Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/G9CfAyu7MWqdi5h61nGlF_fsunQ.roa
File: G9CfAyu7MWqdi5h61nGlF_fsunQ.roa (raw, json)
Hash identifier: 30zImJCQoB34kk0fHQV5AKxerW3IST7q3OGUva75Wu0=
Subject key identifier: 1B:D0:9F:03:2B:BB:31:6A:9D:8B:98:7A:D6:71:A5:17:F7:EC:BA:74
Certificate issuer: /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial: 019A24D13A329B18A36CFA076E7C280ECEE4
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/G9CfAyu7MWqdi5h61nGlF_fsunQ.roa
Signing time: Mon 27 Oct 2025 08:38:03 +0000
ROA not before: Mon 27 Oct 2025 08:38:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 37.44.228.0/22 maxlen: 24
45.66.92.0/23 maxlen: 23
192.145.52.0/22 maxlen: 24
192.145.52.0/24 maxlen: 24
193.219.99.0/24 maxlen: 24
194.15.32.0/24 maxlen: 24
194.15.34.0/24 maxlen: 24
194.15.35.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:24:d1:3a:32:9b:18:a3:6c:fa:07:6e:7c:28:0e:ce:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Validity
Not Before: Oct 27 08:38:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1bd09f032bbb316a9d8b987ad671a517f7ecba74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:4d:59:ed:7c:4b:ed:e9:69:af:f9:cd:13:ef:
b1:57:c4:a5:45:7f:71:70:cd:88:d8:5f:9d:d1:85:
f8:43:e8:a4:5d:ec:98:9d:61:c9:28:e7:b8:83:2f:
d6:b3:d8:e6:a3:d2:86:0d:50:d0:fd:db:01:cd:52:
e2:6b:bd:7a:58:cf:b3:04:a7:8d:41:30:6d:d5:e6:
7b:9a:6c:fb:16:26:dc:64:c1:72:aa:de:68:7c:d8:
d0:95:3a:ae:3e:ab:f8:0d:1e:c5:60:da:ca:38:84:
f0:a0:0e:eb:60:86:bd:3a:6b:c3:35:92:74:db:a5:
3f:07:3e:af:f3:03:81:ea:6e:dc:fc:ae:7d:e6:b5:
ad:84:59:97:0f:bc:d4:bd:6b:59:97:c8:30:c1:e6:
39:5d:fa:99:81:36:e6:a1:5b:90:c5:5a:cf:ad:bc:
a0:9d:f8:1f:9a:e5:18:fe:6b:a2:3e:1e:c3:ca:2f:
51:a5:80:5d:de:1b:c5:e1:df:55:f5:ad:5e:b9:ae:
8f:24:ed:3a:3d:11:0c:49:76:69:ea:5f:97:da:63:
86:fa:6a:29:21:d7:b4:cb:4b:b6:b1:7b:66:fc:88:
f0:31:61:b8:d8:f0:17:ec:3f:23:41:a3:82:ad:2a:
18:e5:e7:64:9c:61:e9:a9:39:02:9f:b9:f7:52:43:
19:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:D0:9F:03:2B:BB:31:6A:9D:8B:98:7A:D6:71:A5:17:F7:EC:BA:74
X509v3 Authority Key Identifier:
keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/G9CfAyu7MWqdi5h61nGlF_fsunQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.44.228.0/22
45.66.92.0/23
192.145.52.0/22
193.219.99.0/24
194.15.32.0/24
194.15.34.0/23
Signature Algorithm: sha256WithRSAEncryption
80:2d:c1:8d:9e:04:d8:b5:8e:e0:80:64:b5:19:50:ed:de:c4:
32:a1:f1:a8:b0:a5:9c:fb:60:06:e4:26:74:9b:9f:40:71:3d:
2a:a6:b8:db:35:9c:fc:e1:9b:32:0d:09:f5:ed:76:aa:47:f4:
ce:55:99:86:6f:53:56:0e:d3:b7:fa:70:3b:02:c9:96:a3:6a:
a7:73:56:ca:b7:23:58:6a:02:3e:66:51:fe:07:c3:eb:4a:b2:
46:b2:3b:7f:f0:e3:80:bb:3e:1e:0c:f4:59:6f:27:f9:3a:cf:
39:fb:46:a9:d6:66:fd:aa:6d:7c:96:d9:f4:03:d2:a6:b5:54:
a9:51:9a:1f:11:0b:c6:2c:ac:23:aa:cb:d1:9d:60:d6:4b:55:
93:de:d5:6e:cc:fc:d0:56:fa:b0:a6:98:4f:48:d1:16:3a:d9:
9c:8e:b4:18:d3:4e:08:35:9a:c7:36:19:aa:a7:c9:6d:1a:8b:
aa:37:2f:76:ad:cc:97:52:fb:1e:66:91:cf:9b:e6:5d:b9:2f:
78:b1:9c:65:44:51:bc:16:46:0f:72:b6:78:45:ad:88:57:52:
96:f0:1b:26:4c:2f:10:dc:c0:22:68:2d:8f:a2:90:96:e8:ce:
d6:ad:76:ef:30:3a:e4:b8:9a:1a:67:30:ed:3e:21:c1:bc:f3:
e4:4a:2d:df
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZok0ToymxijbPoHbnwoDs7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUxMDI3MDgzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmQwOWYwMzJiYmIzMTZhOWQ4Yjk4N2FkNjcxYTUxN2Y3ZWNiYTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU1Z7XxL7elpr/nNE++xV8SlRX9x
cM2I2F+d0YX4Q+ikXeyYnWHJKOe4gy/Ws9jmo9KGDVDQ/dsBzVLia716WM+zBKeN
QTBt1eZ7mmz7FibcZMFyqt5ofNjQlTquPqv4DR7FYNrKOITwoA7rYIa9OmvDNZJ0
26U/Bz6v8wOB6m7c/K595rWthFmXD7zUvWtZl8gwweY5XfqZgTbmoVuQxVrPrbyg
nfgfmuUY/muiPh7Dyi9RpYBd3hvF4d9V9a1eua6PJO06PREMSXZp6l+X2mOG+mop
Ide0y0u2sXtm/IjwMWG42PAX7D8jQaOCrSoY5edknGHpqTkCn7n3UkMZqwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFBvQnwMruzFqnYuYetZxpRf37Lp0MB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvRzlDZkF5dTdNV3FkaTVoNjFuR2xGX2ZzdW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCJSzkAwQB
LUJcAwQCwJE0AwQAwdtjAwQAwg8gAwQBwg8iMA0GCSqGSIb3DQEBCwUAA4IBAQCA
LcGNngTYtY7ggGS1GVDt3sQyofGosKWc+2AG5CZ0m59AcT0qprjbNZz84ZsyDQn1
7XaqR/TOVZmGb1NWDtO3+nA7AsmWo2qnc1bKtyNYagI+ZlH+B8PrSrJGsjt/8OOA
uz4eDPRZbyf5Os85+0ap1mb9qm18ltn0A9KmtVSpUZofEQvGLKwjqsvRnWDWS1WT
3tVuzPzQVvqwpphPSNEWOtmcjrQY004INZrHNhmqp8ltGouqNy92rcyXUvseZpHP
m+ZduS94sZxlRFG8FkYPcrZ4Ra2IV1KW8BsmTC8Q3MAiaC2PopCW6M7WrXbvMDrk
uJoaZzDtPiHBvPPkSi3f
-----END CERTIFICATE-----
Generated at Tue Oct 28 09:20:22 2025 by rpki-client