Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/U2sDQQdN076MFYWn1fSs1XPbP5k.roa
File: U2sDQQdN076MFYWn1fSs1XPbP5k.roa (raw, json)
Hash identifier: M6IhqMa2J3ygXeLD7kKRIYhvO/CYp+j3MscqYYHOvqo=
Subject key identifier: 53:6B:03:41:07:4D:D3:BE:8C:15:85:A7:D5:F4:AC:D5:73:DB:3F:99
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0197F7DBD6A30C2B364468C2EAD327E1E58F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/U2sDQQdN076MFYWn1fSs1XPbP5k.roa
Signing time: Fri 11 Jul 2025 05:01:09 +0000
ROA not before: Fri 11 Jul 2025 05:01:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 64267
IP address blocks: 84.32.56.0/24 maxlen: 24
88.216.20.0/24 maxlen: 24
88.216.21.0/24 maxlen: 24
88.216.103.0/24 maxlen: 24
88.216.184.0/24 maxlen: 24
88.216.185.0/24 maxlen: 24
88.216.212.0/24 maxlen: 24
88.216.213.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 12:00:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f7:db:d6:a3:0c:2b:36:44:68:c2:ea:d3:27:e1:e5:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Jul 11 05:01:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=536b0341074dd3be8c1585a7d5f4acd573db3f99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:91:36:97:9b:0b:da:b6:ca:5d:f9:93:23:33:
42:15:5f:18:e4:d3:a6:0b:98:be:45:7e:d1:f7:c5:
cf:ca:31:9b:ad:49:05:ef:16:62:bf:9c:57:8d:10:
7a:58:f0:f4:a2:d6:99:d1:8d:79:d5:af:7f:e5:84:
49:2f:5c:ce:07:db:0f:6f:2b:c3:d2:07:42:6d:03:
34:b1:eb:8a:fd:ea:6e:70:ba:2e:50:90:67:4c:e5:
23:4c:89:d3:15:a0:2e:3b:4a:82:d5:6b:c1:d6:cb:
7f:f4:f4:74:54:f6:67:5a:8d:68:b6:55:fb:b7:e2:
1c:8f:ee:bc:a6:4a:d8:08:68:b3:01:e6:28:76:ee:
36:3f:06:9d:7e:4d:d3:8b:ff:da:74:cd:ca:38:10:
b8:fa:ea:bd:08:7c:63:7f:dc:61:d0:95:dc:98:e9:
77:c8:7a:78:a2:39:96:b3:2c:89:bd:d0:9b:d0:73:
0b:a6:ba:1a:75:e2:c2:df:0f:d4:49:ef:27:0b:91:
9e:f4:cf:5c:a6:11:92:a0:80:6e:2d:4e:b8:64:a3:
fc:b4:55:f9:e7:db:94:e0:14:89:41:d7:69:0f:99:
0c:22:4e:8a:02:fc:b3:27:94:c4:2f:ec:0f:63:4a:
0e:8a:a4:f7:cc:24:7b:5b:59:e3:3a:6a:90:2e:f6:
04:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:6B:03:41:07:4D:D3:BE:8C:15:85:A7:D5:F4:AC:D5:73:DB:3F:99
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/U2sDQQdN076MFYWn1fSs1XPbP5k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.56.0/24
88.216.20.0/23
88.216.103.0/24
88.216.184.0/23
88.216.212.0/23
Signature Algorithm: sha256WithRSAEncryption
40:11:51:bd:6d:90:1d:c0:f6:76:fe:33:6c:2d:cf:06:01:12:
b6:06:31:ea:39:2b:6e:8d:e8:b9:c5:58:a8:1c:2c:bf:07:08:
fc:7e:cb:bf:83:5d:d1:d1:88:18:b4:02:2f:50:35:b3:16:ca:
94:f7:ac:28:10:a6:ad:e2:f8:ab:67:41:aa:c9:47:bb:e1:7a:
b6:f4:8b:56:d9:a9:a9:af:da:4d:32:f9:28:c5:1e:fd:e2:c3:
02:ce:0b:b7:e4:59:63:4a:18:02:54:cd:de:ed:c6:0e:72:38:
1b:7d:26:b9:a4:4b:d7:e9:b4:6b:86:3d:b2:25:4f:80:2f:d9:
b4:46:ac:2f:c2:c6:21:9f:6e:35:41:90:32:28:21:e1:8e:bd:
62:d2:51:f9:58:02:47:f9:be:28:28:0b:4d:20:9f:35:cb:1a:
d0:58:22:fb:e9:96:85:1c:d6:57:63:ba:e4:f3:c8:c8:e5:19:
d4:70:03:c9:c9:16:60:6a:1d:a8:d3:46:2a:74:cd:d0:2d:ea:
32:f7:62:93:d0:2a:75:1f:52:e3:c3:93:bb:ac:b0:1a:28:7a:
8f:7e:5f:7a:bf:78:ca:95:fe:f3:04:6a:fa:13:39:09:35:32:
e6:cd:88:c1:f2:0b:94:c8:8e:29:c7:67:88:57:8d:5e:05:cf:
bb:c6:ad:d2
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZf329ajDCs2RGjC6tMn4eWPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwNzExMDUwMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzZiMDM0MTA3NGRkM2JlOGMxNTg1YTdkNWY0YWNkNTczZGIzZjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5E2l5sL2rbKXfmTIzNCFV8Y5NOm
C5i+RX7R98XPyjGbrUkF7xZiv5xXjRB6WPD0otaZ0Y151a9/5YRJL1zOB9sPbyvD
0gdCbQM0seuK/epucLouUJBnTOUjTInTFaAuO0qC1WvB1st/9PR0VPZnWo1otlX7
t+Icj+68pkrYCGizAeYodu42Pwadfk3Ti//adM3KOBC4+uq9CHxjf9xh0JXcmOl3
yHp4ojmWsyyJvdCb0HMLproadeLC3w/USe8nC5Ge9M9cphGSoIBuLU64ZKP8tFX5
59uU4BSJQddpD5kMIk6KAvyzJ5TEL+wPY0oOiqT3zCR7W1njOmqQLvYE1wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFNrA0EHTdO+jBWFp9X0rNVz2z+ZMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvVTJzRFFRZE4wNzZNRllXbjFmU3MxWFBiUDVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVCA4AwQB
WNgUAwQAWNhnAwQBWNi4AwQBWNjUMA0GCSqGSIb3DQEBCwUAA4IBAQBAEVG9bZAd
wPZ2/jNsLc8GARK2BjHqOStujei5xVioHCy/Bwj8fsu/g13R0YgYtAIvUDWzFsqU
96woEKat4virZ0GqyUe74Xq29ItW2ampr9pNMvkoxR794sMCzgu35FljShgCVM3e
7cYOcjgbfSa5pEvX6bRrhj2yJU+AL9m0RqwvwsYhn241QZAyKCHhjr1i0lH5WAJH
+b4oKAtNIJ81yxrQWCL76ZaFHNZXY7rk88jI5RnUcAPJyRZgah2o00YqdM3QLeoy
92KT0Cp1H1Ljw5O7rLAaKHqPfl96v3jKlf7zBGr6EzkJNTLmzYjB8guUyI4px2eI
V41eBc+7xq3S
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:55:18 2025 by rpki-client