Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/kZbYAR7_VQFdZ98vhS7MW7IOa5g.roa
File: kZbYAR7_VQFdZ98vhS7MW7IOa5g.roa (raw, json)
Hash identifier: veptVlnHGE2k0mSrEVT7abLTAqTrUJe6t8F1/LuZDvo=
Subject key identifier: 91:96:D8:01:1E:FF:55:01:5D:67:DF:2F:85:2E:CC:5B:B2:0E:6B:98
Certificate issuer: /CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
Certificate serial: 0198E5616E743BD5992DDB094D6133389595
Authority key identifier: 94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/kZbYAR7_VQFdZ98vhS7MW7IOa5g.roa
Signing time: Tue 26 Aug 2025 07:57:04 +0000
ROA not before: Tue 26 Aug 2025 07:57:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8860
IP address blocks: 77.78.145.0/24 maxlen: 24
77.78.147.0/24 maxlen: 24
77.78.150.0/24 maxlen: 24
79.98.104.0/21 maxlen: 24
185.52.204.0/22 maxlen: 24
185.55.228.0/22 maxlen: 24
185.199.37.0/24 maxlen: 24
185.199.38.0/24 maxlen: 24
185.228.24.0/22 maxlen: 24
185.239.124.0/24 maxlen: 24
185.239.126.0/24 maxlen: 24
185.239.127.0/24 maxlen: 24
194.145.63.0/24 maxlen: 24
195.189.80.0/22 maxlen: 24
2a01:b6a0::/32 maxlen: 32
2a02:80e0::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl
rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.mft
rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 11:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e5:61:6e:74:3b:d5:99:2d:db:09:4d:61:33:38:95:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
Validity
Not Before: Aug 26 07:57:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9196d8011eff55015d67df2f852ecc5bb20e6b98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:6d:01:d1:38:68:06:fd:77:2f:52:96:62:c0:
bd:79:f2:0c:43:a1:6b:3e:f2:67:29:47:ea:e2:29:
10:be:49:54:53:f3:8c:18:19:9e:37:25:9d:ea:e1:
c4:76:64:59:37:4d:ee:ab:d6:13:89:11:45:53:ea:
7d:f8:1c:04:30:77:6b:36:03:0c:2f:72:53:37:fa:
f7:ee:8d:bb:85:a6:2d:52:dd:20:01:aa:a1:b7:84:
c0:4d:33:d5:26:4b:73:8e:4e:3e:19:f3:70:ec:8e:
b2:a1:10:63:f0:4b:eb:7c:5f:eb:85:41:a9:33:3e:
f1:73:a6:fb:c6:23:a8:e9:19:78:f0:71:b0:f2:c0:
f0:39:8b:33:e2:d4:f2:d4:f4:b4:1d:47:28:e0:f3:
65:0b:03:0d:f1:30:bb:81:07:03:4d:08:9e:df:17:
0e:e3:2e:dd:d3:5f:1f:3d:ca:3d:59:e8:b2:ad:68:
41:22:09:fd:44:dd:8e:d9:e1:57:2f:1d:36:21:0b:
7b:93:d4:dc:30:ab:f5:5e:43:a7:50:43:47:02:3c:
1c:91:30:e2:d0:a2:ea:ce:38:e0:63:ff:12:75:9c:
59:e1:85:ae:c7:1a:e8:81:15:1d:24:41:90:ab:fb:
20:47:6f:44:2c:28:a2:e9:7c:f7:ee:79:dd:57:c4:
88:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:96:D8:01:1E:FF:55:01:5D:67:DF:2F:85:2E:CC:5B:B2:0E:6B:98
X509v3 Authority Key Identifier:
keyid:94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/kZbYAR7_VQFdZ98vhS7MW7IOa5g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.78.145.0/24
77.78.147.0/24
