Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/z9DA-AUTa3uWkodHptZWBoBW_Y8.roa
File: z9DA-AUTa3uWkodHptZWBoBW_Y8.roa (raw, json)
Hash identifier: kzWytCKWeVLHNrJ/XTBOU1L7OCFCNf+bLfFOmqVpvPA=
Subject key identifier: CF:D0:C0:F8:05:13:6B:7B:96:92:87:47:A6:D6:56:06:80:56:FD:8F
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 019A028BBB54D4A7986D89CDEBB5AB88F6E9
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/z9DA-AUTa3uWkodHptZWBoBW_Y8.roa
Signing time: Mon 20 Oct 2025 16:55:03 +0000
ROA not before: Mon 20 Oct 2025 16:55:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 5.182.184.0/24 maxlen: 24
92.249.30.0/24 maxlen: 24
185.52.138.0/24 maxlen: 24
185.52.139.0/24 maxlen: 24
185.187.213.0/24 maxlen: 24
185.187.214.0/24 maxlen: 24
185.205.207.0/24 maxlen: 24
185.208.153.0/24 maxlen: 24
185.208.154.0/24 maxlen: 24
185.230.120.0/24 maxlen: 24
185.230.121.0/24 maxlen: 24
185.230.123.0/24 maxlen: 24
192.145.69.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 10:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:02:8b:bb:54:d4:a7:98:6d:89:cd:eb:b5:ab:88:f6:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Oct 20 16:55:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cfd0c0f805136b7b96928747a6d656068056fd8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:98:a6:fa:b1:fd:3d:26:08:0a:50:06:63:95:
dc:2f:df:de:97:47:2f:b1:48:b3:f3:27:42:be:07:
66:7a:88:36:34:af:b3:df:6c:43:9e:38:64:bd:5a:
23:b0:c4:63:a5:27:e6:4e:c0:25:70:79:ad:ed:db:
d4:24:f0:d4:b5:09:0a:a5:2a:fa:d9:99:5f:80:df:
eb:c7:b6:e9:93:04:66:38:9b:67:ba:b0:bf:3b:3d:
fe:fc:dd:aa:d1:d2:dc:3b:f3:12:f4:47:55:e2:65:
15:25:b2:75:95:0e:cc:fe:4e:e6:b5:9c:02:f9:14:
38:7f:0c:dc:e8:97:90:0d:a2:dd:ed:9c:c4:b4:f7:
fe:75:7e:36:52:ba:0a:76:39:68:27:e1:9f:f4:e7:
ea:5a:3b:c0:49:15:b9:a3:38:91:c0:86:38:24:4c:
6a:54:6d:13:1b:2d:89:0d:89:09:05:5d:8e:b6:c4:
db:76:89:c8:11:89:b9:69:e4:d7:25:55:37:89:ea:
c3:23:db:66:d1:33:0e:91:dd:f5:2a:d2:0d:d9:d3:
ff:24:9d:0e:62:b9:e6:b3:f7:38:e9:50:63:6a:91:
80:ca:ea:0d:05:34:7d:e8:c9:7b:31:0d:c7:ff:f5:
10:14:d4:3c:05:ab:92:73:ae:5c:30:9b:aa:18:0c:
74:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:D0:C0:F8:05:13:6B:7B:96:92:87:47:A6:D6:56:06:80:56:FD:8F
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/z9DA-AUTa3uWkodHptZWBoBW_Y8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.184.0/24
92.249.30.0/24
185.52.138.0/23
