Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/d9CvzzEpDQSEhN-RS7KVRaUKgQI.roa
File: d9CvzzEpDQSEhN-RS7KVRaUKgQI.roa (raw, json)
Hash identifier: iiOVk6wQRUhkm04Fr+9jk+2Z4fCbOo7y3CZqq55AqEI=
Subject key identifier: 77:D0:AF:CF:31:29:0D:04:84:84:DF:91:4B:B2:95:45:A5:0A:81:02
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019A0005519FDE53AB991AD6A76C0BFAF3DB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/d9CvzzEpDQSEhN-RS7KVRaUKgQI.roa
Signing time: Mon 20 Oct 2025 05:08:59 +0000
ROA not before: Mon 20 Oct 2025 05:08:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42831
IP address blocks: 37.202.193.0/24 maxlen: 24
37.202.213.0/24 maxlen: 24
151.242.40.0/24 maxlen: 24
151.242.99.0/24 maxlen: 24
151.243.175.0/24 maxlen: 24
151.244.164.0/24 maxlen: 24
151.244.249.0/24 maxlen: 24
151.245.26.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 07:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:00:05:51:9f:de:53:ab:99:1a:d6:a7:6c:0b:fa:f3:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Oct 20 05:08:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=77d0afcf31290d048484df914bb29545a50a8102
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:f3:d2:1e:55:f0:59:7b:41:92:bc:3c:32:a6:
0b:24:ab:bf:bf:ba:ab:7d:d3:5c:eb:4c:f5:af:09:
bc:70:1f:9e:ea:ec:d7:5b:a7:71:8e:de:bf:a6:71:
de:4d:21:89:51:1d:dd:4c:e5:ea:51:92:ec:f4:2a:
6b:52:43:81:94:33:a8:4e:d3:01:59:78:de:71:b8:
ee:17:8a:49:34:b5:84:82:3b:cd:ff:76:2c:5e:43:
a0:cd:e4:a2:6c:c2:79:95:0a:92:c4:51:22:7f:d6:
49:e0:f2:e6:78:79:e1:be:6f:14:9e:29:5d:82:d5:
d7:da:bd:52:aa:6e:8d:a8:43:34:eb:3e:43:fc:1c:
d0:97:a5:43:87:74:db:d8:c2:30:df:d9:92:92:65:
d3:20:03:8a:e1:54:0e:2a:cc:fd:11:dd:74:62:a5:
cd:bf:c9:1a:6d:40:0a:73:fe:9e:6f:44:c8:03:4b:
f0:34:a2:89:30:1a:ad:6f:df:45:54:cc:13:a7:13:
db:3b:c3:04:58:f8:79:37:37:46:ef:cd:66:0b:65:
cd:c7:3c:f9:db:4a:f3:45:5e:e7:19:5a:b4:80:4f:
f0:96:da:75:8a:57:00:0c:db:5a:a6:fd:3a:dc:f4:
4b:a3:ae:e9:5e:b6:9e:75:8a:9b:c2:e1:fb:8c:e1:
d5:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:D0:AF:CF:31:29:0D:04:84:84:DF:91:4B:B2:95:45:A5:0A:81:02
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/d9CvzzEpDQSEhN-RS7KVRaUKgQI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.193.0/24
37.202.213.0/24
151.242.40.0/24
151.242.99.0/24
151.243.175.0/24
151.244.164.0/24
151.244.249.0/24
151.245.26.0/24
Signature Algorithm: sha256WithRSAEncryption
67:8f:4f:8f:63:73:02:ac:7a:f6:fb:2b:92:b4:c2:9c:44:f8:
ab:47:72:3f:36:04:d7:f2:5e:bf:86:56:95:2b:dc:0d:0c:9f:
bc:1a:a4:d4:53:99:15:b2:ed:b2:71:7a:0d:12:bb:4c:d2:cb:
5d:bf:d9:d6:e3:ec:8b:7e:a5:7a:53:4f:18:09:6d:43:66:62:
63:ab:88:28:b9:44:a3:17:80:d6:a2:6d:20:25:eb:68:61:b2:
16:c8:eb:a4:59:9f:7d:b0:73:17:a9:ff:6c:d1:c1:71:ef:24:
82:58:23:da:e0:f3:e1:36:08:06:49:a1:16:dd:40:bf:41:17:
3c:fc:26:8f:26:ad:98:02:d4:d4:82:98:fb:0d:a1:c9:60:71:
be:33:8d:86:0a:0f:3d:50:7e:a1:c5:cb:7f:f5:32:4e:f8:50:
53:79:2f:3f:a4:e6:16:25:db:55:c9:8d:cd:21:4b:3d:1e:35:
e3:df:1c:cd:86:3c:1e:1e:ee:c1:92:46:c4:45:58:bb:54:68:
e8:57:04:bb:0b:24:5e:3f:b6:e4:45:d6:1e:72:13:5d:44:d0:
04:fb:35:5d:60:5b:95:53:99:41:78:1a:cb:23:99:9f:bf:53:
bf:ef:ec:c0:18:35:55:b7:2d:ce:a5:61:2c:c1:1a:db:a1:5a:
9e:98:6e:ce
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZoABVGf3lOrmRrWp2wL+vPbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDIwMDUwODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2QwYWZjZjMxMjkwZDA0ODQ4NGRmOTE0YmIyOTU0NWE1MGE4MTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPPSHlXwWXtBkrw8MqYLJKu/v7qr
fdNc60z1rwm8cB+e6uzXW6dxjt6/pnHeTSGJUR3dTOXqUZLs9CprUkOBlDOoTtMB
WXjecbjuF4pJNLWEgjvN/3YsXkOgzeSibMJ5lQqSxFEif9ZJ4PLmeHnhvm8Unild
gtXX2r1Sqm6NqEM06z5D/BzQl6VDh3Tb2MIw39mSkmXTIAOK4VQOKsz9Ed10YqXN
v8kabUAKc/6eb0TIA0vwNKKJMBqtb99FVMwTpxPbO8MEWPh5NzdG781mC2XNxzz5
20rzRV7nGVq0gE/wltp1ilcADNtapv063PRLo67pXraedYqbwuH7jOHV7QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHfQr88xKQ0EhITfkUuylUWlCoECMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZDlDdnp6RXBEUVNFaE4tUlM3S1ZSYVVLZ1FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAJcrBAwQA
JcrVAwQAl/IoAwQAl/JjAwQAl/OvAwQAl/SkAwQAl/T5AwQAl/UaMA0GCSqGSIb3
DQEBCwUAA4IBAQBnj0+PY3MCrHr2+yuStMKcRPirR3I/NgTX8l6/hlaVK9wNDJ+8
GqTUU5kVsu2ycXoNErtM0stdv9nW4+yLfqV6U08YCW1DZmJjq4gouUSjF4DWom0g
JetoYbIWyOukWZ99sHMXqf9s0cFx7ySCWCPa4PPhNggGSaEW3UC/QRc8/CaPJq2Y
AtTUgpj7DaHJYHG+M42GCg89UH6hxct/9TJO+FBTeS8/pOYWJdtVyY3NIUs9HjXj
3xzNhjweHu7BkkbERVi7VGjoVwS7CyReP7bkRdYechNdRNAE+zVdYFuVU5lBeBrL
I5mfv1O/7+zAGDVVty3OpWEswRrboVqemG7O
-----END CERTIFICATE-----
Generated at Tue Oct 21 13:58:23 2025 by rpki-client