Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/wRR0qyJ668ZsidDqNSxr1Clq3nA.roa
File: wRR0qyJ668ZsidDqNSxr1Clq3nA.roa (raw, json)
Hash identifier: XG9/qFjv+RhFcHYlR8kyh9vL+Qr+lHMVji/NbW0hX+c=
Subject key identifier: C1:14:74:AB:22:7A:EB:C6:6C:89:D0:EA:35:2C:6B:D4:29:6A:DE:70
Certificate issuer: /CN=ef9d763b49e024a7b6a19eaf7dfb98911a9c94c8
Certificate serial: 019A0604B4D1E8EF144C8199F8D7550F9621
Authority key identifier: EF:9D:76:3B:49:E0:24:A7:B6:A1:9E:AF:7D:FB:98:91:1A:9C:94:C8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7512O0ngJKe2oZ6vffuYkRqclMg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/wRR0qyJ668ZsidDqNSxr1Clq3nA.roa
Signing time: Tue 21 Oct 2025 09:06:03 +0000
ROA not before: Tue 21 Oct 2025 09:06:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8860
IP address blocks: 5.182.20.0/24 maxlen: 24
5.182.21.0/24 maxlen: 24
5.182.23.0/24 maxlen: 24
2a0e:b800::/32 maxlen: 48
2a0e:b800:dddd::/48 maxlen: 48
2a0e:b801::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/7512O0ngJKe2oZ6vffuYkRqclMg.crl
rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/7512O0ngJKe2oZ6vffuYkRqclMg.mft
rsync://rpki.ripe.net/repository/DEFAULT/7512O0ngJKe2oZ6vffuYkRqclMg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Oct 2025 15:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:06:04:b4:d1:e8:ef:14:4c:81:99:f8:d7:55:0f:96:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef9d763b49e024a7b6a19eaf7dfb98911a9c94c8
Validity
Not Before: Oct 21 09:06:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c11474ab227aebc66c89d0ea352c6bd4296ade70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:bf:d6:88:34:57:c6:46:29:ce:3c:39:7f:36:
66:cd:56:36:84:61:e5:a8:52:13:61:b9:a8:28:ee:
84:57:41:b3:ee:6c:19:81:4b:f3:47:ba:37:8d:bb:
1b:5a:b1:eb:80:d7:e8:69:ba:a4:ab:ac:93:77:48:
71:97:b5:ab:f1:1d:7c:f5:79:07:d7:04:67:8a:e7:
0f:7a:a2:73:dc:87:36:f3:d3:3e:bd:2e:0d:10:a2:
a2:70:4e:cf:97:0a:a3:72:fd:9e:bf:57:be:5e:9f:
21:21:5d:75:ae:cc:46:2e:55:91:57:5b:cd:3e:f2:
ba:81:c2:61:7a:ad:b9:86:09:98:eb:d1:8b:d4:71:
63:d8:10:a8:1f:e2:2a:c8:7a:38:18:8e:09:d8:a7:
b1:d5:9f:09:2b:1a:4c:bc:b1:58:5d:fb:6c:4f:70:
b2:be:92:32:05:3d:b1:40:f2:4f:58:a1:0c:78:e9:
ca:46:da:b0:a2:13:4a:7b:b5:5c:a7:09:02:f9:23:
5d:b2:5f:e5:cf:6f:94:5d:e7:86:f2:c9:b0:90:c5:
c0:6d:33:8c:25:04:b6:9e:73:da:fd:5e:68:f5:8e:
62:29:4e:d5:3e:80:d0:ab:36:0c:f9:80:cf:2a:aa:
59:a0:b4:08:5e:4b:75:05:25:dd:cd:51:89:cd:84:
8f:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:14:74:AB:22:7A:EB:C6:6C:89:D0:EA:35:2C:6B:D4:29:6A:DE:70
X509v3 Authority Key Identifier:
keyid:EF:9D:76:3B:49:E0:24:A7:B6:A1:9E:AF:7D:FB:98:91:1A:9C:94:C8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7512O0ngJKe2oZ6vffuYkRqclMg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/wRR0qyJ668ZsidDqNSxr1Clq3nA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/7512O0ngJKe2oZ6vffuYkRqclMg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.20.0/23
