Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3nS_bfT_nHUUNgo-14-l3Ar5tKQ.roa
File: 3nS_bfT_nHUUNgo-14-l3Ar5tKQ.roa (raw, json)
Hash identifier: tDCaGVCq4yZmimMe1nl4fJwqRKjUew/AnZj/EGLV9GE=
Subject key identifier: DE:74:BF:6D:F4:FF:9C:75:14:36:0A:3E:D7:8F:A5:DC:0A:F9:B4:A4
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019A134ECE6BA859ADA5B9642E4A58EAADD7
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3nS_bfT_nHUUNgo-14-l3Ar5tKQ.roa
Signing time: Thu 23 Oct 2025 23:02:03 +0000
ROA not before: Thu 23 Oct 2025 23:02:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216127
IP address blocks: 77.239.96.0/22 maxlen: 24
144.31.200.0/23 maxlen: 24
144.31.204.0/23 maxlen: 24
185.184.120.0/24 maxlen: 24
185.184.121.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 25 Oct 2025 15:30:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:13:4e:ce:6b:a8:59:ad:a5:b9:64:2e:4a:58:ea:ad:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Oct 23 23:02:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de74bf6df4ff9c7514360a3ed78fa5dc0af9b4a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:1a:ba:6e:bd:4e:e0:2a:3d:97:9d:4b:fe:ae:
59:1c:e7:fc:49:4a:95:19:c5:d5:8e:b6:ed:60:ce:
bc:71:46:42:3c:72:60:4e:40:c2:a2:e6:6e:6c:49:
05:f0:ee:07:c2:4e:38:f6:a6:41:a3:aa:84:ad:85:
1f:01:7a:a4:e0:87:ed:b7:1b:bc:97:ed:f6:f0:de:
a5:e2:fb:3f:9f:70:05:5e:98:41:4a:fd:7f:c4:10:
fa:2c:06:b2:3e:67:7c:89:d9:3a:40:33:58:55:0b:
8b:05:f4:69:51:bb:23:46:9a:a9:01:66:ee:19:d9:
48:ef:3c:55:97:ba:6e:bd:2a:e4:76:be:3d:73:bc:
80:59:0b:bf:34:29:24:c0:35:38:ef:dc:01:06:d7:
b5:5b:4f:bc:2f:ad:9a:2e:e3:1d:99:29:5f:a6:6c:
c9:d2:98:de:db:5f:53:71:52:c6:56:aa:e2:64:d6:
2c:19:72:a3:c5:17:17:22:d2:d6:f0:dd:40:90:1a:
2a:d4:aa:ad:ab:36:48:29:ea:28:3e:53:82:e2:81:
86:8b:f3:b2:b5:b5:e5:23:8e:3c:a4:98:a2:5f:66:
76:9d:97:15:1a:a1:8d:46:01:13:67:1f:2f:7f:85:
90:45:1d:07:2a:54:d7:a5:0e:f3:9d:31:3a:f0:43:
62:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:74:BF:6D:F4:FF:9C:75:14:36:0A:3E:D7:8F:A5:DC:0A:F9:B4:A4
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3nS_bfT_nHUUNgo-14-l3Ar5tKQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.239.96.0/22
144.31.200.0/23
144.31.204.0/23
185.184.120.0/23
Signature Algorithm: sha256WithRSAEncryption
18:7e:d0:d2:95:7a:d6:f0:aa:0a:b7:1f:4d:e6:28:bd:e6:f9:
33:e4:51:cb:1a:7a:2e:be:d4:33:3c:28:21:5d:06:3b:1d:f7:
d2:79:e0:50:45:25:58:57:39:3a:82:3d:a8:6e:ba:40:7d:a6:
ec:40:e2:08:d9:f4:7f:42:3f:ba:da:c5:a4:84:41:b5:ff:b1:
6f:c0:6b:23:49:85:a3:4e:50:c7:37:8b:e2:a9:42:89:eb:89:
5f:c5:2d:33:77:b9:d7:41:bc:25:fe:48:e4:7f:b8:1d:82:d3:
81:2a:f6:81:e4:e4:64:c0:83:f5:7c:71:49:96:ba:7a:30:64:
47:ba:82:5d:95:ad:d4:ee:b7:50:1a:42:a2:cd:e9:9f:dc:e2:
90:6f:7a:6b:0c:c0:95:80:2c:10:1f:bd:b6:f9:a1:d3:89:90:
95:65:24:62:1d:94:22:e3:27:36:6d:7c:c4:ef:19:0c:8e:b5:
7e:43:7c:99:3f:94:5a:4c:e9:4d:b3:a6:56:b1:9d:d1:51:60:
cb:af:86:8d:a3:6e:68:b4:9c:ae:56:66:ff:e9:80:53:f0:c6:
5a:85:33:3e:1b:7b:43:17:73:69:bd:67:be:f9:df:9c:45:80:
f1:64:84:8f:8a:c4:32:e8:68:52:9b:a1:ea:b3:a6:31:b4:d2:
db:ce:48:21
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZoTTs5rqFmtpblkLkpY6q3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMDIzMjMwMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTc0YmY2ZGY0ZmY5Yzc1MTQzNjBhM2VkNzhmYTVkYzBhZjliNGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxq6br1O4Co9l51L/q5ZHOf8SUqV
GcXVjrbtYM68cUZCPHJgTkDCouZubEkF8O4Hwk449qZBo6qErYUfAXqk4Ifttxu8
l+328N6l4vs/n3AFXphBSv1/xBD6LAayPmd8idk6QDNYVQuLBfRpUbsjRpqpAWbu
GdlI7zxVl7puvSrkdr49c7yAWQu/NCkkwDU479wBBte1W0+8L62aLuMdmSlfpmzJ
0pje219TcVLGVqriZNYsGXKjxRcXItLW8N1AkBoq1KqtqzZIKeooPlOC4oGGi/Oy
tbXlI448pJiiX2Z2nZcVGqGNRgETZx8vf4WQRR0HKlTXpQ7znTE68ENiIwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFN50v230/5x1FDYKPtePpdwK+bSkMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvM25TX2JmVF9uSFVVTmdvLTE0LWwzQXI1dEtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCTe9gAwQB
kB/IAwQBkB/MAwQBubh4MA0GCSqGSIb3DQEBCwUAA4IBAQAYftDSlXrW8KoKtx9N
5ii95vkz5FHLGnouvtQzPCghXQY7HffSeeBQRSVYVzk6gj2obrpAfabsQOII2fR/
Qj+62sWkhEG1/7FvwGsjSYWjTlDHN4viqUKJ64lfxS0zd7nXQbwl/kjkf7gdgtOB
KvaB5ORkwIP1fHFJlrp6MGRHuoJdla3U7rdQGkKizemf3OKQb3prDMCVgCwQH722
+aHTiZCVZSRiHZQi4yc2bXzE7xkMjrV+Q3yZP5RaTOlNs6ZWsZ3RUWDLr4aNo25o
tJyuVmb/6YBT8MZahTM+G3tDF3NpvWe++d+cRYDxZISPisQy6GhSm6Hqs6YxtNLb
zkgh
-----END CERTIFICATE-----
Generated at Fri Oct 24 21:47:23 2025 by rpki-client