Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/oKNzpSo526puUSTJvV6xuT-iSOI.roa
File: oKNzpSo526puUSTJvV6xuT-iSOI.roa (raw, json)
Hash identifier: nsrjwgma0wN7r4sJSnuOrpSG/7U/cowux5Ua9qYy29w=
Subject key identifier: A0:A3:73:A5:2A:39:DB:AA:6E:51:24:C9:BD:5E:B1:B9:3F:A2:48:E2
Certificate issuer: /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial: 0198FC655842DF153EE8140F13702691A2AA
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/oKNzpSo526puUSTJvV6xuT-iSOI.roa
Signing time: Sat 30 Aug 2025 19:12:36 +0000
ROA not before: Sat 30 Aug 2025 19:12:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 79.172.193.0/24 maxlen: 24
79.172.228.0/24 maxlen: 24
79.172.254.0/24 maxlen: 24
87.229.11.0/24 maxlen: 24
87.229.37.0/24 maxlen: 24
87.229.80.0/23 maxlen: 24
87.229.112.0/24 maxlen: 24
87.229.124.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 01:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:fc:65:58:42:df:15:3e:e8:14:0f:13:70:26:91:a2:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Validity
Not Before: Aug 30 19:12:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a0a373a52a39dbaa6e5124c9bd5eb1b93fa248e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:7c:28:c6:75:5c:9a:31:ab:fa:4d:8a:0f:11:
aa:b6:44:67:01:cf:26:1d:ee:8f:c3:38:b0:bd:26:
8f:06:65:bf:ec:60:28:79:ae:fd:ef:e8:f5:b8:ef:
81:ec:5b:03:84:0c:f0:b7:1d:48:54:19:74:2b:98:
53:35:14:17:f5:ec:5a:b6:1a:2d:14:93:92:a2:4b:
05:86:e5:53:f7:6e:6d:66:bc:3c:4d:b5:dc:b1:09:
42:c7:8b:2f:44:29:e3:c7:46:c1:0f:ac:af:fe:fe:
33:bd:eb:35:29:e3:3c:76:62:80:7b:55:ba:86:5d:
d2:dc:6d:17:f9:dd:d7:17:68:5a:f9:c4:37:87:44:
e7:81:a5:82:5f:fc:1e:05:8d:52:88:29:54:f8:36:
9c:8e:34:91:15:17:24:b1:6e:87:0f:77:24:44:fa:
f6:0f:84:fa:64:aa:9c:65:56:39:70:49:ec:e2:e8:
99:87:c1:88:26:f8:0a:8b:e5:3d:b0:79:96:22:02:
79:09:5f:f8:aa:ba:a3:9b:7d:11:1f:eb:64:94:27:
a4:24:72:98:7b:2e:2e:25:44:aa:39:2a:7e:81:d4:
b7:ae:2e:88:dd:c5:79:ba:3e:1d:dc:5c:b3:3e:12:
65:d7:62:35:1a:17:0d:56:fb:63:24:dd:4c:37:33:
55:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:A3:73:A5:2A:39:DB:AA:6E:51:24:C9:BD:5E:B1:B9:3F:A2:48:E2
X509v3 Authority Key Identifier:
keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/oKNzpSo526puUSTJvV6xuT-iSOI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.172.193.0/24
79.172.228.0/24
79.172.254.0/24
87.229.11.0/24
87.229.37.0/24
87.229.80.0/23
87.229.112.0/24
87.229.124.0/23
Signature Algorithm: sha256WithRSAEncryption
04:b1:6f:da:f4:c1:03:48:bc:c7:af:e1:30:6f:db:64:57:86:
06:85:81:8c:5d:9d:08:c7:e3:37:42:bb:cf:62:86:8b:ca:d4:
43:00:b2:4b:f3:30:71:f1:1e:54:da:8b:78:ac:9e:95:84:0c:
c0:07:f4:fc:ec:1b:9f:d3:72:d1:4d:49:b6:be:66:d3:e5:43:
0c:a9:98:e0:c8:27:29:f2:4c:df:0c:64:5d:69:bb:36:d7:16:
9c:bb:fd:a6:ec:f4:0f:a9:5d:0b:10:db:ed:61:8d:d0:89:eb:
f8:9a:bd:71:7a:39:d2:1f:e2:83:5d:19:85:8f:3f:64:b0:7c:
08:8e:c6:81:b0:26:8d:a8:52:ee:77:e0:09:2a:99:ce:78:34:
80:7f:d4:b1:15:59:da:9b:b9:df:bd:0b:20:01:34:dd:c5:9d:
bc:7a:46:6b:a5:2b:a1:cd:f8:d7:53:a0:c9:a6:1a:36:33:26:
08:ec:d6:68:c9:b0:47:51:30:1d:d3:dc:8d:d9:4a:78:df:33:
c4:d1:a2:b7:92:c5:8c:5c:cf:7f:00:48:c5:bd:f3:05:84:7f:
7e:51:cf:eb:2b:1f:45:82:4b:50:5c:52:fd:6e:6d:a7:15:a0:
e4:b8:35:83:48:fb:24:9d:b5:4a:49:89:bf:92:c1:26:ce:da:
a6:01:56:98
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZj8ZVhC3xU+6BQPE3AmkaKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwODMwMTkxMjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGEzNzNhNTJhMzlkYmFhNmU1MTI0YzliZDVlYjFiOTNmYTI0OGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXwoxnVcmjGr+k2KDxGqtkRnAc8m
He6PwziwvSaPBmW/7GAoea797+j1uO+B7FsDhAzwtx1IVBl0K5hTNRQX9exathot
FJOSoksFhuVT925tZrw8TbXcsQlCx4svRCnjx0bBD6yv/v4zves1KeM8dmKAe1W6
hl3S3G0X+d3XF2ha+cQ3h0TngaWCX/weBY1SiClU+DacjjSRFRcksW6HD3ckRPr2
D4T6ZKqcZVY5cEns4uiZh8GIJvgKi+U9sHmWIgJ5CV/4qrqjm30RH+tklCekJHKY
ey4uJUSqOSp+gdS3ri6I3cV5uj4d3FyzPhJl12I1GhcNVvtjJN1MNzNVtwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKCjc6UqOduqblEkyb1esbk/okjiMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvb0tOenBTbzUyNnB1VVNUSnZWNnh1VC1pU09JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAT6zBAwQA
T6zkAwQAT6z+AwQAV+ULAwQAV+UlAwQBV+VQAwQAV+VwAwQBV+V8MA0GCSqGSIb3
DQEBCwUAA4IBAQAEsW/a9MEDSLzHr+Ewb9tkV4YGhYGMXZ0Ix+M3QrvPYoaLytRD
ALJL8zBx8R5U2ot4rJ6VhAzAB/T87Buf03LRTUm2vmbT5UMMqZjgyCcp8kzfDGRd
abs21xacu/2m7PQPqV0LENvtYY3Qiev4mr1xejnSH+KDXRmFjz9ksHwIjsaBsCaN
qFLud+AJKpnOeDSAf9SxFVnam7nfvQsgATTdxZ28ekZrpSuhzfjXU6DJpho2MyYI
7NZoybBHUTAd09yN2Up43zPE0aK3ksWMXM9/AEjFvfMFhH9+Uc/rKx9FgktQXFL9
bm2nFaDkuDWDSPsknbVKSYm/ksEmztqmAVaY
-----END CERTIFICATE-----
Generated at Fri Sep 5 10:00:17 2025 by rpki-client