5.182.23.0/24
IPv6:
2a0e:b800::/31
Signature Algorithm: sha256WithRSAEncryption
af:5b:b9:6d:aa:f2:21:a3:c5:6f:2d:2b:3a:83:7d:5d:78:35:
12:21:fe:60:3c:cb:75:2c:78:a2:86:ed:8b:c2:05:90:fd:4c:
d5:23:f0:b8:62:2a:1e:5b:64:92:67:d1:5e:5b:33:8b:15:56:
b3:06:dd:1d:c0:2b:75:0a:a7:b0:fe:48:3b:6b:cd:8f:ea:2d:
2f:52:17:ab:aa:e9:b5:dd:e7:26:f1:1c:61:80:10:d4:f6:98:
a1:ac:d4:13:19:f3:b1:4e:17:d4:6d:a8:0e:17:5e:1e:20:48:
0d:9a:24:80:a8:76:53:1f:97:2d:d3:89:a3:40:53:e3:1d:aa:
28:47:61:a6:74:65:88:4e:54:51:ea:7b:cc:b9:b4:01:55:2b:
5f:6f:bc:ed:58:cc:6d:c9:12:93:41:ec:bd:a9:b1:87:a0:15:
5b:a6:77:4b:29:18:82:b1:bd:e3:f3:f2:97:68:3b:99:6c:5e:
13:d8:2d:36:39:80:1c:42:53:c6:be:70:fb:17:c6:6c:34:73:
04:05:6a:19:2e:7a:52:5a:71:96:9b:b3:6a:9e:35:49:5b:5e:
16:6e:61:0d:8e:01:e5:8f:c6:ee:6a:5f:5b:fe:40:e6:55:87:
be:db:34:bd:6f:4d:e7:06:24:3d:66:47:ed:5c:1b:02:c6:2c:
e3:d9:39:1a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZoGBLTR6O8UTIGZ+NdVD5YhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmOWQ3NjNiNDllMDI0YTdiNmExOWVhZjdkZmI5ODkxMWE5
Yzk0YzgwHhcNMjUxMDIxMDkwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTE0NzRhYjIyN2FlYmM2NmM4OWQwZWEzNTJjNmJkNDI5NmFkZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr/WiDRXxkYpzjw5fzZmzVY2hGHl
qFITYbmoKO6EV0Gz7mwZgUvzR7o3jbsbWrHrgNfoabqkq6yTd0hxl7Wr8R189XkH
1wRniucPeqJz3Ic289M+vS4NEKKicE7Plwqjcv2ev1e+Xp8hIV11rsxGLlWRV1vN
PvK6gcJheq25hgmY69GL1HFj2BCoH+IqyHo4GI4J2Kex1Z8JKxpMvLFYXftsT3Cy
vpIyBT2xQPJPWKEMeOnKRtqwohNKe7VcpwkC+SNdsl/lz2+UXeeG8smwkMXAbTOM
JQS2nnPa/V5o9Y5iKU7VPoDQqzYM+YDPKqpZoLQIXkt1BSXdzVGJzYSPSQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMEUdKsieuvGbInQ6jUsa9Qpat5wMB8GA1UdIwQY
MBaAFO+ddjtJ4CSntqGer337mJEanJTIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzUxMk8wbmdKS2Uyb1o2dmZmdVlrUnFjbE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81OWNmOGUtZGM2Ny00M2ZiLWJkMzct
MDg3MGU2NTk2NDViLzEvd1JSMHF5SjY2OFpzaWREcU5TeHIxQ2xxM25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81OWNmOGUtZGM2Ny00M2ZiLWJkMzctMDg3MGU2NTk2NDVi
LzEvNzUxMk8wbmdKS2Uyb1o2dmZmdVlrUnFjbE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBBbYUAwQA
BbYXMA0EAgACMAcDBQEqDrgAMA0GCSqGSIb3DQEBCwUAA4IBAQCvW7ltqvIho8Vv
LSs6g31deDUSIf5gPMt1LHiihu2LwgWQ/UzVI/C4YioeW2SSZ9FeWzOLFVazBt0d
wCt1Cqew/kg7a82P6i0vUherqum13ecm8RxhgBDU9pihrNQTGfOxThfUbagOF14e
IEgNmiSAqHZTH5ct04mjQFPjHaooR2GmdGWITlRR6nvMubQBVStfb7ztWMxtyRKT
Qey9qbGHoBVbpndLKRiCsb3j8/KXaDuZbF4T2C02OYAcQlPGvnD7F8ZsNHMEBWoZ
LnpSWnGWm7NqnjVJW14WbmENjgHlj8bual9b/kDmVYe+2zS9b03nBiQ9ZkftXBsC
xizj2Tka
-----END CERTIFICATE-----
Generated at Mon Oct 27 01:04:04 2025 by rpki-client