/24 maxlen: 24
77.90.139.0/24 maxlen: 24
77.90.140.0/24 maxlen: 24
77.90.143.0/24 maxlen: 24
77.90.144.0/24 maxlen: 24
77.90.146.0/24 maxlen: 24
77.90.147.0/24 maxlen: 24
77.90.148.0/24 maxlen: 24
77.90.156.0/24 maxlen: 24
77.90.164.0/24 maxlen: 24
77.90.184.0/24 maxlen: 24
213.209.138.0/24 maxlen: 24
213.209.159.0/24 maxlen: 24
2a04:29c2::/32 maxlen: 32
2a04:29c7::/32 maxlen: 32
2a04:29c7:1280:24::/64 maxlen: 64
2a04:29c7:1280:27::/64 maxlen: 64
2a04:29c7:1290:24::/64 maxlen: 64
2a04:29c7:1300:24::/64 maxlen: 64
2a04:29c7:1371:6027::/64 maxlen: 64
2a04:29c7:1420::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 10:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:09:64:5d:1b:36:bd:e1:08:21:3c:e7:26:01:51:70:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Validity
Not Before: Sep 2 07:46:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=72dfb140db5b9eb0889f350dacb07fc6dcaf29a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:7c:7f:84:1c:ea:e5:82:57:78:21:a3:04:e3:
4f:26:d0:89:49:46:a7:4e:87:f6:41:19:93:dc:76:
a0:52:e6:b4:28:8b:2b:77:39:60:ce:f1:9a:81:95:
67:48:04:95:ff:6e:b4:e6:03:c1:03:5a:66:64:79:
66:7e:01:94:bf:4c:21:06:2f:0f:a2:cf:95:91:7f:
b0:f1:ab:75:7e:ab:87:06:3c:63:ea:33:ba:62:30:
ff:e9:c3:64:75:47:e8:50:bc:39:c4:ac:60:00:31:
b5:52:34:c7:49:4f:8b:c6:9c:ef:c6:41:dd:09:8d:
4f:c7:51:e9:2e:28:23:f8:7a:b6:f0:c9:67:a6:2c:
99:81:a2:b2:e9:ec:0d:4e:0b:13:51:b3:e1:41:e8:
31:48:89:19:c7:ce:fd:48:e7:7c:b1:1c:ed:69:d1:
19:2d:b7:d1:4a:8f:9d:e4:e9:4d:84:5a:95:5a:74:
2a:d7:0a:d2:e7:f3:f5:79:40:67:64:f4:2f:e1:f5:
12:ae:61:41:b1:e0:b3:ac:c3:1d:8e:b8:5b:8d:65:
5a:a6:b4:7a:b8:a2:0a:71:45:9b:2d:6b:79:3e:69:
bf:78:b5:d7:79:b4:35:7d:ea:5a:0e:9f:87:2f:59:
c7:fd:89:06:be:12:bc:45:55:87:b0:1b:1d:5c:24:
d7:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:DF:B1:40:DB:5B:9E:B0:88:9F:35:0D:AC:B0:7F:C6:DC:AF:29:A3
X509v3 Authority Key Identifier:
keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ct-xQNtbnrCInzUNrLB_xtyvKaM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.90.128.0-77.90.130.255
77.90.132.0-77.90.134.255
77.90.136.0/23
77.90.139.0-77.90.140.255
77.90.143.0-77.90.144.255
77.90.146.0-77.90.148.255
77.90.156.0/24
77.90.164.0/24
77.90.184.0/24
213.209.138.0/24
213.209.159.0/24
IPv6:
2a04:29c2::/32
2a04:29c7::/32
Signature Algorithm: sha256WithRSAEncryption