77.78.150.0/24
79.98.104.0/21
185.52.204.0/22
185.55.228.0/22
185.199.37.0-185.199.38.255
185.228.24.0/22
185.239.124.0/24
185.239.126.0/23
194.145.63.0/24
195.189.80.0/22
IPv6:
2a01:b6a0::/32
2a02:80e0::/30
Signature Algorithm: sha256WithRSAEncryption
03:df:9b:f7:77:cb:d0:71:c2:31:55:94:93:70:69:68:b0:2c:
10:ac:34:64:26:0b:a1:d8:1c:55:86:11:3c:9f:df:38:39:60:
48:7e:33:f0:64:6c:6e:3a:96:2a:56:2d:51:c3:50:0b:58:ec:
ea:d5:7e:9d:8b:32:e1:38:4e:52:ea:92:9d:ff:64:6b:52:eb:
04:cd:f6:49:75:a4:8e:0c:cf:04:5a:9f:38:6f:ec:60:07:dd:
68:a8:31:ef:70:78:dc:10:41:fe:43:01:97:3b:9b:ba:88:6b:
40:9d:02:8f:27:a1:20:5b:5e:7e:fc:7c:72:e9:4e:80:02:ad:
72:5b:7d:74:c2:22:ac:4c:6f:92:5d:a1:0c:23:1d:87:f0:e4:
2e:d9:d5:f2:fb:f6:97:1e:e7:8e:59:c7:91:32:9a:a9:41:74:
31:2c:a8:51:f2:a7:20:e2:d0:b3:41:d6:76:61:18:0f:34:67:
61:02:ac:c6:28:f2:cb:e5:d8:7d:e4:72:28:7e:ec:53:f3:68:
dc:cd:2c:fa:f4:4c:de:45:24:26:91:0b:87:ec:6d:ba:7a:92:
48:19:68:dd:07:8d:c2:df:06:5c:30:95:af:d4:8e:1c:6e:b8:
d8:2e:06:63:a7:a8:02:7d:b7:11:fa:01:e2:02:a2:d7:de:75:
ac:8b:76:f7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZjlYW50O9WZLdsJTWEzOJWVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGExMGEyNTY3MjhmMTFhNGJiYWFkYzMyMDRiN2YwYTM1
YTUwMDAwHhcNMjUwODI2MDc1NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTk2ZDgwMTFlZmY1NTAxNWQ2N2RmMmY4NTJlY2M1YmIyMGU2Yjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5G0B0ThoBv13L1KWYsC9efIMQ6Fr
PvJnKUfq4ikQvklUU/OMGBmeNyWd6uHEdmRZN03uq9YTiRFFU+p9+BwEMHdrNgMM
L3JTN/r37o27haYtUt0gAaqht4TATTPVJktzjk4+GfNw7I6yoRBj8EvrfF/rhUGp
Mz7xc6b7xiOo6Rl48HGw8sDwOYsz4tTy1PS0HUco4PNlCwMN8TC7gQcDTQie3xcO
4y7d018fPco9WeiyrWhBIgn9RN2O2eFXLx02IQt7k9TcMKv1XkOnUENHAjwckTDi
0KLqzjjgY/8SdZxZ4YWuxxrogRUdJEGQq/sgR29ELCii6Xz37nndV8SIWQIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFJGW2AEe/1UBXWffL4UuzFuyDmuYMB8GA1UdIwQY
MBaAFJQKEKJWco8RpLuq3DIEt/CjWlAAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYt
ZGNlNmQ2OTA5MjQ3LzEva1piWUFSN19WUUZkWjk4dmhTN01XN0lPYTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYtZGNlNmQ2OTA5MjQ3
LzEvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBWBAIAATBQAwQATU6RAwQA
TU6TAwQATU6WAwQDT2JoAwQCuTTMAwQCuTfkMAwDBAC5xyUDBAC5xyYDBAK55BgD
BAC573wDBAG5734DBADCkT8DBALDvVAwFAQCAAIwDgMFACoBtqADBQIqAoDgMA0G
CSqGSIb3DQEBCwUAA4IBAQAD35v3d8vQccIxVZSTcGlosCwQrDRkJguh2BxVhhE8
n984OWBIfjPwZGxuOpYqVi1Rw1ALWOzq1X6dizLhOE5S6pKd/2RrUusEzfZJdaSO
DM8EWp84b+xgB91oqDHvcHjcEEH+QwGXO5u6iGtAnQKPJ6EgW15+/Hxy6U6AAq1y
W310wiKsTG+SXaEMIx2H8OQu2dXy+/aXHueOWceRMpqpQXQxLKhR8qcg4tCzQdZ2
YRgPNGdhAqzGKPLL5dh95HIofuxT82jczSz69EzeRSQmkQuH7G26epJIGWjdB43C
3wZcMJWv1I4cbrjYLgZjp6gCfbcR+gHiAqLX3nWsi3b3
-----END CERTIFICATE-----
Generated at Wed Sep 10 18:21:21 2025 by rpki-client