Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/t7GXfmFs4SvUU1woS_yjKajz9qA.roa
File: t7GXfmFs4SvUU1woS_yjKajz9qA.roa (raw, json)
Hash identifier: qpOOpZ+Lx6VRGoW3LqmTlKrk3gdbsn1KHmD1554Ouzw=
Subject key identifier: B7:B1:97:7E:61:6C:E1:2B:D4:53:5C:28:4B:FC:A3:29:A8:F3:F6:A0
Certificate issuer: /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial: 019914D407F40BE1BE16339232ACAC3F192C
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/t7GXfmFs4SvUU1woS_yjKajz9qA.roa
Signing time: Thu 04 Sep 2025 13:04:24 +0000
ROA not before: Thu 04 Sep 2025 13:04:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198154
IP address blocks: 89.44.242.0/24 maxlen: 24
89.46.217.0/24 maxlen: 24
109.122.247.0/24 maxlen: 24
109.122.249.0/24 maxlen: 24
109.122.254.0/23 maxlen: 24
188.212.99.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 22:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:14:d4:07:f4:0b:e1:be:16:33:92:32:ac:ac:3f:19:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Validity
Not Before: Sep 4 13:04:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b7b1977e616ce12bd4535c284bfca329a8f3f6a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:59:f4:4e:ec:51:f8:f8:6b:fa:4f:76:13:e2:
f3:63:89:92:a8:e8:d9:43:ad:c9:47:b3:e3:ff:f6:
09:e0:f3:04:b3:a7:52:2e:50:1c:c3:e5:ff:08:8c:
20:68:82:0e:07:c6:ab:4d:c6:b9:04:61:fe:62:25:
d1:31:72:f6:c1:0a:84:d4:6f:df:3f:4c:3a:ca:a1:
7f:39:32:41:49:07:a7:32:24:62:fd:a2:0e:77:4e:
68:20:b6:be:6c:99:80:1a:f7:08:77:e7:1c:e5:77:
11:f6:6f:a4:a0:e3:f0:07:62:a6:8d:a0:01:34:aa:
3e:08:61:98:f0:7a:3c:8d:bf:28:69:67:28:89:ea:
0c:b6:e3:94:a9:d5:ff:22:87:d9:a6:2e:3e:43:54:
3c:b6:83:25:2f:a7:24:17:3c:d1:76:ac:ed:88:81:
b0:89:e3:a8:dc:4c:94:5e:41:62:6c:9e:95:21:e9:
fe:f2:83:75:6d:3a:9d:4d:0d:18:79:17:20:08:67:
b0:c4:0c:c0:66:ae:81:e4:81:a7:a3:75:f9:08:80:
d5:a7:b7:57:28:ac:3d:ae:4b:a9:a8:be:9e:68:19:
58:9d:85:ae:35:5c:28:a7:5d:17:c3:70:de:23:5e:
d3:15:a4:0c:72:62:eb:6b:e8:65:5c:d8:f1:7b:16:
9c:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:B1:97:7E:61:6C:E1:2B:D4:53:5C:28:4B:FC:A3:29:A8:F3:F6:A0
X509v3 Authority Key Identifier:
keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/t7GXfmFs4SvUU1woS_yjKajz9qA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.44.242.0/24
89.46.217.0/24
109.122.247.0/24
109.122.249.0/24
109.122.254.0/23
188.212.99.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:ff:61:08:a6:55:e2:6e:8d:b7:a3:9d:2f:72:c3:f1:2b:ca:
e7:e0:6a:5b:d7:61:32:e0:0d:d3:e8:06:77:a0:47:c1:a2:90:
b4:3a:33:16:83:41:43:02:1e:c2:2d:84:4d:cd:cb:63:87:41:
f4:bf:fa:2e:f7:18:5e:bc:24:5b:8b:b6:fb:f6:1e:45:9a:81:
e4:83:7a:e9:7d:95:98:3a:6e:ec:21:4e:e0:a6:e5:d0:97:15:
0b:af:5f:78:e0:c3:a4:9d:a8:9e:c3:9a:0f:1c:80:cc:51:9a:
d1:b8:03:af:24:a4:93:85:88:03:f6:33:71:92:03:e3:81:e3:
4d:29:4f:07:4b:4a:ad:a7:02:5d:97:8f:81:39:f5:61:9b:3b:
58:58:f8:28:66:69:56:0f:15:e0:0f:ee:0b:d3:37:8a:bd:19:
df:97:4b:f7:94:20:df:a6:22:b2:c1:11:b4:a2:e3:99:2a:4e:
ca:01:41:dd:c5:c3:f8:8a:d4:1c:08:70:e0:19:7f:04:e5:14:
30:fa:54:7e:95:fb:51:6f:9a:d6:09:31:f1:e5:d8:95:2c:53:
16:2e:4f:90:2b:a3:34:b8:8d:75:05:23:cb:c3:95:7d:1f:3d:
c3:c3:66:ae:8c:6e:86:3d:62:04:f4:dc:b6:37:21:dc:83:d9:
a0:8a:e4:88
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZkU1Af0C+G+FjOSMqysPxksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwOTA0MTMwNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2IxOTc3ZTYxNmNlMTJiZDQ1MzVjMjg0YmZjYTMyOWE4ZjNmNmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqln0TuxR+Phr+k92E+LzY4mSqOjZ
Q63JR7Pj//YJ4PMEs6dSLlAcw+X/CIwgaIIOB8arTca5BGH+YiXRMXL2wQqE1G/f
P0w6yqF/OTJBSQenMiRi/aIOd05oILa+bJmAGvcId+cc5XcR9m+koOPwB2KmjaAB
NKo+CGGY8Ho8jb8oaWcoieoMtuOUqdX/IofZpi4+Q1Q8toMlL6ckFzzRdqztiIGw
ieOo3EyUXkFibJ6VIen+8oN1bTqdTQ0YeRcgCGewxAzAZq6B5IGno3X5CIDVp7dX
KKw9rkupqL6eaBlYnYWuNVwop10Xw3DeI17TFaQMcmLra+hlXNjxexacewIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLexl35hbOEr1FNcKEv8oymo8/agMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvdDdHWGZtRnM0U3ZVVTF3b1NfeWpLYWp6OXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAWSzyAwQA
WS7ZAwQAbXr3AwQAbXr5AwQBbXr+AwQAvNRjMA0GCSqGSIb3DQEBCwUAA4IBAQCi
/2EIplXibo23o50vcsPxK8rn4Gpb12Ey4A3T6AZ3oEfBopC0OjMWg0FDAh7CLYRN
zctjh0H0v/ou9xhevCRbi7b79h5FmoHkg3rpfZWYOm7sIU7gpuXQlxULr1944MOk
naiew5oPHIDMUZrRuAOvJKSThYgD9jNxkgPjgeNNKU8HS0qtpwJdl4+BOfVhmztY
WPgoZmlWDxXgD+4L0zeKvRnfl0v3lCDfpiKywRG0ouOZKk7KAUHdxcP4itQcCHDg
GX8E5RQw+lR+lftRb5rWCTHx5diVLFMWLk+QK6M0uI11BSPLw5V9Hz3Dw2aujG6G
PWIE9Ny2NyHcg9mgiuSI
-----END CERTIFICATE-----
Generated at Mon Sep 8 06:23:10 2025 by rpki-client