6f:b6:8a:e2:14:0d:28:c5:4c:59:33:c4:13:05:82:04:a2:48:
c6:5f:72:d8:37:e1:df:60:3e:50:eb:bc:0d:3b:73:47:c2:21:
99:42:5a:f2:89:b2:a3:a8:21:75:63:88:25:aa:29:54:7d:74:
33:50:27:4c:82:d4:b9:52:a8:c0:88:7e:84:0b:54:bc:ca:22:
40:14:1a:21:1c:ff:f2:3a:60:fd:70:ea:a3:ee:58:50:c1:7e:
cf:61:5f:2d:55:64:47:9f:68:b3:97:2c:4e:ab:d0:84:5c:b1:
99:c3:2b:22:6a:1c:f6:9e:10:a3:79:e7:d2:ca:d7:de:d4:13:
f2:70:08:90:3a:17:4a:c5:44:45:30:0a:70:49:7f:23:20:bf:
f8:01:94:95:7b:08:4b:be:e5:2e:03:51:d0:68:d2:54:d9:f0:
bb:fb:7c:7b:d1:06:c1:0a:b6:ef:21:52:b4:6e:9d:fd:9e:8f:
ef:f7:2e:07:4c:0d:c5:4e:d8:d3:e7:9e:c1:f0:93:88:8c:20:
5f:16:b2:b4:af:62:f3:20:0b:37:cd:d0:42:63:7c:1a:fc:9a:
ad:f7:bc:0f:e6:0c:f1:73:79:fa:3d:ae:f5:d3:14:ff:68:39:
26:01:93:8f:cf:70:10:b3:67:7c:b7:c8:a5:82:ef:78:63:a9:
6f:fe:e4:c9
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgISAZkJZF0bNr3hCCE85yYBUXCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUwOTAyMDc0NjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmRmYjE0MGRiNWI5ZWIwODg5ZjM1MGRhY2IwN2ZjNmRjYWYyOWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03x/hBzq5YJXeCGjBONPJtCJSUan
Tof2QRmT3HagUua0KIsrdzlgzvGagZVnSASV/2605gPBA1pmZHlmfgGUv0whBi8P
os+VkX+w8at1fquHBjxj6jO6YjD/6cNkdUfoULw5xKxgADG1UjTHSU+LxpzvxkHd
CY1Px1HpLigj+Hq28MlnpiyZgaKy6ewNTgsTUbPhQegxSIkZx879SOd8sRztadEZ
LbfRSo+d5OlNhFqVWnQq1wrS5/P1eUBnZPQv4fUSrmFBseCzrMMdjrhbjWVaprR6
uKIKcUWbLWt5Pmm/eLXXebQ1fepaDp+HL1nH/YkGvhK8RVWHsBsdXCTXTwIDAQAB
o4IChjCCAoIwHQYDVR0OBBYEFHLfsUDbW56wiJ81Daywf8bcrymjMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvY3QteFFOdGJuckNJbnpVTnJMQl94dHl2S2FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGbBggrBgEFBQcBBwEB/wSBizCBiDBwBAIAATBqMAwDBAdN
WoADBABNWoIwDAMEAk1ahAMEAE1ahgMEAU1aiDAMAwQATVqLAwQATVqMMAwDBABN
Wo8DBABNWpAwDAMEAU1akgMEAE1alAMEAE1anAMEAE1apAMEAE1auAMEANXRigME
ANXRnzAUBAIAAjAOAwUAKgQpwgMFACoEKccwDQYJKoZIhvcNAQELBQADggEBAG+2
iuIUDSjFTFkzxBMFggSiSMZfctg34d9gPlDrvA07c0fCIZlCWvKJsqOoIXVjiCWq
KVR9dDNQJ0yC1LlSqMCIfoQLVLzKIkAUGiEc//I6YP1w6qPuWFDBfs9hXy1VZEef
aLOXLE6r0IRcsZnDKyJqHPaeEKN559LK197UE/JwCJA6F0rFREUwCnBJfyMgv/gB
lJV7CEu+5S4DUdBo0lTZ8Lv7fHvRBsEKtu8hUrRunf2ej+/3LgdMDcVO2NPnnsHw
k4iMIF8WsrSvYvMgCzfN0EJjfBr8mq33vA/mDPFzefo9rvXTFP9oOSYBk4/PcBCz
Z3y3yKWC73hjqW/+5Mk=
-----END CERTIFICATE-----
Generated at Sat Sep 6 17:19:05 2025 by rpki-client