185.187.213.0-185.187.214.255
185.205.207.0/24
185.208.153.0-185.208.154.255
185.230.120.0/23
185.230.123.0/24
192.145.69.0/24
Signature Algorithm: sha256WithRSAEncryption
49:29:4c:6c:f6:ff:dc:ee:d9:d9:17:0f:76:25:e1:f2:b1:38:
9e:78:2d:41:21:a5:70:b6:77:c4:65:d4:5b:a4:f6:88:76:67:
81:34:3a:d0:7b:3f:0d:aa:fc:cb:40:33:d5:06:73:25:33:66:
c4:0f:7b:8a:a4:3f:17:e1:88:8f:d9:21:ae:9c:ab:67:ba:f9:
a0:0e:c7:c5:81:8a:21:09:f6:5f:d6:cb:21:28:ac:f0:5e:fa:
81:e9:48:23:7e:0e:f3:18:04:dc:a6:b0:85:7e:71:b8:98:dd:
4b:1b:05:32:14:2e:97:f4:06:3a:ef:84:cc:1c:db:d3:00:2b:
25:f8:9e:ba:a9:2e:21:fb:3c:ff:10:7e:1f:2e:93:c5:fb:0f:
a1:a3:5f:97:fe:c3:e5:39:32:f5:b1:38:2e:7a:be:44:7e:8b:
ce:8a:ea:23:69:2e:58:98:34:d2:b1:fb:80:6e:a4:7b:1a:78:
72:66:5d:ae:7d:a3:81:23:e5:59:b6:c7:a1:ef:8e:1d:b0:e5:
28:f1:cd:af:11:28:dd:ee:48:e3:d1:57:8e:da:01:93:6d:dd:
ac:e0:74:43:38:cb:ef:5f:d8:ae:64:9a:ec:08:f6:a7:21:30:
02:c3:66:8f:25:4b:41:fe:d9:29:a5:f3:e4:1a:bd:9a:3d:d4:
d8:3a:40:73
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZoCi7tU1KeYbYnN67WriPbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUxMDIwMTY1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQwYzBmODA1MTM2YjdiOTY5Mjg3NDdhNmQ2NTYwNjgwNTZmZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Jim+rH9PSYIClAGY5XcL9/el0cv
sUiz8ydCvgdmeog2NK+z32xDnjhkvVojsMRjpSfmTsAlcHmt7dvUJPDUtQkKpSr6
2ZlfgN/rx7bpkwRmOJtnurC/Oz3+/N2q0dLcO/MS9EdV4mUVJbJ1lQ7M/k7mtZwC
+RQ4fwzc6JeQDaLd7ZzEtPf+dX42UroKdjloJ+Gf9OfqWjvASRW5oziRwIY4JExq
VG0TGy2JDYkJBV2OtsTbdonIEYm5aeTXJVU3ierDI9tm0TMOkd31KtIN2dP/JJ0O
Yrnms/c46VBjapGAyuoNBTR96Ml7MQ3H//UQFNQ8BauSc65cMJuqGAx0OwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFM/QwPgFE2t7lpKHR6bWVgaAVv2PMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvejlEQS1BVVRhM3VXa29kSHB0WldCb0JXX1k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQABba4AwQA
XPkeAwQBuTSKMAwDBAC5u9UDBAC5u9YDBAC5zc8wDAMEALnQmQMEALnQmgMEAbnm
eAMEALnmewMEAMCRRTANBgkqhkiG9w0BAQsFAAOCAQEASSlMbPb/3O7Z2RcPdiXh
8rE4nngtQSGlcLZ3xGXUW6T2iHZngTQ60Hs/Dar8y0Az1QZzJTNmxA97iqQ/F+GI
j9khrpyrZ7r5oA7HxYGKIQn2X9bLISis8F76gelII34O8xgE3KawhX5xuJjdSxsF
MhQul/QGOu+EzBzb0wArJfieuqkuIfs8/xB+Hy6TxfsPoaNfl/7D5Tky9bE4Lnq+
RH6LzorqI2kuWJg00rH7gG6kexp4cmZdrn2jgSPlWbbHoe+OHbDlKPHNrxEo3e5I
49FXjtoBk23drOB0QzjL71/YrmSa7Aj2pyEwAsNmjyVLQf7ZKaXz5Bq9mj3U2DpA
cw==
-----END CERTIFICATE-----
Generated at Tue Oct 21 16:46:28 2025 by rpki-client