Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/0rZr3-kQrMyT5-h6LDd7XSVNIUU.roa
File: 0rZr3-kQrMyT5-h6LDd7XSVNIUU.roa (raw, json)
Hash identifier: FTUCKJvpgLhUJ5Y46YEoin2US0XNARC2vKWB7RpbsIo=
Subject key identifier: D2:B6:6B:DF:E9:10:AC:CC:93:E7:E8:7A:2C:37:7B:5D:25:4D:21:45
Certificate issuer: /CN=5d129b0460cf9ee0500ee880a2cfa1a524e4df00
Certificate serial: 019A25315BE3B42D70EF3A5175810122006F
Authority key identifier: 5D:12:9B:04:60:CF:9E:E0:50:0E:E8:80:A2:CF:A1:A5:24:E4:DF:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XRKbBGDPnuBQDuiAos-hpSTk3wA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/0rZr3-kQrMyT5-h6LDd7XSVNIUU.roa
Signing time: Mon 27 Oct 2025 10:23:03 +0000
ROA not before: Mon 27 Oct 2025 10:23:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214875
IP address blocks: 37.97.0.0/20 maxlen: 20
37.97.62.0/23 maxlen: 23
45.13.240.0/22 maxlen: 22
2a00:fd01::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/XRKbBGDPnuBQDuiAos-hpSTk3wA.crl
rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/XRKbBGDPnuBQDuiAos-hpSTk3wA.mft
rsync://rpki.ripe.net/repository/DEFAULT/XRKbBGDPnuBQDuiAos-hpSTk3wA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 10:23:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:25:31:5b:e3:b4:2d:70:ef:3a:51:75:81:01:22:00:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5d129b0460cf9ee0500ee880a2cfa1a524e4df00
Validity
Not Before: Oct 27 10:23:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d2b66bdfe910accc93e7e87a2c377b5d254d2145
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:3e:93:94:f7:e7:61:44:84:21:77:86:28:f7:
3d:30:c0:6f:9e:23:9b:c6:73:80:05:26:d4:a5:a1:
22:88:93:99:73:cb:e3:9b:4f:42:a6:15:f5:7a:6b:
ed:92:a8:11:36:37:9a:82:88:65:4c:31:3a:5f:e9:
8c:a8:66:5b:98:a7:f8:25:55:d5:a8:ab:5b:2a:0c:
cd:f9:d1:9a:c2:73:b2:0b:f0:9f:39:e5:a6:38:14:
79:62:d2:e8:2a:6b:58:a1:2d:1f:09:56:ac:03:52:
22:d7:53:0f:32:9c:08:1c:70:75:36:e9:1c:e5:75:
3d:66:ef:f6:64:c6:65:45:fc:ad:03:a7:9d:de:2b:
64:03:e4:f1:fa:0e:41:96:d7:b8:43:f8:a2:2c:44:
14:69:56:7e:d4:df:97:29:7b:be:8b:cb:b8:d6:6b:
48:95:17:55:63:22:10:da:1c:c3:21:1b:9b:47:7f:
85:5b:1b:03:a8:4a:6a:6e:b0:7c:9e:1d:ab:83:7d:
11:91:43:ba:30:9b:e8:d2:27:1b:e0:f9:97:d4:34:
f7:b5:60:59:81:eb:8a:80:a7:90:25:21:cd:5b:3b:
ee:59:96:c7:1d:b4:e5:b5:6e:72:17:98:b3:5e:f0:
33:45:e7:d1:a4:7c:14:01:0d:26:21:76:d6:29:af:
a1:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:B6:6B:DF:E9:10:AC:CC:93:E7:E8:7A:2C:37:7B:5D:25:4D:21:45
X509v3 Authority Key Identifier:
keyid:5D:12:9B:04:60:CF:9E:E0:50:0E:E8:80:A2:CF:A1:A5:24:E4:DF:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XRKbBGDPnuBQDuiAos-hpSTk3wA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/0rZr3-kQrMyT5-h6LDd7XSVNIUU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/XRKbBGDPnuBQDuiAos-hpSTk3wA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.0.0/20
37.97.62.0/23
45.13.240.0/22
IPv6:
2a00:fd01::/32
Signature Algorithm: sha256WithRSAEncryption
3e:5b:da:fc:0a:8c:bc:c7:70:31:d7:00:ab:39:bb:ea:50:a4:
82:11:58:3d:07:11:60:ac:0d:a1:8c:cc:09:6f:fd:6b:56:b8:
e3:ab:24:35:9c:9c:f4:03:54:0e:50:95:e6:c2:9c:73:92:49:
28:2c:47:93:05:50:c6:46:7a:2e:38:03:07:8f:70:ad:dc:a7:
1c:74:55:c3:20:de:28:97:c4:c5:6a:8f:8d:f1:9c:fb:c1:15:
0b:d3:55:45:eb:3d:f6:06:61:18:0b:6c:b8:a3:0a:8d:16:e0:
c2:98:36:0e:4f:84:be:7e:47:72:a0:10:79:b7:4c:94:d3:87:
da:e4:90:c1:13:ca:f4:1c:2a:d7:67:8b:ac:3f:4a:6e:44:16:
3a:3e:f4:92:ff:62:a0:fb:96:69:cf:4e:ff:34:4e:3c:f1:e0:
e1:50:e2:79:5d:19:b7:03:86:2a:1f:40:11:a6:6d:bb:26:bd:
6f:22:81:25:65:70:9b:97:ae:22:ce:50:51:d8:c2:f2:02:a7:
ef:eb:3c:d9:39:ef:df:d4:f3:9e:fc:95:06:fa:08:0b:61:79:
b8:14:ea:9b:c5:b0:d5:c0:8a:05:fa:1d:8d:be:fd:af:09:a5:
f4:f4:c1:9b:5f:29:ce:cb:2e:14:e2:1d:25:cb:a2:21:e5:18:
4e:25:30:24
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZolMVvjtC1w7zpRdYEBIgBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMTI5YjA0NjBjZjllZTA1MDBlZTg4MGEyY2ZhMWE1MjRl
NGRmMDAwHhcNMjUxMDI3MTAyMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmI2NmJkZmU5MTBhY2NjOTNlN2U4N2EyYzM3N2I1ZDI1NGQyMTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD6TlPfnYUSEIXeGKPc9MMBvniOb
xnOABSbUpaEiiJOZc8vjm09CphX1emvtkqgRNjeagohlTDE6X+mMqGZbmKf4JVXV
qKtbKgzN+dGawnOyC/CfOeWmOBR5YtLoKmtYoS0fCVasA1Ii11MPMpwIHHB1Nukc
5XU9Zu/2ZMZlRfytA6ed3itkA+Tx+g5Blte4Q/iiLEQUaVZ+1N+XKXu+i8u41mtI
lRdVYyIQ2hzDIRubR3+FWxsDqEpqbrB8nh2rg30RkUO6MJvo0icb4PmX1DT3tWBZ
geuKgKeQJSHNWzvuWZbHHbTltW5yF5izXvAzRefRpHwUAQ0mIXbWKa+hbwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNK2a9/pEKzMk+foeiw3e10lTSFFMB8GA1UdIwQY
MBaAFF0SmwRgz57gUA7ogKLPoaUk5N8AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFJLYkJHRFBudUJRRHVpQW9zLWhwU1RrM3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi84NTU3ZTAtMzY4ZC00ZDhlLTk3NDEt
YTg3N2RkNTFiYzQ5LzEvMHJacjMta1FyTXlUNS1oNkxEZDdYU1ZOSVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi84NTU3ZTAtMzY4ZC00ZDhlLTk3NDEtYTg3N2RkNTFiYzQ5
LzEvWFJLYkJHRFBudUJRRHVpQW9zLWhwU1RrM3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQEJWEAAwQB
JWE+AwQCLQ3wMA0EAgACMAcDBQAqAP0BMA0GCSqGSIb3DQEBCwUAA4IBAQA+W9r8
Coy8x3Ax1wCrObvqUKSCEVg9BxFgrA2hjMwJb/1rVrjjqyQ1nJz0A1QOUJXmwpxz
kkkoLEeTBVDGRnouOAMHj3Ct3KccdFXDIN4ol8TFao+N8Zz7wRUL01VF6z32BmEY
C2y4owqNFuDCmDYOT4S+fkdyoBB5t0yU04fa5JDBE8r0HCrXZ4usP0puRBY6PvSS
/2Kg+5Zpz07/NE488eDhUOJ5XRm3A4YqH0ARpm27Jr1vIoElZXCbl64izlBR2MLy
Aqfv6zzZOe/f1POe/JUG+ggLYXm4FOqbxbDVwIoF+h2Nvv2vCaX09MGbXynOyy4U
4h0ly6Ih5RhOJTAk
-----END CERTIFICATE-----
Generated at Mon Oct 27 19:24:11 2025 by rpki-client